// Urban Exploration for the Social Engineer
// (A tongue-in-cheek primer to getting in)
// 
// by @Æ©1-1@/\/GE1_ [ArchAngel]
//
// http://www.oldskoolphreak.com


.…®….…®….…®….
|Introduction|
-=-=-=-=-=-=-=
So you just can't wait to get some UE done. Maybe there's this new cool
office building downtown and you want to make it to the roof. Perhaps
you're bored on the subway and realize with a start that the new civic
works project promises a system of underground tunnels to map. Maybe you're
even in a foreign city and just want to perform some elite urban
exploration to get away from all the regular canned tourist experiences. As
the adrenaline starts pumping through your veins at the very thought, your
mind seems to cloud and you forget where you are  and what you're doing -
and invade the corporate golf course in a black ninja jumpsuit and mask,
your last sight of the free world the distinct red and blue lights of a law
enforcement justice-mobile glinting off the wakizashi you've brought along
"just in case". Restore from last known good backup, and let's go to the
beginning of the tape - whether you're infiltrating for fun or profit, it's
best to go in armed to the hilt with some knowledge. This article will
demonstrate some tips for applying social engineering strategies to the
urban explorer who finds himself in a semi-populated area, such as a city.
Information is vital to any hacker's arsenal - equip yourself accordingly.

.…®….…®….…®….…®….…®….…®…
|Phase One: Preparation|
-=-=-=-=-=-=-=-=-=-=-=-=
The first phase of your operation begins before you even arrive on the
scene. 

(A collective groan goes up from the reading audience and the ArchAngel
stops to take questions: "What?!", says a young lad in black, "You mean to
say after all that talk about urban exploration adventures in the
beginning, the first step doesn't involve bursting into the target
location, guns blazing? I have been misled!" The ArchAngel but grins before
issuing reply - "I bid ye ph33r not, impatient one; exciting can mean car
chases, but an adventure is something you walk away from." There is an
unhappy murmur, but it settles to a reluctant quiet.)

I'll say it again - the phirst fase of your operation begins before you
even arrive on the scene. This is important, because once you enter a place
you are stuck with the equipment and the data you have on hand, and will
have to improvise to make up for things you may have forgotten. This
involves three steps:

1)Analyze the personnel!
What kind of people go in and out of the building? What is the lowest
social status you can make yourself out to be and still get in? Given
limited terminology, what is the highest technical professional you can
make yourself out to be and still get in? And now, rather than swinging to
the extremes of one or another, what does Joe Average look like, and how
does Jane Average carry herself? The point of this exercise is this: We are
looking for someone with a maximum amount of priveleges who still blends in
with the crowd. Certainly the President (or King or Warlord, depending on
your geographic location) would not be denied access to a hotel's computer
room, but is that level of authority necessary? Conversely - a homeless
person may blend in with a street corner, but would (s)he be allowed much
past the lobby of a skyscraper? A happy median is the key.

2)Analyze the structure!
This is obvious. Are you expecting to go into the dark? Will you need to
wade through water? (Hopefully not, if you're infiltrating an office party)
Will you need to climb up or down something, once you're safely inside?
What is your personal procedure for encountering a locked door? How about a
partially-open one? What time of day is the best to successfully enter and
exit without being noticed? How will you approach the building - by public
transport, or is this far enough out that you will need to use a personal
vehicle to get to it? Bicycle or car? Taxi or driver accomplice? Will you
need a tone dialer? USB Flash memory key? Lighter? And, lastly - where will
you put all of this gear while maintaining the semblance of being Joe or
Jane Average? 

3)Analyze yourself!
This is the part of the mission that many hackers fail to consider - they
enter the building wearing a hard hat and telco-logo adorned work shirt
and carrying a clipboard and walk right past the lobby guards with no
problem - until a businessman asks what in sam hill they think they are
doing there, at which point they stutter and stammer and strain and
shake ... at which point a retreat is utterly necessary. If there is one
rule for social engineering, it is this: Confidence above all. Remember
that you belong where you are going and your job is to do what you are
going to be doing. Anything less and you will be compromising your
security. Centered, terminology firmly in mind, accept the role you have
chosen (don't use an accent), and go.

.…®….…®….…®….…®….…®….…®…
|Phase Two: Infiltration|
-=-=-=-=-=-=-=-=-=-=-=-=
Far too easy, young padawan. You've gone and done your research before
hand, for an hour or a month as necessary, and are set. Casual dress
clothes and an earnest forged smile and you're in the door. Except - what
next, now that you're in?

Here's the secret - the art of infiltration is the art of belonging, so be
friendly! You don't have your uniform because it's your first day on the
job and the manager told you she would allow it just this once, and who do
you talk to to get the keys to the computer room, thanks?

Here's another secret - the art of infiltration is the art of being
noticed, then forgotten. The five dollar pair of white tennis shoes you
bought from Wal-Mart combine nicely with the two dollar flourescent purple
paint kit and form a bizarre, "look-at-me" combination that someone who
didn't belong and was trying their hardest to blend in and not be noticed
would never consider wearing. They also happen to draw the attention of
every person you encounter to your shoes, and while everyone at the dinner
party will recall the hacker with the purple shoes, they never really
thought to take a good look at their face ...

One more secret tip, and then you're on your own - the art of infiltration
is the art of consistency. You cannot be the Grand Marquis of Conquistador
to the doorman at the corporate convention and be Jim Bale, simple farmer
of Nome, Alaska to the conventioneers. Because of this, give as little
information as necessary to those you encounter, while volunteering it
before it is asked. Sample conversation: "Hey, Gene Behlew - Where do I go
to check into this place? I'm sorry to bother you -" "Hi Gene, no problem!
You'll just need to present your Microsoft badge to the security guards
over there and they'll take care of the rest." "I gotcha', thanks - hey, is
there a restroom inside somewhere? I don't know if I'm going to make it
through that line." "Oh sure - there's a service entrance around the back
where they're bringing in food ..."

.…®….…®….…®….…®….…®….…®….…
|Phase Three: Exfiltration|
-=-=-=-=-=-=-=-=-=-=-=-=-=
Remember that at some point in your adventure, you're going to want to go
home. Whether because your memory stick is full, you're out of film, or you
successfully made an eighteen-hour long-distance phone call to Taiwan from
the basement. Getting away while masking that triumph and without seeming
like you're escaping. Hopefully you called the Taxi you're paying for in
cash already and can just step outside and into the backseat before being
dropped off six blocks from your final destination so nobody knows where
you came from, but on the off chance that they don't show up on time or
that you just need to get to the bus stop or bicycle you stashed next door,
you don't want to get caught up in a lengthy goodbye sequence that leads to
Radio Station Security tracking you down, nor do you want to be walked out
to your car with your new best friends from the Wal-Mart night-maintenance
crew. Therefore, keep in mind the simple phrase "AWAY" (as in getaway) and
you'll be fine.

Apologize - You'd really love to stay, but you have to go pick up your
sister from a baseball game, sorry. Oh, that would be nice, but you have a
meeting in the morning you really can't miss, sorry. Thanks, but you're
afraid you're washing your hair Friday. Pursuing that form of action would
engender a most regrettable outcome, model fourteen dash nine. Form your
apologetic escape excuse to your target.


Wait - for your target to finish talking, if you can. People who interrupt
are suspicious, memorably rude, and anyway you can make a much more
graceful escape from the Foreign Unified Dignitaries' luncheon by waiting
for a lull in the conversation and turning the casual glance at your watch
into an eyebrow-arch inducing double-take before remembering the social
obligation within your family that nobody will question.

Ask - The best way to get out, or if that is apparent to some well-known
local landmark, and be sure to use manners appropriate to the environment,
be it a high five and an encouraging 'Thanks, man!' or a handshake and
straightening of your benefactor's tie. To put it bluntly, this gives them
the impression that they have instructed you to do something and, grateful,
you are complying with their request. People rarely question orders they
perceive they have given.

Yes - you will be back, in an hour or next year or at another appropriate
time. This is not the last they'll see of you, so feel free to postpone
that story of your trip to Africa or the description of the model nine
train track switching mechanism for later. After all - for all you know, it
may be true!

.…®….…®….…®…
|Conclusion|
-=-=-=-=-=-=

In retrospect, all of the mass of text that forms the rest of this lengthy
dissertation can be summarized within the following three points, something
those who skipped straight to the end of the article were hoping I would
say:

§ Study your environment to blend in.

§ Be friendly and open with your assumed identity.

§ Be confident and, most importantly, have fun!