Recon what?!

It was entertaining watching people attempt to get past Security @ Blackhat without a badge. Apparently, there are those who have forgotten how to do reconnaissance. When performing reconnaissance of a sensitive target, it is best to survey many times. Foremost, it helps to identify patterns. However, when surveying multiple times, it increases the chance one could be detected. Try to avoid the below issues and you will be on a path towards success.

Do not get caught:

  1. Filming places not normally recorded. Think if someone came to your property to film your neighbors. Wouldn’t that seem suspicious?
  2. Lounging in sensitive areas with no valid reasons. When was the last time you let a stranger on your network or yard?
  3. Holding maps or reconnaissance information with no valid reason. Ask yourself “In the first place, why would someone need this information?”
  4. Asking strange and/or appear to have abnormally long interest in security personnel, measures/policies/procedures, entry points, ACLs, and/or perimeter information. Enough said here.
  5. Surveying drills, exercises, and actions of security personnel to any threat, possible or not. See point #12.
  6. Monitoring scanners, mailing lists, discussions and/or other forms of communication for estimating response times.
  7. Causing unexplained fire/IDS/IPS alerts. One does wants their target to be relaxed, not paranoid.
  8. Mapping routes, timing networks, physical routes, and monitoring traffic flow in or near sensitive areas.

Do not:

  1. Question security or facility personnel in any lengthy manner. While in accordance with point #12, those should attempt to keep distance from those who must remain vigilant.
  2. STARE or continually hit the target’s network.
  3. Do not avert gaze and/or retracing steps. Seems suspicious.
  4. Appear uncommon, different, and/or out of place. Vendors, shoe shiners, panhandlers, and 3rd party unknown tech support people come to mind. It wouldn’t be fair not to provide counter intelligence.

For those responsible for sensitive areas:

  1. One should remain vigilant and watch for observation behaviors.
  2. Use all techniques available such as field interrogation techniques.
  3. Document incidents to local police, terrorism task force, and or state/local fusion centers.