Our last blog post regarding OSINT and Recon briefly discussed some exciting topics. In this blog post, we will continue with that thread and discuss some tradecrafts used by investigators and Pentesters. Only some investigators and pentesters utilize these exact tactics but can use a variation.
We will follow the short story of an imaginary person named Alexis. For the past few weeks, Alexis has felt something is off. The same unfamiliar car has been spotted parked outside of his apartment. He feels like someone is following him, noticing a stranger who often seems behind or out of sight. He decides to act. He uses the penny, the match, and the camera.
Somebody’s watching me!
Various low or no-tech methods are leveraged to track someone’s movement or lack thereof. For example, when performing recon, placing a penny on top of a target vehicle’s tire will inform you whether that vehicle has moved since your last site visit. In Alexis’ case, he places the penny on the unfamiliar vehicle’s tire. Then, he takes note of the date and time and moves on to the match.
Placing toothpicks, matches, or small pieces of paper between the door jam and the door is another no-tech tactic used to determine if someone has used that door. If the hidden items of choice are on the ground upon return, you know someone has been through the room. Alexis opts to place matches in his setup before leaving for his morning routine.
Before placing the matches, Alexis decides to add some depth to his setup to confirm his suspicions. He purchased a couple of USB adapters with a hidden camera inside. He plugs them into an outlet facing the two main entrances to his apartment.
As Alexis leaves for the morning, he notices a red light blinking inside the parked car. He finds it strange, so he walks around the block to approach the vehicle from behind. Alexis sees drapes hanging inside the rear of the vehicle. He peeks through the car’s windows and sees a camera on a tripod with black tape all around, redacting any logos and markings. The camera is pointed directly at his apartment.
This surveillance method is commonly used by investigators who cannot spend time sitting in a vehicle. They will limit the times they enter and exit the car to increase their chances of remaining undetected. The camera is attached to a battery charger and a mobile wireless hotspot to upload video footage to the cloud. One primary consideration when deploying an unmanned surveillance vehicle is the traffic levels of the area. In a low-traffic residential area where the neighbors know each other and what vehicles belong to whom, the car will most likely be detected and reported. If it is a high-traffic area, there is a better chance of remaining undetected.
Alexis went about his typical day and returned home. Upon entering his apartment, he saw the matches he had left in the door jam on the ground. He instantly became nervous and decided to check the hidden cameras he had placed in the apartment. When attempting to review the footage, there was nothing on the memory cards. It was time to call the police.
Alexis is clever, but due to the stress involved, also forgetful. He forgot about the spare key he had left hidden inside the support column at his front entrance. Alexis went to check for the key, but it was still there. He cannot prove without video footage that someone broke into his apartment but knows someone is watching him. Whoever is surveilling Alexis saw where his spare key was through their hidden camera, used it to let themselves in, and deleted the video footage from the hidden cameras. While on the call with the authorities, he was asked to provide the license plate and vehicle description. Alexis found the vehicle was gone and only a penny on the ground in its place. The mystery continues.
Surveillance
In this short story, we find multiple defensive and offensive tradecraft tactics. For example, hidden cameras are a go-to option when surveilling a target. They provide constant eyes, and sometimes ears, to the surveyor. There are many creative ways to deploy hidden cameras, from drones to traffic cones.
We saw the no-tech options like the matches and the penny and a combination of the hidden cameras and the spare key. Alexis felt he was being followed but decided to act only after his suspicions grew.
How to remediate?
If you ever feel like something suspicious is happening, whether at work or home, immediately take note of the situation and asses if you are in danger. If you are, seek help right away.
At work, there are several ways an attacker can try to enter a building, surveil employees, and steal sensitive information. Do not let people follow you through doors where you must “badge in.” Do not give out information over the phone or in person. Be aware of some of the tradecraft tactics from Alexis’ case. Remember the penny, the match, and the camera.
Wrapping Up
Always be cautious of things that look or feel out of place. If your organization wants to test its physical security and learn more about tradecraft from real, professional pentesters, contact TCM Security and help us secure your organization.
Author:
This blog was written by Steven Amador.
About TCM Security
TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers.
Pentest Services: https://tcmdev.tcmsecurity.com/our-services/
Follow Us: Blog | LinkedIn | YouTube | Twitter | Facebook | Instagram
Contact Us: sales@tcm-sec.com