Microkhan by Brendan I. Koerner

What About Bob?

May 19th, 2009 · 4 Comments

We cut our journalistic teeth on the information security beat, which means we’ll always have a soft spot for great hacker yarns (such as this one). Sometimes, of course, the greatest break-ins don’t start with port scans, but rather with a more archaic form of trespass. Such was the case at an anonymous company that hired these guys to vet their security. To start the so-called penetration test, an operative was dispatched to check out physical security at the company’s headquarters. The verdict? Epic, hilarious fail:

When he entered the building on day one, “Bob” walked by security and rode the elevator to the first available floor. Within minutes, he had located an empty cubicle, connected his laptop, and started scanning the network. On day two, he entered the building and successfully commandeered another floor and cubicle. Within the next few days, Bob was reserving conference rooms—and in some cases, asking occupants to leave when they overstayed their reserved time.

This madness continued for the next four weeks. When Bob was not scanning the network or trying to locate vulnerabilities, he started collaborating with employees. Within this short period of time, he was participating in birthday parties, pot luck lunches, and numerous other social events. Additionally, Bob was frequently seen rummaging through filing cabinets, taking pictures inside the facility, and moving floor to floor, working at his computer in different places.

(Our italics.) Folks, if you see a suspicious character rummaging around your company’s file cabinets, don’t be afraid to ask for ID. And for pete’s sake, don’t give ’em any cupcakes.

(h/t InfoSec News)

Share

Tags: ···

4 Comments so far ↓