Sometimes the people in charge of security get so focused on the small details that they forget the bigger picture.
We were asked to test the general security (a term we used to describe physical, digital and social security together) the security control center of a certain organization. The control center overlooked all the campus cameras, networks, security personnel moving around, patrols, physical and digital access and more. The team also provided the CERT. In short, they had a genuine concern for checking the state of their security.
Due to the sensitivity of this project, I am not allowed to disclose a lot of the planning and why we decided to attack the way we did, but after asking I was allowed to write the point of attack.
After a long recon and analysis of the target, we decided that the best way to create problem that would either give us access to the control center or at least cripple them was the UPS center. The UPS center provided the power needed for the essential systers to continue functioning for some time in case of a power outage. We figured we could get at this better than any other place since it was located in a secure room outside the main building.
The main building and everything around it was tight. The security people really did a good job in taking care of every little detail and make them as secure as they can be.
Leaveing the main UPS center unguarded? With only a simple lock on the door? On the blind spot behind the main building?
We went in, and within 10 minutes we had the UPS center completely shut down, which send an alarm to the control center. But, more importantly, set in motion an automated protocol in their security software that would allow us to use telnet to get into their networks. Yes, telnet. The reasoning was that in case of an emergency, technitians from outside the company might need remote access to the network to fix whatever was broken. Someone decided that telnet was the best way. Don't ask me... I don't know.
In any case, we discovered this by use of social engineering.
After the UPS center went down and the emergency protocol started, it took as a relatively short time to access the network and install a backdoor.
The rest is history.
The moral of the story? Well, keep an eye on the bigger picture.