We’re all familiar with movies such as "Mission Impossible" or "Oceans 11" which depict spectacular break-ins featuring some high-tech method of defeating the elaborate security systems used to protect the valuables. Though this makes for an entertaining movie, in reality, many times the easiest way into a supposedly secure area is by means of a low-tech solution. Johnny Long is a professional ‘penetration tester’ working for Computer Science Corporation. His task is to find weak points in a company’s information security. One of his favorite examples involving low-tech hacking of a security system was in trying to steal data from an ultra secure building protected with proximity card readers. Knowing that by law, employees do not need to show identification to leave a building, he didn’t bother attempting to bypass the card readers, instead he and an associate simply threaded a wet washcloth on a clothes-hanger through a small crack in an emergency exit, tripping the touch sensitive plate and allowing them total access to the building. Coffee or smoking breaks are another common means of gaining access to restricted buildings. Simply dressing for the part and making light conversation with the employees out on break usually allows him to just file in the door with the rest of them, no questions asked. Places that require secure operations are increasingly becoming aware that their weakest point of entry is through their employees whether it be data networks, physical access or just plain slips through conversation. As Jeff Moss, the organizer for cyber-security conferences Black Hat and Defcon observes, "There’s a tendency in our industry to focus on the latest and most interesting attack," he says. "But Johnny is trying to show that the simple security problems that were spotted a long time ago haven’t gone away, and the bad guys will use whatever’s available."
Similarly tagged OmniNerd content: