Low Tech Hacking Street Smarts for Security Professionals Jack Wiles Dr Terry Gudaitis Jennifer Jabbusch Russ Rogers Sean Lowther Neil Wyler, AMSTERDAM • BOSTON • HEIDELBERG • LONDON NEW YORK • OXFORD • PARIS • SAN DIEGO SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO Syngress is an imprint of Elsevier Technical Editor Acquiring Editor: Chris Katsaropoulos Development Editor: Mstt Cater Project Manager: Paul Gottehrer Designer: Russell Purdy Syngress is an imprint of Elsevier 225 Wyman Street, Waltham, MA 02451, USA # 2012 Elsevier, Inc All rights reserved No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein) Notices Knowledge and best practice in this field are constantly changing As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein Library of Congress Cataloging-in-Publication Data Application submitted British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library ISBN: 978-1-59749-665-0 For information on all Syngress publications visit our website at www.syngress.com Printed in the United States of America 12 13 14 15 16 10 For information on all Syngress publications visit our website at www.syngress.com Contents Acknowledgments ix Foreword xi About the Authors xiii Introduction xv CHAPTER Social engineering: The ultimate low tech hacking threat How easy is it? The mind of a social engineer The mind of a victim Tools of the social engineering trade One of my favorite tools of the trade Social engineering would never work against our company What was I able to social engineer out of Mary? The final sting—two weeks later—Friday afternoon Why did this scam work? Let’s look at a few more social engineering tools 10 Keystroke logger—Is there one under your desk? 13 One of my lunchtime tools 16 Let’s look at that telephone butt-in set on my tool belt 18 Meet Mr Phil Drake 19 Meet Mr Paul Henry 22 Traditional AV, IDS, and IPS considerations 25 Traditional firewall consideration 25 Flaw remediation 26 Do you have a guest user of your credit card? 26 A few possible countermeasures 27 Always be slightly suspicious 28 Start to study the art of social engineering 28 Start a social engineering book library 28 Summary 29 CHAPTER Low tech vulnerabilities: Physical security A mini risk assessment What did I have at risk? What were some possible threats while out on the lake? What were some of the possible vulnerabilities? And finally, what about my countermeasures? 31 32 32 33 33 34 iii iv Contents CHAPTER Outsider—Insider threats Some things to consider for the security of your buildings? Check all locks for proper operation Use employee badges Shredder technology keeps changing as well Keep an eye on corporate or agency phone books Unsecured areas are targets for tailgating Special training for off-shift staff Bomb threats in Chicago Check those phone closets Remove a few door signs Review video security logs Consider adding motion-sensing lights Subterranean vulnerabilities Clean out your elephant burial ground Spot check those drop ceilings Internal auditors are your friends BONUS: Home security tips Summary 34 35 35 36 36 37 38 39 40 42 42 43 43 44 46 47 47 48 49 More about locks and ways to low tech hack them A little more about locks and lock picking What kinds of locks are the most popular? Purchasing better quality locks will be cost effective Be aware of lock vulnerabilities Forced entry—and other ways to cheat! A time-tested low tech method of forced entry Let’s break into a semi–high security room Retracting the bolt to open the door Gaining access to the lock itself Keys and key control Social engineering and key access Who has the keys to your kingdom Special key control awareness training Bait and switch war story that could happen to you Padlock shims are not a new threat Some places to go to learn and have some fun My 110-year-old puzzle More about keys and how to make one if you don’t have one Five pounds of my favorite keys Ways to make a key if you didn’t bring a key machine 51 52 54 57 58 60 61 63 64 66 70 70 70 71 71 73 74 75 76 77 79 Contents One final lock to talk about and then we’re done 81 Rim cylinder locks vs mortise cylinder locks 83 Summary 85 CHAPTER Low tech wireless hacking 87 Wireless 101: The electromagnetic spectrum 87 Why securing wireless is hard 90 802.11 and Bluetooth low tech hacks 91 DoS and availability 91 Layer DoS attacks 91 Layer DoS attacks 104 Backdoors and cracks 112 Crack attack 112 Tap, tap Mirror, mirror on the wallplate 115 Guesssst who got in 116 Peer-to-peer-to-hack 117 Ad hoc, ad finem 119 Going rogue 120 Marveling at the gambit of rogues 121 New SSID on the street 122 It’s a bird it’s a plane it’s a ROGUE? 124 Bridge bereavement 125 Assault by defaults 126 Open sesame 127 Default WPA keys 127 More Google hacking 129 Bypassing specific security tools 130 Going static 131 Counterfeit MACs 132 MAC switcharoo 133 Free Wi-Fi 134 Summary 134 CHAPTER Low tech targeting and surveillance: How much could they find out about you? Initial identification Property records, employment, and neighborhood routes Disclosure on social networks and social media Financials, investments, and purchase habits Frequented locations and travel patterns Third party disclosures Use of signatures 137 139 142 144 146 149 152 154 v vi Contents Automated surveillance Target interaction Scanners and miniatures Summary and recommendations Recommendations 155 156 158 159 160 CHAPTER Low tech hacking for the penetration tester The human condition Selective attention Magic is distraction Building trust and influencing behavior Technology matters USB thumb drives CDs and DVDs Staging the effort Target organization Getting things in order Deciding on location Choosing the strategy Choosing the technology A useful case study Approaching hotel staff Approaching conference staff Conclusion Summary 163 164 164 165 166 166 166 168 169 169 170 171 171 172 174 175 176 176 177 CHAPTER Low tech hacking and the law: Where can you go for help? Meet Mr Tony Marino Low tech hacking interview with Tony Marino, U.S Secret Service (retired) Meet Special Agent (SA) Gregory K Baker, FBI Low tech hacking interview with Special Agent (SA) Gregory K Baker, FBI Summary 179 180 CHAPTER 180 187 187 191 Information security awareness training: Your most valuable countermeasure to employee risk 193 An introduction to information security awareness 194 The people and personalities of information security awareness 194 Contents Data theft and employee awareness Designing an effective information security awareness program Repetition is the aide to memory Touch points To team or not to team, that is the question Creating a business plan for your Information Security Awareness Program The presentation Components of an awareness program Next steps The Classification of Data Matrix Manager’s Quick Reference Guide Finding materials for your program The importance of a good editor Implementing an information security awareness program Who writes the awareness standard? Finding win-win solutions Building a perpetual awareness program Who should take the training? Getting the program off the ground Making information security accessible A lesson learned The dollars and cents of your program Above and beyond Making security part of the company mind-set The importance of communication with other lines-of-businesses Let’s talk more about alliances Keeping your program viable Other resources Measuring your program’s success Identifying key components and cumulative results Summary 196 198 199 199 200 201 202 204 205 205 206 207 207 207 209 210 210 211 211 212 212 213 214 216 216 217 220 220 221 222 223 Index 227 vii This page intentionally left blank Acknowledgments It’s difficult to write an acknowledgments page for fear of forgetting to thank someone who has been so important in my life Having spent many decades working and learning in the fields of both physical and technical security, I have been honored to become friends with many of the top professionals in the world who live and work in both areas of expertise I always like to start my acknowledgments by letting the world know that I can nothing without the help of my Lord and Savior, Jesus Christ I dedicate this book to Him, my wonderful wife Valerie and my son Tyler as he prepares to finish his college career and move on into the business world My partner Don Withers is like a brother to me in every way For 12 years now, we have been fortunate to produce our Techno Security, Techno Forensics, and our new Mobile Forensics conferences, which have had attendees from over 48 countries I want to especially thank all of the other authors and interviewed experts of this book I know them all well and I know that you will enjoy getting to know them through their impressive chapters These are some of the most respected and talented security minds in the world and I am honored to have them share this incredible experience with me I’d also like to thank my good friend Matt Cater, Syngress/Elsevier Editorial Project Manager for his frequent editing help and for being so patient as we worked our way through getting my fourth Syngress/Elsevier book ready to be published I would not have started on this month-plus project without Matt as my Project Manager • • My Contributing Authors: • Dr Terry Gudaitis • Jennifer (Jabbusch) Minella • Russ Rogers • Sean Lowther My Expert Interviewees: • Phil Drake • Paul Henry • Special Agent Gregory K Baker, FBI, InfraGard • Special Agent (Retired) Tony Marino, U.S Secret Service, Electronic Crimes Task Force I’m going to my best to include the names of as many of my close friends as I can in this book I haven’t done that with past books, and I wish that I had Please forgive me if I forget someone If I do, I’ll try to find a way to make it up to you, I promise My thanks go out to: Dr Greg Miles, Rabbi Sam Nadler (one of the most incredible people that I have ever met), Miriam Nadler, Josef ben Yisrael , Forrest (Pete) Jones, Loretta Jones, Heather Jones, Hilary Jones, Joan Withers, Susan Ballou, Joy Foster, Dean Smith, ix