Professional Documents
Culture Documents
M02 - Case - Project - Your - Social - Engineering - Attack - Pdf-Shaker Mohammadtom
M02 - Case - Project - Your - Social - Engineering - Attack - Pdf-Shaker Mohammadtom
M02 - Case - Project - Your - Social - Engineering - Attack - Pdf-Shaker Mohammadtom
03/27/2021
M02: Case Project: Your Social Engineering Attack
At my current place of employment, security is tight. There are ample security cameras
placed in key locations that make it so that any person entering will be recorded. The facility
features badge-access security control with different levels of clearance depending on which
department you work. Additionally, there are police officers and security personnel that are
placed at the public entrances. However, there are some serious security flaws.
So where is this location? I can’t exactly say, other than it is an important state agency
The office I work at is located on the 5th floor of the South Government building in
downtown Indianapolis. There are several entrances for employees with badge access, but only
one for the public which is guarded by police and security. The office itself has additional
badge-access controls for just the people who work there. Yet, the all the security measures put
in place often mean nothing thanks to the kind and unassuming nature of many of the employees.
I have forgotten my badge enough times to know that by simply “blending in” and
looking like you know where you are going, you can get anywhere in the building. If one
wanted to steal information, equipment, or alter legal documents only a few things would be
required. First, one should look online to see if there are any internship programs currently going
on as the office has many recruiting events. Second, all state personnel can be found by name
and department, and location within the government center online, so you could simply look up
the names of the people in HR and say that you have spoken with them about starting work as a
“file clerk” or other administrative job. Next, you would need to dress accordingly wearing
business casual attire to fit in with other employees, and perhaps even carry a briefcase or laptop
bag to really add to the look. From this point all you would need to do is to walk to one of the
employee entrances in the morning when everyone is entering and more than likely you can
simply walk in as people will generally hold the door open for you. And if not, you can always
ask. If you are dressed nice and look like you are in a hurry, most people will help you
Now you are in the government building. To get to the main office the best route would
be to avoid the front desk and wait for one attorney to enter and follow behind, or just stand by
the door and wait to be let in. If asked who you are, you would give them a name and say that
you are an intern and are here to speak with HR. Now from this point you have several options.
You could go straight to any of the several empty offices and begin to infiltrate the network
through the public Wi-Fi, or you could find one of the offices used for storage and begin altering
department and say that so-and-so from HR sent you to get a temp badge, which they would most
likely do. Now you can come and go as you please. Accessing a computer would be a bit harder
as IT locks them down tight, but you could always wait for someone to leave their desk, as many
do not completely log off. Lastly there is one critical flaw in the network as remote desktop
connections are enabled and if one connects to a remote computer than can begin to send
documents to their own computer, or upload malware and install programs directly by dragging
them on to the local hard drive. If you access the computer and make the local computers’ hard
drive available over the remote connection, you can also access other users’ information who
Obviously, the security flaws are bad and there have been attempts
to educate employees about stopping these kinds of attacks and intrusion as this exact scenario
has happened before in another department, and several laptops were walked right out of the
building. As mentioned before, most people are simply far too trusting, which is the largest point
of failure. However, the risk potential in this scenario is quite high for both parties. The biggest
problem for a criminal would be that they will be recorded at some point and would have to be
willing to compromise their identity. They would likely get away with the initial crime but if a
thorough investigation is conducted there is a good chance that the person would eventually be