Monday, 3 October 2011

Air traffic control details leaked via eBay

A network switch sold on eBay has been found to contain sensitive information about a network belonging to the National Air Traffic Services (NATS) centre in Prestwick.

The Cisco Catalyst switch was sold on eBay for £20. The buyer found that it held:

  • Details of the VLANs in use and associated services
  • Full VTP trunking data
  • Device management accounts
  • Read and Write SNMP community strings
  • Full details of upstream switching
According to the lucky bidder, IT consultant Michael Kemp, the switch was using the manufacturer's default passwords and that the data it held was fairly recent:

"The password policies associated with the device are simple (I’m not providing pasword (sic) details in an open forum, but it’s a Cisco device so have a guess eh?) and it really was an absolute treasure trove of data no older than 18 months old (yes, we did get the last power cycle data)."

As the screenshot below indicates, the switch had previously been used by Serco PLC. Serco provides management services to NATS.



Michael points out on his Lo-Fi Security site that someone could plug a rogue switch configured this way into Prestwick ATC's network and "monkey" with it.

He also notes that the eBay seller was also offering a further 13 switches. One can only speculate as to whether or not these were sanitised before being sent to successful bidders. One can also only speculate as to why such hardware was sold in this condition rather than being wiped or even destroyed, because it should have been. According to Channel 4 news, NATS responded with a statement that includes the following:

""We have a contract with a specialist firm to handle the secure destruction and disposal of our equipment. We are investigating with them why equipment that we have a destruction certificate for was subsequently sold online."