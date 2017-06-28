Slashdot is powered by your submissions, so send in your scoop

 


Contractors Lose Jobs After Hacking CIA's In-House Vending Machines (techrepublic.com) 127

Posted by BeauHD from the irony-at-its-finest dept.
An anonymous reader quotes a report from TechRepublic: Today's vending machines are likely to be bolted to the floor or each other and are much more sophisticated -- possibly containing machine intelligence, and belonging to the Internet of Things (IoT). Hacking this kind of vending machine obviously requires a more refined approach. The type security professionals working for the U.S. Central Intelligence Agency (CIA) might conjure up, according to journalists Jason Leopold and David Mack, who first broke the story A Bunch Of CIA Contractors Got Fired For Stealing Snacks From Vending Machines. In their BuzzFeed post, the two writers state, "Several CIA contractors were kicked out of the Agency for stealing more than $3,000 in snacks from vending machines according to official documents... ." This October 2013 declassified Office of Inspector General (OIG) report is one of the documents referred to by Leopold and Mack. The reporters write that getting the records required initiating a Freedom Of Information Act lawsuit two years ago, adding that the redacted files were only recently released. The OIG report states Agency employees use an electronic payment system, developed by FreedomPay, to purchase food, beverages, and goods from the vending machines. The payment system relies on the Agency Internet Network to communicate between vending machines and the FreedomPay controlling server. The OIG report adds the party hacking the electronic payment system discovered that severing communications to the FreedomPay server by disconnecting the vending machine's network cable allows purchases to be made using unfunded FreedomPay cards.

  • Who wrote this? (Score:5, Informative)

    by redback ( 15527 ) on Wednesday June 28, 2017 @09:03AM (#54704093)

    1. They weren't fired for hacking, they were fired for STEALING.

    2. Unplugging the network cable doesn't count as hacking.

    • Re:Who wrote this? (Score:5, Informative)

      by oobayly ( 1056050 ) on Wednesday June 28, 2017 @09:12AM (#54704137)

      2. Unplugging the network cable doesn't count as hacking.

      It would in the UK. A man was prosecuted here for adding a couple of "../" to a URI, which then provided him access to the root file system. I'm trying to find a reference to it.

      • Re: (Score:2)

        by pahles ( 701275 )

        It would in the UK. A man was prosecuted here for adding a couple of "../" to a URI, which then provided him access to the root file system. I'm trying to find a reference to it.

        What does that have to do with unplugging a cable?

      • Re: (Score:2)

        by houghi ( 78078 )

        I add /. to my daily browsing. I am the L33T hax0r known as 4Chan. (How do you do the reverse L and 7 again?)

      • No surprise considering this is the same shithole where it's illegal to injure an assailant...

    • ...Or a hacksaw [Re:Who wrote this?] (Score:5, Funny)

      by XXongo ( 3986865 ) on Wednesday June 28, 2017 @09:13AM (#54704145) Homepage

      2. Unplugging the network cable doesn't count as hacking.

      Possibly they disconnected it with a hachet, making it literally hacking.

    • While you are correct on both counts, what this story illustrates is the irony of large organizations (in commercial industry and government alike) that say "we want innovators/bold thinkers/unconventional thinkers/people who think outside the box" (or similar feel-good sounding things) when what they really mean is "we want innovators/bold thinkers/unconventional thinkers/people who think outside the box but who also remain within the strict policies/structures/conventions of the organizatio

      • Re: (Score:1)

        by Anonymous Coward

        Stealing from your startup employer would also get you fired.

      • Re: (Score:2)

        by rhazz ( 2853871 )

        what they really mean is "we want innovators/bold thinkers/unconventional thinkers/people who think outside the box but who also remain within the strict policies/structures/conventions of the organization."

        Having morals and thinking outside the box aren't mutually exclusive. The CIA might be an exception, but most businesses subcontract the handling of vending machines to other companies. If the same is true for the CIA, then these idiots were stealing from another company. The CIA's rep is bad enough without that.

      • Re:Who wrote this? (Score:5, Insightful)

        by swb ( 14022 ) on Wednesday June 28, 2017 @09:56AM (#54704383)

        The CIA or any organization like it wants unicorns. They want the tiny subset of the Venn diagram where people are bold thinkers AND organizationally compliant rule followers.

        Like high-end spec-ops, not only do they want really tough super-athletes, they want high intelligence, independent thinkers AND chain of command rule followers.

        It's a small subset of people that match all those qualities.

      • The same people who are dumb and cheap enough to steal snacks are the same ones most likely to sell out your state secrets for money.

        Anyone who's willing to risk their career and a criminal record for a $1 bag of junk food is not someone who you want working with sensitive information.

      • Are you really that dense or are you trolling? They were stealing. That shows a lack of character. I'd fire them as well, even if I were running a startup.

    • 2. Unplugging the network cable doesn't count as hacking.

      Sure it does! Look, I'm going to hack my computer right n{#`%${%&`+'${`%&NO CARRIER

    • why would anyone settle for snacks when the cc info is there...

    • The type security professionals working for the U.S. Central Intelligence Agency (CIA) might conjure up, according to journalists Jason Leopold and David Mack, who first broke the story A Bunch Of CIA Contractors Got Fired For Stealing Snacks From Vending Machines.

      It was written by someone who doesn't know a complete sentence from their asshole.

    • Posted by BeauHD - what do you expect? If it isn't an anti-conservative hit piece that has nothing to do with technology, she doesn't know what to do with it.

  • Liars, Cheats and Criminals at the CIA? (Score:5, Funny)

    by bill_mcgonigle ( 4333 ) * on Wednesday June 28, 2017 @09:16AM (#54704157) Homepage Journal

    How did they not get a promotion?

    • Re: (Score:2)

      by creimer ( 824291 )
      They were supposed to hack the vending machines inside the Russian embassy.

    • How did they not get a promotion?

      Believe it or not... It seams the CIA apparently has issues with stealing from vending machines... So there are some morals and ethics left.... Leaking classified data is A OK, putting classified information on a private E-mail server is A OK, spying on US citizens with abandon is fine, but don't you dare steal from the vending machine in the break room down the hall.. Who knew?

    • Most Vending machine companies are owned by big corps now.

    • Because they were caught. The CIA only wants employees smart enough to not get caught doing these things. Honestly, if you're dumb enough to get caught stealing from a !@#$ vending machine, how can they trust you to steal from the Russians?

  • Disconnecting the network cable. Really?

  • Fed Contractors vs Fed Employees (Score:5, Interesting)

    by acoustix ( 123925 ) on Wednesday June 28, 2017 @09:47AM (#54704343)

    If these were federal employees they wouldn't have been fired. They would have been reassigned. Or asked to take early retirement. Of course this would have happened after being suspended with pay.

    • If these were federal employees they wouldn't have been fired. They would have been reassigned. Or asked to take early retirement. Of course this would have happened after being suspended with pay.

      ...for three years...

  • FreedomPay (Score:4, Insightful)

    by tangent3 ( 449222 ) on Wednesday June 28, 2017 @10:09AM (#54704453)

    Contractors did not realize the "free" in FreedomPay means free speech not free beer.

  • Throughout my working life I have amazed that people with good jobs would be willing to jeopardize them for nickels and dimes -- stealing stationery, fudging expense vouchers, and now, apparently, cheating a company vending machine. Don't these people realize that they are putting their livelihoods at risk by stealing from their employer?

    • Re: (Score:2)

      by creimer ( 824291 )
      Depends on where the company have their focus. I did a PC refresh project eBay and had to take a drug test before I got hired in 2011. Management was afraid that the contractors would steal their new Dell workstations. The funny thing was that management had no concern about employees stealing the old workstations. Unlike other PC refresh projects, we weren't required to pull the hard drives out. Security went ballistic when they found some of these old workstations with asset tags and hard drives on the eB

  • CIA hires break laws then the CIA covers it up.

  • Think about it. Intelligence agencies routinely do things which violate norms of civilized behavior. Suborning treason (in other countries' nationals) and invading privacy are standard operating procedure. Yet you depend on your employees to scrupulously follow the rules and norms when it comes to your own agency.

    So you give people symbols, rituals and training which ground them in the traditions and identity of your service. I expect this works pretty well, because pride and belonging are powerful motivato

  • Why in the HELL are there IoT vending machines in the CIA? Even I know IoT devices are not secure especially if they are coming from a vendor. If anything, the vending machine company should be held responsible for not providing enough security on their device that could have allowed rogue elements to access it and use it for breaking into internal network resources based on it being on-site. WTF!?

  • ... attempted to make a run for it. But they were pursued and apprehended quickly.

  • Here I expected the story to detail how they analyzed the network traffic and devised a MitM attack to trick the machine into thinking it was getting paid, or discovering an administrative backdoor they managed to crack the root password for, or 3:00am hacking into the firmware through a JTAG connection, decompilation of the firmware, then substituting doctored firmware to enable a secret button-press sequence to enable all selections to be $0.00.. but no! They disconnected a network cable! BORING! I don't

  • They were fired for Theft. Stealing is such a low level sleazy crime
    they need to go work in a fast food joint to work off the debt!
    "Hacking" is HARDLY what they did - its just theft

