Social Engineering - Christopher Hadnagy [146]
Miscellaneous Lock-Picking Tools
In addition to tension wrenches and picks, a social engineer may want to employ some other tools, such as shove knives, bump keys, and padlock shims, to gain physical access. Some of these tools, when mastered, can make the job of physical access effortless.
Shove Knives
The shove knife, shown in Figure 7-6, is hailed as the quickest way to gain access to office doors or any door with a knob lock, such as server rooms or office doors. Basically this knife can slip into a position where it can release the latch without damaging the door.
Figure 7-6: A typical shove knife.
Bump Keys
Bump keys have been around for ages, but have been getting a lot of notice in the news because they have been used in crimes. Bump keys are specially designed keys that allow the user to “bump” the key into the lock with light force that when done right, puts all the pins in proper alignment and allows the plug to be turned without damaging the lock. The basic technique is that you put the key inside the lock and pull it out one or two notches; then you put light tension on the key and use a screwdriver or other small object to “bump” the key into the lock using light force. This action forces the pins into the proper position and then allows the plug to turn. Figure 7-7 shows a bump key.
Figure 7-7: A typical bump key for a door.
Padlock Shims
A shim is a small piece of thin metal that is slid into the base of the padlock and used to release the locking mechanism. The shim is shoved in at the base of lock shaft, separating the locking mechanism from the shaft and unlocking the padlock. This is shown in Figure 7-8.
Figure 7-8: How a shim works.
Figure 7-9 shows professional-grade shims but you can also make a pair out of an aluminum can.
Some recent stories (www.youtube.com/watch?v=7INIRLe7x0Y) show how easy it is to bypass a hotel or other door with a chain lock. This particular video shows how an attacker can tie a rubber band around the lock and, using the natural tension of the rubber band, get the chain to slide right off. As well, MIT has a freely distributed guide (www.lysator.liu.se/mit-guide/MITLockGuide.pdf) on lock picking that is much more in-depth than the brief introduction included in this chapter.
Figure 7-9: Professionally made shims.
You might be wondering whether locks that are impossible, or at least hard to pick, exist. The Bump Proof BiLock (www.wholesalelocks.com/bump-proof-bilock-ult-360.html) is just such a lock. Its two cylinders make it near-impossible to bump or pick easily.
One of the problems I have seen in my career is not the lock choice but rather the security supporting the lock. Very often, a company will buy a heavy-duty lock that requires biometrics and key access to get to the server room, but right next to the door is a small, single-paned glass window. Who needs a lock pick then? A thief will break the glass and gain access without much effort.
The moral of the story is that a lock alone won’t make you secure. Security is a mindset, not a simple piece of hardware.
Not every social engineer must be an expert locksmith, but having some basic knowledge on how locks work and a bit of experience picking locks might make the difference between a social engineering success and failure.
This discussion just scratched the surface of the topic of the lock-picking tools a social engineer can use. One of the other toolsets that is invaluable for a social engineer is recording devices, as discussed in the next section.
Cameras and Recording Devices
Cameras and recording devices seem so “peeping Tom-ish” that many times the question arises, “Why? Why use hidden cameras and covert recording devices in an SE gig?” Good question. It has a simple two-part answer: for proof and protection.
Let’s discuss the concept of proof. As already mentioned, a social engineering audit is where you are testing people. It is trying to