by Vince Warrington | 1 August 2016
We were approached by a software company who were developing a new iteration of their most popular product.
We were tasked with not only performing penetration tests on the new software, but also assessing how secure their environment was, as they had concerns that the successful launch of the new product could be compromised if pirated copies were made available on the internet
After the ‘Rules of Engagement’ had been defined and agreed, we undertook the tests with three agreed goals;
As the company already had robust Project Management processes we were not surprised to find few vulnerabilities with their new product, as their internal IT Security had signed-off at each defined Project Gate.
Similarly, as they were also used to remote hackers attempting to gain access to their company network, this route also presented few opportunities for attack.
However, we were able to undertake and successfully execute physical access to the development servers.
Our research indicated that they were held in a Third Party Data Centre. After studying the facility we were able to create replica ID Cards, which would enable us to pass off as legitimate employees. We then bypassed the physical security barriers by ‘Tailgating’ employees returning from a lunch break.
Once inside, we were able to use Social Engineering techniques to discover the appropriate server room location, along with the Server Racks in which the target was located.
As the server room was protected by a swipe card system, we deployed another Social Engineering attack to gain access from a legitimate employee. Once inside it was an easy task to identify the physical servers and take photographs to prove our results. We then departed the building.
Our client was surprised to discover how easily we had accessed the servers, and we worked with them and the Data Centre company to improve physical access control.