Several contractors working for the CIA recently got fired after they were caught stealing from a hacked IoT snack machine. This is the kind of machine that was supposed to make paying for snacks easier, safer, smarter, and faster. However, what actually happened is that the system was exploited by none other than Central Intelligence Agency’s agents.
A report from the Office of Inspector General (OIG) Investigations Staff says that FreedomPay network cable got CIA’s vending machines hooked to their Agency Internet Network. Thanks to this, the machines could communicate with the server the FreedomPay was controlling.
The point of all this was convenience. And also, you could buy snacks by simply sliding in the card by FreedomPay. There was no need for traditional methods like coins, nor were there traditional issues like sticking chewing gum to a coin and fish it back out. The same goes for tricks for fishing back the bills via different methods developed through the years.
This was easy, effective, and safe too. However, since this is IoT, there are bound to be flaws involved, and vulnerabilities to exploit. So this time, the CIA contractors were the ones to do so.
According to the mentioned report, they started stealing from the vending machine in the fall of 2012. The thefts were noticed and reported by CIA sometime between this period and March of 2013. OIG launched an investigation and advised the Agency to install some surveillance cameras in the vicinity.
Many would agree that it is pretty ironic that the CIA needed advice on how to conduct surveillance. Anyway, they did so, and they managed to capture several perps on video. The real surprise came when they were all identified to be the Agency’s contractors.
When confronted with their actions, they admitted stealing and agreed to resign. Afterward, they were simply marched to the exit. The damage they made was estimated to be around $3,314.40,
Despite having the CIA involved in the entire issue, this serves as another example of overlooked IoT security, which is an issue that everyone is avoiding for a long time now. Internet enabling everything in our everyday lives can be fun, true. However, not securing these devices is just irresponsible. It wouldn’t be as scary if there weren’t so many gadgets that could lead users’ safety, privacy, or maybe even their own life, in danger.
Not to mention IoT medical devices. The same ones that are currently suffering from ransomware attacks all over the US. Blaming FreedomPay is not the solution, nor is it justified. The blame most often lies with irresponsible users, that don’t think twice about their device’s security.
And CIA is not exactly unskilled when it comes to security, or surveillance, for that matter. However, everyone else with IoT devices in their homes should really find a lesson in these events, and at least try to secure their gadgets.