Scribd Logo
Upload

Welcome to Scribd!

  • 29 views

    M02 - Case - Project - Your - Social - Engineering - Attack - Pdf-Shaker Mohammadtom

    Uploaded by

    Shaker
    This document outlines a potential social engineering attack on a state government office building in downtown Indianapolis. It details security measures like badge access, cameras, and guards, but notes many employees are too trusting. The proposed attack would involve researching internship programs online, dressing professionally and carrying a laptop bag to blend in. The attacker could then follow an employee through a locked door and claim to be an intern waiting to speak to HR. From there, the document outlines how the attacker could access documents, computers, and potentially install malware by taking advantage of unsecured remote desktop connections and trusting employees. It acknowledges this scenario poses high risks for both parties and the attacker would likely be identified through security cameras if caught.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    M02 - Case - Project - Your - Social - Engineering - Attack - Pdf-Shaker Mohammadtom

    Uploaded by

    Shaker
    29 views3 pages
    This document outlines a potential social engineering attack on a state government office building in downtown Indianapolis. It details security measures like badge access, cameras, and guards, but notes many employees are too trusting. The proposed attack would involve researching internship programs online, dressing professionally and carrying a laptop bag to blend in. The attacker could then follow an employee through a locked door and claim to be an intern waiting to speak to HR. From there, the document outlines how the attacker could access documents, computers, and potentially install malware by taking advantage of unsecured remote desktop connections and trusting employees. It acknowledges this scenario poses high risks for both parties and the attacker would likely be identified through security cameras if caught.

    Original Description:

    Homework

    Original Title

    M02__Case_Project__Your_Social_Engineering_Attack.pdf-Shaker Mohammadtom

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines a potential social engineering attack on a state government office building in downtown Indianapolis. It details security measures like badge access, cameras, and guards, but notes many employees are too trusting. The proposed attack would involve researching internship programs online, dressing professionally and carrying a laptop bag to blend in. The attacker could then follow an employee through a locked door and claim to be an intern waiting to speak to HR. From there, the document outlines how the attacker could access documents, computers, and potentially install malware by taking advantage of unsecured remote desktop connections and trusting employees. It acknowledges this scenario poses high risks for both parties and the attacker would likely be identified through security cameras if caught.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    29 views3 pages

    M02 - Case - Project - Your - Social - Engineering - Attack - Pdf-Shaker Mohammadtom

    Uploaded by

    Shaker
    This document outlines a potential social engineering attack on a state government office building in downtown Indianapolis. It details security measures like badge access, cameras, and guards, but notes many employees are too trusting. The proposed attack would involve researching internship programs online, dressing professionally and carrying a laptop bag to blend in. The attacker could then follow an employee through a locked door and claim to be an intern waiting to speak to HR. From there, the document outlines how the attacker could access documents, computers, and potentially install malware by taking advantage of unsecured remote desktop connections and trusting employees. It acknowledges this scenario poses high risks for both parties and the attacker would likely be identified through security cameras if caught.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 3

    Shaker Mohammadtom

    03/27/2021
    M02: Case Project: Your Social Engineering Attack

    At my current place of employment, security is tight. There are ample security cameras

    placed in key locations that make it so that any person entering will be recorded. The facility

    features badge-access security control with different levels of clearance depending on which

    department you work. Additionally, there are police officers and security personnel that are

    placed at the public entrances. However, there are some serious security flaws.

    So where is this location? I can’t exactly say, other than it is an important state agency

    The office I work at is located on the 5th floor of the South Government building in

    downtown Indianapolis. There are several entrances for employees with badge access, but only

    one for the public which is guarded by police and security. The office itself has additional

    badge-access controls for just the people who work there. Yet, the all the security measures put

    in place often mean nothing thanks to the kind and unassuming nature of many of the employees.

    I have forgotten my badge enough times to know that by simply “blending in” and

    looking like you know where you are going, you can get anywhere in the building. If one

    wanted to steal information, equipment, or alter legal documents only a few things would be

    required. First, one should look online to see if there are any internship programs currently going

    on as the office has many recruiting events. Second, all state personnel can be found by name

    and department, and location within the government center online, so you could simply look up

    the names of the people in HR and say that you have spoken with them about starting work as a

    “file clerk” or other administrative job. Next, you would need to dress accordingly wearing
    business casual attire to fit in with other employees, and perhaps even carry a briefcase or laptop

    bag to really add to the look. From this point all you would need to do is to walk to one of the

    employee entrances in the morning when everyone is entering and more than likely you can

    simply walk in as people will generally hold the door open for you. And if not, you can always

    ask. If you are dressed nice and look like you are in a hurry, most people will help you

    Now you are in the government building. To get to the main office the best route would

    be to avoid the front desk and wait for one attorney to enter and follow behind, or just stand by

    the door and wait to be let in. If asked who you are, you would give them a name and say that

    you are an intern and are here to speak with HR. Now from this point you have several options.

    You could go straight to any of the several empty offices and begin to infiltrate the network

    through the public Wi-Fi, or you could find one of the offices used for storage and begin altering

    or stealing documents. If a person is brave enough, they could go to the investigations

    department and say that so-and-so from HR sent you to get a temp badge, which they would most

    likely do. Now you can come and go as you please. Accessing a computer would be a bit harder

    as IT locks them down tight, but you could always wait for someone to leave their desk, as many

    do not completely log off. Lastly there is one critical flaw in the network as remote desktop

    connections are enabled and if one connects to a remote computer than can begin to send

    documents to their own computer, or upload malware and install programs directly by dragging

    them on to the local hard drive. If you access the computer and make the local computers’ hard

    drive available over the remote connection, you can also access other users’ information who

    have logged on that would normally be hidden.

    Obviously, the security flaws are bad and there have been attempts
    to educate employees about stopping these kinds of attacks and intrusion as this exact scenario
    has happened before in another department, and several laptops were walked right out of the

    building. As mentioned before, most people are simply far too trusting, which is the largest point

    of failure. However, the risk potential in this scenario is quite high for both parties. The biggest

    problem for a criminal would be that they will be recorded at some point and would have to be

    willing to compromise their identity. They would likely get away with the initial crime but if a

    thorough investigation is conducted there is a good chance that the person would eventually be

    caught and brought into justice.

    You might also like