Twenty Year Anniversary


Posted Aug 17, 1999

Video Cameras and Social Engineering: Another Excellent Tutorial by Bernz.

tags | paper
MD5 | 6619f3c69723c1cd063986beb0fd5719


Change Mirror Download
Live Social Engineering: The Camera Trick

by Bernz
Special Thanks to: Dumb security personel in corporation buildings everywhere.

We live in a world where video and film cameras create a certain attitude. Watch the news
one day. A camera and a reporter shoot a story. Everytime a pedestrian walks by, they turn to the
camera, make a stupid face and grin. They are happy for those 3 seconds of background exposure.
To me, this is an idiotic attitude, but it also represents a tear that can be converted into a chasm of
a security hole.
If someone told you sincerely, "I'm gonna put you in a movie", you'd be happy. You'd
get your big dose of mass communication fame and fortune. Actually, we probably would think
he's an undercover cop and move out of state. But we're a weird bunch and we can't assume
everyone's a paranoid little fuck.
What this brings me to is that almost everyone in the world loves the camera. This is a
security flaw, believe it or not, that can be exploited to a great degree.

What do you need?

First thing's first. You need a camera. I would prefer Hi-8, but an old 8mm would do just
fine. It must have sound and a realitively clear picture. Lots of videotape and batteries are good.
You'll also want a boom mike and a friend to carry it for you. Like all social engineering,
professional appearance is what matters most of all.
Next, you need credentials. You can't just walk into your mark's office and say "I'm
gonna take video." The fact that you have a camera and a sound guy is great and lends quite a bit
to your appearance, but you need an edge. Hence, the film student. Almost every state has a
college with film students in it. Finger accounts at these colleges. A great majority of colleges
uses Student ID numbers for logins. Use a desktop publisher and whip up some fake IDs on
cardstock. If you can't do this on your own, someday i'll get off my ass and make templates.
Make sure the names correspond to your sex. If you've got a beard and your "name" is jennifer, I
don't think you'll be taken seriously.


You have your alibi for your appearance and your equipment. Go to the front office and
talk to whoever it is that lets you in. Point the camera at the security guy. Tell him you're film
students or even better, news interns, shooting documentary footage on local <fill in company or
governmental position here>. Security guards are not noted for their intelligence, nor are they
noted for good pay and fun lives. Any chance to be on america's or even <name a county or town here>
television will make them cooperative. They'll probably give you clearance if they can. If you have
to keep up subterfuge to get in, do it. I can't instruct that as it is a case to case situation.
A boss might have to confirm this. Even if it is a government place, chances are it's a
Dilbert-esque environment. The bosses are moronic and the workers are dim and without energy.
The boss will let you in to promote his office (and himself). Anyone in any corporate structure
desires to advance much furthur. A good report on local news can definately help that out. That
one-eyed god on your shoulder can enlighten any environment though. Cameras bring an odd
sense of wonderment to those being filmed. If they think youre legit, they'll wnat you around
because you can only do them good.
If you're going to use the news scam, wear your fake IDs on the outside, like a real press

In! Post-It Note Salvation

So they let you in for a tour. Idiots.
First is first, aim your camera at everything. Most important is ask about their "Jump into
the 21 century." Companies love the fact that they have the money for kick ass computers and
have no compunctions about showing that to anyone who comes along. They'll start blabbing
about their network and their T1 connections and all that shit. They'll log on for you. Aim the
camera at the keyboard at the best angle you can and record the typing. It doesn't matter if you
can see it right there or not. That's the beauty of video..check it out in slow mo at home.
Next, as you pass any post-it notes, check em out on video. Those little yellow bastards
are like water in deserts. Every office has idiots who write passwords on them.
After that, just walk around. Get ANYTHING on tape you can. Videotape is cheap, don't
be afraid to waste it. Check out security. Check out their UNIX server. Check out everything.
Use your head and just look. That's all I can say.


Throw your tape in your VCR and go over everything. Look for any lapses in security.
Any passwords. Slo-mo through typing and post-it notes.
The hard part is getting in. After that, it's pretty easy.

Love and injuries,
bernz (


RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    5 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By