Eight reindeer. Four days. A lot of hot chocolate.
The target? The North Pole.
We’d had a call from a very important customer with a list of ‘naughty’ and ‘nice’ clients - Santa. In a bid to improve festive cheer among his team of elves, he’d taken on a large digital transformation strategy for the North Pole, introducing a complex database to manage his lists. The concern was about keeping this list safe – a compromise could have disastrous consequences, causing tears and tantrums on a global scale.
Santa had mentioned that while he thought the list might be at risk, he thought that the sleigh – with an all-new keyless entry system – was totally secure. We wanted to give Santa real assurance and show how this may not be the case by approaching the assessment like a real attacker would.
So, with his approval, we planned a second mission to locate and steal a present from the sleigh.
On the first day of our mission to save Christmas, we tried to find Santa’s HQ. With a large but secretive base, we couldn’t rely on open source intelligence, and extremely cold weather made it difficult to carry out our usual surveillance. Cold but not beaten we retreated and over a cup of some magical North Pole hot chocolate – a kind gift from Santa – we planned our next steps.
Refreshed on the second day, we tried again, and due to a lucky combination of some camouflage and a still day, we were able to locate the entrance. There, in a giant igloo, was the door. We undertook observation for a few days and noticed a pattern. Every day at 8:30am, all of Santa’s elves would join a queue to enter the workshop – all they had to do to enter was provide a present to a security troll on the door. So, one elf costume and fake present later, we were in.
Hidden in the morning rush, we split up to get a clearer picture of the inner workings of the North Pole and map out the next phase of our engagement. We saw that while all elves could access the workshop using security passes, only Santa and a select few elves could get into the sleigh shed. Now, we just had to work out how to access it ourselves – cue more hot chocolate to help with our mission planning.
Watch out for part 2 coming very soon...