Winkler, Ira Ride Along: Anatomy Of A Break-In Information Week January 1, 2006 http://www.informationweek.com/news/security/cybercrime/showArticle.jhtml?articleID=175800582 . Link Accessed: 2009-01-22.
Keywords: IT security, physical security, espionage, social engineering
Abstract: Perceiving problems with physical security and end-user systems, a CIO of a Fortune 500 company secretly commissioned a group of IT security professionals to perform a preassessment of the organizations IT security stance prior to a formal audit,. Ira Winkler of Secure Enterprise outlines the very effective, yet simple, low tech, low budget reconnaissance/espionage techniques his team used to infiltrate this Fortune 500 company’s premises and its critical information assets in just two days. Winkler’s team employed social engineering methods to gain access to buildings, computer rooms, executive offices, file cabinets, desktop machines and email accounts of employees as well as the CEO. Pretending to be the CIO, Winkler called the reception desk and was able to get his team – posing as subcontractors - access badges to server rooms where they found the primary domain controller (PDC) logged into the administrator account, which was not locked. Even with other people in the computer room the team was able to add a user account in the administrator group of the PDC. This gave the team control of the entire organizational Window’s infrastructure. They then proceeded to download and crack password files. The team even managed to get a guided tour of the company’s network operation center (NOC) where they were able to record IP addresses and system names of the network management machines as well as apply a network tap while their guide was distracted. Winkler’s lesson is that by focusing on accessing critical information first and employing social engineering techniques, any malicious party could achieve the same results in minimal time. The key is to IT security is to be diligent about security practices within the organization.