Security expert Chris Nickerson is often asked by clients to conduct penetration testing of their on-site security. Watch Nickerson and his team pull off a $24,000 heist in this video.
Nickerson and crew recently took on such an exercise for a client he describes as “a retail company with a large call center.” With some prep work, Nickerson says the team was able gain access to the company’s network and database quite easily. Read on to find out how they did it and what lessons you can take away for shoring up your organization’s defenses.
Write a 100 word reflection
someone wrote this
do not copy anything from here
Chis Nickerson and his tiger team of penetration professionals was hired to conduct a penetration test for Jason of Beverly Hills which specializes in customized jewelry for Hollywood personalities. Although they were not able to enter the facility using “break-in” techniques, they were able to walk in through the front door. They use a variety in social engineering tactics to “sweet talk” their way inside. Social engineering is a deceptive way for individuals or groups, primarily using the skill of charm and acceptance, to gain access to confidential resources or information that they would normally not be authorized (Hulme & Goodchild, 2017). It can be done in person, telephone, email, and most any other form of communication.
As part of the tiger team’s social engineering strategy, they were able to get an employee to put there thumb drive in her desktop computer, thus, granting them access to the corporate database via a program running from the thumb drive. While there, no one of the employees there ask them for any credentials to show that they were magazine representatives. It was quite easy for them to roam around the company with no challenges from the employees. The team was able to gather intelligence for their test by taking pictures (with no challenges), wearing a hat cam, and social networking activities with employees. They also used a technique to glean information from the front door HID and used the information. An overall excellent use of social network was displayed in this video and clearly shows that the organization could use some user awareness and training.
Hulme, G. and Goodchild, J. (2017). What is social engineering? How criminals take advantage of human behavior. Retrieved from https://www.csoonline.com/article/2124681/social-engineering/what-is-social-engineering.html