Quantcast

Steal Everything, Kill Everyone, Cause Total Financial Ruin 3: Countermeasures of Theft

Jayson E. Street now illustrates some of his security assessments with photos and descriptions of how easily corporate and employees’ property can be stolen.

Stealing unsecured stuff is a piece of cake

Stealing unsecured stuff is a piece of cake

I love this one. This is what I call the trifecta bad, because, yes, I stole the phone or cloned it; yes, I’ve got the laptop – 30 laptops unsecured in this facility that had no laptop lock cables because they were “secure”. By the time I did the exit review I stated seeing laptop lock cables, which was good for them. They also had me an employee badge, I appreciated that.

Company property and…cookies stolen

Company property and…cookies stolen

Okay, I do feel bad about this one (see photo to the left) because I’m a CISSP, I have a Code of Ethics, so please don’t report me, let’s make this off the record, I’m sure no one’s watching. It’s not about the laptop because I had no problem stealing the laptop – I mean, the guy left the cable on it, he was just giving it to me. And I’m not talking about the screwdriver because I needed to steal something, you know, that was bolted down – I like to be thorough. I was a little hungry and I still wanted the cookies, I’m sorry. Okay, let’s go on.

Laptop lock cable is there, but unattached

Laptop lock cable is there, but unattached

I love this because people expect security not to be that thorough, so they get their laptop lock cable that’s supposed to be fastened to the desk, but that’s hard – you have to bend down. So let’s just loop that cable over the desk, and no one is going to pull it. And you know what – most security doesn’t pull the cable to see that’s actually secured. But I’m not security, I’m a thief. I’m gonna pull the cable, I’m gonna try to steal it.

Also, kudos for one guy who had it firmly attached to the desk, he also had it locked to his laptop. But I’m telling you, when it’s the code 0000 I’m gonna try that one. I’m gonna try 1111, I’m gonna try 9999. If you’re a geek, I’m gonna try 0007. So, sorry about that one. Also, they like to move the last number, or the top number, by 1 in either direction, and that’s it. So that would just go “tick” – unlocked.

Putting your keys in a drawer? Lock it!

Putting your keys in a drawer? Lock it!

Also, when I’m on engagements I’m going through all your drawers. I’m gonna go through all your desks and your cabinets. I’m gonna be looking for stuff because nice, honest coworkers are not gonna go look into your desk. I’m not a nice, honest coworker. This guy had his laptop locked totally correct, everything was right, and then he put the keys in his top drawer. So not only can I steal his laptop, but now I also have a nice really shiny laptop cable I can use to protect from someone stealing it. Because I hate when they steal my stuff that I stole…

Leaving personal stuff unattended may lead to serious consequences

Leaving personal stuff unattended may lead to serious consequences

This is another trifecta. I stole the purse, I stole the car keys, and yes, I stole the phone. Let the record state: I did not steal the lunch – I felt really proud about that. I took the car keys, took the driver’s license out of her purse. I then go down to the parking lot; I find out what car it is; I unlock the car; I go back and put her car keys back. She comes back after work, I’m in the back seat with a gun, telling her that I’ve got her driver’s license and I know where she lives; that I’ve got people there that will kill her family unless she goes back to that facility, steals all their data that I need, and then comes right back out; and that we’re tracing her, we’ve got her phone cloned, and we can monitor it. Employees need to know that their personal belongings are theirs, but the impact can be severe for them as well as the company. That’s why they need to secure their stuff. Now, let’s remember the kittens real quick…

Credit and identity theft

Credit and identity theft

Would you have these mini frowny faces on the slide – you’re just effed, it’s just game over. You literally gave me a blank check to steal your credit and your identity – and trust me, my credit sucks, so I’m taking it. Thanks for leaving the Social Security card, because it’s got your signature on it, so I know exactly how to forge it. It’s like – that was very helpful, not many people are that kind.

Car theft facilitated by unsecured keys

Car theft facilitated by unsecured keys

Oh, when I stole the first car the guy sort of cheated and let some people know that I was going around and doing stuff like that. So I said: “Well, screw you!” At 2 a.m. I walked in, grabbed 3 Mercedes-Benz and a Beamer, and just took them with me. Less than 60 seconds, so Nicolas Cage – beat that! The look on the security manager’s face when I walked to him and I dropped him those 4 keys was priceless. I wish I could have included the picture but it’s on my desktop at home, so…

Theft prevention tips

Theft prevention tips

So, some countermeasures. Employees need to know that this stuff matters to them as well. Make sure they’re locking their desks, securing their property. They secure their property at home, they secure their property in their car – they need to secure their property at work. Also, no tailgating; you got to be sure that they understand that they shouldn’t tailgate. ‘Cause you know what I’m doing? I’m coming in a wheelchair and I’ve got, like, 4 books; and they’re like: “Oh man, chasing your douchebag?” And I’m like: “I’m a bad guy, I’m trying to steal from you! Do you really think I care that you’re gonna feel lesser about me because I’m not supposed to be in a wheelchair? No! I’m evil!” And trust me, when I go up to that door and I got these books, are you really gonna be the asshole who’s not gonna let me in the door? I mean, seriously. No, you’re gonna let me in, and I’ll thank you for that. Your employer is not going to, but I will.

Also, if you see something – say something. You don’t have to personally tackle the guy if you think he is suspicious. You do have to call security. You need to start empowering the employees to understand that they are part of your security team and they need to start acting like it.

Read previous: Steal Everything, Kill Everyone, Cause Total Financial Ruin 2: I’m Getting In
Read next: Steal Everything, Kill Everyone, Cause Total Financial Ruin 4: Workplace Violence Countermeasures

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: