{"id":262,"date":"2019-06-11T12:20:49","date_gmt":"2019-06-11T10:20:49","guid":{"rendered":"https:\/\/lars-hilse.de\/lhx18\/?p=262"},"modified":"2019-06-07T02:29:31","modified_gmt":"2019-06-07T00:29:31","slug":"visitors-by-appointment-only-even-tech-workers-maintenance-staff-cleaning-staff-etc","status":"publish","type":"post","link":"https:\/\/lars-hilse.de\/lhx18\/2019\/06\/visitors-by-appointment-only-even-tech-workers-maintenance-staff-cleaning-staff-etc\/","title":{"rendered":"Visitors by appointment only\u2026 even tech workers, maintenance staff, cleaning staff, etc"},"content":{"rendered":"<div class=\"ttr_start\"><\/div>\n<figure class=\"wp-block-image\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"350\" height=\"100\" src=\"https:\/\/i0.wp.com\/lars-hilse.de\/lhx18\/wp-content\/uploads\/2019\/05\/lhx_blog_content.jpg?resize=350%2C100&#038;ssl=1\" alt=\"\" class=\"wp-image-176\" srcset=\"https:\/\/i0.wp.com\/lars-hilse.de\/lhx18\/wp-content\/uploads\/2019\/05\/lhx_blog_content.jpg?w=350&amp;ssl=1 350w, https:\/\/i0.wp.com\/lars-hilse.de\/lhx18\/wp-content\/uploads\/2019\/05\/lhx_blog_content.jpg?resize=300%2C86&amp;ssl=1 300w\" sizes=\"auto, (max-width: 350px) 100vw, 350px\" \/><\/figure>\n\n\n\n<p>Probably one of the most interesting incidents I have investigated was the theft of computers from a university.<\/p>\n\n\n\n<p>The perpetrator had done a good job scouting out the procedures of the organization, and through his reconnaissance put together a whole deal of information.<\/p>\n\n\n\n<p>He knew for instanceHe knew for instance that onHe knew for instance that on Fridays most of the staff will have left the establishment by 2 PM.<\/p>\n\n\n\n<p>Only assisting staff, and janitorial staff would be around.<\/p>\n\n\n\n<p>All of the senior staff, professors, IT staff were gone at that time.<\/p>\n\n\n\n<p>He entered the building, and presented apparently correct paperwork to the secretary.<\/p>\n\n\n\n<p>The paperwork was well forged, and presented the secretary with no reason for objection.<\/p>\n\n\n\n<p>She escorted him to the server room, where she left him unattended to finish up her paperwork before the weekend.<\/p>\n\n\n\n<p>Because she Even unlocked the room for him, it was easy to clear out the entire IT infrastructure of the University because he was unobserved for hours.<\/p>\n\n\n\n<p>The picture that presented later on to law-enforcement was one of a kind\u2026 Everything had been taken. Servers, switches, cables, server cases, racks, etc.<\/p>\n\n\n\n<p>I was later hired to check the systems for breaches, and whether the criminals had gained their intelligence about security measures by System infiltration.<\/p>\n\n\n\n<p>In my concluding report I found no evidence to underline that assumption.<\/p>\n\n\n\n<p>It does prove valuable point though.&nbsp;<\/p>\n\n\n\n<p>Access control to buildings is insanely important. So our logs about who visits; these must of course have some sort of valid identification as a foundation. Even then there is no absolute security unless the visitor is constantly monitored by an employee during their stay in the facilities.<\/p>\n\n\n\n<p><a href=\"https:\/\/lars-hilse.de\/lhx18\/acrac\/\">(Part of the ACRAC Project) <\/a><br><\/p>\n<div id='steempress_sp_comment_feed'><iframe name='steempress_sp_embed'  onload=\"iFrameResize({ scrolling:true, heightCalculationMethod:'min'})\" src=\"https:\/\/two.steempress.io\/?author=larshilse&permlink=visitorsbyappointmentonlyeventechworkersmaintenancestaffcleaningstaffetc-8jjvnrdspe&display_comment=true&parent=https:\/\/lars-hilse.de\/lhx18\/2019\/06\/visitors-by-appointment-only-even-tech-workers-maintenance-staff-cleaning-staff-etc\/\" style=\"border: 0; width: 100%; margin-bottom: 0px !important;\"><\/iframe><\/div><div class=\"ttr_end\"><\/div>","protected":false},"excerpt":{"rendered":"<p>Probably one of the most interesting incidents I have investigated was the theft of computers from a university. The perpetrator had done a good job scouting out the procedures of the organization, and through his reconnaissance put together a whole deal of information. He knew for instanceHe knew for instance that onHe knew for instance &hellip; <a href=\"https:\/\/lars-hilse.de\/lhx18\/2019\/06\/visitors-by-appointment-only-even-tech-workers-maintenance-staff-cleaning-staff-etc\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Visitors by appointment only\u2026 even tech workers, maintenance staff, cleaning staff, etc<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":275,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[63,13,52],"tags":[59,64,42,10,38,54],"class_list":{"0":"post-262","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","6":"hentry","7":"category-acrac","8":"category-risk-management","9":"category-social-engineering","10":"tag-acrac","11":"tag-advanced-cybersecurity-risk-assessment-checklist","12":"tag-cybersecurity","13":"tag-infosec","14":"tag-risk-management","15":"tag-social-engineering","17":"fallback-thumbnail"},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/lars-hilse.de\/lhx18\/wp-content\/uploads\/2019\/06\/visitors-by-appointment-only-even-tech-workers-maintenance-staff-cleaning-staff-etc1.jpg?fit=640%2C360&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paluiP-4e","jetpack_likes_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts\/262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/comments?post=262"}],"version-history":[{"count":3,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts\/262\/revisions"}],"predecessor-version":[{"id":274,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts\/262\/revisions\/274"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/media\/275"}],"wp:attachment":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/media?parent=262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/categories?post=262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/tags?post=262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}