Tiger Team (TV series) - organizations security testing

[dboeren]

But physical security isn't like that. In order to actually break into a place, you have to first look around and find the vulnerabilities. Once you've identified them, there's really no reason to actually break in other than for TV or as a sales gimmick. And actually breaking in only identifies one possible method of entry when there may be many others. Seems like you could do as good a job or better at identifying security problems by just doing a building walk through.

I haven't watched the shows yet (they're on my list) but I'm guessing that it's to test the vulnerabilities and prove that they can be exploited? Otherwise the client may not believe that these are real flaws in their system, just "theoretical" problems that may not merit serious attention to fix. Or maybe that's what you meant by a sales gimmick?

[Beyond]

But physical security isn't like that. In order to actually break into a place, you have to first look around and find the vulnerabilities. Once you've identified them, there's really no reason to actually break in other than for TV or as a sales gimmick. And actually breaking in only identifies one possible method of entry when there may be many others. Seems like you could do as good a job or better at identifying security problems by just doing a building walk through.

I haven't watched the shows yet (they're on my list) but I'm guessing that it's to test the vulnerabilities and prove that they can be exploited? Otherwise the client may not believe that these are real flaws in their system, just "theoretical" problems that may not merit serious attention to fix. Or maybe that's what you meant by a sales gimmick?

The whole show is a gimmick.

They do the tactics they do for entertainment, not because it actually works.

The whole deleting VIN numbers from the external hard drive so it would render the cars untraceable had me yelling at the TV.

[raimundo]

I only saw the first one, but I had a suspicion that it was more entertainment than reality. And if they really were a 'tigerteam' would they have walked away and left the place unsecured? I was even suspicious that the owner of the place was of the same generation as the actors, could it have been his dads shop? Possibly the unsustainablity of the show was the need to get proprietors of such high end retail to cooperate. would the federal reserve allow this? much of the details on good security systems are kept secret. this made the possibility of 15 or twenty more small cameras much more real, and likely for all the bypass they did or acted, the place has much better stuff that wasn't allowed to be shown.

[mitch.capper]

RE: maintenanceguy
I think most penetration testing teams do some sort of break in although a lot are certainly less through then this. The idea being when you had your security system installed a professional already did a walk through to try and ensure it is as secure as possible.

In addition if you are simply telling a company your safe isn't secure or your RFID cards could be duped sometimes wont end up in a change as they figure it is good enough, but showing them can certainly help.

There are a good number of security consultants who will do just what you said of a complete walk through and top to bottom summary and suggestions set. Generally penn testers are going to try and do some sort of entry.

Obviously parts of the show are for entertainment, but there is a lot of stuff that also isn't shown, specifically regarding the final reporting. After the breakin and the post contact a very detailed report is presented and the entire security is reviewed. Its just that stuff is less entertaining to watch and so isn't shown.

As for the Takes a Thief comment it is actually interesting some of the people who watch and love that show. I personally hadn't seen it until someone mentioned it in a previous thread, but it seems a bit repetitive and fake. Every show it seems the same, they pick a house that has no or an off alarm system, finds an open door/kicks in the door/breaks a window trashes the house and then update the security. Generally meaning medeco deadbolts, possibly security film on windows, alarm system, and charlie bars on windows. They also notify both the police and (on return) alarm companies about what they will be attempting, it seems sometimes the police do get calls they just don't mention that:) Overall the show is not bad but certainly doesn't really attack hard targets.

These guys are going to continue doing what they do with or without the show, however Legion heard from them that while TruTV may not have future episodes they do have interest from some others so they show may resurface in one form or another:)

Anyway personally I find tiger team interesting especially some of their tactics, and do hope it turns up again:)

[dboeren]

OK, watched the first episode. It was fairly entertaining, but not as detailed as I would have preferred. Nor did they do anything really creative to get through the system, which left me a little disappointed. But overall not bad, especially for the first episode of a new series.

The whole deleting VIN numbers from the external hard
drive so it would render the cars untraceable had me yelling at the TV.

Yes, that part was really stupid. I'm sure that the company has backups and can recover this information, so even on the surface it made no sense whatsoever. Even if they didn't, I don't understand the situation anyway. Why would the company keep this data on an external hard drive that's not hooked up? If they did, how did the Tiger Team know what was on it before he hooked it up? It just didn't make a lot of sense. The only practical part of it is that if you are part of a Tiger Team, it's a good idea to keep some spare cables in your briefcase or whatever it is that you carry with you.

[Beyond]

I caught all kinds of stuff like and when I tried to point them out on this board, no one could come up with any substantial counter points besides: they know what they're doing , it's not meant for people as critical as I was, etc.

Oh well, glad they aren't picking it up. It was an atrocious show.

[Legion303]

I caught all kinds of stuff like and when I tried to point them out on this board, no one could come up with any substantial counter points

I did mention that the VIN stuff was added afterward for TV purposes and that it wasn't in the raw pilot, but you didn't seem to have an answer for that. I also told you that many parts were there because of the production company and very likely the businesses involved wanting to keep portions of their security secret, but you had no answer for that either.

-steve

[cool-arrow]

There was a show like similar to this, I think on the Home Network or Discovery channel a while back. Where a guy would use DE to break into houses. Then he would do a more detailed response of ideas and tips to prevent certain vulnerabilities for the audience. I thought that show was more entertaining and offered a lot more to the viewer. The guy exploited how fast a real break in would take. He would walk up to a house with no tools and explain what he was looking for and vulnerable points of entry. Does anyone remember the name of this show?

[raimundo]

look for discovery channel archives for "it takes a thief" there were two 'exburglers' who did the breakins of homes on the east coast, around New York and New Jersey mostly. the security upgrades at the end were very different, some got a lot of good equipment, and others got a bushit job. Many of the reburglary tests they performed showed the week point of all home security systems, that is the failure to arm them every time your out. I only have a cheap lock on my door, but I always use it.

[Beyond]

I caught all kinds of stuff like and when I tried to point them out on this board, no one could come up with any substantial counter points

I did mention that the VIN stuff was added afterward for TV purposes and that it wasn't in the raw pilot, but you didn't seem to have an answer for that. I also told you that many parts were there because of the production company and very likely the businesses involved wanting to keep portions of their security secret, but you had no answer for that either.

-steve

So it was editing and production cuts that made Luke, the "hacker" specialist and computed expert, forget how to hook up an external without a USB cable?

[Legion303]

So it was editing and production cuts that made Luke, the "hacker" specialist and computed expert, forget how to hook up an external without a USB cable?

I guess this means you still don't have answers.

If you watch the segment you're referring to, you see Luke mention that he has no cable, then there's an edited-in shot of Ryan swearing on the radio, then Luke saying "there's one on the printer." I'm not sure why you have a problem with this. Maybe for the same reason you think Mitnick invented social engineering: because you're clueless.

-steve

[raimundo]

I saw the ending credits of 'ittakesathief' as it was going off on discovery yesterday, either they are rerunning or they are making the program again. Curiously, discovery has had a number of programs in this vein, one was the supposed recreation of certain notorious heists, in which two opposing teams were to work out how to get into places that simulated the place in the real heist. The lock picker on one of the teams was one of our members, Mike Glass or something like that, and there was a prick who couldn't keep his mouth shut and needed his ego anesthetized. they all dressed in black speedo and had lights and cameras hanging all over them in case any of the guard dogs were confused about what they were.
In one episode, there were guards with dogs and the dogs were alerting and dragging on the leashs to get these guys, while the guards were fighting the leashes to prevent them from chewing the speedo ninjas. that version didn't last. It should have been written, acted, and the locks gaffed rather than what they actually did. I think the version with the two burglars, one does the social engineering and the other one breaks the glass, actually does have some scripting and second and third takes to make it more cable ready. I think tiger team could use some scripting, some humor, and some second takes on some of the scenes. They after all do have a camera crew and lighting techs, soundmen, etc. why not just up the production values.

[Beyond]

If you watch the segment you're referring to, you see Luke mention that he has no cable, then there's an edited-in shot of Ryan swearing on the radio, then Luke saying "there's one on the printer." I'm not sure why you have a problem with this. Maybe for the same reason you think Mitnick invented social engineering: because you're clueless.

-steve

I didn't even mention social engineering in that post. Look for more moot points to attack.

And he didn't invent it but he coined the term and made it popular, you're out of your mind if you don't think that.

[Legion303]

I didn't even mention social engineering in that post.

I didn't claim you did.

And he didn't invent it but he coined the term and made it popular, you're out of your mind if you don't think that.

Since the term was coined before Kevin was born, I invite you to share his secret of time travel.

-steve

[Beyond]

Since the term was coined before Kevin was born, I invite you to share his secret of time travel.

-steve

Can you show me proof of this?