Pwned company

A good hacker always assumes his victim is really irresponsible and stupid, until proven otherwise. Only then will the hacker 'bring his guns' to the table. Even if a company has the most clever guys for watching their IDS (Intrusion Detection System) and monitor firewalls, they can be had by hackers who would sacrifice day and night trying to detect flaws in their systems or work.

But if the hacker is trying to hack the traditional way - meaning from his small cubicle with computers all around him - he will sometimes have a hard time, and often times he will be detected. Why would one sacrifice sleep if one can just waltz right into almost any industrial building?

Andrei was wearing a badge with a fake name, with a fake tech company name. He showed his fake ID to the guard, saying he should buzz him in quickly. Andrei started explaining the situation to the guard. "We had been suffering brownouts at the corporate office, and they need me to check and make sure the power fluctuations aren't effecting your operations here, so all I need to do is plug this device into the network so I can check the readings and report back to home office exactly what is going on, oh and by the way I need to go in and make sure all the computers have proper power surges and UPS (Uninterruptible Power Supply) units working."

Then the guard buzzed him in. There was a SWAT team in full military combat gear with K-9 units and high capacity assault rifles right next to the main lobby. There was an additional 8 guards in the business lobby.

He was not a professional social engineering expert. He didn't know about NLP (neuro-linguistic programming), psychology, facial recognition techniques. He didn't need to be a master locksmith, if the guards let him through the front door. He didn't need to be an elite coder, if he could steal the hard drive with all the data on it, but that doesn't mean he wasn't an elite hacker. It just meant, he wanted to do the job the easy way.

He walked right to an empty office. There was "James D. Charles, chief financial officer assistant" written on the door.

After ten minutes the network guy noticed an unusual amount of traffic coming from the chief financial officer assistant's computer. It's going through the main server and wondered what was going on, so he opened the door and found Andrei in the office.

He asked Andrei what is going on. Andrei previously forged an email. He wrote that email over and over again until it sounded credible. He put it on a tablet.

He showed the email to the guy. It contained basically that the new owner of the company is upset, and sent one of the guys (Andrei) from the other company he owns, to go and look at the network. It was political, it sounded like there was an immediate urgency and it was supposed to be surprise, so nobody knew he was supposed to be there.

It was on a tablet, so he must be telling the truth, right? Then the network guy accompanied him to his office. They talked about 20 minutes with the Chief Information Officer. Then an another employee started escorting him around to plug in his malware. He also left video recorder pens in the cups, just in case he needs to monitor this company later.

There were car keys and a purse on one of the tables. His plan B was if he couldn't infect all the computers, he would take the drivers license and car keys, and if there's a phone, he would steal that too. He would go to the parking lot, unlock the car, walk back and put everything back except the drivers license.

When the unfortunate employee wants to go home after a long day at work, he would be in the backseat with a gun in his hand, telling the employee this, while showing the drivers license he just stole. "I got your drivers license, I know where you live, and I got people there that will kill your family if you don't go back to this facility, steal all their data and install my malware. We are tracing you, got your phone cloned, and we are monitoring it."

This would be enough to scare most employees, but if he or she would go around alerting the security, he would just try to outgun them with his prosthetic arm and ran for his precious life. He spent almost a week fixing that arm, after the leader of the rebellion shot it five times. This left a deep impression in him, but he was not a person who could easily hold grudges unless it was really severe.

Most people wouldn't want Andrei walking around their exchange server, with open ports all over it, because it's not gonna end well.

Andrei finished his job without any major disturbances. Then he walked out. Most companies work exactly like this one. If a person would go in with a sky mask and a shotgun, the security could handle it without breaking a sweat, because they were trained for this.