A lesson on making sure your CCTV networks are secure

[Voipmodo 0]

A Casino in Australia had a customer win $33 Million after using the CCTV System to win in several games. In this case an employee gave them a login to see it. This is why its important to have a clearly defined access system, restricting MAC addresses of clients for secure installs like this. I wonder how many installs out there, where someone can plugin to a jack on the network or join the WIFI and directly access a camera. I know there are several Search engine hits and hacks where you can see thousands of live CCTV cameras people never secured.

 

http://gizmodo.com/5990732/high-roller-takes-casino-for-33-million-with-security-camera-hijack

[ssmith10pn 0]

Camera network visible on the public network....... Priceless!!

[mroek 0]

Camera network visible on the public network....... Priceless!!

Well, it wasn't exactly priceless for the casino...

[GMaster1 0]

You [probably won't be] surprised how many hotels have their guestnet and corpnet combined. The first time I noticed it was in 2004. Grabbed the credit card database and confirmed that my CC was on there, then ran down to the lobby to pay with cash and asked that my CC be reversed and removed from the system. Night Audit said it was deleted, but I ended up going back to the database file and deleting my card entry altogether.

 

It sparked an investigation a few months later and we ended up discovering that same hotel chain had ~4,200 locations with this issue at the time. If I had to guess, I'd say about a thousand of them are still operating under this flaw.

[PhoneGuy85 0]

MAC address filtering isn't foolproof either, as there are several free programs for changing your MAC to match that of an authorized system. Look up MAC cloning, it's not hard.

[luckyfella 0]

If it wasn't an inside job, adn the employee didn't give his friend a login, would the guy have been able to view the cameras even

though they were on a public network?