Finding The Hidden InfoSec Story

Loose Wires

How Can a Loose Wire Kill 35 People?

The Clapham Junction rail accident of 12th December 1988 resulted in the death of 35 people and nearly 500 being injured.  The investigation identified the root cause as a piece of wire which shorted out preventing the signalling system from seeing a stationary train.  As a result the downstream signal turned green and a train heading for Waterloo crashed into the back of the stationary train from Basingstoke.

Various parts of the network had been rewired as part of the “Waterloo Area Re-signalling Scheme” and as part of the exercise wiring which could not be removed should have been disconnected at both ends, cut as short as possible and secured in a position where it could not make contact with other wiring.  In this case the electrician did not remove the old wiring and failed to follow the procedure. In fact the electrician and his colleagues had failed to follow the procedure for a number of years.  The wire was left connected at one end and unsecured at the other.  In addition the electrician’s supervisor and the testing and commissioning engineer failed to check the work.

The IT equivalent of the loose wire is the dormant account, like the wire it’s not always convenient to disable or delete an account when an employee or customer leaves.  In some cases there are valid reasons for keeping the account in place, but in many cases there are not.

Dormant accounts can lead to various forms of abuse, the most visible of which is embezzlement; in America an employee took $300,000 from dormant accounts; while in the UK 5 bank workers were jailed after they stole £1.3m.

Other types of fraud include Request/Approve processes being broken as a result of the requestor being temporarily given the approver account, normally due to sickness or resignation, which later becomes a permanent situation.

Dormant accounts are also sought by cybercriminals and taken by means of password attacks or social engineering.

Like stray wires accounts need to be correctly managed, there needs to be a regular review of leavers and confirmation that their accounts have been deleted or disabled.

Author: Neil Jarvis

Share This Post On