Highly Vulnerable Income Tax Booth at local big box store

When I am out and about, I am always looking at set ups at the places I visit. On the way out of my local big box store, this Tax Preparation Booth caught my eye big time. It was New Years Eve when I saw this, so apparently the employee thought it would be best to post a big white note on the chair letting the world know there was not going to be anyone in this tax booth for three days.

On the floor, to the right of the note & chair, is  . . . (you guessed it ) completely exposed backside of computer on which YOUR taxes will be done. You might ask, well, what can someone really do? or how do you hack that quick enough where an employee would not notice?

kiosk

 

It would take less than 5 seconds to install a hardware USB keylogger between the keyboard usb end and the input. Leave the tiny keylogger there unnoticed for tax season; and then come back and and gather your plunder! ( 5 secs to remove it )

Say you don’t want to come back.   The USB Rubber Ducky  Can grab windows creds directly from memory and copy them into a text file in moments – or perform whatever custom scripting you want on the target; ( download a payload, etc, etc ).

The other sad, sad thing about this Booth is the third red circle in the upper left, the exposed consumer router. Another way in to do pretty much whatever you want. You could put a RaspiPi on there with dual homed network interfaces ( Ethernet to the Tax Router –  DHCP ) and a hidden Wifi to connect to it whenever you are in range – and hop right onto that network any ol time you want.

I would think a Tax Booth would have the most value to bad guys due to the detailed amount of PII ( Personally Identifiable Information) you could get on so many of the clients; and all other tax booths to which it connects.  Think about it. The bad guys having the same tax info you give to a company to do your taxes. The bad guys can then become you.  If you do use a strip-mall or booth type tax service – Do your best to watch for this stuff. As mentioned in the previous post. Keep a fraud alert on your credit report. Watch your accounts closely. Question even the smallest charges for unknown things. Be aware!

Stay safe! Stay Secure!

 

Advertisements
This entry was posted in Cyber Security, Physical Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s