In Depth
Social Engineering: Anatomy of a Hack
How a social engineering expert gained access to extremely sensitive information with little more than a thrift-shop shirt, a plate of cookies and a Linksys box
By Joan Goodchild, Senior Editor
The receptionist said "Four or fives miles down the road there is a McDonalds. But we have a nice cafeteria here. If you want, you can just eat in there."
Being allowed to go to the cafeteria gave me full access to the facility because the only thing that was guarded was the door. The cafeteria lead right into the rest of the building.
So I went into the cafeteria and ate. While I was there, I did USB key drops. I put files on them with names like 'Payroll' or 'Strategy 2009.' The USBs had rootkits on them. Many contained an autorun rootkit. Others had Hacksaw, which is a little piece of tech that you can use with a U3 drive. You plug it into a machine and, if the machine has auto run on the CD-Rom running it, it will just start dumping all the passwords, usernames, all that. It will also put a hook into the machine to start emailing that information out to an email account that you give it to contact. So, even after I left, I could still be filtering information. It only takes about 30 seconds to enable itself.
When I do this kind of exercise, I put USBs in areas that people are in where they might forget something: The bathroom, for instance, on the sink. Another good area is near the coffee machine. Areas where people naturally put things down where they might not remember to pick it back up. I've never done USB key drops without success.
Meanwhile, I had another one of my guys go in through the smoking door in the back. He hung out, waited, had some cigarettes with people who came out to smoke on break, and when they were done, the door opened and he just cruised in. Yet another exercise to prove it really doesn't take much to get inside.
Eventually, once he was in, I had him come and get me in the cafeteria. That was so it appeared on the security tapes as though someone was coming to get me out of the cafeteria to escort me to whatever meeting I was going to attend. We went through and found inside of this giant 100,000-square-foot cube farm a few seats that were wide open and just sat down.
There was no one around us. So, we started pulling keys. We used things like Ophcrack to start cracking Windows passwords and dump them into Linux. We started putting our machines on the networks so we could start doing pen testing and hacking active servers in the environment. We put up things like WRT 54G routers: the little blue Linksys wireless units. We took those, stuck them under a cube, put Unix on them and opened WRT. That made it so I had a wireless access point I could hit not only from the parking lot, but it also beacons and calls home so I had a Unix box that sits inside their network.
social engineering
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
