Getty Images
Red teams attempt to break into high security facilities
An elite team assembles and breaks into a top-secret military base or corporate headquarters – you've probably seen it a dozen times in a movie or on TV.
But such teams exist in the real world and can be hired to test the tightest security.
Many companies offer to test computer systems by attempting to hack them remotely. This is called White Hat Hacking.
But the skills involved in breaching physical security, known as Red Teaming, are rare.
Companies that offer the Red Team service must bring together staff with very specific skills.
Often calling on former members of the military and intelligence, red teams are asked a single question.
“How can you get into this top secret project?
Leonardo, the defense giant, offers such a service.
It says hostile states seeking disruption and chaos pose a real threat and sells its Red Team capabilities to government, critical infrastructure and defense sector customers.
His red team agreed to speak to the BBC under pseudonyms.
Greg, the team leader, served in the engineering and intelligence branches of the British Army, studying the digital capabilities of potential enemies.
“I spent a decade learning how to exploit enemy communications,” he says of his journey.
He now coordinates the team of five people.
The attack is about gaining access. The goal could be to stop a process from working, such as the core of a nuclear power plant.
The first step for Greg and his team is called passive recognition.
Using an anonymous device, perhaps a smartphone identifiable only by its SIM card, the team builds an image of the target.
“We need to avoid arousing suspicion so the target doesn't know we're watching them,” says Greg.
Any technology they use is not linked to a company by its internet address and is purchased with cash.
Getty Images
Red teams will look for unmotivated security guards
Charlie spent 12 years in military intelligence. Its techniques include studying commercial satellite images of a site and scanning job postings to determine what type of people work there.
“We start from the edges of the target, staying away. Then we start moving towards the target area, even looking at how the people who work there dress.
This is called hostile reconnaissance. They move closer to the site, but keeping exposure low, wearing different clothes each time they show up, and swapping team members, so security guards don't spot the same person walking past the doors.
Technology is designed by people and the human factor is the weakest point of any security system. That's where Emma, who served in the RAF, comes in.
With a background in psychology, Emma readily describes herself as “a somewhat curious observer of people”.
“People take shortcuts to bypass security protocols. We are therefore looking for unhappy people on the site.
She listens to conversations in adjacent cafes and pubs to find out where dissatisfaction with an employer surfaces.
“Each organization has its particularities. We see how likely people are to fall for a suspicious email due to workload and fatigue.
A disgruntled security guard may become lazy at work. “We are studying access, slipping in with a delivery for example.”
A high turnover rate, evidenced by frequently advertised vacancies, also reflects dissatisfaction and a lack of commitment to security responsibilities. Tailgating, that is, identifying people likely to hold a door open for a follower, is another technique.
With this information, along with a little subterfuge, security passes can be copied and the Red Team can enter the premises posing as an employee.
Katsuhiko TOKUNAGA
Leonardo is best known for his work on major defense projects like the Eurofighter.
Once inside the site, Dan knows how to open doors, filing cabinets and desk drawers. He is armed with picking keys known as jigglers, with multiple contours that can open a lock.
It searches for written passwords or uses a smart plug-in USB adapter to simulate a computer keyboard and break into a network.
The final step of the so-called killing chain is in Stanley's hands.
An expert in cybersecurity, Stanley knows how to penetrate the most secure computer systems, working on the reconnaissance report of his colleagues.
“In the movies, it takes a hacker a few seconds to break into a system, but the reality is different.”
He prefers his own “scalable approach,” working through a system via administrator access and seeking “confluence,” a collection of information shared in one place, like a workplace intranet.
It can browse files and data using administrator access. A chain of destruction ends in particular when Stanley sends an e-mail pretending to be the general manager of the company via the internal network, therefore reliable.
Even if they operate with the approval of the target customer, they enter a site as complete strangers. What does it do?
“If you have access to a server room, it's pretty nerve-wracking,” says Dan, “but it gets easier the more you do it.”
There is someone at the target site who knows what is going on. “We stay in touch with them so they can give orders not to shoot these people,” Charlie adds.
More business technology
Source link
