Getting past Conference Security – Do you think like a Social Engineer

Get in touch

Getting past Conference Security – Do you think like a Social Engineer

international-conference-1597531__180

A while ago, I was speaking at a conference in the north of England. I wasn’t especially enamoured of the topic and was doing it as a favour for the organiser who was an old friend. I wasn’t “on” until late afternoon so I had a few hours to kill after lunch at the hotel.

In the conference centre next door to ours there seemed to be a great time being had. I could hear laughing, applause and debate filtering through the abandoned halls of the hotel and it seemed the best option for fun in the immediate vicinity. There was a problem though, it was a closed conference and I wasn’t invited. Security checking passes at the door, delegate lists, closed shop. How to get in?

I considered just wandering up and asking if I could sneak in for a few minutes but I canned this idea almost immediately as I could tell from the security, which was heavy for this type of event, I’d probably fail. Nope this one required a mixture of guile and careful planning if I was going to sneak my way in.

I did a circuit of the venue and noticed eight fire doors running down the sides of the hall, in addition to the front exit.   Fire doors can be tricky. I had no idea what the room layout was inside but if it was the same roughly, as in our conference next door there would be rows of chairs and a fire door opening would be noticed immediately as the person would be coming in from the side. No fire doors, and no other entrance that I saw.

Then it hit me.   I picked one thing up and just walked in. Stood up at the front of the conference and a little to the side of the stage and I had great views of the speakers until I had to leave and go and do my own slot next door.

What did I pick up?

Spoiler below, the answer to the Social Engineering riddle…..

 

How did I get past? And, more importantly, what is the prize for guessing it right?

Well, loads of you got it! I picked up a bottle of water and tapped a security guy on the arm, I just mouthed “speaker” and tip toed past. I picked my way through the chairs and just stood at the side politely. DONE.

Anyone, who got this answer right deserves a beverage and I will buy you one (not water) if you ever meet me in person and say “ I got past with water!” as your opening line. Having said that, the reason why I grabbed the water is perhaps less obvious, and so I am going to explain it below.

Firstly, however we need to consider, and applaud, other plausible answers including a camera, a microphone (you know me so well,) a clipboard, a name badge from the welcome table and a security guard, all of which I have tried successfully in the past, although my infamous “Tower of London” break in used a combination of a bottle of water and an embarrassed security guard to be fair.

The truth is that although in this case the “answer” was water, the real story here is the quick thinking and improvisation that is at the heart of social engineering.

A good social engineer might find themselves without access to tech, props or much else when on a job, and being able to use whatever is at hand to “get past, get in, or get out” is as important as being well prepared in the first place.

The process of assessing a space for exits, threats and props becomes automatic and is part of a mindset that comes with experience and practice, as much as anything else.

Whilst cameras, microphones and clipboards are all plausible tools here, ideally you should always be looking for the simplest solution, the one that requires least acting and preparation. The more complex the lie, the more difficult it will be to sustain it. If you can grab either someone else’s name badge or a bottle of water, go for the water its less complex, more likely to work, easier to explain away.

In fact I would to any prospective S.E I whilst I would always say you can never prepare enough, the job demands you to think on your feet, take a few risks and improvise quite a lot. You need to be ready. Thinking like a Social Engineer isn’t just about picking up the right prop, its also about knowing why that prop will work better than another one.

Now, where’s that security guy gone….

 

 

Tagged with: , , ,
Posted in Social Engineering, The Deception Chronicles
| Website designed & hosted by Cyberfrog Design