Replies

I spent a good number of years deploying Cisco VOIP systems, routers, switches, call managers, phones, etc....to some of the largest companies in America, many of the networks were worldwide.....

I have often wondered if you could hack into some of the key access points of these networks and capture IP phone traffic, much of it is in clear and not encrypted, you could basically listen in on phone conversations of just about anyone.....

I have never worked with a Big IP devices but when they mentioned traffic shaping in the article, that indicates to me they are used in QoS which is essential for VOIP to work consistently.....

I suspect those seeking Administrator Access are either kds doing it for fun or sophisticated hackers looking to basically tap into phone conversation at major companies...

It could be for nefarious reasons, but let’s say you hacked into Goldman Sachs or some other Wall Street firm and listened in on conversations about M&A or Initial Stock Offerings...you would have a huge advantage...

Along the way, some engineer knew something... did s/he keep quite or was s/he ignored?

“Oh btw, let’s not forget about the possibility of this particular vulnerability...”

“Beginning in May 2019, the group began expanding from South Korean digital heists in a big way, attacking online retailers in the United States and Europe with a technique known as “digital skimming” or “Magecart,” the latter name derived from a hacking consortium that began targeting online shopping carts in 2015.

Digital skimming is the virtual version of the mechanical skimmers thieves have been known to plant on gas pumps and other easily accessible credit card swipers. In a digital skimming attack, the hackers plant malware code in an online retail site that intercepts transactions and sends the credit card information to a server controlled by the hackers.

Planting this code is generally thought to require administrative access to the targeted website, which Sansec believes APT Lazarus/HIDDEN COBRA obtained using spear-phishing techniques – i.e. using phony emails and booby-trapped websites to trick legitimate users into giving away their login names and passwords.”

"BIG-IP devices can be configured to work as traffic shaping systems, load balancers, firewalls, access gateways, rate limiters, or SSL middleware."

Dummy proof, are they? ;D

Maybe the big corporates should consider hiring American men to do systems administration jobs again. That might be a little difficult, though, now that most of the men have gone back into doing real work with more useful technologies.