the original cloud security

camera.txt

camera.txt
Posted Aug 17, 1999

Video Cameras and Social Engineering: Another Excellent Tutorial by Bernz.

tags | paper
MD5 | 6619f3c69723c1cd063986beb0fd5719

camera.txt

Change Mirror Download
Live Social Engineering: The Camera Trick

by Bernz
Special Thanks to: Dumb security personel in corporation buildings everywhere.

We live in a world where video and film cameras create a certain attitude. Watch the news
one day. A camera and a reporter shoot a story. Everytime a pedestrian walks by, they turn to the
camera, make a stupid face and grin. They are happy for those 3 seconds of background exposure.
To me, this is an idiotic attitude, but it also represents a tear that can be converted into a chasm of
a security hole.
If someone told you sincerely, "I'm gonna put you in a movie", you'd be happy. You'd
get your big dose of mass communication fame and fortune. Actually, we probably would think
he's an undercover cop and move out of state. But we're a weird bunch and we can't assume
everyone's a paranoid little fuck.
What this brings me to is that almost everyone in the world loves the camera. This is a
security flaw, believe it or not, that can be exploited to a great degree.

What do you need?

First thing's first. You need a camera. I would prefer Hi-8, but an old 8mm would do just
fine. It must have sound and a realitively clear picture. Lots of videotape and batteries are good.
You'll also want a boom mike and a friend to carry it for you. Like all social engineering,
professional appearance is what matters most of all.
Next, you need credentials. You can't just walk into your mark's office and say "I'm
gonna take video." The fact that you have a camera and a sound guy is great and lends quite a bit
to your appearance, but you need an edge. Hence, the film student. Almost every state has a
college with film students in it. Finger accounts at these colleges. A great majority of colleges
uses Student ID numbers for logins. Use a desktop publisher and whip up some fake IDs on
cardstock. If you can't do this on your own, someday i'll get off my ass and make templates.
Make sure the names correspond to your sex. If you've got a beard and your "name" is jennifer, I
don't think you'll be taken seriously.

Entrance

You have your alibi for your appearance and your equipment. Go to the front office and
talk to whoever it is that lets you in. Point the camera at the security guy. Tell him you're film
students or even better, news interns, shooting documentary footage on local <fill in company or
governmental position here>. Security guards are not noted for their intelligence, nor are they
noted for good pay and fun lives. Any chance to be on america's or even <name a county or town here>
television will make them cooperative. They'll probably give you clearance if they can. If you have
to keep up subterfuge to get in, do it. I can't instruct that as it is a case to case situation.
A boss might have to confirm this. Even if it is a government place, chances are it's a
Dilbert-esque environment. The bosses are moronic and the workers are dim and without energy.
The boss will let you in to promote his office (and himself). Anyone in any corporate structure
desires to advance much furthur. A good report on local news can definately help that out. That
one-eyed god on your shoulder can enlighten any environment though. Cameras bring an odd
sense of wonderment to those being filmed. If they think youre legit, they'll wnat you around
because you can only do them good.
If you're going to use the news scam, wear your fake IDs on the outside, like a real press
person.

In! Post-It Note Salvation

So they let you in for a tour. Idiots.
First is first, aim your camera at everything. Most important is ask about their "Jump into
the 21 century." Companies love the fact that they have the money for kick ass computers and
have no compunctions about showing that to anyone who comes along. They'll start blabbing
about their network and their T1 connections and all that shit. They'll log on for you. Aim the
camera at the keyboard at the best angle you can and record the typing. It doesn't matter if you
can see it right there or not. That's the beauty of video..check it out in slow mo at home.
Next, as you pass any post-it notes, check em out on video. Those little yellow bastards
are like water in deserts. Every office has idiots who write passwords on them.
After that, just walk around. Get ANYTHING on tape you can. Videotape is cheap, don't
be afraid to waste it. Check out security. Check out their UNIX server. Check out everything.
Use your head and just look. That's all I can say.

Clean-Up

Throw your tape in your VCR and go over everything. Look for any lapses in security.
Any passwords. Slo-mo through typing and post-it notes.
The hard part is getting in. After that, it's pretty easy.

Love and injuries,
bernz (bernz@ix.netcom.com)

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    10 Files
  • 23
    Sep 23rd
    1 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close