September 16th, 2013Washington Navy Yard Shooting and Social Engineering
There is nothing good about stories where people are killed in mass shooting, especially when there is no reason given for such atrocities. Today a man (maybe more than one) carrying an assault rifle, shotgun and handgun gained access into the Washington Navy Yard and killed 12 people, injuring many more.
The news is doing a good enough job reporting on the events in that building, so there is no reason for us to go into all the gory details. There was one detail that we do need to discuss as this is the Social-Engineer.Org Blog – Security.
Government and Military buildings usually have beefed up security, so how was this possible? It is not easy for the average person, especially with a bag full of weapons to gain access in the front door of a military facility. Piecing together some of the facts from multiple stories here is how it sounds like it went down.
These men put on military looking brown uniforms. We have routinely spoken about how fitting into the “tribe” makes you not stand out and give you the ability to blend easier.
Secondly, NBC News reports that it is possible that these men had stolen the identifications of other people to gain access. It appears that if the id is legit then the bags might not have been searched. We are sure more details will be released soon.
At this time we will not discuss the security implications of this, if it is true, but we will point out that this does point to a trend we see as the increase in the use of malicious social engineering skills to harm others. As times get more desperate it seems that people are willing, able and successfully trying their hand at different levels of phishing, phone elicitation and impersonation attacks to infiltrate and harm others.
Our hearts go out to those who lost loved ones in this attack