Data Center Knowledge: Bugs in the Data Center: How Social Engineering Impacts Physical Security
On June 9, 2022, NetSPI Security Consultant, Dalin McClellan, was featured in an interview on Data Center Knowledge called Bugs in the Data Center: How Social Engineering Impacts Physical Security. Read the preview below or view it online.
+++
One data center management team learned the hard way that bugs can be a menace – or, to be more specific, the people who hunt them. And we’re talking about real, six-legged bugs, not the computer kind.
It started last November when NetSPI, a Minneapolis-based penetration testing firm, was hired to do a test by a company that owned several colocation facilities. NetSPI’s job was to use social engineering to physically breach the data center, with the objective to get into one of their facilities and into a position where they could access the networks.
“This was a highly secured facility,” said Dalin McClellan, senior security consultant at NetSPI. “All the doors have retina scanners and badge readers. And there are man traps. You go through the door into a small room and wave to wait for the first door to close before you can open the second door and come in.” That means that McClellan’s team couldn’t just follow someone into the building. Worse yet, there are only two employees who work at the facility, plus a security guard. Strangers would immediately stick out. “Plus, we only had a week to prepare,” said McClellan.
Normally, what NetSPI would conduct deep research on the facility, find out about all the external visitors who are allowed in, collect copies of stationary and get sample email, and connect with the employees via social media or other channels. They typically start with Google, the company’s own website, LinkedIn, and then proceed to learning anything and everything they can about the facility and about the people who work there.
“And we would do physical reconnaissance, where we sit in a car outside the building and watch employees go in and out, and watch vendors go in and out,” he said. “Normally, this could take up to several weeks.”
But the client only gave them a week.
Read the full story online to discover how the social engineering engagement fared!
Explore More News
NetSPI Named a Minnesota Top Workplace 2025 for Fifth Year in a Row
NetSPI earned a Top Workplaces 2025 award, the Star Tribune’s annual recognition of the best local companies, marking the fifth consecutive year NetSPI has received this prestigious honor.
NetSPI Publishes Continuous Threat Exposure Management (CTEM) For Dummies, NetSPI Special Edition
NetSPI, the proactive security solution, is excited to announce the release of Continuous Threat Exposure Management (CTEM) For Dummies, NetSPI Special Edition.
TechChannel: Hacking With ChatGPT
NetSPI Field CISO Nabil Hannan was featured in TechChannel’s article on how LLMs like ChatGPT are accelerating cyberattacks and lowering the barrier to entry.