Anatomy of a Red Team Attack

A Red Team test involves an all-out attempt to covertly gain access to a company’s critical plant control systems, using both cyber and physical means. These guys haven’t failed yet, and they’ve never been caught. Here’s a close-up look at how they do it.

"IT’S 2 A.M. at a major industrial facility, and about 20 yards from the rear perimeter, two figures dressed in full camouflage gear are slinking along the tree line just outside the plant fence. They’re wearing backpacks and carrying various paraphernalia, pausing occasionally to peer through night vision monoculars to scan the plant perimeter. Suddenly, a plant guard patrol vehicle rounds the corner of a building, its headlights shining in the direction of the pair. Both quickly drop, falling on their bellies in the mud and standing water from the previous night’s rain. The guard vehicle passes, and the pair remain undetected.

Minutes later, the two figures reach a spot where trees and tall grass provide some cover; they pull out a laptop computer and attach an antenna, which they aim toward the plant campus. They remain in the area for an additional two hours, deploying their gear to scan for radio frequencies emanating from the plant, while observing guard patrol schedules and looking for holes in the fence or other perimeter breach points. At around 4 a.m., the pair end their surveillance and sneak away undetected.

Only a few days later, the intelligence gathered during the nighttime surveillance by these two individuals—members of a four-man covert team—will be put to use, together with information from other daytime and nighttime reconnaissance visits. In broad daylight, the team will use what they’ve learned to send one of their members through a weak point in the perimeter fence and into the plant campus.

Once inside, this individual, disguised as a contractor, will brazenly walk directly into the plant’s control room, where he will plug his laptop computer into the plant’s control network. Meanwhile, another of the team members will be simultaneously attempting to talk his way past the guard at the plant’s front gate. At the same time, the team’s other two members will be infiltrating a nearby plant office building. None of these covert activities will be discovered by plant security, though the second imposter will be held up by a suspicious front-gate guard."