Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for June 16th, 2010

Theft Ring Targets Government Offices: Or, How Lax Security IS at Said Offices

with one comment

Theft Ring Targets Government Offices

On 16 June 2010, in Uncategorized, by admin
The Atlantic, 14 June 2010: As anyone who works at an office building with badge or fob access controls know, most people tend to let anyone follow them in who wears an identification tag and looks respectable — even if they don’t know the person. A psychologist could do experiments as to why people do this, even in the face of persistent and often posted warnings to the contrary.

A sophisticated cadre of criminals is using the badge-swiping culture of Northern Virginia to steal from office buildings there, including some that house sensitive government facilities. A series of thefts attributed to the group has triggered a joint investigation by the U.S. Secret Service, the Diplomatic Security Service and the Arlington County Police Department.

One of the buildings broken into included a State Department office that contained classified materials, although it is not clear whether the classified documents were the target.

According to a Defense Department memo, the thieves outfit themselves with laminated badges hung off lanyards. They loiter near building entrances that require card key or fob access and follow other employees in. “The thieves then enter unoccupied offices and steal property, especially cash and credit cards,” the memo says.

There are at least 100 buildings in Northern Virginia that include sensitive government facilities. A Pentagon official called it a “major counterintelligence problem.”

This little story says a lot more about the insecurity of those offices than it does about the “burglars” using social engineering to get into the buildings while open. Piggybacking and social engineering are old school and often work because people generally don’t want to cause a fuss and like to be helpful. In this case, these offices should already have robust security awareness programs that would get the workers to take a second look at a badge on someone they did not readily recognize. We are however, dealing with the government and often these folks are, well, clueless.

This story also shows you that the proper countermeasures are not in place at these facilities because they should be using proximity cards in areas that contain “classified” materials. Not to mention that these materials, by the sound of the memo and article were not secured within locked cabinets to prevent their easy access to start with. So, it all sounds rather bad really in my mind…

Ponder this.. If the thieves are doing this, what about the adversary?

CoB

Written by Krypt3ia

2010/06/16 at 19:22