SoylentNews is people
SoylentNews
The BBC reports that several Target stores in the US have had their public address systems hacked, resulting in explicit pornographic audio being broadcast across the stores, in some cases for more than 15 minutes at a time.
An email obtained by the BBC, sent by company bosses to Target store managers across the US on Friday afternoon, outlines a weakness in the store's PA system being used to carry out the prank.I've removed a key detail for obvious reasons.
"Non-Target team members are attempting to access the intercom system by calling stores and requesting to be connected to line [xxxx]," it reads. "If connected, callers have control of the intercom until they hang up. We are actively working to limit intercom access to the Guest Services phone only. In the meantime, inform all operators to not connect any calls to line [xxxx]."
So in other words, if you ring up Target and ask to be put through to a certain extension, you're suddenly live on the PA system for as long as you like. Hardly the hack of the century, granted, but a reminder that there are people out there that will find even the most obscure vulnerabilities and exploit them.
I don't condone breaching computer systems but I guess that's one way to draw attention to vulnerabilities. Too bad they didn't pick something more kid-friendly. Like broadcasting that for the next 60 minutes there would be an 80% discount on everything in the store.
(Score: 3, Informative) by deathlyslow on Monday October 19 2015, @02:49PM
I wonder what they think their business reasons were for this?
Speaking as someone who used to install digital/key systems and still install and maintain IP/SIP installs. You have to have a button LABELED Intercom, programmed as a a speed dial, or else no one would know how to get to it. Employees stopped being knowledgeable about their environment 15-20 years ago when automation started taking over and it negated the need for intelligence in the workforce. These guys, employees, aren't being stupid they are just ignorant of how the system works in the background, and are trying to do what the client/customer asked.
(Score: 3, Informative) by Daiv on Monday October 19 2015, @08:45PM
As someone intimately familiar with the specific phone systems mentioned in the article and 8 years experience of daily use, these are just Avaya phone systems and the speed dials and menus are only set with numbers. Each store has a switchboard extension at the fitting room or operators desk (depending on the volume [judged by sales/year]) which has more extension numbers. Every store will have a reference list taped up above the phone, under the phone/on the desk or in a binder next to the phone. These people (team members/operators) transfer to the same extensions dozens of times a day and generally don't need to use them after a week of doing the job.
However, turnover sucks at retail and there's almost always someone new starting. These people, despite training, sometimes just listen and do what's asked by the caller, thinking they're making their lives easier by just following orders rather than following their training and screening calls. Overhead used to be #52 on all phones, but that was changed sometime around 2009ish when this same pranks happened in some Texas stores. Then the overhead capability was limited to the operator, Guest Service or a couple other phone extensions. Looks like someone found the new extension.
These aren't hacks, but they can be damn funny. Although a good Leader on Duty only has to go to the control room and pull one cable to make it stop. Of course those leaders are generally hired directly out of college, with no retail or leadership experience who ride on the coat tails of their teams and are generally worthless with few exceptions. Gregg Steinhafel might be gone, but his stain will take a while to wash out of that company...