This is a truly amazing social engineering story.
How a man off the street infiltrated a FTSE finance firm | 8 May 2009 | ComputerWeekly.com:
"He spent a week in the building undetected, during which the following took place:
Greenlees spent the first morning watching people entering and leaving the premisesto get an idea of security in reception. After lunch on that first day he decided to gain access by tailgating people as they swiped their access cards. He pretended to be on the phone and signalled to people that he wanted the third floor. He entered a glass meeting room, calmly hung up his jacket and started to work on his laptop. Within 20 minutes he had seen a confidential document, which had been left on a desk. It concerned the merger of two household names worth £434m. He accessed different floors, rooms, store rooms andfiling cabinets, and found information on desks. He used tricks such as holding two cups of coffee so people would open normally secure doors for him. He gained access to the data room by pretending to carryout a security audit. He was given information about the company's network and was able to plug his laptop in as a result. This gave him access to confidential customer, employee and company data. Greenlees got hold of an internal phone directory and, using an internal phone, he pretended to be an IT support worker. Hemanaged to get usernames and passwords from 17 of the 20 people he asked. He even smuggled another, more technical, consultant in to help him analyse IT systems. Greenlees was soon on first name terms with security staff."
No comments:
Post a Comment