RAM raiders: inside secrets of the cyber hackers: Here’s a great story about white-hat hackers testing the defenses of Symbolic Motors in the San Diego area. It’s a blast to read, and part of a larger article at the London Times.
He tells me about one of his cases involving Symbolic Motors in La Jolla, California. Symbolic, which supplies Ferraris, Lotuses, Aston Martins and Bentleys to the stars, is arguably the most lucrative dealership in the States. It wanted to find out just how good its multi-million dollar security system was, so Pyr0 and his friends Ryan Jones and Chris Nickerson, who call themselves ethical hackers, went to work.
“First we did a bit of dumpster-diving, looking in their trash, to find out who their computer company was,” says the spiky-haired Pyr0. “Then I paid a visit, posing as one of their technicians and got access to the company’s servers. I secretly installed a wireless network behind a desk while I was there, which allowed Ryan, who was in a car outside, to begin hacking into their computer system remotely.” While Jones was downloading Symbolic’s files — details of sales, prices, film-star customers and so on — Pyr0 was wandering around the building taking pictures. There was no alarm security above the ground-floor showroom and the roof skylights were not alarmed. In the showroom, he worked out the blind spots in an array of motion sensors.
Meanwhile, Nickerson, dressed to kill and posing as a potential customer, was taking pictures with a camera disguised as a Zippo lighter. He stuck a tiny wireless camera on to the back of a Bentley advertising display aimed at the keypad that switched the alarm system on and off. Outside in the car, Jones zoomed in on his computer and captured the code when a member of staff punched it in.
That night, they broke in through the unalarmed skylights, exploited the motion sensors’ blind spots, crawled to the alarm keypad and switched off the system. They opened the showroom doors, drove out a Lotus and returned it, parking it the wrong way round.
It gets better — there’s a video series of the whole thing out on truTV. A little dramatic, but it plays like a spy movie. Four parts, each about 10 minutes. It’s interesting to see how “traditional” computer hacking gets combined with social engineering and straight breaking and entering.