How To Sneak In To a Security Conference

← Back to Stories (view on slashdot.org)

How To Sneak In To a Security Conference

Posted by Soulskill on Tuesday February 28, 2012 @10:51AM from the equip-yourself-with-a-fake-beard dept.

jfruh writes "You'd think that, of all events, security conferences would have tight security. But one anonymous human pen tester managed to sneak into the RSA conference without credentials, using tried and true techniques like waving a badge from another conference at security guards and slipping in through exits."

28 of 189 comments (clear)

Min score:

Reason:

Sort:

Body language is an effective tool by Anonymous Coward · 2012-02-28 10:54 · Score: 5, Interesting

It's easy to avoid notice if you act like you know what you're doing, where you're going and that you belong where you are. Never stand still or look around.
1. Re:Body language is an effective tool by SJHillman · 2012-02-28 10:55 · Score: 5, Funny
  
  This is why I keep my lab coat from college. A lab coat says you know what you're doing. Throw in a clipboard and you're gold.
2. Re:Body language is an effective tool by vinehair · 2012-02-28 10:56 · Score: 5, Insightful
  
  It's easy to avoid notice if you act like you know what you're doing, where you're going and that you belong where you are. Never stand still or look around.
  Bingo. Simple tactics and social engineering are usually all you need if you really want to get at something.
  The weakest link in any security chain is always the people, and people are easy to deceive.
3. Re:Body language is an effective tool by oakgrove · 2012-02-28 10:58 · Score: 4, Funny
  
  And should you find yourself at a construction site just put a 2x4 over your shoulder and walk purposefully with a stern look on your face. Works every time.
  
  --
  The soylentnews experiment has been a dismal failure.
4. Re:Body language is an effective tool by PatPending · 2012-02-28 11:06 · Score: 5, Funny
  
  A construction site... or when you're trying to go backstage at a Village People concert.
  
  --
  What one fool can do, another can. (Ancient Simian Proverb)
5. Re:Body language is an effective tool by Anonymous Coward · 2012-02-28 11:07 · Score: 5, Funny
  
  whenever I go out shopping for something I end up being asked "do you work here"
  Do you always look bored and slightly retarded?
6. Re:Body language is an effective tool by Johann+Lau · 2012-02-28 11:13 · Score: 4, Interesting
  
  Exactly! As a hobby photographer it often amazed me how a decent camera and lens, plus the attitude you described, makes other people react sometimes or what it lets one get away with. Like stumbling into and through an area full of cops and only later finding out that civilians aren't allowed in there. Just act like you're on the way to something important, don't be a tourist, be light-hearted and content and focused. That is, even if you're just checking everything out, act like you're focusing on a task (it can even be just getting from A to B while checking your equipment (which in the case of this topic would be your mobile devices I guess :P)). Maybe even give a professional nod here and there haha. If nothing else, it's hilarious!
7. Re:Body language is an effective tool by CanHasDIY · 2012-02-28 11:24 · Score: 5, Interesting
  
  This.
  
  When I was doing gig work, I learned the easiest way to get backstage at a show is to appear on the loading dock a few hours before the event, wearing all black, and start helping the crew do their load-in (industry term for "take the shit off the trucks and set it up on stage"). Once load in is complete just hang around the backstage area until the show.
  
  The downside is, since you're dressed like a stagehand, you'll probably be treated like one, so don't expect to spend the whole show standing around with your thumb up your ass.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
8. Re:Body language is an effective tool by Anonymous Coward · 2012-02-28 11:28 · Score: 5, Funny
  
  Getting backstage at a Village People tribute doesn't necessitate stealth, just willingness.
9. Re:Body language is an effective tool by cptdondo · 2012-02-28 11:36 · Score: 5, Funny
  
  Long ago I learned that the best way to be invisible is to walk in dressed in overalls with a toolbelt, and announce "Plumber!" to everyone in earshot. You can walk into a women's bathroom, yell "Plumber!" and none of the women will even notice as you walk around....
10. Re:Body language is an effective tool by Delarth799 · 2012-02-28 11:37 · Score: 4, Funny
  
  If you shop at Wal-Mart everybody thinks everybody else works there.
11. Re:Body language is an effective tool by Anonymous Coward · 2012-02-28 11:37 · Score: 5, Informative
  
  You said this as a joke but that you're actually right makes it even funnier. Sometimes I wouldn't bother taking off my lab coat on my way home from work, and you wouldn't believe how much authority that granted me to those I passed into on my way home. People always think the most ridiculous things when they see a lab coat. Was I a rocket scientist, a doctor? A nuclear physicist? Or was I just just a guy who had to wear a lab coat and didn't really do anything that important? Except no one except those that realize how normal lab coats are thinks the last one.
12. Re:Body language is an effective tool by FatdogHaiku · 2012-02-28 11:48 · Score: 4, Funny
  
  If you look purposeful and/or busy at a construction site you run the risk of getting promoted...
  The whole sub-contractor structure avoids "Peter - Principling" everyone useful right off of the job site.
  Also, "a" 2x4 is a stone bust. At least 4 pre-cut studs or approximately 30 lin Ft of 2x4 is a load that will not single you out... at least until you toss it into your truck ;^)
  
  --
  You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
13. Re:Body language is an effective tool by The+Mister+Purple · 2012-02-28 12:02 · Score: 4, Insightful
  
  Default passwords remaining at default is caused by people.
  
  --
  "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." Feynman
14. Re:Body language is an effective tool by philip.paradis · 2012-02-28 12:40 · Score: 4, Funny
  
  That can be taken two ways.
  Wait, the previous sentence can be taken two ways. Crap, I think I just put this comment into an endless loop.
  
  --
  Write failed: Broken pipe
15. Re:Body language is an effective tool by Anne_Nonymous · 2012-02-28 12:42 · Score: 5, Funny
  
  If you wear Wellington boots, a jock strap, and a huge sombrero, people generally don't mess with you.
16. Re:Body language is an effective tool by Anonymous Coward · 2012-02-28 12:46 · Score: 4, Insightful
  
  Never stand still or look around.
  I find this, in general, to be a good guideline in life. If you stop to look around at the beauty and wonder of life people think there is something wrong with you.
  Yes! I've been asked if I'm alright, and know where I'm at. To the latter, I respond: "Yes. I'm right here!"
17. Re:Body language is an effective tool by msauve · 2012-02-28 13:05 · Score: 4, Funny
  
  "If you wear Wellington boots, a jock strap, and a huge sombrero, people generally don't mess with you."
  
  Especially if that's all you wear. Except in NYC, where you may get mistaken for the nekkid cowboy.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
18. Re:Body language is an effective tool by krept · 2012-02-28 16:02 · Score: 5, Insightful
  
  Find a pack of people smoking. They always know the easiest way to get out and back in quickly.
  
  --
  None of us know everything. Therefore we're all naïve.
19. Re:Body language is an effective tool by JWSmythe · 2012-02-28 20:30 · Score: 4, Interesting
  
  Yup.
  I've only circumvented security in places where I was allowed to be, but the people who were my innocent victims had no clue who I was. Much of the time, it's more bother than it's worth to get your badge.
  A lot of it depends on the type of event you're crashing. For something like this, being a member of the media is amazingly useful. I *do* run a news site. We never bothered with "legitimate" press passes. That is, there is no such thing. A stack of business cards is handy, but not required. Something printed on card stock with the name of your publication, laminated, and in a clip on or noose (err, lanyard) will open a lot of doors. The most important part is having a DSLR camera in your hand. You can get older ones pretty cheap on eBay. It's nice if it works, but just as an access pass, it doesn't need to.
  Dressing the part is a good idea. The media, unless they're to be in front of the camera, don't wear button up shirts or ties. T-shirt and jeans are perfectly acceptable, and actually preferred.
  Once you're press identity works, you can be pretty much lost, and get help. That includes getting in the back stage door for the better shots.
  I've walked on stage at concerts, right on the side lines at sporting events, and walked right up to the podium to take pictures. It can help to keep playing the part. I'm not sure if it's required, as I'm really taking photos for legitimate purposes. usually walking past security doesn't require any actual words to be spoken. Hold the camera up a little to show that you have one, and a nod are all it usually takes.
  It's a good idea to have some sort of dialogue planned out. It's usually just "who do you work for." It really doesn't matter who it is. Smaller is frequently better, especially if there's a chance the organization you say you are with may actually attend.
  If you don't want to go the press route, you can usually walk in with a crowd. Most events aren't secure enough to require every person to show their badges to go through every door. Blend into a crowd of 6 people or more going past security at the same time. Just make sure you're on the far side of security, so they don't notice that you didn't have a badge.
  Security generally has no idea who's suppose to be there at such events. The only way they have a clue is because you have the cool badge. For a lot of events, it's a piece of paper inside a generic plastic holder, sometimes on a lanyard. Some of us bring our own lanyards. That's no big deal. The problem with lanyards is, your badge can easily flip around, so all the see is the white back of it. That "accident" can let you right through, with a plain piece of paper in it. An empty plastic holder can be good too. "Shit it must have fallen out. Can I get one after this session is over?" Many events stop taking signups after the first few hours of the event, so getting a "replacement' is impossible, and your empty holder is just as good as a replica of the real thing.
  The biggest thing is, look like you belong there. Walk with a purpose. Ignore those commoners who are also attending. Have a good idea of where you're going, so you can walk directly there, without stopping. Wandering around like a lost attendee bulks you into the crowd of attendees, and you will likely e stopped.
  
  --
  Serious? Seriousness is well above my pay grade.
Security is about what you're securing. by Anonymous Coward · 2012-02-28 10:58 · Score: 5, Insightful

You'd think that, of all events, security conferences would have tight security.

No, I wouldn't think that. I'd think that a bank, or an event involving a US President would have tight security. Security is about what you're protecting, not who's involved in it. For the most part "stealing" admission to a conference is harmless, as long as a few people do it. The security only has to be good enough to make it so only a few people sneak in.
Security conferences aren't exactly a high profile event like, that appeals to millions (like say a Rock Concert), so people sneaking in is really not a big problem. If you didn't think you could sneak in to a conference before, you obviously haven't been paying attention.
1. Re:Security is about what you're securing. by Ruke · 2012-02-28 11:12 · Score: 5, Insightful
  
  Absolutely. There's no reason to have a conference be that secure. Spending an extra five-to-ten seconds per attendee checking badges would be a major disruption in crowd flow. The primary benefit of security at this event was to make the attendees feel special, and the secondary benefit was preventing overwhelming crowds. There's basically no reason to keep out any one person who's not supposed to be there; the panels are advertisements, and the information is as good as public. Security is in place to keep out crowds of people who aren't supposed to be there, and they seemed to do well enough at that.
Why? by hipp5 · 2012-02-28 10:59 · Score: 5, Insightful

You'd think that, of all events, security conferences would have tight security.
Why?
I suspect the cost/hassle of doing more than basic security outweighs the benefit of catching a few people who didn't want to pay the $100 conference fee. I doubt the information being presented is secret and needs protecting. And I imagine of all conference organizers, the organizers of a security conference would have best grasp on this security cost/benefit.
1. Re:Why? by slew · 2012-02-28 11:26 · Score: 4, Informative
  
  You'd think that, of all events, security conferences would have tight security.
  Why?
  I suspect the cost/hassle of doing more than basic security outweighs the benefit of catching a few people who didn't want to pay the $100 conference fee. I doubt the information being presented is secret and needs protecting. And I imagine of all conference organizers, the organizers of a security conference would have best grasp on this security cost/benefit.
  Of course in many conference venues (like the moscone center where the RSA conference is held), you must use the approved contractors that use local union labor to handle things like setup, teardown, electrical, network installation, theatrical services, and security. You don't really get to customize stuff like this too much, so security is probably exactly the same as any other conference at the same venue.
Large Concerts by war4peace · 2012-02-28 11:01 · Score: 5, Interesting

You can easily sneak into large concerts, gigs, expos, whatever if you have a cap with a TV station logo, dress shabby and carry a large video camera. If you don't have a camera, a set of cables or a tripod would do just fine. Badges? No need.
I used to work for a local branch of a known TV station, I had access to an old training video camera at all times. Every time there was a gig I wanted to attend to, I went to my workplace, grabbed that camera, went to the gig, got in, left the camera in one of the the tech rooms, achievement unlocked. Sometimes I brought my girlfriend in by letting her carry a microphone. We even interviewed a security dude just for the kicks.
So yeah, it's easier than expected.

--
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
"sneak" into a sales presentation? by mindcandy · 2012-02-28 11:21 · Score: 5, Insightful

RSA 2012 is basically a big sales presentation.
To suggest sneaking in is a big achievement is like saying you got into BestBuy a few minutes early one day to shop for TVs.
All you need is a clipboard by MrEricSir · 2012-02-28 12:00 · Score: 4, Funny

I used to carry my shopping list on a clipboard, but I had to stop because people kept asking me questions about various products or where to find things. It was funny the first few times, but after a while it started to get old.

--
There's no -1 for "I don't get it."
Re:even the subway may not check that close with b by maxwells_deamon · 2012-02-28 13:02 · Score: 5, Interesting

I was on the commuter train in San Diego. It was run mostly on the honor system but you can get a ticket if you can't show you have paid. It was packed and there was bairly room to stand
Two police officers jumped on and about 1/2 of the people (most looked like students) suddenly remembered it was their stop. Suddenly you could even sit down,