Schneier on Security
A blog covering security and security technology.
« Letter: Lexar JumpDrives |
| Peer-to-Peer Alarm Systems »
November 8, 2004
Prisoner is freed from jail based on a forged fax:
In West Memphis District Court yesterday, Tristian Wilson was set to appear on the docket for a bond hearing on the charges. When he did not appear, Judge William "Pal" Rainey inquired about his release and found that a jail staff member released Wilson by the authority of a fax sent to the jail late Saturday night.
According to Assistant Chief Mike Allen, a fax was sent to the jail which stated "Upon decision between Judge Rainey and the West Memphis Police Department CID Division Tristian Wilson is to be released immediately on this date of October 30, 2004 with a waiver of all fines, bonds and settlements per Judge Rainey and Detective McDugle."
Jail Administrator Mickey Thornton said that these faxes are part of a normal routine for the jail when it comes to releasing prisoners, however, this fax was different.
Faxes are fascinating. They're treated like original documents, but lack any of the authentication mechanisms that we've developed for original documents: letterheads, watermarks, signatures. Most of the time there's no problem, but sometimes you can exploit people's innate trust in faxes to good effect.
Posted on November 8, 2004 at 7:12 AM
• 17 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
It's amazing how much the healthcare industry still relies upon faxes for distributing Protected Health Information (PHI). Not only is it a privacy issue, but could you imagine abuse of pharmaceuticals or medical procedures because of a social engineering attack? Yet, take away the fax today, and many healthcare organizations would be unable to conduct business.
A similar story happenned last year in France. I guess it's a pretty common way to get prisonners out of jail...
The article does in fact mention that the fax was missing the "standard letterhead with the WMPD logo on it". The fax header also apparently said it originated from a McDonalds. I don't know if I'd call that "trust"...
Like that last comment said, the fax machine probably isn't the weak link here. It's not as if this is a new idea -- the most successful escape attempt from Alcatraz was based on forged release orders.
Mark one up for Social Engineering (SE) Attacks! - The human is the weakest link and is very vulnerable to things that shouldn't make sense!
Setting aside for the moment the reasons that this fax (and the many release-papers forgeries that have preceded it) should have been recognized as a fake, I think that faxes in general are perceived as trustworthy because most people experience fax machines as closed systems, with neither directories to send to any arbitrary unauthorized destination nor arbitrarily-settable sender information. (That the experience is contrary to fact is a minor nit.)
I was thinking about this the other day when I had to fax a legal document overseas. It would have been easier and cheaper to just email the scan to the recipient for printing, but that embedded timestamp and sender information added a veneer of authenticity that a printed PDF attachment couldn't match.
As sender-address spoofing becomes even more common -- From: headers, caller-ID, fax headers -- when will people finally stop relying on the transmission infrastructure for (apparent) authentication?
I am consistantly amazed by the number of small businesses (especially law offices) where the FAX is the responsibility of the front- desk receptionist. FAXes come out and are stacked for pickup in the front- office waiting area. Anybody who walked in the door could look them over.
Wow. Even if they had had a system that included certain special official "marks" and such, allowing someone to be released simply with a fax seems, uh, not too bright. The same goes for (as a prior person has commented) the notion that 'the fax came from the right number'
One would think that a required call-back to a predetermined, pre-validated number at the _very_ least would be required.
hi hacking faxes i am logan known as scott engle. believe it!
I would like to have some more information about fax hacking in general.
Is it possible to enter a faxmachine by remote services ?
Is it also possible to enter a faxnumber through hacking the protocal of the remote services from the faxmichine?
What do you exactly mean by "enter a faxmachine".
With remote services it is quite easy to change the fax settings or to inspect (parts) of the fax memory. It certainly is possible to add or modify fax numbers stored in the remote machine, if the machine is equiped with remote service possibilities (and most machines do), unless the fax is connected through some fax firewall.
Occasionaly you can also read "private" fax mailboxes because passwords are stored in plain ASCII. What would you like to modify in the fax machine?
Another fine example of creativity and another demonstration that software is not a security solution, no matter how much of it you buy!
This message is for Ricky and George, about messages posted on May 1, 2006 and June 30, 2006, talking about the possibility to enter in remote fax machine.
For "enter in fax machine" i mean that with a regular modem class2 is possible to dial a fax machine, every where in the world, and send, trought some commands, setup, configuration, store numbers, etc.
But really exist a procedure for make it?
Can be send a fax to remote fax machine that is not regular fax but a command sequence for configure it or trought AT commands?
For example configure a callback number for dial a schedule time or send fax a schedule time?
I have forgot to write a side of message.
One month ago, I have receive my phone bill. I have a regular fax machine (HP multifuncion).
With big surprise i have seen 6 international calls to some numbers.
I have try with tech assistance to retrieve info from the fax with report, etc. But totally empty. No trace about these calls.
After 2 weeks talking with others people in the same city, happened the same with them.
No fax was sent, simple dial call, because the duration of calls was 2-3 seconds.
Then I would like to know how is possible this?
My lawyer refuses to show fax he sent to Merrill lyNch. Same day 40 k. Trades were made onacct. Which was to be froze. For child support. I have cover sheet Can contents be recovered
Yes this is a big thing for me too, do fax machines have a stored memory of what has been sent and received on it, just like a computer can they be recovered even from in the past (like in a computers case they can be recovered even when deleted). I need to recover a fax that was sent to me and it is a large piece of evidence in an important case, can it be done? with more or less unlimited funding or capabilities can it be done, does the technology or capability exist, is it feasable,, assistance would be much appreciated asap thanks
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.