“Idiots,” Jacobsen commented. “Every day they’re there. They drive me nuts.”
“In that case,” said Brody, “you’ll enjoy the next bit.”
In the security hut beyond, a guard looked up from his newspaper, observing the van’s approach. The hut had two barriers that raised one at a time, trapping visiting vehicles between them to confirm they had appropriate clearance to gain access. The security guard nodded acknowledgement at the approaching Brody.
The van slowed. The clicking noise of the van’s direction indicator could be heard. As one, the activists became animated and began shouting. The high-resolution video footage clearly showed two of the hand-painted signs: “Animals have rights” and “HTL kills primates!” A group of protestors ran for the junction’s corner in an attempt to block or slow Brody’s access.
Instead of slowing, Brody briefly accelerated and their faces gawped in horror at his unanticipated move. Quickly, they dived out of the way — one, dressed in a pig costume, falling on the grass verge. As if synchronised, the security barrier rotated upwards, allowing the van through. The rear-view mirror filled the image onscreen, showing the barrier descend. Behind it protestors shook fists above their heads.
“Nice move,” said two voices in unison. One was Jacobsen and the other one was from the laptop. It was the security guard, whose grinning face now filled the screen. The guard continued, “Shame you didn’t hit one of them.”
Brody’s voice, “Next time, I’ll take the corner faster.”
Eight Weeks Ago
“An animal rights protestor?” Leroy scoffed. “Are you serious?”
Brody considered his best friend’s question, ignoring his laughter.
“What’s not to like? Look at her. She’s gorgeous!” Brody pointed at his computer screen. The dating site profile for Mel Beaufils filled the screen; her photo front and centre. She had wavy blonde hair and large twinkling green eyes set off by raised eyebrows and an effortless smile, suggesting she had a secret to share. Brody had been intrigued from the moment he’d first viewed her picture, just over a week ago. Through the site, he’d contacted her immediately and, after some emails back and forth, he was now just an hour away from their first date.
“She’s not bad,” commented Leroy, tilting his head to one side. “A bit too womanly for me.”
“That’s because this is a straight dating site, you fool. Anyway, you’ve got Danny.”
Leroy and Danny had been an item for many years.
“So, who are you going to be tonight? Brody the cinematographer? Brody the stuntman? Brody the circus clown? Obviously not Brody the computer hacker.”
“I’m not sure what I registered as on this site. Hold on a sec, let’s check my story.” Brody clicked on a link that brought up his own profile. “Ah, now I remember. Tonight Leroy, I’m Brody the location scout.”
“Not bad. Easy enough to blag, especially with the amount of movies you watch. Plus you can justify being out of the country for months on end.”
“And if you look at my profile, being out of the country so much is the reason I claim to be using a dating site. Just looking for some intelligent company for those rare occasions I’m back in the UK.”
“So why is this Mel on the dating site?”
“She says she wants to find an escape from the drudgery of her normal life. She’s a nurse in an elderly care home. And on top of that she does loads of charity work as well as being an animal rights campaigner.”
“And so she’s chosen you? A boring white man. Not very exotic.”
“What? So I presume your answer to drudgery is to fuck a black guy.”
“Once you’ve gone black, you never go back,” trilled Leroy, momentarily putting on his coyest, campest voice and fluttering his eyelashes. Then regular Leroy returned. “Take Danny. He can’t get enough of me, even after four years.”
Brody shook his head and raised his eyes upwards as if seeking divine intervention.
“Where are you taking her? Bromptons?”
“Of course.”
CHAPTER 2
Today, 9:10am
Brody’s voice came from the speakers in the HTL boardroom. “I’m on a call-out for . . . hold on a second . . .” The image showed Brody’s hands retrieve a clipboard from the passenger seat. It contained one piece of paper with a name written on it. “ . . . Mandy Jones in IT.”
The guard in the security gatehouse confirmed the details matched those on his computer screen. “Are you Charles West from Cisco?”
“Charlie, yes,” said Brody. “Only my mum calls me Charles.”
“Yeah, well my mum calls me selfish and ungrateful, but that’s another story.”
Brody laughed obligingly.
“Okay, Charlie West. You’re on the list. Please head for the visitor’s car park. I’ll let reception know you’re on your way.”
“How the hell did you get on that list?” demanded Jacobsen.
Brody paused the video.
“I phoned up your IT help desk and asked them what the process was to get someone registered as a visitor. They simply assumed I was an employee and told me about the guest registration web page on your intranet.” He paused briefly, sizing up the opposition. “You know, that’s the thing about help desk staff. They just want to help.”
Wilson made some notes. Hall asked, “You said earlier that you couldn’t break through our firewalls. So how did you gain access to the intranet? It’s only accessible by authorised employees from inside our network.”
“I didn’t need to. With that knowledge, I then phoned your reception, pretending to be Mandy in IT. I have the audio recording here by the way, but I’d rather not play it now. My high-pitched impression of Mandy is rather embarrassing!” Brody smiled innocently. “Anyway, as Mandy, I told her I’d already left for the day but had just remembered that I had a Cisco engineer arriving the following morning. And the receptionist — I think her name is Yvonne — kindly offered to fill in the guest registration for me.”
“So this is social engineering then?” asked Wilson. “Conning people into doing things for you?”
“In a way, yes. I manipulate people into performing actions or divulging confidential information, which gives me the access I need. It’s a method your Chinese competitors could easily employ. Or even those animal activists outside — if they put their mind to it. There are measures you can put in place to prevent this, which we’ll walk through later.”
Eight Weeks Ago
“What is this?” asked Mel suspiciously, as she looked up and down the deserted backstreet, seeing only a long expanse of redbrick wall. Only the large wooden door they stood in front of broke up the monotony of brickwork. There were no windows. In fact, there was nothing to indicate what the outer walls contained.
Brody already loved her French accent; this pronounced as zees. Her voice was sweet and she radiated continental charm; a natural innocence that he’d never experienced before, especially from anyone he’d met through the dating site.
“It’s a surprise,” he said.
He rapped on the door and stood back. Mel wrapped her arms around herself, unsure of her situation. And of him.
It was all going to plan.
The door swung inwards, revealing a huge man in a suit, shirt and tie, all in black. An electronic earpiece was wrapped around one ear.
“Welcome to Bromptons,” said the bouncer.
“Evening, Gerry,” said Brody, stepping over the threshold.
Brody looked back and saw that Mel remained outside. He reached out a hand and smiled. After a moment’s hesitation, she took it and allowed herself to be gently drawn inside. She had small soft hands.
Once Gerry closed the door to the street, he opened an internal door. Immediately, the hustle and bustle of a busy bar could be heard; a tenor saxophone playing mellow jazz in the background. They walked through and were greeted by a waitress, who checked Brody’s reservation and asked them to follow her. As they walked t
hrough the dimly lit bar, past booths and seating areas separated from each other by black net curtains draped from the ceiling high above, Mel took it all in with an expression of childlike wonderment on her face.
“This is amazing,” she said, once they were seated opposite each other in their own private booth. “How do you know it is even ’ere?”
“This place is called Bromptons. It’s a speakeasy: a concept originally invented by the Americans during the prohibition era, when they had to hide their bars and alcohol drinking from the authorities. You had to be in the know to find it — usually a back door in a back street, with all the windows at the front blacked out completely to hide what was going on inside.”
“Why is it ’ere, now? And in London?”
“Just a fad, I suppose. But it is cool.”
Mel agreed.
As Brody had hoped, the idiosyncrasy of Bromptons had worked its magic, allowing them to fall into conversation naturally, suppressing any of the stiltedness that he otherwise found occurred on first dates. A waitress took their drinks order, and they continued chatting.
Initially, Brody steered the conversation around Mel. She answered his questions openly, neither feigning her responses, nor dressing them up. She described her job as a nurse with passion. She truly cared about the well being of her patients. She offered up amusing anecdotes of randy old hospitalised men. She talked about helping the homeless, attending soup kitchens on her days off. She volunteered in a charity shop near where she lived in Chalk Farm.
He marvelled at her. Mel was unlike anyone he’d ever met before. To give that much of oneself to strangers without a private agenda was something so far removed from Brody’s psyche that he found himself mesmerised. But the reward seemed to be her zany lust for life. She laughed easily and took pleasure in the simplest of things.
“And you Brody? What is a location scout?”
He shifted in his seat, but the lies came easily enough. He explained how he worked for film production companies, helping them identify places around the world that would serve the aesthetic needs of the films. He attempted to make it sound boring, talking about budgets and logistics, weather conditions and lighting, and obtaining permission from location owners.
“It’s how I came across this place,” he concluded. “We ended up using it for a scene in the recent Sweeney movie.”
“The one with Ray Winstone?” At his nod, she continued excitedly, “What is ’e like?”
“No idea. I never got to meet him. Most of the work I do is pre-production. I rarely get involved once filming starts. Unless there’s a problem with the location.”
“But you must know where and when movies are being filmed in London?”
“Some,” he said hesitantly, having no idea about shooting schedules. “Why?”
“Perhaps you could take me to one when they are filming. Maybe we will see a famous Hollywood actor?”
Brody was pleased with himself. Mel was already talking about a future date, even if she didn’t realise what her words had implied. He studied her exquisite features across the table and decided that he would very much enjoy seeing her again.
“Okay, I’ll check tomorrow with the production companies and see who’s filming in town and where.”
Today, 9:14am
Brody resumed playing the video. It cut to him entering the main reception. A young woman sat behind the reception desk, wearing an unflattering female version of the uniform worn by the guard at the gatehouse. Her bright lipstick and long, manicured nails aided her in maintaining some degree of femininity. She greeted him brightly and verified the details displayed on her computer, just as the previous guard had done.
The receptionist phoned through. The camera panned around as Brody scanned the foyer. Floor-to-ceiling barriers blocked further access into the building. They had proximity sensors that opened when an identification pass was waved within range and authorised by the access management system.
“Hi Mandy —”
The video turned sharply. Brody remembered that he had been shocked, thinking that Mandy had somehow answered the receptionist’s call.
“ — just letting you know that the engineer from Cisco you were expecting has arrived in reception.” She terminated the call. It had only been a voicemail.
Brody’s voice said, “I’m not surprised Mandy didn’t answer. We’ve just been texting each other and she’s in a meeting that’s overrunning. She said she might even be another half-hour or so.”
“Well, you’re welcome to wait,” she replied, indicating the round sofas by the window.
“Sure, thanks.” The camera turned and stopped at a mirror reflecting Brody head to toe. As well as the cap, he wore an engineer’s grey fleece with the Cisco logo prominently embroidered upon it and carried an aluminium case. He patted his stomach, turning back to the receptionist.
“I don’t suppose you know if there’s somewhere I can get something to eat? It’s been a long drive and I missed breakfast.”
“Well, the nearest place would be in the village, but that’s a good fifteen minutes drive . . .” She looked at the logo on his fleece and, visibly making up her mind, said, “Actually, we have a staff restaurant onsite. I’m not really supposed to let you through unescorted, but —”
“That would be great. Thanks . . .” Brody read the red security id pinned to her jacket. It had the word ‘SECURITY’ across the top, her picture and name below. “. . . Yvonne. You’re doing me a real favour.”
“Okay,” she nodded. “Before I let you through I need to give you a visitor pass.”
Following Yvonne’s instructions, Brody removed his cap. The image turned around to show Brody posing for the webcam connected to her computer. Placing the cap back on his head, the camera then showed her insert a white plastic pass with the HTL logo and the word ‘VISITOR’ into a machine. A few moments later, it spat out the card with his picture and false name neatly printed on it. She placed it inside a plastic holder with a clip and handed it to him. He attached it to his fleece, careful not to cover the Cisco logo.
“Bob, that’s against security policy,” whined Jacobsen to Moorcroft. “She should never let someone through unescorted, even to the canteen. I’ll have her fired.”
Brody paused the footage.
Moorcroft replied coldly, “It gets worse. And, if I were you, Paul, I wouldn’t jump too quickly to firing other people.”
Jacobsen narrowed his eyes.
“Look at it from Yvonne’s point of view,” Brody jumped in. “I’m on the list of visitors for someone in the IT department. I look like a Cisco engineer. And the canteen is not in a secure area of the building. She made a judgement call. Training can fix that.”
Hall, who had been fiddling with his Blackberry, interrupted. “Hold on a second, you asked for Mandy. She works in my department and I know for a fact that she was on holiday last week. She wasn’t even in the building.”
“Exactly,” said Brody. “Go on . . .”
“ . . . So you chose her because you knew she wasn’t there. But how could you know that? Not my help desk again!”
“No, they would be unlikely to give me personal information like that. It was much simpler. I used LinkedIn to identify people who work in the IT department. Most people use that site very openly when it comes to posting information about their careers and linking to each other. And, guess what? IT professionals are among the most active users on there.
“Then with a list of names and photos, I went to Facebook. That’s where it tends to get more personal. Mandy’s Timeline clearly stated she’s on holiday. From the pictures she’s just posted, I’d say she’s in the Maldives.”
“Good grief,” said Wilson.
“The thing is,” the pentester continued, “Yvonne on reception has no way of checking, despite the fact you have the most sophisticated access control systems available. That’s something else that you can change. Shall we continue?”
Met, as expected, with silence
, Brody pressed a key on his laptop. All heads turned towards the screen once more.
Yvonne showed the onscreen Brody how to use the visitor pass to get through the security gates. She followed him through and helpfully pointed him down the only corridor, explaining that the staff restaurant was at the end. Thanking her again, he turned away and walked past a secure door on his right.
Brody arrived at the restaurant double doors, his hand pushing one slightly ajar. He turned his head, the image panning around quickly. Yvonne was still staring at him. Brody waved thanks to her with his other hand. She smiled and turned away, walking back through the barriers.
“Phew, that was close,” Brody’s voice whispered a note of relief from the speakers, but in real time, he shifted uncomfortably in his seat. He’d forgotten he’d spoken aloud and had missed it when he’d edited the video for this morning’s meeting. He wished he’d cut it out.
“If Yvonne hadn’t turned around then, I’d have had to enter the restaurant and I’d have lost a good ten minutes going through the motions of buying coffee and drinking it,” Brody felt the need to explain.
The onscreen Brody returned to the security doors he’d passed a minute before. The screen jogged momentarily and the audience heard some fumbling noises, and then his hand held up an HTL pass in the name of ‘Colin Renshaw’ to the camera. It was yellow, with the word ‘EMPLOYEE’ printed across the top. The picture on this pass showed the grey-haired, clean-shaven and lined face of a much older man, quite different to Brody’s youthful appearance. Brody swiped the pass at the proximity sensor and the doors swung open.
Jacobsen leaned forward. Brody paused the playback.
“Oh, for fuck’s sake!” said Jacobsen, his teeth bared. “I know for a fact it’s impossible to fake those security passes. They have military-grade secure RFID technology embedded in them.”
Social Engineer Page 2