Follow NCC Group Newsroom

The Black Team saves Christmas Part two: the breach 

News   •   Dec 13, 2019 07:51 GMT

Missed the first part of The Black Team saves Christmas? Read all about the surveillance stage of the Black Team’s festive mission here.

With time running short, it was time to make our move on the naughty and nice lists. Upon approaching the reception with the same cheery demeanour as the other elves, we noticed a pile of new elf passes on the desk. We told the receptionist that we were there to run a test flight with the reindeer, and while he went to make us hot chocolate, we stashed a few of the passes into our makeshift toy sacks. 

Smiling and oblivious, he pointed us to a waiting area, where we were to wait for one of the head elves to give us the WiFi code. 

Before the elf could get there, we ducked into a quiet workshop and, with a laptop quietly taken from a desk, set about compromising the laptop so our Red Team had access to the naughty and nice lists. It didn’t take the Red Team long to not only swap a name from the ‘naughty’ to ‘nice’ list, but also locate one of the presents in the sleigh and send the location to Black Team.

Emboldened by our first victory, we headed over to the sleigh shed. The elves, busy with their toy-making in a busy workshop, didn’t notice us. However, another security troll stopped us in a quieter corridor and asked us what we were doing. 

Luckily, at that moment, we saw Santa strolling by and humming to himself. It was time to change our story, so we told the security troll that we just wanted a picture with Santa. 

“Ho! Ho! Ho! Of course, you can,” he chuckled, and before being escorted out of the workshop, we had a picture – with Santa’s security pass clearly visible in the image. The Black Team whiled away the rest of the afternoon creating a forgery of Santa’s pass, along with some new elf uniforms. 

The next day, we set off on our mission to retrieve a present from the sleigh. Heading to the workshop, we were stopped in our tracks by Mrs Claus.  

After showing her Santa’s pass, and informing her that he’d sent us there to remove a present, she made a quick check of the naughty list, which the Red Team had updated to verify our story.

After checking the list twice, Mrs Claus let the team through. However, our fake pass wouldn’t open the sleigh – with a keyless entry system in place, it initially seemed that the sleigh had the level of security that Santa expected. However, by using a relay attack – during which we intercepted the signal from the sleigh’s key fob and used it to access the sleigh – we were able to steal the present that we wanted and made our way back home through the snow.

It took seven days, several elf costumes, a few pounds gained as a result of over-indulgence in hot chocolate and a mild case of frostbite, but we had been successful in showing Santa the security gaps across the North Pole – not just the list, where he knew to be vulnerable, but his sleigh, where he thought he was secure. 

With our insight into the changes that need to be made to processes and policies, Santa and his team (with a little training from NCC Group) have made some important changes to secure the workshop. 

Another jolly client, another successful operation for our Black and Red Teams, and most importantly, a safer Christmas for all.