It was a little over a year ago that I first heard this scenario described: a thief walks into a target organization, installs a wireless device, sets himself up next door and proceeds to have his way with the network. I proposed a twist on this scenario: use your favorite delivery service to ship a handheld wireless device to the target. That device jumps on the network from the mail room, exploits a vulnerable machine, opens a tunnel through port 80 and routes all of the internal traffic to the bad guy's base of operations; virtually turning the target's network inside out. And of course, the handheld gets returned to sender!
This first scenario was successfully executed against a bank in Israel. The thief, David Sternberg, 24 years old, was apprehended and just sentenced to 16 months. According to police he stole 400,000 shekels ($91,000).
A few things every bank and frankly, every organization, should do:
1. Physically inspect your data center, closet or computer cabinets weekly. Look for modems and things with antennae. Look for dangling patch cords as well. Look for non-standard computer equipment. It is a common occurrence during security audits to find rogue servers that could be hosting porn sites, warez sites, or hosting a Go2MyPC like service for some well meaning techie.
2. Lock your cabinets.
3. Continuously scan the airwaves for rogue wireless devices. AirDefense has a product that does this.
4. Use some sort of authentication before you let a device connect to your network. Something as simple as MAC address verification before allowing an IP address to be handed out by your DHCP server. (yes, a skilled hacker can circumvent this but why make it easy for them?)
First it was Sumitomo Mitsui Bank in London, now the Postal Bank in Israel. Look for more bank heist stories to come...