Slashdot Mirror

← Back to Stories (view on slashdot.org)

Undercover Hacking, For Money

Posted by timothy on from the nice-work-if-you-can-get-it dept.

Dollyknot writes: "Amusing story of a guy employed by IBM to check companies security out by trying to con his way onto their premises." This sounds like a fun job, to say the least, and supplies at least two good reasons to own a digital camera.

5 of 246 comments (clear)

  1. How about hiring real security guards? by bratgrrl · · Score: 2, Insightful

    Expecting ordinary employees, and even receptionists, to function as guards is absurd. There's no way to know who is supposed to belong in a big company, and who the hell has time to play company cop? give me a break. Put guards at the doors you don't want the wrong people going through.

    --

    ---

    SCO is weenies
    Gator is Spyware
    Microsoft is thugs

  2. Re:Kinda like Sneakers.... =-) by phillymjs · · Score: 5, Insightful

    Sneakers was a way cool movie, still very watchable and re-watchable even as it approaches 10 years old. Very entertaining, and has a very low head-shake count (i.e. elements that make you shake your head in disgust because they are ridiculously unfeasible, or where the technology is insultingly dumbed-down so the unwashed masses will 'get' it). An example of a movie with a high head-shake count, BTW, would be Hackers-- because among many other things, I've never met a geek that looked like Angelina Jolie, and never seen a Macintosh PowerBook Duo with an Intel CPU.

    ~Philly

  3. Double Standards by purduephotog · · Score: 3, Insightful

    I work for Corporate America

    In one sentance our values dictate respect for our fellow employees.

    In another, we are to firmly question anyone that 'does not belong' or is unexpected

    Recently our company hired a new diversity 'expert', and she was 'aghast' at the way fellow employees treated each other in the hallways

    Now I ask all of you sentinent people... how should we react when confronted with someone we neither recognize nor know, and how do we fullfill both of the philosophies?

    I used to work in a secure area, where if someone knocked I'd let them in but question and deliver them to the person they wanted... but now it's an open area- thus I don't exactly know the 250 people I now work with. Frankly the stress isn't worth it- any single one of them could be an auditor waiting to 'sneak up' and get you reported to upper management- it isn't fair.

  4. You can't beat a digital camera... by ayjay29 · · Score: 2, Insightful

    ...for getting passwords. I have one that can record about six minutes of video. It's so easy to set it running, then have it surreptitiously pointing at a keyboard when someone logs on. Then you can down load the MPEG, and go through it frame by frame.

    (Not that I'd ever do something like that, but as I do a bit of 'ethical hacking' as part of my job, I have developed a deviously cunning mind ;-) ).

    --
    Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated up.
  5. False security... by Talkischeap · · Score: 3, Insightful



    Heh... what a great job!

    Back in '77 after the first "break-up" of Pacific Bell, I was a telecommunications tech at a small interconnect in Santa Clara, CA (i.e. Silicon Valley), one of three troubleshooters in the company, so I usually worked alone. We had no company uniforms or other identifying paraphernalia, but my tool belt was my "badge".

    We sold state of the art (for the time. eh?) NEC microprocessor controlled, time division multiplex phone switches, and smaller office sized systems. Our switches kicked Pac Bell's ass, they ruled because the telcos in the USA we still in the dark ages.

    Anyhow, my territorry was from San Francisco (and the rest of the Bay Area) to Montery, we had phone systems in many high tech companies, so I was steeped in the culture.

    It didn't take me long to observe that I could go virtually anywhere in most of these companies, without question. Often even without a visitors security badge, company employees, and even security guards would open doors for me if my hands were full.

    It seemed that my tool belt and butt set (Linemans test set) hanging off of it, was all I needed to have the run of the place. I started to play a "game", to see just how good their "security" was.

    So here I am, this spikey haired punk rocker, in street clothes, but with my tool belt, butt set, and a professional attitude, walking up to a security guard and saying to him, "Hey, I need to look in that locked room over there to see if there is any phone equipment in there.".

    They allways walked over and opened it for me without question, and then walked away reminding me to lock it when I was done. I did this just for grins at many of the companies I visited.

    In those days, computers were still refrigerator sized, and filled large, lead lined, air conditioned rooms with raised floors, with lots of cabling under them, tended to, by clean-cut guys in long white lab coats (no kidding). And every company had a security guard at the door of these special rooms.

    One day I screwed up my courage and decided to see if I could gain access to one, I had zero reasons to go in there, since there was never phone equipment in these rooms. I nervously walked up to the door, looked the security guard in the eye, and he glanced at my tool belt and test set, and opened the door for me without a word between us!

    Next thing you know, I'm wandering around this large computer room, pretending to look like I know what I'm doing. None of the guys in there even pretended to notice me, I could have done what ever I wanterd, and nobody would have questioned what I was doing.

    At work, I started to brag about how people were so easily manipulated by "normal" circumstances. None of my coworkers believed me, they were just like the people in these companies, they were non-observent.

    One day, I needed some help, so I brought my boss along. We finished up our job and as we were walking out, I reminded him of my discovery, he said "bullshit!" . So I said "follow me", and walked toward the big computer room.

    The security guard didn't bat an eye, and unlocked the door for us without a word. I was the only one with a tool belt, my boss was also in street clothes, we could have been anybody, but the magic tool belt, butt set combo got me through again.

    My boss was blown away, and was also very nervous about being in this formerlly taboo computer room, so we exited. On the way out of the building, I couldn't resist, and stopped at random and asked the closest security guard to please open "that closet, over there", he of course, complied.

    My boss was very impressed, but wasn't at all happy that I was doing this for "fun", and the next morning at work, I was admonished to never do "that" again.

    I guess my point is, that people are easily fooled by normal seeming circumstances, and that security is often a Paper Tiger.

    --
    If it don't GO... chrome it. ~ Frank Banks