Second-hand hardware exposes council's VPN

PRIVATE COUNCIL information is cheaper than you might think - in fact you can pick some up for under £1.

Security firm Random Storm’s Andrew Mason logged onto Ebay this August and bought some network hardware for just 99p – what followed was the unexpected.

When plugged in the device automatically connected to the VPN of Kirklees Council in West Yorkshire.

This is most surprising as Mr Mason didn’t do anything but plug the device in, it just connected without warning showing that the seller hadn’t bothered to protect the VPN from being accessed.

Kirklees Council is lucky that this didn’t fall into the hands of someone more criminally minded as all sorts of vulnerabilities could have been exploited.

In a statement to the INQ, a council spokesperson said: "The council is deeply concerned with this report but is confident that multiple layers of security have prevented access to systems and data.

"In the meantime the disposal process has been suspended until an investigation can be carried out and appropriate action taken."

Cisco Systems said that it provides clear guidelines that explain how to reset products to their factory default settings.

However, according to Mr Mason the last change to connection details was way back in 2006.

Mr Mason bought the device from Ebay selling account electronicstore which is registered to Cheshire-based outfit Manga-Fu.

Mr Cronnolley of Manga-Fu told the Beeb: "We've done our job 100 per cent to what we've been requested to do, to the book."

Which roughly translates as: "It’s not my problem." µ