News -

The Black Team saves Christmas - Part one: surveillance

Eight reindeer. Four days. A lot of hot chocolate.

The target? The North Pole.

We’d had a call from a very important customer with a list of ‘naughty’ and ‘nice’ clients - Santa. In a bid to improve festive cheer among his team of elves, he’d taken on a large digital transformation strategy for the North Pole, introducing a complex database to manage his lists. The concern was about keeping this list safe – a compromise could have disastrous consequences, causing tears and tantrums on a global scale.

Santa had mentioned that while he thought the list might be at risk, he thought that the sleigh – with an all-new keyless entry system – was totally secure. We wanted to give Santa real assurance and show how this may not be the case by approaching the assessment like a real attacker would.

So, with his approval, we planned a second mission to locate and steal a present from the sleigh.

On the first day of our mission to save Christmas, we tried to find Santa’s HQ. With a large but secretive base, we couldn’t rely on open source intelligence, and extremely cold weather made it difficult to carry out our usual surveillance. Cold but not beaten we retreated and over a cup of some magical North Pole hot chocolate – a kind gift from Santa – we planned our next steps.

Refreshed on the second day, we tried again, and due to a lucky combination of some camouflage and a still day, we were able to locate the entrance. There, in a giant igloo, was the door. We undertook observation for a few days and noticed a pattern. Every day at 8:30am, all of Santa’s elves would join a queue to enter the workshop – all they had to do to enter was provide a present to a security troll on the door. So, one elf costume and fake present later, we were in.

Hidden in the morning rush, we split up to get a clearer picture of the inner workings of the North Pole and map out the next phase of our engagement. We saw that while all elves could access the workshop using security passes, only Santa and a select few elves could get into the sleigh shed. Now, we just had to work out how to access it ourselves – cue more hot chocolate to help with our mission planning.

Watch out for part 2 coming very soon...

Topics

  • Working life

Contacts

Related content

  • Black Team War Stories Part 1 - Which company are you a contractor with?

    In this first of our four-part Black Team War Stories series the targets were three industrial sites spread over the UK each handling rare and controlled substances. The client’s primary physical security concern was whether any of these materials could be taken off site during their production life cycle from an insider threat.

  • Black Team War Stories Part 2: Twelve in one

    In part two of our Black Team War story, the target was a multinational firm turning over billions of profit each year in the UK alone. They are responsible for collecting and storing substantial amounts of private data which would have been as damaging as it was valuable, should an attacker gain access to it.

  • Black Team War Stories Part 3 - Turning a bust around

    Not every engagement is plain sailing. Black and Red Teaming come with the ever present dread of getting caught on day one and “failing/ruining” the engagement. An experienced team needs to appreciate the impact of getting caught but also how to salvage a job if and when it happens. This ensures the client still fully benefits from the assessment. This is the difference between the A team

  • Black Team War Stories Part 4 (final): Textbook

    In the final part of this Black Team war stories series Mark F explains how we were approached by a multinational R&D company, which returns a profit of billions per year. Their primary concern was unauthorised access to their laboratories and the reputational damage that could potentially be caused if members of the public broke in.

  • The Black Team saves Christmas Part two: the breach 

    With time running short, it was time to make our move on the naughty and nice lists. Upon approaching the reception with the same cheery demeanour as the other elves, we noticed a pile of new elf passes on the desk...

  • Have yourself a secure and connected Christmas

    In the run up to Christmas 2019, the consumer choice organisation Which? engaged us to assess the security of seven popular electronic and connected toys. This is an activity that Which? has performed across a few years, so provided an opportunity to see if any security improvements had been made across the connected toy industry in relation to preservation of the privacy and safety of children.

  • Black Team War Stories: The Tipping Point

    We’re back with the latest in our Black Team War Stories series. This time Craig B talks us through ‘The Tipping Point’ - the moment when you identify the cracks in what initially seemed an impenetrable fortress and the tower of cards starts to fall. Read on and find out just what happens when the cracks start to show.

  • A technical review of connected toy security

    Matt Lewis explains more on the assessment undertaken for the consumer choice organisation Which? to assess the security of seven popular electronic and connected toys in the run up to Christmas 2019.