Slashdot Mirror

← Back to Stories (view on slashdot.org)

Undercover Hacking, For Money

Posted by timothy on from the nice-work-if-you-can-get-it dept.

Dollyknot writes: "Amusing story of a guy employed by IBM to check companies security out by trying to con his way onto their premises." This sounds like a fun job, to say the least, and supplies at least two good reasons to own a digital camera.

5 of 246 comments (clear)

  1. Kinda like Sneakers.... =-) by grape+jelly · · Score: 3, Informative

    Does anybody here remember the movie Sneakers? It's a bit old (1992), but still very good. A team of guys normally hired to physically break into places to prove it can be done and find weaknesses in security are hired for a slightly more illegal mission than their usual fare -- to steal a mysterious black box from a famous mathematician. While screwing around with it, they find it is a mathematical wonder capable of bypassing any US encryption system. Great geek movie, and definitely underrated in this review. =-)

  2. Re:Whatever happened to... by BAKup · · Score: 2, Informative

    Everyone owns shreders(not the Ninja Turtle kind) nowadays...Even I don't let potentially important info go into the trash without being shreded. It's *very* difficult to get information off of a sheet of paper that's been through a crosscut shreder.

  3. Similar to this....... by whanau · · Score: 3, Informative

    If you liked this story on physical hacking I suggest a trip to infiltration.com. It contains guides and how-to like articles for sneaking into hotels, exploring hospital, derelict buildings and the like. Excellent reading for the armchair sneaker

  4. Re:How about hiring real security guards? by LWolenczak · · Score: 2, Informative

    The problem is that most guards will let you through if you seem to:
    A) fit in
    B) seem to be legit

    I have two customers that have fairly high security buildings. One, I went to the break room, and had yet to be informed the combo on the door, the gaurd just let me in when I told them that I got locked out.

    At another customers location, I just told the guard that I was delivering some software. The guard gave me a day pass to the entire complex.... The receptionist (who was new, and I did not know) voilated their own security policy by not stopping me when I walked bye. Keep in mind, I did not blend in, Policy there is slacks, and a tie. I was wearing blue jeans and a polar fleece sweater, plus I'm more or less a long haired hippy.

    Keep in mind that these are legit cases, but guard's jobs are very mundane, and locations such as server rooms should be protected by lock and key at the least.

    One customer broke through the back wall of their server room... why I don't know, but they have a combo door lock on the door... the only one in their entire office. but, you can just walk around to the other side of the room and enter from the back, where there is no door.

    *shrug*

    I guess its a property of the large corperate world, stupid decisions = bad security.

  5. Tight security by einhverfr · · Score: 4, Informative

    There are a few ways to make a complex secure:

    1: Require cardkeys to park a vehicle. This makes it more inconvenient for an attacker. Better yet, require an ID badge to bring a vehicle into all premises except for deliveries (restrict to a small area).

    2: Think choke points and isolation levels. Always assume that at least one level of security will be broken and plan for it.

    3: Keep the teams that have access to high security areas small and ensure that they know eachother. This helps there.

    4: Electronically monitor server rooms. Cardkey and camera should be used for surveillance and there should not be a reason for maintenance workers to have access to the server rooms at all.
    This means no garbage cans permanently stationed there. If janitors have access, then they become the weakest link...

    I am actually surprised how many problems people have protecting their server rooms...

    --

    LedgerSMB: Open source Accounting/ERP