The Black Team saves Christmas - Part one: surveillance
Eight reindeer. Four days. A lot of hot chocolate.
The target? The North Pole.
We’d had a call from a very important customer with a list of ‘naughty’ and ‘nice’ clients - Santa. In a bid to improve festive cheer among his team of elves, he’d taken on a large digital transformation strategy for the North Pole, introducing a complex database to manage his lists. The concern was about keeping this list safe – a compromise could have disastrous consequences, causing tears and tantrums on a global scale.
Santa had mentioned that while he thought the list might be at risk, he thought that the sleigh – with an all-new keyless entry system – was totally secure. We wanted to give Santa real assurance and show how this may not be the case by approaching the assessment like a real attacker would.
So, with his approval, we planned a second mission to locate and steal a present from the sleigh.
On the first day of our mission to save Christmas, we tried to find Santa’s HQ. With a large but secretive base, we couldn’t rely on open source intelligence, and extremely cold weather made it difficult to carry out our usual surveillance. Cold but not beaten we retreated and over a cup of some magical North Pole hot chocolate – a kind gift from Santa – we planned our next steps.
Refreshed on the second day, we tried again, and due to a lucky combination of some camouflage and a still day, we were able to locate the entrance. There, in a giant igloo, was the door. We undertook observation for a few days and noticed a pattern. Every day at 8:30am, all of Santa’s elves would join a queue to enter the workshop – all they had to do to enter was provide a present to a security troll on the door. So, one elf costume and fake present later, we were in.
Hidden in the morning rush, we split up to get a clearer picture of the inner workings of the North Pole and map out the next phase of our engagement. We saw that while all elves could access the workshop using security passes, only Santa and a select few elves could get into the sleigh shed. Now, we just had to work out how to access it ourselves – cue more hot chocolate to help with our mission planning.
Watch out for part 2 coming very soon...
About NCC Group
NCC Group exists to make the world safer and more secure.
As global experts in cyber security and risk mitigation, NCC Group is trusted by over 15,000 clients worldwide to protect their most critical assets from the ever-changing threat landscape.
With the company’s knowledge, experience and global footprint, it is best placed to help businesses identify, assess, mitigate and respond to the evolving cyber risks they face.
To support its mission, NCC Group continually invests in research and innovation, and is passionate about developing the next generation of cyber scientists.
With over 1,800 colleagues in 12 countries, NCC Group has a significant market presence in North America, continental Europe and the UK, and a rapidly growing footprint in Asia Pacific with offices in Australia and Singapore.