Earlier this year, I broke into the network of a large teaching hospital located in a major U.S. city. It wasn’t difficult, and I did so without using any sophisticated technical skills. My weapon of choice? A dress shirt and a pair of khakis.
Dressed like your typical IT professional, I walked the hallways of the hospital carrying a laptop, looking for a target. I found a maintenance technician repairing a section of the floor and approached him, saying, “Hi there, I’m Mike from IT, and I’m trying to fix the network. I left my badge downstairs, and I really don’t want to walk back there. Is there any chance you could let me into this network closet?”
“Sure, buddy, no problem,” he replied. He stood up, walked over to the door and swiped his ID card, letting me into the network closet. Once I was in, I quickly attached a small device to the network switch that opened a reverse connection, giving my entire team remote access to the hospital’s internal network. Now, let me explain myself. I’m not a criminal — I’m a penetration tester with CDW’s Amplified Security services team, and organizations around the country hire me to perform tests just like this one. I work to help business and technology leaders understand the risks facing their organizations and develop strategies to better secure their networks, systems and people from attack.