Crosswalk hacking and more from BBspot

The long view of security strategies for your network.

A student breathlessly wrote to me with news of yet another hacking exploit. “A shadowy group of pedestrian hackers called Cross Anytime announced their discovery of several back doors or ‘cheats’ using crosswalk buttons at many intersections. The 3,658-item list has been released on their Web site.”

Hmmm. Over three thousand ways of hacking streetlight buttons? When the buttons have always seemed to be single-state automata (that is, pressing the button turns it on; if it’s on, pressing it has no effect)? Sounded fishy to me. Seemed even less likely when I found that the Web site does not exist.

I immediately found that the article was originally posted on BBspot.com. The spoof included paranoid claims such as, “There have always been rumors that these codes existed. Mostly, they're used by politicians and city officials to get an edge in crossing the street. Now, we've freed the codes to the world, and everyone can walk without oppression.”

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

A student breathlessly wrote to me with news of yet another hacking exploit. “A shadowy group of pedestrian hackers called Cross Anytime announced their discovery of several back doors or ‘cheats’ using crosswalk buttons at many intersections. The 3,658-item list has been released on their Web site.”

Hmmm. Over three thousand ways of hacking streetlight buttons? When the buttons have always seemed to be single-state automata (that is, pressing the button turns it on; if it’s on, pressing it has no effect)? Sounded fishy to me. Seemed even less likely when I found that the Web site does not exist.

I immediately found that the article was originally posted on BBspot.com. The spoof included paranoid claims such as, “There have always been rumors that these codes existed. Mostly, they're used by politicians and city officials to get an edge in crossing the street. Now, we've freed the codes to the world, and everyone can walk without oppression.”

The author added, “Municipal officials across the country worry that the release of these hacks could result in traffic jams and pedestrian confusion. Roger Gorman, Mayor of Kansas City, pleaded for pedestrians to stop using the hacks, ‘For the love of humanity, can't you people just jaywalk?’”

What should have made the spoof obvious was the line, “The FBI has shut down the button hack site citing violations of the DMCA and fears that terrorists might use the hacks to ‘cross the streets of America at will.’”

Other amusing articles on the site include “Top 11 Ways to Make Your Wireless Network More Secure,” which includes the priceless advice to “Wrap your house in tin foil,” “Set landmines for war drivers,” and “Block open ports with peanut butter.”

The site describes itself as follows: “Called ‘the world's greatest tech humour site’ by The Register, BBspot creates entertainment for the geekier side of the world. BBspot produces a variety of features like fake news stories satirizing the tech and political worlds, the BBspot Mailbag which pokes fun at the Believers (people who believe our fake news) and much more.”

I think that spoofs of security articles can be useful for security awareness programs, especially if there’s a second section in a different part of the newsletter or a link to another part of the awareness site that shows readers all the reasons they should have spotted the fakery. Too many of us are ready to believe anything we see in print, regardless of whether it makes any sense. The BBspot fun and games can provide a welcome chuckle as well as training our users to be on their toes in resisting hoaxes.

Here’s the crosswalk story: http://www.bbspot.com/News/2005/06/crosswalk_button_hacks.html

Read more about security in Network World's Security section.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.