• Choose a category
• All
• Classic-Fiction

I called her back a number of times over the next few days to get different versions of the MicroTAC Ultra Lite source code. It was like the CIA having a mole in the Iranian embassy who didn’t even realize he was passing on information to an enemy of the state.

If getting the source code for one cell phone had been that easy, I started thinking, maybe I could somehow get into Motorola’s development servers so I could copy all the source code I wanted without needing help from Alisa or any other cooperative employee. Alisa had mentioned the hostname of the file server where all the source code was stored: “lc16.”

On a long shot, I checked the current weather in Schaumburg, Illinois, where Motorola’s Cellular Subscriber Group was located. And there it was: “The snowstorm that began yesterday will last through tonight and into tomorrow, winds gusting to thirty miles per hour.”

Perfect.

I got the phone number for their Network Operations Center (NOC). From my research, I knew that Motorola’s security policy for employees dialing in from a remote location required more than just a username and password.

They required two-form-factor authentication—in this case, that included using the SecurID described earlier, a product from a company called Security Dynamics. Every employee who needs to connect remotely is issued a secret PIN and is given a device the size of a credit card to carry with him or her that displays a six-digit passcode in its display window. That code changes every sixty seconds, seemingly making it impossible for an intruder to guess it. Anytime a remote user needs to dial in to Motorola’s campus, he or she has to enter a PIN followed by the passcode displayed on their SecurID device.

I called the Network Operations Center and reached a guy I’ll call Ed Walsh. “Hi,” I said. “This is Earl Roberts, with the Cellular Subscriber Group”—giving the name and group of a real employee.

Ed asked how things were going, and I said, “Well, not so great. I can’t get into the office because of the snowstorm. And the problem is, I need to access my workstation from home, but I left my SecurID in my desk. Can you go grab it for me? Or can somebody? And then read off my code when I need to get in? Because my team has a critical deadline, and I can’t get my work done. And there’s no way I can get to the office, the roads are much too dangerous.”

He said, “I can’t leave the NOC.”

I jumped right in: “Do you have a SecurID for the Operations Group?”

“There’s one here in the NOC,” he said. “We keep one for the operators in case of an emergency.”

“Listen,” I said, “can you do me a big favor? When I need to dial into the network, can you read me the code from your SecurID? Just until it’s safe for me to drive in.”

“Who are you again?” he asked.

“Earl Roberts.”

“Who do you work for?”

“For Pam Dillard.”

“Oh, yeah, I know her.”

When he’s liable to be faced with tough sledding, a good social engineer does more than the usual amount of research. “I’m on the second floor,” I went on. “Next to Steve Littig.”

He knew that name as well. Now I went back to work on him. “It’d be much easier just to go to my desk and grab my SecurID for me.”

Walsh didn’t want to say no to a guy who needed some help, but he didn’t want to say yes, either. So he sidestepped the decision: “I’ll have to ask my boss. Hang on.” He put the phone down, and I could hear him pick up another phone, put in the call, and explain the request. Walsh then did something inexplicable: he told his boss, “I know him. He works for Pam Dillard. Can we let him temporarily use our SecurID? We’d tell him the code over the phone.”

He was actually vouching for me—amazing!

After another couple of moments, Walsh came back on the line and said, “My manager wants to talk to you himself,” and gave me the guy’s name and cell phone number.

I called Ed’s manager and went through the whole story one more time, adding a few details about the project I was working