In Depth

Social Engineering: 5 Security Holes at the Office (Includes Video)

We poked around a secure building with social engineering expert Chris Nickerson and found several ways a criminal could get inside and access sensitive data

By Joan Goodchild, Senior Editor

Page 3

Trash Compactor
Our aim was to find ways a criminal could possibly enter the building and pull off a theft or other kind of security breach. But as Nickerson pointed out, the facility's trash compactor brings the sensitive information outside and more directly into the hands of a thief.

"Because they are compactors, it usually means they hold five times the amount of sensitive and bad stuff because they take forever to get emptied," he said.

A savvy criminal could rent a vehicle that looks like a legitimate business van or car, such as a generic white van, park next to the compactor, and "shovel it in," he said. Some even go as far as to make a decal with a business logo that can be affixed to the side of the vehicle so no one will question why the compactor is being emptied.

Technology makes it easier than ever for someone to pose as someone they are not. It is simple now to go to a copy shop or graphics store and produce a business decal that looks legitimate. However, one of Nickerson favorite ways to prep for an assignment is at a good, old-fashion pawn shop. He looks for, and often finds, shirts and uniforms with company logos that can be used in an assessment test.

"You look at the facility and get an idea of what some of the outs are: the sprinkler and lawn care service, the trash service, the internal cleaning services. Try and get a profile of what they look like. Then go thrifting that day looking for things. Fifty to sixty percent of the time I will find them."