We cut our journalistic teeth on the information security beat, which means we’ll always have a soft spot for great hacker yarns (such as this one). Sometimes, of course, the greatest break-ins don’t start with port scans, but rather with a more archaic form of trespass. Such was the case at an anonymous company that hired these guys to vet their security. To start the so-called penetration test, an operative was dispatched to check out physical security at the company’s headquarters. The verdict? Epic, hilarious fail:
When he entered the building on day one, “Bob” walked by security and rode the elevator to the first available floor. Within minutes, he had located an empty cubicle, connected his laptop, and started scanning the network. On day two, he entered the building and successfully commandeered another floor and cubicle. Within the next few days, Bob was reserving conference rooms—and in some cases, asking occupants to leave when they overstayed their reserved time.
This madness continued for the next four weeks. When Bob was not scanning the network or trying to locate vulnerabilities, he started collaborating with employees. Within this short period of time, he was participating in birthday parties, pot luck lunches, and numerous other social events. Additionally, Bob was frequently seen rummaging through filing cabinets, taking pictures inside the facility, and moving floor to floor, working at his computer in different places.
(Our italics.) Folks, if you see a suspicious character rummaging around your company’s file cabinets, don’t be afraid to ask for ID. And for pete’s sake, don’t give ’em any cupcakes.
(h/t InfoSec News)
Jordan // May 19, 2009 at 11:02 am
Looking like you know what you’re doing makes all the difference in the world. One time I was going to visit an old boss of mine and discovered that my old ID card, which had continued to work for a couple of years after my departure, didn’t work because the system had been changed. So I just followed someone else who was heading for the elevators, they held the key card locked door for me and I peeled off once I reached the right floor. No one ever made a peep.
Brendan I. Koerner // May 19, 2009 at 11:56 am
@Jordan: That’s basically how I was able to enjoy such a stellar–er, “stellar”–underage drinking career.
Gramsci // May 19, 2009 at 1:20 pm
Reminds me of the guy that’s gotten into every Super Bowl without a ticket (yes, even the Super Bowl after 9/11). Rick Reilly wrote about him a while back.
Brendan I. Koerner // May 19, 2009 at 1:24 pm
@Gramsci: Oh yeah, that dude actually wrote a book:
http://www.amazon.com/Confessions-Worlds-Greatest-Gate-Crasher/dp/1931643253