Dirty Deeds…. On Video

Recently the team and I were engaged in a physical penetration test where our goal was to gain access to multiple facilities and data deemed sensitive by the client.

During our internal discussions for the engagement it was brought up that recording portions of the assessment could provide some additional benefit for the client. As they say, a picture is worth a thousand words and the video could help provide better impact when supplemented with our report.

We have utilized cameras in the past, mainly through our phones or maybe a snake cam to look under doors, but nothing to capture high-quality video that could be utilized as a visual aide to supplement our reports. I started to develop requirements we wanted to meet before making a purchase.

Requirements:

As in all things you must give a little to gain a little. We wanted high quality video, concealment, ease of use, maneuverability, audio, and the ability to take snapshots from the camera itself. We found a couple of options between spy cameras, body cameras, and  GoPros, and each had their own pros and cons.

Spy Cams – $50.00 – $250.00:

https://www.google.com/search?q=spy+camera+glasses

The name fits the bill – technically we are performing a form of simulated espionage. We are conducting recon, attempting infiltration, trying to access sensitive information, and need something we can sneak around that can record those activities. Unfortunately, as compact as these units are it makes it difficult to provide good stable recording or stills. Often you’ll find these devices hidden in pens, eye wear, and buttons, but due to how compact the units must be they do not have enough room to provide high quality, stabilized video with good audio.

Body Cams – $140.00 – $500.00:

https://www.amazon.com/s/ref=nb_sb_noss_2?url=search-alias%3Daps&field-keywords=body+camera 

If you’ve been paying attention to the news, you’ve probably seen some of the new body cameras law enforcement agencies issued to their forces. These devices met most of the requirements but the only drawback is their concealability. Most provide good stabilized video, have microphones for audio, and can capture stills while recording, but unfortunately are a bit bulky and harder to conceal due to their shape. If funding is limited, these devices ran between 150.00 – 200.00 dollars and can work nicely with your budget. Another feature of these devices (for better or worse) is the ability for the devices to connect to a cloud environment where videos can be uploaded, and indexed. Oh, yeah, and confiker now comes pre-installed. https://arstechnica.com/security/2015/11/police-body-cams-found-pre-installed-with-notorious-conficker-worm/

Make sure you do your own research before purchasing. Attacking the supply chain is not as uncommon as you think.

GoPros – $149.99 – $399.99:

https://shop.gopro.com/cameras

These were ultimately our choice for the engagement. The specifications of the GoPro Hero 5 Session met all the requirements we laid out going into the search. Its capability to record in 4k definition, with video stabilization, and provide wide and narrow fields of view was a great selling point. The built-in microphones recorded with surprising clarity, and the operators can take snapshots while recording which made grabbing stills of documents a breeze. You do have to purchase an additional microSD card that has a high rate of I/O but those are not overly expensive.

Use in the field:

Recon:

We picked up two cameras to use during the assessment and boy we were glad for it. The introduction of the GoPro into this assessment far exceeded our expectations, and once we started utilizing the device it became clear that we could do much more than just record our approach or take stills of documents.

During our initial recon, it became evident we would need to gather up some badge information (pictures including names and styling) as this client’s identification had unique and complex backgrounds. We certainly felt like digital pick pockets as we found reasons to get up close to people and maneuver ourselves into positions to get the clearest shot. The ability to conceal the GoPro paid off as we could get close-up shots of employee badges while waiting in line for coffee, or in passing on our way to the office.  With enough video and stills we could head back to the hotel where we could print off our counterfeit badges and proceed with the next phase of the test.

A key note I would like to share is that the GoPro starts off in a wide field of view. After reviewing the footage, we found that switching the GoPro to use a narrow more targeted field of view produced a higher quality frame for pictures or stills of video.

Dirty Deeds:

With recon out of the way and the initial breach accomplished we found, again, having the GoPro in hand proved to be a boon. The ability to set the camera up for one button record allowed us to keep the GoPro in pocket until ready for use. We could push the record button and keep it palmed while we moved about the facility recording internal office spaces, evacuation routes (floor plans), and proprietary information left on desks. Switching the GoPro back into a wide field of view worked out best for this portion of the engagement and again provided a bonus that was not an initial reason for the purchase: Reviewing footage after our initial breach allowed us to slow down the video and analyze the surroundings better. We even picked up on some additional points of entry, noting door mechanics, camera placement, and REX sensors, which we could use during our night operations.

Another key note to add here is that the GoPro doesn’t have many tactile features to it. This made it hard at first to figure out which direction you were trying to record without looking at the camera, and we ended up with a lot of pocket shots or footage of the inside of our palms. A small piece of grip tape under the front of the lens cover would help you to identify the front of the device and allow you to quickly align it in your palm.

After Action Review:

In addition to wanting video of the engagement to provide additional value to the client, we recognized the internal training value for our teams. The GoPro proved effective again as the team and I could put together videos, analyze content, and pick out the most useful clips for training. Working with our marketing team we produced an excellent timeline and training video which we can use internally or as a marketing tool.

Random information:

A couple of random pieces of information about the GoPro:

The battery life is pretty solid, but it’s going to need a charge or two to get through a long-term engagement. We spent the better portion of the morning starting and stopping recording and got about 3 hours out of it. It takes a good bit of time to charge up the device so having a couple spare battery packs in your go bag will be useful.

The price was $299.00 per unit plus the addition of the SD Card, I believe the one we purchased was $15.00. If you compare how well these functioned, how concealable they were, and all the bells and whistles that come with it, it far outweighs any other options we considered. If you were sitting on the fence about price points between this and a decent body camera, I couldn’t recommend the GoPro enough.

One minor complaint I have is that it doesn’t come with its own wall charger. If someone is giving you that much cash, throw in the damn charger.

The GoPro also supports android devices and has a suite of apps for download. This can be even more useful as you can conceal the camera and connect to it with your phone through a Wi-Fi connection and monitor the feed. That being said, the GoPro generates a pretty weak random pre-shared key when connecting the device to your app. You will also see the SSID being broadcasted out into the environment so just keep that in mind for OPSEC.

T3phanis
Follow me!
T3phanis
Follow me!

Latest posts by T3phanis (see all)