Skip to main content

Published Article in 2600 Magazine: My Voice Is My Key

Below is the second article that I had published in the Autumn 2015 issue of the awesome 2600 magazine.
The idea behind the article was to provide an insight into how pliable people can be in order to help others and how they divulge information with everyday innocent chit-chat (this term is referred to as "Social Engineering"). 

Enjoy the read!

gerbil (follow me on Twitter: @gerbil)



My Voice Is My Key.

GerbilByte, 2015
So there I was. I was drafted in to work a second time for a small company (who again shall remain nameless, but for this article we will call the company Bumble Bee Internet Security Services) for several months. Again. As if I'd just copied-and-pasted this opening paragraph from my previous article (Taking Your Work Home After Work, 2600 2014/15 Winter edition – buy the back issue if you've not got it).
This time though it was a much better company – I was basically drafted to penetrate the physical security of a company that required their own securities tested in that area. Basically breaking in to “capture a flag” so to put it. I was asked to see how possible it was to sneak into “Room 123” - there would be an envelope in there taped underneath one of the desks. I took the challenge, not because of the interest I had in security, but it was what I was getting paid to do! The only information that I had was that there were security guards in the building 24/7.
And so my challenge started.


Part One – Information Gathering.
At about 08:30 one morning I drove to the target building, parked in a carpark across the road and watched the activity of its employees for a couple of hours. It was like a police stake-out but without the coffee and donuts.
The building really was secure. It was surrounded by a large perimeter fence, there was a carpark that around the back with paths that led to to main entrance and a small overused smoking shelter. The main entrance was accessible by the public.
I observed the entrance for a few minutes. The main people that were entering the building mostly wore suits and some in smart-casual. If I was to enter this building then I'd best be dressed the same way. Some people were carrying holdalls and a couple I noticed were carrying and wearing bicycle helmets. This told me there must be a bike shelter somewhere too!
The smoking shelter contained people smoking, which was bloody obvious. Some were on their own, some were holding drinks, some were young, others old, and some were talking to each other and having a general morning chat. Around the corner from the smoking shelter was a rubbish bin that contained an overflowing ashray and a recycling bin that overflowed with stacks of empty paper cups. This where I realise that this article is now sounding like a text adventure game I used to play on my spectrum. Exits were north, south and west.
About 09:15 the smoking shelter became more or less empty.
I decided to see what I could from the main entrance without entering the building. It looked very posh! Marble floor, green plants here and there, and at the far end of the corridor was a reception and a security window on the right hand side. Beyond these were card activated barriers that I guessed led to the lifts, stairs and offices.


Part Two - Putting My Plan Into Action : Phase One.
I decided for this job that I would attempt access to the building in the afternoon, but first I would have to get more solid information of the people who worked there, such as names, phone numbers, departments they worked for etc. How did I go about this?
Well, I came prepared. I wasn't wearing a suit but I was wearing a shirt, trousers and smart shoes. In the boot (trunk) of my car I had a tie, my laptop, a briefcase and a mechanics toolbox containing allsorts of car fixing tools, bulbs fuses etc., basically stuff that I wouldn't have a clue how to use if my car should get a puncture, but I digress – the toolbox is irrelevant to this article. What I didn't have was ID for the building, but this shouldn't be too much of a problem for me. I put on my tie and went to the nearest shop to buy some cigarettes.
Now, I am not a smoker, I'm more of one of them whingy ex-smokers; I gave up the habit years ago. I also bought an ID badge holder but fixed it to my belt in a way that it was permanently “reversed” so that nobody could see the “badge side” of it and returned back to the building with opened cigarette box in hand to chat to a few smokers. I walked towards the smoking shelter, taking half-full cup from the stack grew from the recycling bin.
The smoking shelter was was empty apart from one bored looking young lady stood on her own, so I went in the corner with my cigarette in my mouth and then awkwardly “searched” with one hand for my lighter, but being a non-smoker I didn't have one.
Excuse me miss,” I said as I approached the girl. “I don't suppose you can let me use your lighter?”
Of course you can,” she replied as she fumbled in her bag. I could see by her pass on her lanyard that her name was Lizzie ****. She passed me her lighter.
Hey thanks,” I smiled as I lit my cigarette and passed her the lighter back. “You look like you're having the time of your life,” I joked which was returned by a puzzled look. “My name is Norman. I'm new here,” I said quickly and held out my hand.
Lizzie,” she replied and smiled as we shook hands. “We've had quite a few people starting recently.”
Well that was a stroke of luck! A bit more small talk ensued and I found out that she was working on the Design team, her boss was called Derek Land and he was away for the week, leaving the team in a bit of a quandary and also there was another building to the company across town (Herald House). She was situated on the second floor and sat next to complete knob who called himself Jeremy. I was quite impressed with what information I could extract from just one smoker. After she left, I waited a short while before stubbing out my cigarette, disposing of the cup of whatever-it-was and returning to my car. The first phase of my plan was complete.


Part Three - Putting My Plan Into Action : Phase Two.
Back at home I had a brew and thought about the next part of my plan, about how I could use the information I had taken and use this for my purpose of getting into the building. In my head I formed a scenario which turned into a plan. It was risky, but nevertheless I decided to go ahead and try it, after all I had nothing to lose. Well, nothing but a pay cheque and a little bit of credibility. I spent the next few hours thinking of the scenario and as many “recovery” plans as I could should any obstacles get presented. What I needed to do though was to print the company's logo onto a small sheet of adhesive paper and stick it on the lid of my laptop so it looks like I belong there.
In the afternoon I was ready. Time to return to the building fully suited with a laptop and paper wallet under my arm that contained a few blank pieces of paper. I parked a few streets away and ran to the building to get a pit of a pant (I'm not the world's fittest man, I rate myself about seventh or so) and ran straight up to reception. The lady (Tina) looked up and smiled. “Can I help you?”
Hi. I'm really sorry but I've just rushed in for an emergency meeting but I've forgotten my pass,” I replied.
Oh, you'll have to go to security and get a temporary one for the day,” she said as she pointed across to the security window where I could see several guards watching monitors.
I walked over and was immediately greeted. “What can I do for you sir?”
Hi. I was just saying to Tina that I've just rushed in for an emergency meeting when I'm meant to be on leave,” I explained with a hint that I knew Tina the receptionist. I only got her name from her badge. “Please can you issue me a temporary pass for the day?”
The security guard smiled and looked away and presented me with a clipboard to enter my details. “Please can I take you name sir?”
Now this was a question. I had a false name made up with a made up job description who wouldn't be on the payroll. I also knew the name of somebody who did exist who wasn't in the office today. I decided to gamble – if I was successful then the rest of my plan would be plain sailing.
Derek Land. Manager of the Design team.”
The security guard looked at me and walked away from the window without saying a word. These are tense moments, especially for a beginner. What seemed about an hour later the guard returned with a pass in his hand.
Here you go Derek. Your credentials have been added to this pass, they should be ready in a few minutes. But I can't give this to you,” he said as he snapped it back from me. I was done. Task failed. Game Over. That was it. I was dumbfounded. I lost the gamble. But then he continued, “not until you return the visitor log so I can record the pass number.”
I immediately passed him back the clipboard and took the pass and thanked him.
Don't forget to hand it back to us before you leave.”
I won't do!” I exclaimed and ran towards and through the security barrier with my laptop, papers and my new “access to all Derek's areas” pass.


Part Four - Finding Room 123.
I was in. Well, as far as getting past the main security anyway. Now to find room 123 which itself shouldn't be too hard.
Assuming the numbering system ran in a logical order I could safely say that room 123 was on the first floor, so I climbed the first flight of stairs and found that all rooms on this floor began with 1.
Heh heh! Easy game! By looking on the little signs on the walls that gave directions to the different rooms I could see that rooms 120-135 where through a corridor beyond an electronically locked door that was opened by a card swipe machine. This was just past the tea room. I tried the door – it was definitely locked, so I popped into the tea room to decide my next plan of action and get myself a cup of tea from the tea machine. It was free after all! I took a sip and then realised why it was free!! It was bloody awful. I returned back to the locked door with my belongings and cup of the barely-bloody-drinkable and was lucky enough to get there just as somebody was walking through it, so I hurried to tailgate, but the very polite gentleman looked to see me rushing with my hands full that he kept hold of the door for me. Human nature can be a beautiful thing!
I thanked him and found myself in a secure area of the building, so I walked through the corridor behind the gentleman and found room 123.
Brilliant!
I opened the door, entered the room and closed the door behind me.


Part Five – Finding the envelope stuck under a desk.
I found the envelope that I was after, it was taped under a desk.


Conclusion.
So there you have it. With just a bit of friendly chit-chat with the girl, the receptionist and the security guard I managed to fulfil my goal and come away with the envelope that I returned to my challenger. And why did I do the things I did to achieve this?
Well that is another story, one that could last a lifetime. Social Engineering is one of them massive subjects which is better described and taught by people who know more than me such as people like Kevin Mitnick, who, in my regards is one of the masters in this field. But to make a start and to keep it short, heed these pointers:
  1. Suit. Always dress well, or to at least fit in with the crowd. You need to be part of it to blend in.
  2. Laptop/papers. These give the impression of importance. Always good in an office environment, especially if you are rushing somewhere. Another good thing would be to go in with a police officer – even the security guards would bow to a higher authority. Saying that, my policeman friend was on duty so couldn't help me out. I do have another friend who is a stripper with a policeman's uniform, but I'd be worried about him stripping in the office before oiling up.
  3. The “stakeout”. Always good for seeing what people are up to at certain times of the day and the kind of people these are and their behaviours.
  4. The “forgotten” lighter. This is one of my favourite techniques. You manage to get talking, and using the right words you can disclose a lot of info about the company that could be used.
  5. The empty cup. A prop used to make it look like I've just come out of the building for a smoke. I'm part of the scenery remember! ;)


So there you have it. Another quick insight into my life. Don't try any of the above at home (well, elsewhere), only try them if you have been legally asked to do so and have permission.
Now go to celebrate by having a beer. Unless you are a kid, in which case have a glass of cocoa! :)
Enjoy yourself and be safe.
Kind regards,
GerbilByte.

 

Comments

Popular posts from this blog

Dissecting WannaCry

Below is  brief overview of the inner workings of WannaCry. It is by no means a complete indepth account of what it does, but the inquisitive will learn a little bit without touching any code debuggers.

Enjoy the read!

gerbil (follow me on Twitter: @gerbil)



Dissecting WannaCry
Hi guys.

Before I continue to bore you to death, just a few points:

Firstly, before you read this page thinking you're going to unlock the mysteries of the world or even find the arc of the covenant, that isn't going to happen.
This page is basically a reformatted version of a text dump, i.e. a few of my notes that I took when I examined WannaCry. And I'm not prepared to write an indepth, detailed account with them notes.
So, that means it contains holes, either because I've missed it, didn't think it relevant (at the time), or because I was too lazy to include it, which is probably the main reason. I am only human after all! Cynics will probably read this document and point and poke at it sayin…

Gain the PIN to ANY bank card

Gain the PIN of ANY debit card.

***DISCLAIMER : I AM NOT HELD RESPONSIBLE FOR ANY DAMAGE, EMBARRASSMENT OR TIME WASTED FROM FOLLOWING OUT ANY OF THE TECHNIQUES DESCRIBED IN THIS ARTICLE***

Some people know me, other people don't.
In a nutshell I am one of those cyber security types, not the type that will find vulerabilities, exploit them then brag about them, but one who will find vulerabilities, then report on them and not brag. After all, I am a penetration tester, it is what I do for a job.
But sometime I may stumble upon a security flaw that I think should be reported to the public, to keep the reader safe and, well, alive.

Enjoy the read!

gerbil (follow me on Twitter: @gerbil)

-----

So, you've pilfered that debit card from your victim and you are seriously strapped for cash.

Well, one way you could go about this would be to take a few trips to the supermarket, buying bits of shopping (under £20) and take advantage of the fucking awful "contactless" chip that most card…

Published Article in 2600 Magazine: Take Your Work Home After Work

Below is one of the first articles that I had published. It appeared in the Winter 2014 issue of 2600 Magazine, an awesome magazine that publishes awesome things.
The idea behind the article was to provide an insight into mixing encrypted data into a normal .jpg image and pushing it through a firewall.

Enjoy the read!

gerbil (follow me on Twitter: @gerbil)



Taking Your Work Home After Work. GerbilByte, 2014
So there I was. I was drafted in to work for a small company (who shall remain nameless, but for this article we will call the company Bumble Bee Internet Security Services) for several months. At the end, as well as a juicy pay-check, I realised that I had written a load of little scripts that I wanted to keep. I zipped up my folder of goodies to email to myself and encrypted it for obvious reasons then attached it to an internal email to send it.
DENIED!
Bumble Bee Internet Security Services (BBISS from now on) was a company whose email systems were in "lock-down" …