Photo courtesy of elegantmob at Flickr
The bomb hoaxes occurring nationwide are creating a lot of fear and speculation.
When reading a Slashdot entry, I came across one of the more interesting speculations about these bomb threats. The speculation is that hackers are taking control of the camera systems in the affected locations and have the ability to monitor the hysteria they are creating live via CCTV.
Here is the entry, I read on Slashdot, which is based on a news article and the comments of a certain Chief of Police:
The FBI is investigating fifteen store robberies in eleven states, committed via phone and Internet. The perpetrators hack the store's security system so they can observe their victims. They then make customers take their clothes off and get the store to wire money. From the article,
"A telephone caller making a bomb threat to a Hutchinson, Kan., grocery store kept more than 100 people hostage, demanding they disrobe and that the store wire money to his bank account. ... officials were investigating whether the caller was out of state and may have hacked into the store's security system. "If they can access the Internet, they can get to anything," Hutchinson Police Chief Dick Heitschmidt said. "Anyone in the whole world could have access, if that's what really happened."
Since most camera systems of the digital variety transmit their data (images) via the Internet, I suppose it is (remotely) possible for hackers to get into a not very well protected system and take advantage of it.
The problem is that most of these camera systems, that might have been hacked, belong to major financial institutions or retailers. As far as I know -- most of these systems operate on an intranet, which is also normally protected by a firewall -- and therefore (in theory) would be pretty hard to get into.
A hacker would have to get past the intranet and firewall to access the CCTV systems.
If you are curious about the difference between Internet and intranet, Wikipedia has a good explanation, here.
With numerous companies and institutions being targeted, all of which in theory have different intranets and firewalls, it would take a lot of hacking to take control of all the camera systems involved (my personal speculation).
I suppose it's also possible that hidden cameras were placed in one of the stores and transmitted over the Internet. It could also be possible that a live person is watching and reporting what is going on via telephone.
The problem with these other speculations is that so far, no one is reporting finding any covert camera equipment. My guess is that these places are searched pretty extensively after the threat is made.
Additionally, human beings covertly reporting the "goings on" during one of these hoaxes doesn't seem very practical, once you think about it. This has occurred in eleven States and the amounts requested aren't in the millions of dollars. It wouldn't be very feasible to use human beings over this wide an area, considering the amount of money involved.
I've learned to "never say never," but I suspect a little fast talking, possible knowledge of the victim's layout (most of these places are set up the same) and the use of fear is how this bomb threat scam is being accomplished.
When I first read about this, I reflected that fear is being used in order to get money wired to criminals. Fear is just another method of social engineering (trickery), which seems to be one common denominator in most of the scams involving the wiring of money.
Despite the fact that many of these scams are spreading quickly with the assistance of technology, it still takes a human element to make the whole thing work.
Exploiting wire transfer systems to steal money is nothing new, either. Wire transfer transactions have become a preferred method of stealing money in a lot of Internet type scams. From romance to lottery scams, with a lot of other variations in-between, Internet criminals have been tricking people into wiring money to them for quite awhile now.
When money is wired, once it is picked up (often within minutes), it's very hard to trace. Please note that these other scams involving wire transfers are predicated on tricking human beings, also.
The good news is that the FBI, Secret Service and Western Union are actively going after the people behind this. Rumor has it they are close to making some arrests.
Since the exact details of the case are being kept confidential, which is important to give the good guys an edge in catching these crooks, all the rest of us can do is speculate.
Let's wish them success in their endeavors and look forward to announcement that the people behind this have been caught! After all, this hoax (scam) is NOT very amusing!
Of note, most experts will always strongly recommend to treat a bomb hoax seriously, despite the fact that most of them are hoaxes. It is recommended that all organizations have a plan on how to handle these scenarios. NSI.org has an extensive page with some pretty good advice (my opinion), here.
Slashdot entry by Erris (531066) and posted by samzenpus, here.
The article, they are referring to comes from News 5 in Phoenix, Arizona.