One of my favourite actor is Chris Evans.
That was before he decided to wear blue spandex, carry a shield with the American flag on it and became decidedly the wimpiest of Avengers.
But before that, he was in the film called The Losers and in one of the most epic scenes of the film, he showed us how the best security can be circumvented by the weakest link of all: human.
In the above scene, albeit dramatised, and of course, relevant only to 2:30 minutes (the chase around the office etc was boderline ridiculous, but hey, it’s hollywood), it’s quite an interesting breakdown.
So the scene was that these guys had to break into a high security office to download a key to decode a disk (or something). Seems fair I think, except in real life, you wouldn’t keep a base encryption key in your desktop. Put in a Hardware Security Module, or lock up the USB in a safe. OK anyway, assuming they don’t do that, so basically Chris Evans need to get into the office and steal the key.
1. Dress as a courier. A courier always has business in a company, right? I mean packages get delivered right and left. He rides a bicycle in, which is notable, since it’s easier for him to access. But wait, where’s the physical security? Even in Malaysia, a guard will be at the front door telling him to park somewhere else. Ok, it’s trivial. He’d still get past the guard.
2. Getting past front desk. He acts distracted with singing Don’t stop believing and listening to the song. He quickly gets past the front desk by jotting down some stuff. Wait. the girl must be in love with Captain America or something, because how on earth can a courier just get past like that? What if he was carrying a bomb? Isn’t there a procedure to state that he had to leave the package down at the center? It’s ideal, but hey, I’ve gone into dozens of companies the same way, where they don’t have turnstiles, I would either follow a crowd to the elevator area, or I simply walk past the front desk like I was an employee. Some companies I’ve gone too even had their lifts access directly from carpark to office floors without going through front desk! So, yes, this is believable.
3. Making sure no one enters the lift with him. This is stretching. It’s not easy for this to occur, even if he’s a weirdo. People generally don’t like to wait, so yeah, I’d go into the lift with a weirdo. I wouldn’t go into the lift with a guy who looks like Danny Trejo holding a machete of course. So Chris Evans acts weird and everyone is miraculously not in a hurry and decides to wait for the next lift. OK, this is acceptable…I mean he could have taken the stair case with the same results anyway.
4. He changes in the lift and gets spotted by some ladies. The ladies should technically raise the alarm, but hey, it’s Chris Evans, right. So this is totally believable.
5. He talks on the phone in a lift to get the security head out of his room. Well this is dumb luck really. What if Mr Andersen was taking a pee? Plus, how did he get a reception? OK, on the security end, why is it so easy for the front desk to patch Chris Evans through? And when it’s all said and done, what happened to his backpack? It magically converts into a briefcase.
6. Tailgating. This is totally believable. Someone opens the door, and he slips right in. Done this a dozen times, because in Malaysia, it’s considered rude to question people, especially if they have a tag and look like Captain America.
7. Getting past personal secretary. This is pretty good. First, he introduces himself as Skippy, like a nickname to try to establish a personal affinity with the girl. He also throws down a few technical jargons to sound official and assume that the PA has no idea what he’s chattering about. The PA did right, she didn’t let him in the room. He immediately says, “Upstairs is riding him etc”. This is psychologically believable…this is how employees build trust, by defining a common enemy, in this case, upper management. Which lower level employee had not faced the brunt of unreasonable pressure from senior management? You immediately relate to Chris Evans, and as someone quoted, “Great peril brings light the fraternity amongst strangers.” Try it next time. Focus on a common enemy, and you’ll be making great friends in your workplace. He ends it with a compliment, and she is immediately besotted.
8. Getting past the desktop. OK, this is not great, because the guy doesn’t even lock his computer up. Plus, we’ll give the benefit of doubt that he had a pretty high tech program to immediately find the key and downloading it in 10 seconds. It’d take me like 30 minutes to go through someone’s folders. He also says something about going into the mainframe. OK, this is VERY high tech stuff to search for the key in a mainframe, and bypassing remote access security.
Of course, he gets caught in the end but ends up escaping anyway. We learnt three things here:
1) The weakest link to IT security is People.
2) Acting bat crazy can get you into high security areas.
3) Also, looking like Captain America will generally get past any type of physical or logical security.