Every weekday at 3 p.m. the Federal Express driver stops at the loading dock of a building where the offices of Medical Associates, Inc. are located. When the driver backs the truck up to the rear door of the building, he presses the buzzer and lets the security guard know he is at the door. Because the building’s security personnel recognize the driver—as he comes to the door every day around the same time for pickup and drop-off—they remotely unlock the door and allow the driver to enter. A hacker is watching this process from a car in the parking lot and takes note of the procedure to gain physical entry into the building.

The next day, the hacker carries a large cardboard box toward the door just as the Federal Express driver has been given entry to the building. The driver naturally holds the door for the hacker because he is carrying what appears to be a heavy, large box. They exchange pleasantries and the hacker heads for the elevator up to Medical Associates’ offices. The hacker leaves the box in the hallway of the building as he heads to his target office.

Once he reaches the front desk of the Medical Associates office, he asks to speak with the office manager whose name he previously looked up on the company website. The receptionist leaves her desk to go get the office manager, and the hacker reaches over the desk

and plugs a USB drive containing hacking tools into the back of her computer. Because the computer is not locked with a password, he double-clicks on the USB drive icon and it silently installs the hacking software on the receptionist’s computer. He removes the USB drive and quickly exits the office suite and building undetected.

This is an example of how reconnaissance and understanding the pattern of people’s behavior can enable a hacker to gain physical access to a target—in this case the Medical Associates network via a Trojaned system—and circumvent security checkpoints.

Reconnaissance

The term reconnaissance comes from the military and means to actively seek an enemy’s intentions by collecting and gathering information about an enemy’s composition and capabilities via direct observation, usually by scouts or military intelligence personnel trained in surveillance. In the world of ethical hacking, reconnaissance applies to the process of information gathering. Reconnaissance is a catchall term for watching the hacking target and gathering information about how, when, and where they do things. By identifying patterns of behavior, of people or systems, an enemy could find and exploit a loophole.