Someone managed to seize control of a large digital advertising billboard on Cardiff’s main shopping street, forcing it to display a series of swastikas and far-right images.
The billboard on Queen Street, Cardiff, appears to have been compromised after a hacker grabbed its TeamViewer login credentials and locked out its genuine operator, BlowUP Media which manages electronic advertising displays across Europe.
Images of the billboard were posted on the /pol/ “Politically Incorrect” messageboard on 4chan, who found it all very amusing – much to the bafflement of the rest of us.
The offending screen was switched off at midnight, a spokesperson for Cardiff Council told Wales Online, but only after a number of concerned shoppers contacted local police.
Of course, this isn’t the first time that hackers have displayed obscene images on electronic billboards – and they have even f**ked around with road signs in the past.
All of these hacks have the same explanation: lousy security.
For further discussion of this incident take a listen to this episode of the “Smashing Security” podcast:
Smashing Security #036: 'Flash? Clunk flush... and hacking security researchers'
Listen on Apple Podcasts | Spotify | Google Podcasts | Pocket Casts | Other... | RSS
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
5 comments on “Hackers hijack central Cardiff billboard to display swastikas and more…”
Actually, this one was because the controller accidentally showed the TeamViewer password on the screen. This one was caused by human error, the hardest computer problem to fix. Actually, people are probably the largest computer security threat there is: we can be fooled easily, we can be gullible, we can be dumb, et cetera. The easiest way to make a computer safer is to limit the amount of chances that people have to screw everything up. For example, here: if an automated script chose what it showed, not people, then this probably wouldn't have happened.
In conclusion, people suck. We do. We're at fault here. It's the hard truth.
But what can we do about it? First, we should remember that these people mean well: for example, here: it was an innocent mistake. They moved it away, but too late. So, if we can actually predict the ways that people could mess things up, we can teach them not to do that. Seems obvious now, right? Say, if we told them not to put the login info in front of the display image, then they would be more careful about it. Sure, its not a perfect fix, but it would probably have prevented this here.
Another thing: businesses shouldn't leave things like this up to chance. This, in retrospect, seems like it should have been foreseen. But, obviously it wasn't.
Wow. I never expected to do this. I surprised myself.
Summary: People are the problem here, and also the solution.
So in conclusion " the same explanation: lousy security." is still correct.
Security is 100% a human concern, because none of the expensive, innovative, advanced security technology does anything without the human factor properly installing, maintaining, and applying these security measures, which includes not protecting passwords.
It's called "Queen Street". Not "Queen's Street".
Thanks for pointing out the error. Now fixed!
In case anyone is in any doubt about the potential tragic consequences of hacking road signs and electronic billboards…