Social Engineering - Christopher Hadnagy [175]
Tim did a few other things in the office such as set up a connection on another machine, which gave him network access remotely. He also set up a remote listening device, the kind that uses a cell phone SIM card. He could call its number from any phone on earth and listen to conversations from anywhere in a 20-foot radius.
After just a few hours Tim left the target’s company and went back to his office. He was excited to see whether this all worked, but he still had a few more ideas to try.
Early the next morning he made sure his remote connections were still alive and he dialed into his listener to hear the early morning buzz of people coming into the office. The anticipation built as he waited to see whether first computer logs were coming through, capturing the admin’s username and password.
About one hour later Tim saw some logs coming through. He knew that he didn’t want to do anything that would compromise his connection, so he waited. Around 12:15 the logs stopped, so he figured the admin must be at lunch. He quickly checked his reverse shell and began to create a tunnel from the admin’s machine to the server back to his machine using the password he captured from the admin for the server
After the tunnel was connected he made a mad dash to copy as much as he could before 1:00 p.m. At that time he didn’t notice any logs, so he called into the listener and overheard someone asking, “Do you know how long this meeting is supposed to last?”
Figuring the admin might be at a meeting he made another attempt at a larger transfer. After about 30 minutes he noticed some activity so he stopped data collection and decided to wait until later. He didn’t want to alert the admin to anything fishy going on by slowing down his connection through a large transfer. He started to sift through what he grabbed from the server, knowing he hit the jackpot.
His job wasn’t over yet. That evening he did one more massive transfer, taking as much as he could get and then headed over to the company’s office again, social engineering his way in as he did before. Once in he headed over to the admin’s office, which was locked this time and pulled shut. He used a shove knife (see Chapter 7) to get in.
Once inside he turned off the virtual machine, then rebooted the machine after removing the USB key, and then he left the admin’s office the way he found it. He collected his listener and made sure his tracks were covered.
He exited the building to go back to his office and compile his findings. Of course, at the report meeting he walked in with a stack of printed documents and a hard drive full of what he was able to copy. This was enough to drop the jaws of every person in the room.
Applying the SE Framework to Top Secret 1
This story offers many lessons. It is an example of a perfect social engineer. It can be summed up as practice, preparation, and, of course, information gathering. All the skills he used we can imagine he practiced, from using a shove knife and creating tunnels to effective pretexting and information gathering.
I cannot reiterate enough the importance of information gathering. I know I have said it a thousand times, but this whole deal would have fallen through without Tim having the appropriate information.
Being prepared through phone calls and onsite visits, and having the right hardware, led to success. Analyzing this hack, you can see some of the fundamental principles of social engineering at play.
Tim was a master at information gathering, using web resources to pull up all sorts of nuggets, expert elicitation skills while on the phone, as well as masterful persuasion skills in person. These techniques allowed him to