Sometimes it is easier to walk into a company or a data center than to hack into their network. Many users and managers forget about the physical security of their computers and information systems.
From Forbes comes the story of Johnny Long, who hacked into AT&T’s systems the easy way:
Instead of looking for vulnerabilities in the company’s networks or trying to hack the card readers at the building’s entrances, he and another hacker shimmied a wet washcloth on a hanger through a thin gap in one of its exits. Flopping the washcloth around, they triggered a touch-sensitive metal plate that opened the door and gave them free roam of the building. “We defeated millions of dollars of security with a piece of wire and a washcloth,” Long recalls, gleefully.
Dan Tynan published a list of the 7 dirtiest IT jobs in his 10 March 2008 InfoWorld article. (I’ve included the printer-friendly link, because the article’s permalink forces readers to click through several screens.)
At number 3 on Tynan’s list was enterprise espionage engineer, a job that includes auditing and testing a client company’s information security:
Jim Stickley has a dirty job that actually sounds like fun. As VP of engineering and CTO of TraceSecurity in Baton Rouge, La., Stickley gets to talk his way into a client’s offices, sneak into their datacenters, make off with the company’s vitals, then come back later to show them where their internal security broke down.
The best part? He gets to wear disguises. Pest control specialist, AC repairman, OSHA inspector — Stickley and his crew have a closet full of uniforms. But fireman is a particular favorite. “At one place you’re the fire inspector, and girls fall all over you,” Stickley says. “The next place you’re wearing the pest inspector suit and you’re the scum of the earth.”
Comments on this entry are closed.