News -

The Black Team saves Christmas Part two: the breach 

Missed the first part of The Black Team saves Christmas? Read all about the surveillance stage of the Black Team’s festive mission here.

With time running short, it was time to make our move on the naughty and nice lists. Upon approaching the reception with the same cheery demeanour as the other elves, we noticed a pile of new elf passes on the desk. We told the receptionist that we were there to run a test flight with the reindeer, and while he went to make us hot chocolate, we stashed a few of the passes into our makeshift toy sacks. 

Smiling and oblivious, he pointed us to a waiting area, where we were to wait for one of the head elves to give us the WiFi code. 

Before the elf could get there, we ducked into a quiet workshop and, with a laptop quietly taken from a desk, set about compromising the laptop so our Red Team had access to the naughty and nice lists. It didn’t take the Red Team long to not only swap a name from the ‘naughty’ to ‘nice’ list, but also locate one of the presents in the sleigh and send the location to Black Team.

Emboldened by our first victory, we headed over to the sleigh shed. The elves, busy with their toy-making in a busy workshop, didn’t notice us. However, another security troll stopped us in a quieter corridor and asked us what we were doing. 

Luckily, at that moment, we saw Santa strolling by and humming to himself. It was time to change our story, so we told the security troll that we just wanted a picture with Santa. 

“Ho! Ho! Ho! Of course, you can,” he chuckled, and before being escorted out of the workshop, we had a picture – with Santa’s security pass clearly visible in the image. The Black Team whiled away the rest of the afternoon creating a forgery of Santa’s pass, along with some new elf uniforms. 

The next day, we set off on our mission to retrieve a present from the sleigh. Heading to the workshop, we were stopped in our tracks by Mrs Claus.  

After showing her Santa’s pass, and informing her that he’d sent us there to remove a present, she made a quick check of the naughty list, which the Red Team had updated to verify our story.

After checking the list twice, Mrs Claus let the team through. However, our fake pass wouldn’t open the sleigh – with a keyless entry system in place, it initially seemed that the sleigh had the level of security that Santa expected. However, by using a relay attack – during which we intercepted the signal from the sleigh’s key fob and used it to access the sleigh – we were able to steal the present that we wanted and made our way back home through the snow.

It took seven days, several elf costumes, a few pounds gained as a result of over-indulgence in hot chocolate and a mild case of frostbite, but we had been successful in showing Santa the security gaps across the North Pole – not just the list, where he knew to be vulnerable, but his sleigh, where he thought he was secure. 

With our insight into the changes that need to be made to processes and policies, Santa and his team (with a little training from NCC Group) have made some important changes to secure the workshop. 

Another jolly client, another successful operation for our Black and Red Teams, and most importantly, a safer Christmas for all. 

Topics

  • Working life

Contacts

Related content

  • The Black Team saves Christmas - Part one: surveillance

    On a cold winter day, NCC Group’s Black Team began one of their most challenging operations to date - testing of a high-profile client based in the North Pole. Read on for a festive tale complete with elves, hot chocolate, and a compromised sleigh…

  • Have yourself a secure and connected Christmas

    In the run up to Christmas 2019, the consumer choice organisation Which? engaged us to assess the security of seven popular electronic and connected toys. This is an activity that Which? has performed across a few years, so provided an opportunity to see if any security improvements had been made across the connected toy industry in relation to preservation of the privacy and safety of children.

  • Black Team War Stories: The Tipping Point

    We’re back with the latest in our Black Team War Stories series. This time Craig B talks us through ‘The Tipping Point’ - the moment when you identify the cracks in what initially seemed an impenetrable fortress and the tower of cards starts to fall. Read on and find out just what happens when the cracks start to show.