Wednesday, January 13, 2016

Social Engineering in Portland


I decided to make a stop at Pioneer Square on my way to class to see if I could come up with any ideas about social engineering to fulfill the requirements of a school assignment.


While I did not find many, I did come up with some easy ways to gather information. As I stepped off the train and set foot on the square, a paper was waved in front of me to catch my attention. A man was asking me to sign a petition. Wearing headphones, I waved him away with a hand gesture. (Headphones are magical devices). And there it was. Within seconds, I saw the first way I could collect data from people. Have them sign a petition. Print out some fancy looking papers and ask people to fill them out. Name, address, email, done. I could even include a few extra "optional" fields for them to fill out. With that in mind, I walk down the block and a man reaches out his hand to hand me a card. 20160113_140050.jpgA card with one link. I figured I could easily hand out similar cards with a link to a website I hosted with malware to infect the machines of anyone who dare find salvation. I walked to a corner on the square and just observed the passersby for a while, wondering what sort of information I could gather from just looking. How could I gather anything useful like date of birth, full name and address from just looking at people? That question was answered in less than two minutes when a woman passed by, literally wearing her I.D. (drivers license) around her neck, most likely a tourist tired of pulling out her identification every time she walked into a local bar (or had gotten used to being harassed by police in other less friendly foreign countries she visited).

I watched people and cars go by for a little while, and didn't see anything of interest except for a girl standing in the middle of a square with a journal, people watching and writing about them. Perhaps drawing up characters for a book or looking for fashion trends, or she could have been a hacker, you never know. 360 degrees of people to observe around her, and who would ever guess that she would be writing about anything other than her tourist trip to Portland.


Only a short time, maybe five or ten minutes since I had stepped off the train had passed. I started walking in the general direction of the bus I had to take to get to Sylvania campus. I kept my eyes focused on how I could gather information. My first thought was installing a camera inside one of these newspaper dispensers. 20160113_132119.jpg The second was to leave a sticker with a link to a malicious website on the back of a pole. 20160113_132141 (1).jpg
I wasn't sure what I could do in this next location, but it seemed interesting. 20160113_132421.jpg Two payment machines in two corners, and two elevators. Perhaps someone could stand in the elevator and take pictures of payment exchanges made on the machine? It didn't really seem like a very effective method. I moved on, to find perhaps the best security hole on this little trip. I was standing on the sidewalk looking down at TJ Maxx.
20160113_132545 (1).jpg
Jackpot. With a better camera, you could take pictures of everything going on here, everything on the employee's computer, any cards passed from the customer to the employee, even the contents of the customers bags, just from observing. 20160113_132602.jpgThe last thing of interest that I saw was a man window washing. Capture.PNG
The only credentials he needed?
This sign.
Capture.PNG
You could see into people's houses with a camera attached to your helmet with this method. It would be most effective if you had already targeted a specific person and wanted to gather more details about them from where they lived.
20160113_132808.jpg
Assuming you don’t have a fear of heights.


I made it to the bus stop and still had plenty of time to kill, so I continued looking for anything of interest on the block. I took a picture of this locked door, and was going to write about how easy it would be to watch someone enter the number in the keypad and walk in, but I decided it was too boring.
Capture.PNG


Ironically, as the camera was focusing to take the picture, a guy walked by me to the door, entered the number and walked inside.
Another ten minutes had passed. I found myself wandering into the Cascade building. I ignored the elevators, they didn't seem to lead anywhere interesting. On the opposing side of them, I spotted an old letter box.
20160113_133711.jpg
It probably hadn't been opened in ages.
20160113_133716.jpg
I took a peek inside to find some old building plans, nothing special. Directly in front of me were two double doors with no label.
20160113_133732.jpg
I stepped through it to find mailboxes, no security cameras or anything guarding them, might be good for dumpster diving.
20160113_133741.jpg
I continued through the next door ahead of me that led to a stairwell.
20160113_133827.jpg
I opened up what looked like a fuse box, to my disappointment I only found a few wires (not sure if they could be modified to tether into any of the buildings networks). I continued roaming through the stairwell and rooms, finding random equipment like this,
20160113_134105.jpg
locked doors like these,
20160113_134024.jpg
20160113_133942.jpg


and eventually found an old hallway that lead to a door. I forgot to take a picture of it. It was titled something like "MIT Data Storage" or something similar. If you were an attacker looking for data to breach, this would be it. How to get into a place like this with social engineering? Well, it isn't as if they would lay out contact information for who to convince to get access.
20160113_134043_HDR (1).jpg
Unless they leave that info on the door. This was the big finale of this trip so it’s pretty much the end of the story.


I figured I had spent enough time here, so I started making my way back to the bus stop. Right next to the stop was the Exchange building. I was just looking at it, but these guys were holding the door open. One asked me if I was coming in, I declined, and then thought about it and said why not. 

Next to the elevators was this door.
20160113_134234.jpg
It looked a little harder than most to break into, though to the right of it (not in the picture) was a scanner for a keycard. I figure all you'd need to get in would be to cheat the scanner. I stepped into the elevator, it wouldn't move without a key, but one could just call for help and convince them to let you up.
Capture.PNG
Last thing I spotted was this hidden in the wall, but I didn't try to open it.
20160113_134502.jpg
I went back outside and caught the bus.   


Maybe I didn't find anything all that interesting. Perhaps I'm an idiot with a camera. But this exercise was a good way to get my mind started thinking about how an attacker might work with "no-tech" methods. It's interesting that even though people saw me taking pictures in odd places, no one bats an eye. When I was walking around the block people watching, there was an older woman with a badge hanging out, and I was paying attention to it and her clothing trying to determine what kind of job she had, which translates to 4-6 seconds of more eye contact than glancing at someone, breaking the social rules of the sidewalk. Because I came to a full circle around the block, I actually ran into her again on accident, and gave her the same amount of eye contact to get a second look. She didn't notice. In the city, everyone's doing something always preoccupied. No matter what you're doing, it's likely not even going to be an afterthought to anyone. You're invisible. In less than an hour, I found plenty of security holes doing nothing but walking around. 

What's next for now, I've decided to start looking into Kali Linux's penetration tools to see what I can do with them.

No comments:

Post a Comment