Red team hacker on how she 'breaks into buildings and pretends to be the bad guy'
Interview A hacker walked into a "very big city" building on a Wednesday morning with no keys to any doors or elevators, determined to steal sensitive data by breaking into both the physical space and the corporate Wi-Fi network.
She rode the elevator up to the reception floor without needing a security badge, found the office suite door propped open, walked past a security guard sitting at a desk and straight into a conference room.
"We had a malicious device already configured," she told The Register. "We had found the credentials for their corporate Wi-Fi network in the trash, while dumpster diving the night before. We installed the device behind the TV in the conference room, connected it to the network, and we were able to exfiltrate data out of the company over their own corporate Wi-Fi network for over a week with no one being the wiser."
In this case, the command-and-control server happened to be controlled by a security firm's red team that had been hired by the multi-tenant building owner who was worried about the inhabitants being "a little too relaxed" about office security — so this stolen data wasn't being sent to a criminal's C2.
