News: Social Engineering for the hell of it.

Social Engineering for the hell of it.

I've recently been on holiday in Europe, staying in a hotel that was part of a big chain that included many in the local area. A quick review of the wi-fi within range of my room showed that there was another in the chain that was in range of my Yagi Turbotenna, which naturally got me thinking. If I wanted an anonymous internet connection, this could be quite handy.

After packing off the family so that I could have a couple of hours to myself I wandered over to the nearby hotel, carrying a beach bag, wearing shorts and looking like exactly what I was, a tourist. The hotel operated exactly like my own, in that it had no security on the entrances and people were free to wander in and out as they pleased. I settled myself by the pool and began people watching, behind my inconspicuous sunglasses.

After a while I spotted exactly what I was looking for; the guests here used keycards that were identical to the one I used in my hotel. Unsurprising as they were part of the same chain. I packed my bag and headed for the foyer.

Carrying my Kindle in my hand, and with my hotel keycard plainly visible on top, I approached the reception desk and explained that when I arrived I had not asked for the wi-fi login details. Note that I did not say that that I had not requested them when I "checked in"; if I had done so and the receptionist had asked for my name and room number I'd have been screwed. As it was, if she'd asked for more info I'd have said I was visiting a guest but did not know their room number as we were chilling by the pool.

In any case she simply reached under the desk and produced a small slip of paper upon which were written the login and password for the hotel wi-fi. Result! I went back to the pool, bought a beer and caught a few rays before heading back to my own hotel with the ability to log onto a separate wi-fi system that would have been almost impossible to track back to me. No need to aircrack, reaver or pixie-dust, just a bit of forethought and the balls to blag it. A simple example of why the human element is most probably going to be the easiest way to compromise a system.

Happy hacking folks.

Want to help support Null Byte and start making your own money as a white hat hacker? Jump start your White-Hat Hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from Ethical Hacking Professionals.

Buy Now (96% off) >

Our Best Hacking & Security Guides

New Null Byte posts — delivered straight to your inbox.

4 Comments

I'm intrigued to know some more but I'm playing out different scenarios mentally. All lead to piña coladas, a cooler with drunks and chilling on the beach. Nice job!

Not imppssible to track back... the reception surely has a cam!!

Very interesting to read!

Share Your Thoughts

  • Hot
  • Latest