Interesting take. Two intruders end up at the production line of a helicopter plant since they end up being convincing to the security guards at the facility. The moral of this is to know and follow your procedural requirements and think about everything said around you.
Announcement
Collapse
No announcement yet.
The Art of Deception
Collapse
X
-
The Art of Deception
Interesting take. Two intruders end up at the production line of a helicopter plant since they end up being convincing to the security guards at the facility. The moral of this is to know and follow your procedural requirements and think about everything said around you."We appreciate all the hard work you've done, the dedicated hours you have worked, and the lives you have saved. However, since this is your third time being late to work, we are terminating your employment here."Tags: None -
My man Kevin Mitnick. Feared hacker, security consultant, ex felon. I routinely preach social engineering defense. I offer to train conventional security personnel in information warfare awareness and social engineering defense, as well as Joe Corporate.
This article is the exact thing I preach about. Everyone from the secretary to the janitor needs to be aware of information security, social engineering attacks, and how they fit into the information battlesphere. (I love those big words.)
I have penetrated office buildings at night, during the day, etc. Sometimes on purpose, sometimes accidently. With a little con and a little forethought, you can get deep. Passwords, names, contacts, etc....Some Kind of Commando Leader
"Every time I see another crazy Florida post, I'm glad I don't work there." ~ Minneapolis Security on Florida Security Law -
We get criminals who flee from LE and jump our fence thinking their safe to hide out in our factory. They promptly learn that 1 we will slap the cuffs on you just as quick and 2 we will gladly allow pd in to hunt for you.Comment
-
Originally posted by 1stWatch.....
Interesting take. Two intruders end up at the production line of a helicopter plant since they end up being convincing to the security guards at the facility. The moral of this is to know and follow your procedural requirements and think about everything said around you.
*Observed the two w/o ID
* Stopped them and asked for ID. Refused to be distracted by small talk.
* Requested that they accompany him to the security office.
* Verified that the contact information was on-file in the computer.
* Actually contacted a company representative.
His only mistake was letting the visitor take over the phone. The problem is that clients DO NOT want their employees and visitors to feel like they are in a level 4 correctional facility. There is a fine line between enforcing security rules to the letter of the law and not irritating the client.
If the client REALLY wants a no exception policy and backs you up on it, then all well in good. Most put it in writing, but DO want you to be balanced and use common sense. It's a catch 22 sometimes.Security: Freedom from fear; danger; safe; a feeling of well-being. (Webster's)Comment
-
This is why social engineering works so well, nobody cares about security except the contract guard. "Oh, why are you bothering me, he obviously works here. Good night."
Next morning: "Well, how am I supposed to know?! It was 4 AM. Don't you have some kind of book or log or something of who works here?"Some Kind of Commando Leader
"Every time I see another crazy Florida post, I'm glad I don't work there." ~ Minneapolis Security on Florida Security LawComment
-
Originally posted by N. A. CorbierThis is why social engineering works so well, nobody cares about security except the contract guard. "Oh, why are you bothering me, he obviously works here. Good night."
Next morning: "Well, how am I supposed to know?! It was 4 AM. Don't you have some kind of book or log or something of who works here?"Security: Freedom from fear; danger; safe; a feeling of well-being. (Webster's)Comment
-
Originally posted by N. A. CorbierMy man Kevin Mitnick. Feared hacker, security consultant, ex felon. I routinely preach social engineering defense. I offer to train conventional security personnel in information warfare awareness and social engineering defense, as well as Joe Corporate.
This article is the exact thing I preach about. Everyone from the secretary to the janitor needs to be aware of information security, social engineering attacks, and how they fit into the information battlesphere. (I love those big words.)
I have penetrated office buildings at night, during the day, etc. Sometimes on purpose, sometimes accidently. With a little con and a little forethought, you can get deep. Passwords, names, contacts, etc....Comment
-
Originally posted by wilrobnsonSecurity: Freedom from fear; danger; safe; a feeling of well-being. (Webster's)Comment
-
We have seen similiar cons to this. One that is going now, is that the security office's phone number for residents is public so people have been calling in pretending to be homeowners putting their visitors (really themeselves) on the guest list.
This changed because the homeowners association got word about it so a unique code number has now been assigned to each residence. If you don't know your code number then we won't allow you to add anyone to the guest list when you call in. Sad thing is this is being foiled now by the same cons, because certaing jerk homeowners have given out their pass codes to other people too!But at least I am aware that this is going on. I report suspicious cases to the homeowners association. And they warn the homeowners don't give out your pass code because your liable for the damage caused by your guests!
Comment
-
Originally posted by The_Mayor..... And they warn the homeowners don't give out your pass code because your liable for the damage caused by your guests!
The association put up huge signs warning that such areas are under CCTV surveillance, and violators would be prosecuted. Word soon got around that there isn't any CCTV and no one has ever been charged, let alone convicted. So, it's business as usual.Security: Freedom from fear; danger; safe; a feeling of well-being. (Webster's)Comment
-
I really do not know the fine particulars of the contracts homeowners sign, but I do recall that a homeowner had to pay for a light post to be repaired because a guest of hers (friend of her son) backed into it or hit it somehow. I don't know if it is enforceable, but it is good to blow smoke, and scare them into thinking they are liable, we got to be a little deceptive too.Comment
-
Originally posted by The_MayorI really do not know the fine particulars of the contracts homeowners sign, but I do recall that a homeowner had to pay for a light post to be repaired because a guest of hers (friend of her son) backed into it or hit it somehow. I don't know if it is enforceable, but it is good to blow smoke, and scare them into thinking they are liable, we got to be a little deceptive too.People are always trying to find some way to 'beat the system.'
Security: Freedom from fear; danger; safe; a feeling of well-being. (Webster's)Comment
-
Originally posted by Mr. SecurityActually, this guard did exercise due diligence in trying to authenticate the "visitors." This is what he did right:
*Observed the two w/o ID
* Stopped them and asked for ID. Refused to be distracted by small talk.
* Requested that they accompany him to the security office.
* Verified that the contact information was on-file in the computer.
* Actually contacted a company representative.
His only mistake was letting the visitor take over the phone. The problem is that clients DO NOT want their employees and visitors to feel like they are in a level 4 correctional facility. There is a fine line between enforcing security rules to the letter of the law and not irritating the client.
If the client REALLY wants a no exception policy and backs you up on it, then all well in good. Most put it in writing, but DO want you to be balanced and use common sense. It's a catch 22 sometimes.
* Did not speak initially to the company representative himself.
* Let the suspect hang up the phone.
* Let the suspect walk away with the assumption what was said on the phone was in his favor.
* Did he follow up on the location of the suspect?
* Was the suspect removed from the building?
* Was a trespass warning issued?
* Was the suspect arrested?
Given the facts presented in this case, this person very well may have been an arsonist or a bomber, not just someone there to steal trade secrets or company property."We appreciate all the hard work you've done, the dedicated hours you have worked, and the lives you have saved. However, since this is your third time being late to work, we are terminating your employment here."Comment
-
Originally posted by wilrobnsonI love ezines like this. I think I've been here before. I remember the old BBS files on it, too.
Some Kind of Commando Leader
"Every time I see another crazy Florida post, I'm glad I don't work there." ~ Minneapolis Security on Florida Security LawComment
-
Originally posted by 1stWatchHere's what he did wrong:
* Did not speak initially to the company representative himself.Originally posted by 1stWatch* Let the suspect hang up the phone.
* Let the suspect walk away with the assumption what was said on the phone was in his favor.
Originally posted by 1stWatch* Was the suspect removed from the building?
* Was a trespass warning issued?
* Was the suspect arrested?Security: Freedom from fear; danger; safe; a feeling of well-being. (Webster's)Comment
300x250
Collapse
Channels
Collapse
Mid 300x250
Collapse
Leaderboard
Collapse
Comment