Wouldn’t you just love to know how to make your own super secret spy listening eavesdropping tool that is self powered and so covert that no one will ever know it was in the room with them? Well now you can. We sent out a request recently for social engineers or security enthusiast to join in helping us educate our readers and listeners on cool, new and neat ways to enhance social engineering skills. We received a very interesting post from a guy who goes by the nick “AC”. He recently partook in the Cyber-Raid contest and did some very interesting things to take down the competition that involved some nice social engineering tools. He teaches us how to make our own social engineering eavesdropping tool.
On September 16 and 17 2010 Cyber-Raid 0 was held in Kansas City. The event was sponsored by the Kansas City InfraGard program and consisted of an exercise simulating an attack on a live network. Information security professionals were divided into two groups the red and blue teams.
The red team were the attackers and the blue team consisted of the defenders of the network. Our writer found himself on the red team and looking for an edge that would give him an unfair advantage. Upon careful review of the scope and rules he decided to take a social engineering approach.
The event took place in a hotel in downtown Kansas City and he took several trips ahead of the event to familiarize himself with the facilities. He even got maps and a tour from staff. During the tour he took notes of the types of locks, power outlets and other specific details that would help him to plan a suitable attack. He decided on a simple hardware based attack. He knew the Blue team would need power strips as they would have a lot of equipment to plug in and he knew the hotel would not supply them with any.
He built a listening device housed in a power strip and arrive early the day of the event to install it in the Blue team’s room. He arrived very early the day of the event wearing a suit and tie and was able to talk to a nice employee who readily took him to the room that the Blue team would be in. He waited for the employee to leave and acted like he was answering a call on his cell phone. When all was clear he gained access into the room and planted all of his devices. He then went back to my car and changed into stereotypical Red team attire and waited for the event to begin.
He was able to procure information and an advantage over his opponents through careful use and implementation of affordable hardware-based social engineering.
He did a wonderful write up of exactly how this was done and sent us a PDF to freely distribute. Have fun