Social Engineer - Chapter 8

3.7K 174 5

Today, 9:22am

Jacobsen was angry. “Are you saying that Colin Renshaw just gave you his pass?”

“Kind of,” said Brody. “Let me play you this audio.”

On his tablet, he opened up an MP3 file with a media player, and the recorded voices from both ends of a telephone conversation could be heard.

“Hello, Colin Renshaw speaking.”

“Hi, this is John from HTL Security.” It was Brody’s voice. “We’re just finishing the upgrade for all the ID badges for the new security system at head office. You should have upgraded your pass by now, but my records here say you haven’t registered it yet.”

“No idea what you’re on about, mate.”

“Didn’t you get the email?”

“No, mate. I get hundreds of emails a day. Must have missed it.”

“That’s okay, we can sort it out tomorrow when you come into the office.”

“Sorry, no can do. I’m off on my hols tomorrow.”

“Oh dear. My boss, Jacobsen, will kill me if I don’t get them all done by the end of this week . . . Tell you what, I’ll arrange for a courier to pick it up from you today. I’ll get it upgraded and then I’ll leave it with reception for you to pick up when you get back from your holiday. Going anywhere nice?”

Brody stopped the audio. He said, “I picked it up personally that afternoon. The pass is sitting downstairs with reception right now.”

Slamming his fist down on the table, Jacobsen shouted, “You used my fucking name in your scam you conniving little —”

“Paul,” interrupted Moorcroft sharply, “enough.”

Jacobsen stopped himself, but his fists remained clenched around his Montblanc pen as if to crush it.

“LinkedIn and Facebook again, I presume?” asked Wilson.

“Actually, no. I would have used them if there’d been enough R&D personnel listed on LinkedIn, but they don’t seem to bother too much with it. I got creative.” Brody found it hard to keep the pride from his voice. He pulled up another audio file and pressed play.

“HTL help desk. Can I help you?”

“This is John from the CEO’s office.” Brody’s voice again, but in a confidential manner. “Listen, I need you to keep this to yourself. Mr Musgrave, our CEO, is launching some new employee morale-boosting initiatives. The first one is a chance to win two weeks’ hire of an Aston Martin DB9.”

“No way!”

“Yes, really. But keep it to yourself. Anyway, to have high impact, we’re looking to schedule an all-staff meeting some time over the next week or two. And Mr Musgrave will draw the winner from a hat, live. The car will be presented to the winner there and then, assuming they’re on site. And he wants everyone to see it in the car park every day for two weeks!”

“That sounds fantastic.”

“Yeah, I know. But here’s the problem. We want to make sure that anyone who’s on holiday at the time doesn’t get drawn. I know it’s unfair for them, but it would lose the impact Mr Musgrave wants to have by handing over the keys personally.”

“Uh, right?”

“Would you be able to do a search and let me know all employees who’ve booked annual leave during the next two weeks?”

“Uh, sure.”

“You’re not on holiday are you? It’d be a shame for you to miss out now you know about it.”

Brody stopped the playback. On the other side of the oak table, the executives’ jaws had dropped open and they were shaking their heads.

Brody said, “Like I said before, help desks like to help. That’s their flaw.”

“But he didn’t even ask for your employee ID, raise a help desk ticket or anything,” stated Hall, the exasperation clear in his voice.

“It’s basic psychology. As far as he was concerned I was representing your CEO. And I let him into a secret. He’s drawn in and motivated to help.”

“Why didn’t you just use Colin Renshaw’s pass to get through reception?” asked Wilson.

“Good point. It’s because receptionists are the people most likely to check the badge of someone they don’t recognise. And I look nothing like Colin Renshaw and no amount of make up is going to fix that. You’ll see later that no one really checks my badge once I’m through the secure doors. They rely on that having already been done.”

Brody brought the video back up. It showed him enter a large atrium open to all three floors. A bank of four glass lift doors lay immediately in front. To the left, a glass staircase offered an alternative to the glass pods that silently glided up and down linking suspended walkways. HTL staff quietly went about their business. A group of three were engaged in conversation on the walkway immediately above. Two women exited a lift and walked towards him. As they approached, they stared directly at the camera.

“They’re checking out the Cisco logo on the cap rather than Colin Renshaw’s identification pass pinned to my fleece,” Brody commented.

On video, Brody made his way up the staircase to the top floor. At the double doors controlling access to the north wing, his yellow pass obligingly turned the light green. He pushed open the doors and strolled along the corridors, passing staff going the other way. No one took any notice of him.

The onscreen Brody made it through another security barrier successfully. Brody remembered thinking at the time that it had almost been too easy.

At another set of security doors, the video showed Brody’s hand wave the yellow pass at the sensor. But this time the light above the sensor flashed red. Abruptly, he stepped back from the doors and retraced his steps, the camera pointed at the floor rather than straight ahead.

Social EngineerRead this story for FREE!