Misconceptions of physical security - Brian Harris

Name: Misconceptions of physical security - Brian Harris
Uploaded: 2024-09-24
Duration: 1 h 5 min 25 s
Description: Physical security in the forms of auditing security posture & black team engagements is an all to often overlooked part of security and arguably one of the most important. I have spent around 15 years performing physical security audits and black team engagements for governments, state entities and

BSides Prishtina1:05:25379 viewsPublished 2024-09Watch on YouTube ↗

Speakers

Brian Harris

Tags

CategoryTechnical

StyleTalk

About this talk

Physical security in the forms of auditing security posture & black team engagements is an all to often overlooked part of security and arguably one of the most important. I have spent around 15 years performing physical security audits and black team engagements for governments, state entities and private corporations all over the world and I want to share some of the stories, concepts and security vulnerabilities involved with black teaming. From bugging corporate board rooms, stealing documents and generally getting into places that are suppose to be secure. No amount of cyber security will save you, if the attackers have physical access to your servers and hardware.

Show transcript [en]

my name is Brian Harris uh I currently am with a company called covert access team uh I operate in both the Cyber and the physical spaces a quick little background about me um I've been all over the world I've been doing this for almost 20 years and I've worked for major companies NCC group uh I've had lofty titles like director and offensive security regional manager I've worked for smaller companies I've worked for my own um I've had the opportunity to do a lot of physical uh engagements over the last 20 years uh everything from it environments to OT environments um and it tends to pigeon hole me into a lot of physical stuff so I'll just skip all this got a lot to

do um so why are we here why is this talk going on well all of you are in some ways in cyber security physical cyber whatever it is the cyber security if you jump on LinkedIn or exploit DB or anything at any given time you know that there's tons of cves coming out in fact if you've missed out on a cve if you've taken a break for about a month chances are you've missed out on tools you've missed out on exploits you've missed out on something right this is being constantly updated it's new tools new exploits things are coming out every single day possibly every single hour but what about physical well anybody know is there even

a database for new exploits on physical security what what is an exploit in physical security right this is something that most people have no idea about I spend most of my time running physical audits training other companies and organizations uh and then running physical engagements what I usually say is this no self-respecting company today is going to say the following things we have no idea what a cyber pen test is we've never done one and we don't see the value of it because we have antivirus and firewalls if any company said that today you should leave that company immediately or you know just roll your eyes but most companies most organizations even governments will say

we don't know what a physical pen test is we've never done one and we don't see the value of it because we have alarms and cameras and it's the same thing it's literally the same thing in fact in a lot of ways it's worse anybody who has any influence you probably have a number of ways of how did you how did your company your organization increase their cyber security last year you went to training you hired new guys you paid for licenses you did everything you could to increase your cyber security but how did you increase your physical security nobody ever has an answer they're like well we didn't why would we we have fences we have razor wire on top

we have some cameras we hire some third party security company that's all we need right I was like no it's not all you need so one thing to realize is that and all of you know this you can do things with physical access that you simply can't do when it comes to cyber so when I was working at certain organiz I do a lot of what's called PCI compliance or more the offensive side of it basically what this is is that if you want to be a bank most governments in the world especially the Western World will force you to make sure that you can't go from the internet and grab hold of the main frame where all the uh the

payment card industry your credit card information is okay there's some type of segmentation that separates the two great and typically what happens is that you go on site you check you're like yep you're you have not changed anything from last year I cannot go from the the internet directly to the main FR good job gold star you're secure but if I break into the bank physically and I just go to the main frame you're screwed aside assuming that I'm one of the 10 guys on Earth who know how to hack a Mainframe similarly every single person at your home your office wherever you have what you have uh cell phones that all connect to the internet right

connect to your router what did you have to do the first time you did that typically you had to type in a password well 99 times out of 100 if you just plug into your router directly to the uh to the ethernet cable you probably bypassed all that unless it's configured in a really secure way there's a lot of things that you can do that bypass cyber security as long as you're physically there and the point of this talk is basically to demonstrate that it's basically to take a whole bunch of things that most people take for granted and have absolutely no idea about security and hopefully maybe scare the hell out of you but also just kind of

educate people on what is physical security so when you're running an engagement I hear this a lot when I talk to people at really big companies they say well we have a 100% success rate of getting inside your building when we run a physical engagement like well good good for you so do I if I have a brick right if I throw a brick through your window I have 100% chance of getting inside but who cares if I take five steps inside and I'm immediately arrested nobody cares in fact they look at that as a win right what they actually care about is three things you know were you able to get in what did

you do after you got inside did you have persistence meaning did you come and go as you pleased was it a one-off did you run into the building tailgate in somewhere grabbed something and run out and it was a one-off or were you secretly inside the office inside the government agency for over 6 to 12 months and nobody knew that you were not supposed to be there well that's super important and lastly did you get caught these are the things that you actually care about these are the things that organizations care about and unfortunately for most organizations what they will do is they will sell a unicorn so nine times out of 10 99 times

out of 100 they're selling web apps they're selling mobile pentests if you're working for a security company that's what they're selling web apps they're selling Network tests they're selling these types of things right and every once in a while they'll sell a red team engagement or a Tyber here in Europe which is basically the same thing just kind of hand type and a part of that might be well hey you can do you can try to break into the client's place you know we can spend six months trying to break in through the internet and the network and this and that and you can spend four days maybe two days trying to break into the building it's like yeah

okay great so what happens well you spend Bob the web app guy to go try and break into the building and what does Bob know well he maybe he watched a YouTube video on how to lockpick maybe he owns a flipper and and that's usually about it you know I'm going to try to tailgate and that's basically all I'm going to do but there's a whole Litany of skills anybody here who's done pen testing probably knows that you can't take the web app pin tester and he's just good at mobile testing similarly you can't take a guy who's really good inside the sock and turn around and have him go do a pen test these are not

interchangeable skills there's a lot of overlap for sure but being good at one does not make you good at another similarly if anybody here has ever done a pen test and I said okay I've got a web app I'm a client I want you to pinest my my application right what are you going to do you're going to first negotiate with me maybe it's five days four days of testing one day of reporting okay that's fine that's reasonable but what are you not going to do you're not just going to go to the web app and say well I threw a cross-site scripting attack on the login portal on the user input field and called it a day and said okay that's it

that's the whole test right that's bordering on fraud if you did something like that if you said that was the entire test I thre one cross site scripting attack at one thing if it worked great if it didn't that's fine it's going to go in the report either way but that's the entire report but now go take a step back and think about well how did most people break into buildings they try to tailgate or they try to clone a badge and that's all they've got well that's basically the same thing you've got to test everything you possibly can in the time you're allotted well within what's in scope in Europe you have a few security

standards that are coming up uh they've been pushed back a few times allegedly they're going to roll out around October n 2 CEO Gora these are all basically well not all of them but a lot of these basically in vague scary Brussels language say you have to increase your physical security especially in critical infrastructure I'm sure everybody here knows what the uh the Nordstrom bombing was and other types of infrastructure you know issues these are the reasons why governments say look if you're in certain industries critical infrastructure uh or any adjacent you have to increase physical security you have to increase your physical pen testing you have to now there's a lot of cyber aspects to that but you have to

increase it and I will tell you from doing this all over Europe and all over the world over a long time most organizations are woefully underprepared for this the problem is is that you're going to lose about 2% of your I think it's 2% of your profit uh annually if you don't comply with this so a lot of organizations are kind of scared but now the rest of this talk I'm going to go as fast as I can so I apologize for that it's low to cover I'm going to try and I'm going to try and uh show you a lot of what is wrong with physical security because there's a lot of misconceptions and you'll see what I mean in a second

you guys are in Europe I guarantee all of you know what this is right this is a standard Euro cylinder lock you put the key in that on the picture on the right over there that little middle black bit that's the little cam you turn the key that operates the locking mechanism that's all that it does putting a key inside turns it back and forth that's it Okay now what's the problem with this by the way the uh the one on the right was something that I saw just the other day uh when I was here in Kosovo walking around notice how it sticks out shouldn't do that now there's a reason why it shouldn't do that it doesn't

matter if it does you can you can do what I'm about to show you either way but I have a collection of these from Europe from one I've been running around and I've broken them in half and you'll see in a minute how easy this is this is just simulating being in a door how fast and effortless this is to snap these in half now where did that break in half it broke in half in the middle well what's in the middle that little can that little operating system right so if I break it in the middle in the picture on the on the right very bottom that's where a single screw would go in okay what that is is

that the entire point of these little Euro cylinders is that you remove one screw you take the entire thing out you can put a new one in and you can real fast okay why why do I Want to Break these why do I want to snap these in half well take a look at these I'm going give you a couple seconds are these the same lock it's the same door it's the same mechanism but is it the same lock and the answer is no it's not the same Rock what I've done is I walked up to your door the attack Vector looks like this I walk up to your door I take a picture of your lot I operate a lot in

Denmark in the Nordic region these days so I'm going to it's always going to be a ruko lot I take a picture of it I need to go buy that exact same brand in the exact same key way okay fine I come back to my place or wherever I'm operating out of and I repin it in such a way that every key that fits inside there will work now there's ways to do this and it's not hard so I now have your exact same make your exact same model of lock that's repinned so that every key that fits in there is going to work okay I come back when there's no alarm on usually in the middle of B I snap that

lock from the outside while it's locked you saw just a second ago that it's not hard it takes really quick now that there's no lock inside I can just unlock the door open it and replace it with my lock why did I do that because every key that fits in that lock will work the victim's key will work but my key will work and unless you're really really like observant you won't notice it's not the same lot I now have persistence into your facility and you have no idea that I do and that entire attack Vector takes all of 10 minutes so again this is something that most people aren't even aware as a thing

right most people and I be I challenge you when you go home tonight take a look at your lock have you ever looked inside of it to see is that actually my lock no is are you running some type of Euro cylinder lock there's a good chance you are now some of these are resistant to snapping it which is breaking it in half or drilling it so if it's totally flush I would drill the lock some of them are they'll tell you right off the bat they'll tell you look this thing right here this little middle bit right here that's anti-drill means that I can't drill through the lock the little cut out on the back end that means that if

it does snap it's not going to break in the middle well how would I know that as an attacker see that little thing on the very front that says Yale three stars star heart whatever I don't know what all these things mean but when I take that picture of it I'm going to go look it up and I'm going to say oh okay well I've looked it up I've Googled it and it says oh this is anti- anti snap so I can't do that to this lock I'll try another lock it tells you right off the bat what you can do now what about these this is another variation of this this is a little thumb Turner you'll see

these sometimes in shops at the front door you'll see these sometimes in interior doors but you'll notice what you're seeing here is how it's supposed to work you got a key inside it turns the cam mechanism great that is not the key right but what you'll notice is that it takes me longer to get that inside and I'm still operating it because it's not secure so yeah you might have spent 20 30 bucks on a lock like that but it's not secure now the minimum amount of damage when you're running one of these engagements one of your often times you don't have the ability to just destroy stuff and if you do it's usually the

minimum amount your client's going to let you do so what about this now this isn't something that I did but what if your client comes to you and says hey we notice this tiny tiny little hole about this big in one of our doors is that an issue anybody think it is well here's the video of how that hole got put in now this is going to be pretty damn loud but what doing is he's making a little hole right in the middle of a steel door why would he want to do that why is a small tiny little hole useful well because there's a crash bar on the other side of that door everybody

little uh those little things that you push in and the door opens hey door open now that's a solid steel door that's a heavy very expensive door defeated by a hole about this big now think of it this way you have a letter box in your front door that's a hole if there's a hole in your door that'll work well assuming that you have a crash clock now there's other ways to go about it so there's lot now again these are just some things that you can do and the whole point of this talk is basically to show you there's a lot of things with physical access that you can do that you can't do with with

cyber but if I get inside think of it this way if any of you have jobs I guarantee you already know how to break into your own buildings you at least have good ideas you know what's insecure you know what employees are wearing their badges outside of work you know who's propping the door open to go take a smoke and walking away you know all these things the goal of an attacker is to figure it out but you already know them right you know where the server room is you know where all the good stuff is that's my job I have to figure all that out and then go exploit it but you already know it so I mean just keep

that in mind now you may say okay well nobody uses physical locks anymore right that's they they do but we're moving today to access control systems right cards ID badges I like okay that's great well first thing to keep in mind is that there's usually assuming that it's not a self-contained access control system two languages that they're running the front end which is the communication between the card itself and the reader so this is you know if you've got a if you've got an ID card like I've got my little hotel badge here and you swipe that card there's a Communications between the door uh or the card reader and the card that's usually communication one or the

front end well there's usually I mean there's three technically but there's low and high frequency the only one here that is actually secure as of today well really secure is the one in green so what's the probability that your card is actually secure now the reason for this is that all the other ones you can either decrypt the encryption scheme is basically completely broken you can think of it in the same way that uh md5 is not really a secure protocol anymore so you can think of it that way now some of these are so so secure or you have to go a few extra steps or they're really close to being broken but the only one

today that's actually really secure is the one in green so what's the probability that your office your work your thing whatever is actually running a a secure front end well probably not not great I mean the hotel card that I'm running right now definitely isn't I check now when you want to clone a card generally speaking you'll use something like this you might use ey copies chameleons longrange readers uh prox marks flippers whatever you might use something right well okay and that's fine as long as you have what you have the badge as long as you have access to the badge and you can put the device on that or you have a long range reader and

it's close enough usually about n maybe about this then you're fine you can clone that b assuming it can be cloned but here's the trick or here's a thing that you should know your phone actually has can operate as a reader this little thing that you're looking at here uh instead of a card it's basically just a little antenna what do you notice in these two pictures in one picture there's a light on in one picture there's not well that's because it has to be a certain orientation in order to pick up the energy to P that that it's producing the card reader is putting out a bunch of power the card or the is

using a small antenna to take up that power and power something usually it's a chip in this case it's an LED what do you notice well in one of these it's working in the other it's not so that makes that's that's a difference right if you have a badge that's sitting out on a desk and I've got a long range reader in like a shoulder bag I can't just get close to the card and have it work because the angle isn't right so if you want to actually clone a car that's sitting on a desk clandestinely maybe the person's sitting right there you actually have to put the device basically on top of it well that's an

issue right that's fairly suspicious but you what if you did something like this what if you used an extender so here what you have is you have any of those devices that can clone a badge you have it in your pocket and you have a small wire that runs up to your palm of your hand maybe you're wearing a glove maybe not and then you touch it so here's a real life story of how this works often times in the front desk you will have a bunch of guest badges extra badges lost badges Etc and they'll usually have those right behind the front desk so in many organizations you can get into the lobby as public right let's say

you're doing a bank well everybody can this is what's referred to as embedded repon right you can get into the building under false or real pretext to look at the look at the security layout maybe clone badges maybe you know whatever everybody can go into the lobby of a bank why well because maybe you want to open an account maybe you're having trouble with your account maybe you have you know whatever you can go into the lobby of a bank and that's not suspicious you're supposed to be able to do that in this particular case this wasn't a bank this was a let's just call it an organization that sells really expensive stuff right not physical items but things in this

particular ular case I could go into the lobby and I did I went into the lobby they had a they had a cafe in the front area and I got a coffee and I sat there and I watched and what I noticed was that the front desk staff had a bunch of access cards basically sitting right behind their uh right behind their desk in this particular case what I wanted to do was I wanted to get access to those badges so what I did was I noticed that there was a lot of people who could come into this organization and set up a meeting this is an organization that wants to sell you things so I called

them at you know not when I was in the bank or in the facility but I called them I said I would like to set up a meeting I'm interested in buying your product we set up a legitimate meeting I was coming in to get a real badge I was there with with a colleague of mine we show up he's in line waiting to get his little badge I'm off to the side pretending to be on a phone I'm standing off to the desk you know pretending to be on my phone pretending to be on a call I've got the reader in my uh palm of my hand and we purposefully set up the most obnoxious name possible for me

so think of the worst most long most hard to pronounce Indian whatever ethnic name you can possibly think of and that's my name right so my colleague walks over to the front secretary she's got all these badges everywhere I'm standing next to one I'm wearing fake glasses and that'll be important in a moment and she gives us the badges and he goes look at how they spelled your name and I pretend like I can't see with my glasses and I lean over the desk what did I do I put my palm on the card I leaned over the desk and oh that's so funny that's how all these people that's how all these you know people who don't

know how to pronounce my name and we're talking to the secretary while I'm leaning over and I'm pointing out oh no no no it's actually this this this well the secretary feels really bad right it's her job to do this and I'm telling her that she's screwed up so she's not going to tell me get away from my desk so in that time I've cloned her badge and I've stepped back and then she she you know nervously and anxiously you know makes a new one real fast and gives me one and we put it on and we go and have our little meeting and we leave but now I have a real badge I've cloned it

right so again now I have free access to come and go out of the building because now I can show up later give that to one of my colleagues IDE and they can come in and they got a real ID batch so again this is these are ways these are tricks these are techniques that you can come in and get persistence and do different kinds of things but what if you don't want to clone a badge what if the badge can't be cloned that's possible maybe they're running something awesome well the badge reader is also vulnerable you can pull that thing off the wall it's it's just a device what I've got here is I've got a little hid reader and that

little thing in red is a tamper switch basically it's just an optical thing it like a flashlight that needs to be reflected now you can have different types of tamper switches but the issue with tamper switches is that it's really important is it wired so you might have one of these if let me say this way if I pull that off the wall it's possible for me to do something to steal your data assuming that it's vulnerable uh when you badge in but if I do pull it off a wall you expect there to be some type of tamper switch well the question is um is there actually a tamper switch is it actually wired and if it is wired and

it's alerting does anybody care or does it just go into a massive log file that sometime somewhere somebody can go check all these things have to actually be done in order for it to matter I've pulled a lot of card readers off walls before and most of the time nobody notices now this is a really really simple access control system okay you got the card the reader you've got the the little controller on the other end the door and then something that's locking mag lock an electronic strike plate something well I told you there was two types of communication between the card the reader and the reader and the controller generally well if I get

access to that red cable that red cable n times out of 10 is using a 19 197s protocol called wean which is basically just a hex number unencrypted HEX number so even if you're using an encrypt an unencrypted or I'm sorry unclonable ID badge if you're using weand on the back end and I can pull that carburator off I can steal it and all the all the controller is going to see card number five is card number five valid yes or no card number seven is card number seven valid yes or no and I can grab that from that red wire and replay it back to the controller so that's an issue some card readers most people don't realize but

some card readers actually can read multiple cards so if your card reader can read multiple cards and you've got some awesome unclonable badge but it also reads really crappy easily cloned badges well I can just give it a really crappy easily cloned badge and it will the controller will see the same data because the card reader is just decrypting it and sending it to the back end so that's an issue this happens all the time in major organizations I'll pick on the police for a minute what do the police have lots of facilities all over the country right it's it's not like the police have a single place well it's not just the police what about a

major organization what about a company that has a hundred different facilities okay what if they're trying to upgrade their access control system from a crappy clonable thing to an unclonable thing well they're not going to do it all at once it's very expensive timec consuming so they'll usually start at the headquarters and they'll slowly percolate out over time maybe years but in the downtime you need to be able to get access to that so usually what they do they use multiple multiple card readers that can read multiple types and this is again a vulnerability you can steal this typee of backend technology with something like this little ESP key I pull the card reader off I plug that into the wire itself it

sits as a man in the middle and then every card that comes through is going to grab that backend wean data assuming that's what they're using but it's 80% of the globe and then I just come in with my phone and I say oh about five hours ago Bob Smith with card number five went through and the car and the controller said it was valid I'd like to replay card number five please sends it back to the controller says yeah sure that that's a valid card and I get in the door again that's an issue this is a brand new thing uh not I mean it's not this is a company uh uh practical physical exploitation they're in the

US what did he just do he just stole the reader why did he do that well what this thing is doing is it's literally a Deployable access control system I just put this on a door that doesn't actually need it and if I can trick an employee to badging in I steal your data and then I can just leave with a thing so yeah that's a thing now if I need to get to the back end of your wiring I may not actually need to take it apart if you set this up improperly I might be able to get to the wires without actually having to do anything now here's a question for you you can be rhetorical or you guys can

shout it out either way who in the organization has the highest privilege of access who has who in your organization your company your work whatever can get to the most places who has who's the ability to go from the top floor to the bottom floor to the basement to the CEOs office to the board of directors to whatever right think about it now who has the most security training who is the most security aware the IT staff the security guard the CEO who actually has the most training well when I break into buildings I typically exploit these people because they typically have to get everywhere they have the least security training they're the least paid

and they don't care they are paid almost nothing to clean the toilets and mop the floors and do these kinds of things okay but their badge gets them everywhere so if I use that to make a buddy so let me let me point it out like this what do you see in this picture it might be kind of hard most cleaning staff will have a trolley right just like you see in this picture they usually have like a thing that holds all their cleaning products well I will tell you from doing this for almost 20 years most of them will put their ID badges and keys on that trolley and when they go clean the bathrooms they'll just

leave it there for 10 minutes at a time it's good to know I can steal that badge I can clone the key I can clone anything now let me ask you this let's suppose that you're working in a major organization and the CEO of the of the organization walks up to you personally and says wow you look like you're working really hard I was just about to go get a coffee could I get you one your impression of that CEO is probably going to be very different now right you're like wow this guy doesn't have to be nice to me he's way the hell up here as far as the company importance goes and I'm way the hell down here I'm

an intern I'm a college student I'm you know I've been here for five months he's the CEO he doesn't have to get me a coffee okay I like this guy he's nice right well the difference in importance pay Etc to the company between you and the CEO is about the same difference as you and the janitor so if you walk up to the to the uh the guy who's planing the toilets and you're like hey man I'm about to go get a coffee you look like you're working really hard could I get you one chances are he's going to look at you with wide eyes like he's seen you for the first time you go yeah thanks that's really

nice that'd be great you just made a friend that friend's going to trust you you build rapport with that person he might hold the door open for you he might help help you with something he might give you information that he shouldn't he might leave you alone with his keys and access things longer than he should making Rapport now when it comes to once you're inside the building after you've gotten inside what do you do right well I will say from working on many many countries all over the world every organization seems to by law have to have one of these they all do every one of them every major organization has this giant industrial printer now despite the fact

that they're all on Wheels nobody moves them not even the cleaning stuff and I know because I move them that ethernet cable if you look in the bottom left of that picture is almost always open and unfiltered right because they everybody needs to be able to print crap well okay I can put my little man in the middle devices underneath that big printer and use that unopen unfiltered ethernet port and nobody's ever going to find it why would I want to do that right well one of the one of the benefits of doing this is that if you use something like that as a man- inthe middle thing you're on the network for sure but if your man-

INE middle device is operating on a SIM card anyone of your colleagues anywhere in the world who knows how to connect to it is just on their Network instantly and because it's not using Wi-Fi or their internal Network it's using the cell line they can't see that data being exfiltrated it's not on a Communications Channel they can see so now I'm in London and I just plugged in one of these devices underneath your printer and my buddy in Bangladesh is on your network on the cell line and you can't see it that's useful often times you know well so it's it's uh yeah you to think outside the box but when it comes to bugging things

and I said that you can do things with physical that you can't do with cyber usually when you're doing Network tests or internal tests everything is about ad I'm going to get to ad I'm going to get to ad I'm going to get to you know I'm going to do this and then the test is over right well that's not quite so with with physical what about like something like an HDMI man in the middle right what if I really wanted to steal this presentation right got an HDMI cable okay I put an HDMI man in the middle and I've got some type of audio bug on that device as well so now I can hear

everything and I can see the I can see the presentation right great yeah this is a great presentation I'm going to steal it slide for slide and everything it's said okay but where else might some HDMI man in the middle is be useful well a lot of places ATM machines for instance the backs of you walk into the corporate boardroom there's always a big TV you think anybody's ever looked behind that TV to see if there's an HDMI man in the middle nope I know because I do it all the time I leave them there purposefully to see how long does it take for somebody to find it you think that your competitors when you're think

of it this way you think that inside the corporate boardroom anything is being discussed the employees might want to know oh hey in 6 months we're going to lay everybody off oh hey the source code for all our most important crap is this oh hey you know this thing that we're trying to do is not working out so well I really hope that our competitor doesn't know this yeah there's a lot of information that might be going on in corporate boardrooms there's also a lot of information that might be going on in client meeting rooms that you could steal corporate Espionage is a real thing happens all the time so yeah like there again there's the attack vectors

for physical are not the same what about security cameras right these increase security right these are just something that oh well we got security cameras that increases things well not so much if I told all of you to take out your smartphone right now and start recording a video how many people here think that you're you'd still be recording video tomorrow none of you your phone would like flip you off and say you have no more space available right yeah because they're bloated file size 4K 1080p whatever you're running well most of the time you're running some type of third party uh security company think of how many 4K video feeds they're pulling in at any given time from

however many clients how many ever I mean think about this building alone how many security cameras do you think are in this building total and I'll think of how many video feeds that are at one time that's a lot of file size right so usually what happens is that if you look in the fine print of your third party security company after about 3 to 5 days they wipe over it why is that valuable to you well that means that if you broke into the building or you did something and you didn't get caught for two weeks there's no record that you were ever there because there's no video camera evidence even if you were in front of a camera

doing something if nobody noticed you did something bad for 2 weeks the feed has been wiped over because again bloated file sizes now when it comes to wireless cameras you can de authenticate them just like any other wireless device now I do not get paid to steal water bottles but this is just a little demonstration that yes you can absolutely de authenticate devices and steal anything that you want and if the device is powerful enough and you know that they're running wireless cameras As you move through the facility you're just a ghost it just you weren't there because every time you get within range of a wireless camera it get kicked off the network and it's not

actually recording well let me rephrase that it is actually recording you but it's not sending a Lo so what this camera should do at the very top of that cell phone you should see an alert pop up that said hey there's motion I see motion but I've deauthenticated the camera so no alert trigger but if you watch the camera what I'm going to do is because that camera has a SIM card in it even though no alert was triggered because the camera was kicked off the network while I was actually screwing with things and stealing this coffee cup the SIM card caught it so what you'll see here is that when I go to the memory of this uh wireless

camera eventually it actually saw and recorded exactly what I was doing even though it was kicked off the network because it was locally recorded again you ful information but most people aren't aware of this now that said if you are already de authenticating a camera and you have access to it you could just steal the Sim Cog and then there really isn't any you know memory that you were ever present so and by the way with wired cameras they're more expensive and that's usually why you don't see them as often except in major facilities but with wired cameras they're usually running on a ethernet cable or some type of RJ45 you can unplug that you can plug that

directly into your stuff and get on their nwor even from the outside if it's hooked up poorly so going back to this uh this thing right here do you think that there would anything that stops you from unplugging that and plugging that directly into your device no that's a pretty bad setup when you see security cameras wired cameras look around see if you see stupid stuff like this go out on that Terrace right there look left you'll see one this right here by the way is a myth you do not have this this is not what happens you don't have some poor soul who's sitting in front of a wall of monitors all the time what happens with

security cameras is that that if something has gone wrong if something has sto been stolen then they go back and they try to retroactively see who did it what happened right but again if you weren't caught if if nothing was triggered no alerts came off for at least about about a week There's No record you ever there now this popped up on my feed the other day and I thought it was hilarious so I thought I'd include it uh again talking about de authenticating cameras somebody's using a drone with a trash can to cover a camera again funny but it works and if you you know if you're not actually monitoring this actively well hey I mean

you covered the camera great good for you so again de authentication now I've dealt with a lot of clients who have discovered bad devices uh inside their facility somewhere and they say hey what do we do we discovered this really weird device on the back of a uh corporate boardroom we don't know what it is we don't know what it's doing can you come and take a look we already went to the police and there's no fingerprints well how does that work well anybody here have glasses you know those little alcohol wipes that you can run over your glasses to get smudges off well they have a little alcohol on after you plant the device if you wipe off

that uh with that little alcohol swab there's no fingerprints anymore so if now put yourself in the mind of a security operator your company has just discovered some weird device on the back of the corporate boardroom or underneath a a table somewhere and you don't know what it does and you call the police they don't know what it does and there's no fingerprints and you went back to the security logs and there's no videos in the last week of anyone coming into that room and putting something there what do you do right what do you do think about it it's tough It's Tricky now one of the things that I enjoy are safes because safes are

hilarious safes are where you put all the good stuff right because that's secure safe is awesome safe is where you put all this stuff that you don't want to be sold but what do you notice about all these safes and many more they're electronic well what happens if the battery dies what happens if you forget the code what happens if an EMP comes or or whatever and you can't plug in the uh inside the data and to open it up well they all have what's called mechanical overrides mechanical overrides are just these little tiny uh usually a cross lock or a little tubular lock and it's going to take me longer to show you that this is locked than it is

to actually open it so you can use something called a well you can use various tools to get into these types of locks but it's not hard and if I get into the CEO or the boardroom or wherever and I find a safe that's not properly set up or it's you know a $1,000 safe with a $10 lock I'm going to go after the $10 lock and that's how fast you can open them up they're not hard it's not hard these things how many people have seen bees right they're freaking everywhere every Airbnb in the world most Corporate Offices they'll have stuff like this outside the building with little Keys RFID badges something inside of them

well when I teach a class on how to break into buildings within 10 minutes of learning how to do this people are breaking into the stealing Keys cloning Keys physical Keys know ID badges whatever the picture on the right by the way actually shows you the exact building they actually taped well this this lot goes to this building and this lot goes to this building and this floor and this it was ridiculous right it literally tells me like what I'm supposed to be doing but it's not just about outside what about inside well sometimes when you break into a building you're going to have key boxes inside because they they're trying to solve security they're saying okay we're keeping all

the important stuff all the rec all the data we're keeping that behind lock and key so you need to get access to a key box once you're inside okay well it's the same thing what happens if that's easily to get if that's easy to get into in the US or most places a lot of things are Keet like and we'll talk about that in a second um anybody know what this symbol is this is the TSA symbol this is the symbol that basically says you can use this lock on your luggage and you'll see that on the bottom right basically that just says you can use this lock for your luggage when you fly you know wherever you're flying and the

reason for that is simple you don't want a million different brands a million different locks because how is the how is the security at the airport going to check oh hey there looks like there's something weird in this luggage we've got to get inside of it and see what the hell it is right well we don't want bolt cutters to cut into every freaking lock we want all the locks to have one key and that one or two or three keys will get into every lock that's called key to light or a Master Key System well that TSA lck gets into well there's about there's like three or four but really only two keys that will get into

every single piece of luggage so that's got to be really secure right that's that's got to be like a really secure lock because otherwise any person go to the airport any person go anywhere that there's luggage and steal everything from any of those locks it couldn't possibly be that I could go on to Amazon for $10 and buy these but you can you can go on to Amazon right now and buy these two locks and or these two keys and steal well whatever but it's not just luggage there's a lot of things that are key to life construction equipment elevators cabinets police cars in the United States uh like all kinds of stuff a key to life you buy one key

it opens everything that's important to know why is it important to know because it often gets used for crap like this this is inside London and this is somebody who has stolen basically a Dozer with a crane on it to break into a building to then steal an ATM machine I mean hey it works right and this is again now I question the the legitimacy of this because you're stealing something that probably costs hundreds of thousands ofs to steal something that might have $50,000 in it but hey the money is easier to you know use than the big Dozer so again like you can steal a lot of stuff now in the in United States

it's not just this stuff either you have things in the United States you have what's called The Arrow key this is something from the the Postal Service one key opens every single mailbox in the entirety of the United States right it's supposed to be that way that's way the the mail guy can go in and he can open up every single mailbox anywhere unfortunately those get lost and stolen all the time so now everybody who wants it knows exactly what that key looks like and they can go and steal anything from any mailbox that's an issue in the United States we don't typically use those little uh Airbnb keys for secure things we use what's called nox boxes

which are really really secure really hard to get into steel boxes unfortunately the keys for those get stolen too so there are criminals out there right now who can get into any of these and those keys open up every door in a building they're specifically set up for EMS Emergency Services cops firefighters EMS so that they can open up every single door in case Grandma's had a heart attack or the smoke alarm went off or whatever else yeah you can steal those you can get into OT environments too these things these wind turbines by the way it's not just it it's OT as well you can get access to these easily get access to these um it's not hard the

cost of building one of those things by the way is about $2 to4 million and it takes about 1 to three years to get up and running so that's a lot of money that you can mess with now this is not just about when I break into buildings it's not just buildings it's not just all I do there's a lot of other things one of the things that I do most often is play basically war games with companies governments organizations Etc trying to help them think through problems okay so right now you guys are going to play that role you're going to play my role you're going to be the pen tester you're going to be the the

physical guy right I've Picken a random City completely at random and your goal is to find out how could you remove power from this City for at least one year okay so your government or whomever said well we're really concerned about this we want to play this simulation so that we know where we're weak where we're vulnerable and how we could actually fix those problems okay so the client asks you how could if if at all is it possible to remove power from this entire city not a neighborhood not a building the entire city for at least one year it's like okay well you think about it you're like well I could bribe an official turn off the power at the

power company yeah that might do it I could you know if the city blows up then I've won by the null Factor there's no City therefore there's no power but there's other things right you're about to see my amazing art skills how does power work the red circle here is simply the power plant the yellow yellow circle is where it's generating power usually in a big ring like an entire city that blue square is usually a Transformer a substation or something the power has to be produced at really really high voltages so that it can go far away but you don't have like a th000 volts coming out of your outlets right it would fry

everything you'd have electricity flying out at any time in Europe you're usually operating at 220 volts in the US it's 110 so there's has to be something that takes that thousand volts and converts it down to something useful and that's usually a Transformer okay this is a substation with a bunch of Transformers what do you see a chain link fence in this Photograph how many highdef cameras do you see none where do you think this is do you think that this is got armed guards walking and patrolling it at every moment no it's in the middle of nowhere it's been in the middle of nowhere and it's being currently guarded by the you know most high-tech fence money can

buy these are Emergency mobile substations okay these are things that if in the event that the substation goes offline these things can be brought in to take over the load and continue giving power to wherever it's needed there are not many of them in the US the US is one of the largest economies in the world I don't know if it still is we don't have many of these how many do you think you have that's an issue right because if your substation goes offline well how many of these do you have to take over the load why is that important well because substations are not sitting around ready to go they take about 2

years to make and then after from the time that somebody says I want a substation to the time that it's built put in place and it's actually running it's about 2 to 40 years so what happens if the substation goes away you're all without power if you don't have an emergency mobile substation that can take over the load you're without power for years at a time and you might think okay well that's never going to happen except it does it does happen this is Fort Brag North Carolina and for you guys who don't know Fort Brag North Carolina is the largest US military installation in North America it's home of the Special Operations Command the Airborne import a

lot of really important stuff right how did that work how did this get taken over well because I'm not going to tell you exactly how to do it but if you know where to to shoot one of these you can take them offline and the entire thing was taken offline with about three bolts now let's go back to that picture for a minute if you stood off at about 200 M and you shot in the right place and you took this offline first question what how much money and things did you have to invest in that attack nothing you bought a gun and a couple bolts now how many cameras do you see that can pick out a face at

200 m away in every direction none the people who did this as far as I know have never been caught now the US brought in an emergency mobile substation and they took off the load and they fixed the problem but this attack took out power to the largest military installation in the entirety of North America and if it wasn't for that Emergency mobile substation it would still be offline to this day so going back what is your entire power grid currently being protected by offense and prayers and that's that's true for most countries right and you start to realize that oh [ __ ] physical security actually you know plays a bit of a role it's not

just it's not just about well can I you know I deal with this all the time when an energy company or an OT environment says well we did pen tests we did cyber stuff and nobody can get access to it it's like yeah okay but what happens if I take a rifle and a few bullets and I know where to shoot how what what amount of firewalls is going to prevent that nothing nothing's going to prevent that so you play these little games you walk this through you fig figure this out and you help companies organizations governments Etc fix these weaknesses and there's a lot of weaknesses again I go back to the thing that I originally said these these

security standards are rolling out literally this year and most people not only are unprepared for this but they don't even know that most of the things that I just gave in this talk are even a thing they have no idea that these are actually vulnerabilities because they don't know right and that's the entire point you need to know you need to hire somebody who knows what they're doing and you need to actually go through and fix these

things you guys have any questions or you guys want to ask anything feel free any question is fine questions any questions no Brian I have a question or two sure did you ever like injured yourself like trying to get in and I'm asking this because I heard this I listen a great podcast on Dark Night diaries about physical security sure and there was this guy I forgot his name that uh he told like great stories yours was even better like how he got injured while trying to get in yeah yeah so you're you're always going I mean I don't say always but you are often going to hurt yourself doing little things so one thing that that you

have to realize is that you might be able to pick a lock you might be able to scale a building you might be able to do these things but when your heart's pounding and it's cold outside or it's wet you're going to make little mistakes you know if you're trying to do anything really delicate but you're doing it on a time constraint and people are walking around you don't want to get seen you're you're going to be have a bit of an adrenaline dump and you're going to you know mess things up yeah you're going to you know poke yourself you're going to do little things like that absolutely that happens all the time as far as big

injuries go yes I've crushed my hands in doors before I've I've you know I been carrying really heavy pieces of gear and I've dropped down and I've you know rolled or sprained my ankle little like things like that yep they absolutely happen I've yeah so it's it's not exactly a good thing when you're inside of a facility that took you maybe 3 four weeks to get into and then you crush your hand or you you know you break a finger or something and you have to sit there and basically be like Noe it's fine got to keep going like it's it's not fun but it does happen right do you have second question do you have like a

when like a constructing company with lots of stuff in there do I'm sorry do I have like a van ah so okay so this is an interesting question when you're when you're going in you're probably going to have all kinds of stuff right you might have disguises you might have RFI so even when you're doing physical security once you're inside you're still going to be planting devices you're probably going to be get on the network you're going to be doing a cyber aspect of things so you're bringing laptops and uh man INE middle devices and all kinds of crap but you're also bringing like the skues underd door tools lockpicks like all kinds of stuff and you can't go in

with a hik backpack full of crap right so usually you're Distributing your stuff amongst teammates uh if you have a big team but no what usually what you do is you have to be able to blend in so if I go in looking like this I might have a shoulder bag that is stuffed full of all kinds of crap but then at the same time you have to have room what if you're going to be stealing documents What If part of the engagement is we want you to get to this location and steal something right um yeah you have to go in with the bare minimum that you think you're going to need and then and then hopefully you

got teammates who are you know also carrying Geer or other things for you or you have somebody who's basically a mule who you can get inside the building and be like oh crap I need this device I need you to bring it to me you know uh but yeah so you're trying really hard I mean there's a really big incentive to bring all the stuff the kitchen sink everything but you have to like you know downplay that and be like okay this is where you do the reconnaissance and you're like okay I've got to figure out what the hell do I need what do I likely need what do I don't what can you be

left behind and then hope and pray that you don't actually need that that's great that's okay hey um and some of your examples you either break off Locks or or make holes in doors have you had ever had an issue where somebody else broke into because you made something vulnerable uh so this is this is a fantastic question so one of the first rules of doing this is that you cannot downgrade the client's security unless they are one aware of it two okay with it and it's usually only for a really short period of time right so if I have disabled the entire security system that's tantamount to taking off the ad or take I'm sorry

taking off the uh the anti virus from a from a website right you don't want to do this and if you do you have to tell them this is what I'm going to do you have to give me the okay before you just do it uh because keep in mind like it's very uh um you have a lot of incentive to just kick everything off the network or destroy stuff which you can't right the client has to be okay with it but I will say this I have come across instances where I've come and been breaking into buildings and I found those things so I on on two occasions that I can think of right up top my head

I got into corporate boardrooms and I went to go plug in my man in the middle device and there was already one there and it was like oh okay so now the entire test has to stop and I have to say Okay this is transitioned from a pin test to like an incident response but no when it comes to actually like downgrading the the security you don't want to do that any more than you absolutely have to and they have to be okay and I will say this you have to be you have to go into gross detail of exactly what you're about to do because the client doesn't know if you tell them I'm going to make a hole about this big

in your door you have to really walk them through why and what is it going to do and how much is it going to cost them yeah uh thank you Harris thank you very much for your presentation sometimes we in the community of cyber security forgot about the physical security and this is the major foundation of the security in general can you share maybe from your experience combining now the physical secuity is social engineering the impact of this yes so social engineering is an amazingly large part most people are familiar with fishing of various form you know you know it's got like 30 names now like whaling spear fishing fish like whatever it's just fishing it's just

social engineering right most people are aware of this most people have to go through that rudimentary every single month or however like oh your company's it Department sent you a uh fishing email and see if it worked you know you all have to go through that at some point but when it comes to physical engagements what I do is I try to effectively assets I try to social engineer people so there's a technique called elicitation now elicitation the entire point of it is to get useful specific information out of a person without them realizing that you're doing it okay so I would never come up to you and I would say hey tell me what the

security layout of the building that you work at is that's suspicious it's invasive and I don't have rep with you to be able to ask that question so think it in your own life I don't know any of you if I were to walk up to you and I say I would like you to tell me exactly where you live exactly what time you're going to be away from your house and I want to know all the passwords for your social media accounts nobody is going to tell me that but I'm willing to bet that there's somebody in your life you would tell that to somebody in your life that you trust that you would say oh I'm

going to be gone from this hour to this hour and you know where I live and you might even tell your relative or whoever like what your passwords are right for some reason the point of elicitation is to build up Rapport to be that person to get them to feel that they Trust you so much that they will tell you those secrets and then you ask it in such a way that they don't realize that you're doing it so for example with elicitation you typically don't want to ask any questions so how do you get information without asking questions well one of the the most obvious or one of the the first ones would be something like a

presumptive statement so instead of saying something like um did your company bid on this big government contract I might say you know I read in the paper that your company wasn't uh you guys don't have enough money to bid on this government contract which Mak sense because I mean I I I heard that you guys were laying people off left and right well what is human nature human nature is to defend that human nature if that's wrong human nature is to go no no no no no that's not true we we absolutely didn't we're not laying anybody off we're doing this right it's we have this kind of reciprocal uh ability or the reciprocal nature about

us so if I say hello to you chances are you're going to say hi if I say I work at X compan chances are you're going to tell me where you work not because I asked but because you're a reciprocal person so you use these types of human propensities to like get them to say things and do things and if you sandwich that elicitation in between a bunch of [ __ ] a bunch of like random talk and small talk and then halfway through this conversation I ask or I I elicit that information and then I go back pivot back to you know useless crap then chances are you're not even going to remember that I think of it this way I

just gave a talk for about an hour how many people here by a show of hands think that you could tell me every single slide that I went through nobody right you forget things we all do we all forget get stuff right so if you can sandwich that elicitation in between a bun of useless BS you're probably not going to remember or even realize that happened and yeah you elicit information all the time cleaning staff employees anybody anybody who might have information you might need yeah absolutely elicit them and the the real trick is it's really hard to figure out if you're actually being elicited because when does it start like are you actually like it's hard It's Tricky

counter elicitation is a really really hard thing yep hi so I have a question related to security cameras now if you put so a live picture in front of the camera does it work to getting block on what you're doing in the background so if I understand so so I'm going to repeat what you just said to me and you tell me if I got it right so if I took like a a live picture and I just put it right in front of the camera would it know the difference or would it see well so I don't think that I can pull it up fast enough but I actually have a slide somewhere another talk of me doing

basically a similar thing where I just take my hand and I put my hand in front of the camera real fast and because it happened quick enough the camera didn't notice the transitional difference and it never alerts so here's something that like one of the things that I tell uh people when they're getting into this is buy all the local security crap you can go around and figure out what locks are being used in my region of operation what cameras what security systems what things buy them and then test them just like you would with anything else because a lot of C ceras they need some type of a difference okay so if there was a c there's a camera sitting in the

back it might be able to see me if I'm moving slow if I'm moving like this but it might not see me if I just really slowly am moving it might not alert motion right so figure out what the differences are I've literally seen cameras where you can put something right in front of the camera quick and it will not alert because it happened too fast it needs like several frames of the camera in order to alert there has to be like a transitional difference if that's the camera that you're using then yes absolutely you could put something in front of the camera and it wouldn't see the difference the downside to doing that is

you would have to do it in such a way that it was just the right distance to make it look real but yeah there's nothing that prevents you from giving that a shot so I mean I would tell you like look at the cameras that you got operating in this region buy a couple and then test that see how how could I do it but yes you absolutely could give it a shot yeah uh so in generally uh we had um a case in 2022 when Iran attacks uh the information of the Albania or to be more clear the uh uh online all information which have in the government of Albania uh and my question

is if we suddenly are attacked and the information of million of citizens for example of Kosovo and other country are attacked by the other haers on the other part for political motives what what is the best reaction or uh against this attack what should we do order to be more clear uh according to you which country which state has um not to say closest to edal Politics as belong information security policy thank you very much sure so this is a very interesting question this is what do you do if the entire country's information is stolen or a large amount of incident information is stolen the first thing that you have to ask is what can you do

with that information right it like is the information actionable so for example is logging into your bank if you lose the credentials this is my username this is my password maybe you need a third uh two-factor authentication type thing and you lose all of that okay well then you may immediately have to change all your banking information right the first question is what can you do with the information that's stolen the second question is what do you do once it's stolen and this is an incident response this is how how resilient are you so you have lost um all your country's information first off what was lost and second can you recover from it so let's

suppose for a minute that everything important to you the government has all this information on all of you and all of it has been stolen can it be recovered like do you do you have to actually give every single person a new social security number do you have to actually give every single person a new driver's license do you have to give every person a new bank account information what H like can it actually be done is it possible to fix that problem what is the what is the scale like is this is this going to be well we could fix it but it's going to take us a year two years three years you're not

going to have banking ability for you know a year and a half right A lot of people are now on online banking and if that system goes down for even a week you might have riots in the street if you can't use cash there's a lot of countries out there right now that have almost completely transitioned to a cashless society and if those systems go off even for a week and you can't buy food you're going to have riots you're going to have serious problems so in your specific question it all comes down to what information is stolen which is a big question to your government of what information are they keeping on you two

how protected is that is it actually being safe and three in the worst case scenario that somebody actually steals it what can they do with it and can it be fixed and that's a question that's you're going to have to ask your own government you know because I can't tell you what the local government here has on you and I can't tell you if they have any kind of redundancies can they fix it can they solve it as far as which countries go I would say every single state entity is a threat every all of them and the reason is is because they all might have a motive at some future date to do it and we've all heard

stories of you know Bob the 15-year-old high school student who broke into the NSA right these are always threats so yeah it's it's there unfortunately there is no real easy answer to that but I would say that any country has the potential to harm any other country really it just comes down to allegiances alliances and hopefully a lack of motive but if Iran stole Albania's information I mean then it just comes down to what are they going to do with it what can they do with it and can your country recover from it and how fast is it going to take to recover but un there is no easy answer to that question it's a very very deep question

that a lot of people are paid a lot of money to try and solve and it's not solved yet as far as I know great okay we have one more question we have plenty of time we are I think ahead of time 10 more minutes till noon so feel free first of all thank you for the talk uh continuing the question that that was prev previously made uh what kind of drawbacks or what kind of difficulties could a coordinated attack on all the uh all the elect electricity stations in a you know in a in a country could be or what what kind of issues a coordinated group could have to actually take down everyone at once and

actually take down the whole country because pretty much even a large country like USA will not be able ble to to handle that let alone a small country like us so why should uh attacking team have to go through the hard of actually attacking the systems the uh the it systems of a country when they can just take down practically the whole right the whole thing so what is the the right so I'll answer your question in a few in in a couple ways here one the tradeoff to doing things through the internet is anonymity and dis okay if you hack into another country's facility whether it's a bank an it you know environment OT environment whatever

the benefit to doing it through the internet is that you anyone can do it you're far away from it and the and you there's very very uh small chance that some cop is going to bang down your door that hour or that day right you have a chance to run away um the the benefits of being physically on site is that you have access to a lot more you might literally be able to plug into the network you might literally be able to unplug something you shouldn't unplug or inject malware ransomware whatever so there's tradeoffs to everything that you can do the likelihood that it's going to happen in the United States according to the US

Department of energy and some other organizations there are about 1 to 200 attacks every year on the the critical infrastructure inside the United States on Power and other things right 1002 200 tax a year now the United States is Big you can roughly say the United States is kind of like the whole of Europe right size population Etc so the issue with what you're asking is not not do we have to take everything down this is what you this is what's referred to as an as an asymmetrical attack okay let's go back to the power plant example what did I have to do to take down that power plant or that sub station I needed a rifle a

few bullets and to know exactly what to do with that okay that is when you think of how much does it cost to build the substation how much does it cost to secure it how nothing CU you bought built a fence but how much does it cost to to to do all that it cost a lot money how much does it cost to buy a gun and some bullets almost nothing a few hundred bucks maybe so that's an asymmetrical attack right if I can spend a few hundred to take down millions that that's not good now the other question the point of it is that you don't have to take everything offline you just have to take enough

offline let's suppose for a minute that your country has access to five mobile substations okay other you either have them or other countries have said we will give them to you to use and you access to five well if you have 50 substations all over the country I don't have to take down 50 substations I have to take out six because if I take out six and you only have access to five Emergency mobile substations somebody's going without power for years and that's the problem so that is the issue right you're you're looking at this uh I don't know if this is a thing here but do you know the game Jinga like it's it's like

a stack of blocks and that's what you're trying to do there's always that one block that if you move that one block everything falls over that's what you try to do in in my position you look at a situation and you say I don't need to take everything and smash the whole board I just have to figure out that bottleneck what can I remove and ruin everything and that's what you're trying to go after that's what you're trying to do and in this case I don't have to take down three let me say this way why did I not go after the power plant because the power plant is going to be really really well

guarded it's going to be harder to get into I might need a larger team you're going to have much more beefy security you might actually have armed guards but what did you see at the sub station it's in the middle of nowhere it's not really being guarded or monitored and there's just a chain link fence okay well that's a hell of a lot easier than try to break into a power station so that's the whole point right you're looking for the weak points and then figure out how or why do I go about that so again asymmetrical type of you know attacks great any more questions Brian thanks very much for your great presentation

Misconceptions of physical security - Brian Harris

Related talks