Social Engineering: the Fine Art of BS, Face to Face

Social Engineering expert Chris Nickerson reveals what criminals are looking for when it comes vulnerabilities in building security.

By Joan Goodchild
Mon, June 08, 2009

CSO — Chris Nickerson is willing to push it about as far as a person can go when it comes to security assessments. The founder of Lares, a security consultancy in Colorado, Nickerson conducts what he calls "Red Team Assessments" for clients. (See: Red Team, Blue Team.) He is paid to try and dupe a client, and the client's employees, to give them a clear picture of the weak spots in their security plan. He then advises them on how to shore up defenses more effectively in the event a real criminal comes knocking.

In his line of work, Nickerson has to play the part of the criminal to its maximum potential (See: Anatomy of a Hack). When I say he is willing to push it as far as it can go in the interest of finding security holes, I mean he is even willing to be arrested and taken to jail. Nickerson said in a worse case scenario, if he is caught and arrested, even then he will not give up on his assessment. He tells police he is conducting the assessment for a client and gives them a fake number where they can call to verify he is telling the truth. On the other end, a member of his team, who poses as the client, will vouch for Nickerson.

If the cops buy it, Nickerson continues his work. Only as a very, very last resort will Nickerson have law officials call the actual client to get him off the hook in the event he has been caught. So far, that hasn't been necessary.

CSO got to experience Nickerson's ease at dealing with people in an assessment when we looked around one of the buildings in our area (Check out the video of his assessment). Nickerson pointed out areas of weakness for us that a criminal might look for when sizing up a facilities potential for breach. (See our walkthrough of the facility grounds and the list of problems in 5 Security Holes at the Office.)

Through a Social Engineers Eyes

Social Engineering expert Chris Nickerson reveals what criminals are looking for when it comes vulnerabilities in building security.

This player will be used for any in-article video treatment. This is a single video player.

"Normally when you are walking around a facility, someone should be stopping you," he noted "They should be questioning why you are cruising around the dirt of their building."

And they did. The staff at the building we examined does get credit for being observant. While Nickerson said none of the interrogation we dealt with during our time there would have deterred him in the slightest from getting his job done, we weren't completely unnoticed. The facilities manager did come out and ask us what we were doing.

Continue Reading

White Papers »
Think Your AntiVirus Software is Working? Think Again
It's time to shift from the status quo to a new, more effective endpoint security approach, called intelligent whitelisting, which affords greater protection, productivity, and efficiency.
Reducing Local Admin Exposure Through Application Whitelisting
In today's Windows environment, end users are accustomed to having local administrator privileges which allow them to download a variety of applications and potentially misconfigure their PCs.
Unruly USB Devices Expose Networks to Malware
It's pretty easy for organizations to get so wrapped up about what goes out on USB drives that they forget to protect against what comes in their environments via USB.
The CISOs Guide to Measuring IT Security
Learn the key steps to enhancing your security visibility so that you have a voice at the executive table and not just a seat.
Why Free Patch Management Tools Could Cost You More
Today's current economic situation underscores the importance of scrutinizing all business expenses, particularly within IT. Although point patching products may look more attractive on the surface, closer inspection often reveals hidden costs and missing capabilities. The result: fragmented patch management and weaker security posture while also being a more costly and cumbersome option for organizations to maintain.
Scalability & Capacity Planning: Build vs. Buy
This paper explores issues that arise when planning for growth of Information Technology infrastructure. The paper explains how colocation of data centers can provide scalability, enabling users to modify capacity quickly to meet fluctuating demand.
Webcasts »
How Klout Combines Big Data with Microsoft Business Intelligence to Measure Influence
Big Data-it has the potential of transforming a business. In the case of Klout, a social networking analytics site, big data is the heart of the business. Klout processes and analyzes billions of user data signals every day-from Facebook, Twitter, LinkedIn, blogs and more. How do they do it? Gain valuable insights from David Mariani, vice president of engineering for Klout.
Oracle Database Appliance - Simplifying your High Availability Database
Date: February 29, 2012
Time: 1:00 PM EST

Seasoned IT managers know from experience that in many cases the bulk of the cost of an IT solution is incurred after the sale. Issues can range from sizing and skill development, to committing significant resources installing, deploying, managing, and supporting a complex assortment of hardware, software, and networking.

With the Oracle Database Appliance, you can eliminate the time, risk, and costs often associated with building, implementing, and maintaining a high-availability solution for your users and customers. Plus it's based on Intel Xeon processors to ensure a high level of performance and scalability.

Attend this Webcast to discover how the Oracle Database Appliance can help you increase your ROI by:
* Reducing deployment time from weeks to hours
* Simplifying ongoing maintenance and support
* Benefitting from the highest levels of availability
Successful Mobility: Access and Performance Anywhere
Today's workforce is truly mobile. At the office, from customer sites, even at home or in a hotel - their connectivity and application performance needs remain the same. But even though their requirements don't change, the challenges in meeting their expectations do.
Fraser Milner Casgrain: A Success Story in Search-Powered Content Delivery
Too much information can be just as limiting as too little information if users can't get what they want when they want it. Find out how the IT leaders at one of Canada's leading law firms, Fraser Milner Casgrain LLP, implemented Recommind's next-generation content delivery and search platform within their SharePoint portal to enable timely and effortless access to the information users need.
Oracle Database Appliance—Engineered for Simplicity
Continuous Availability Is Now Within Reach

You need to expand your database services to be available 24/7, while lowering your data center costs. A challenge? Not with Oracle. Now, there's a simple, reliable, affordable way to take advantage of the world's #1 database and the continuous availability it has to offer —the Oracle Database Appliance.

You can eliminate the time, risk, and costs normally associated with building a high-availability database solution for your users and customers. Attend this Webcast to discover how the Oracle Database Appliance can help you:

* Consolidate many small databases onto a single, reliable system
* Deploy and manage a clustered database system in hours, not weeks
* Benefit from single-vendor support

Learn about this affordable, highly available database system that can scale seamlessly as applications and data grow.
Business Content Collaboration: How Burr & Forman Increased Enterprise Performance with YouSendIt
No business knows more than a law firm about handling large quantities of documents. Burr & Forman, a large law practice based in the southeast US, faced a crisis - sending multiple document files simultaneously was causing its mail servers to choke. The firm needed technology that could not only handle large document volumes, but would be secure and easy to use.
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

Think Your AntiVirus Software is Working? Think Again

Reducing Local Admin Exposure Through Application Whitelisting

Unruly USB Devices Expose Networks to Malware

The CISOs Guide to Measuring IT Security

Why Free Patch Management Tools Could Cost You More

Scalability & Capacity Planning: Build vs. Buy

The Data Center Build-or-Buy Decision: 6 Key Factors You Should Consider

Colocation: The Logical Home for the Cloud

The Changing Role of Mobile Communications in the Workplace

Oracle Database Appliance

Time Savings and Ease of Deployment Comparison Study: Oracle Database Appliance vs. Microsoft SQL Server

ESG: Oracle Database Appliance: A Simple, Economical Option for SMBs and Independent Software Vendors

Accelerating Data Migration with WAN Optimization

Centralized private cloud model provides for simpler, more secure infrastructure

Case Study - Constangy

Assessing ROI for Mobile Acceleration Clients

Five Steps to Successful IT Consolidation

ESG - Avoiding the Hazards of IT Consolidation

The Changing Requirements of WAN Optimization

Platform Feature Brief
Resource Center
buy a link »
Ads by TechWords