Meet the team that stormed the top-secret headquarters

A specialized team assembles and storms a top-secret military base or corporate headquarters – you’ve probably seen it in a movie or on TV dozens of times.

But such teams exist in the real world and can be employed to test the strictest security measures.

Many companies offer to test computer systems by trying to hack them remotely. This is called white hat hacking.

But the skills involved in violating physical security, known as “red teaming,” are rare.

Companies that offer a red team service must bring together employees with very special skills.

Often using former military and intelligence personnel, red teams are asked one question.

“How do you break into this top-secret project?”

Defense giant Leonardo provides such a service.

It says hostile nations seeking disruption and chaos pose a real threat and sell Red Team capabilities to government, critical infrastructure and defense industry customers.

Her red team agreed to speak to the BBC under pseudonyms.

Greg, the team leader, served in the engineering and intelligence arms of the British Army, studying the digital capabilities of potential enemies.

“I spent a decade learning how to exploit enemy communications,” he says of his background.

He now coordinates the five-strong team.

Attack is about access. The goal might be to stop a process from running, such as the core of a nuclear power plant.

The first step for Greg and his team is called passive reconnaissance.

Using an unknown device, perhaps a smartphone that can only be identified by its SIM card, the team builds an image of the target.

“We have to avoid arousing suspicion, so the target doesn’t know we’re looking at them,” Greg says.

Any technology they use is not linked to a company through its internet address and is purchased with cash.

Charlie spent 12 years in military intelligence, and his techniques include studying commercial satellite images of a location and scanning job advertisements to see what kind of people work there.

He added: “We start from the outskirts of the target, and move away. Then we start moving to the target area, so we can look at how the people who work there dress.

This is known as hostile reconnaissance. They approach the site, but keep their exposure low, wear different clothes each time they appear, and swap team members, so security personnel don’t detect the same person passing through the gates.

Technology is created by humans, and the human factor is the weakest point in any security system. This is where Emma, ​​who served in the RAF, comes in.

With a background in psychology, Emma happily calls herself a “somewhat curious people observer.”

“People are using shortcuts that bypass security protocols. So, we are looking for disgruntled people on the site.”

You listen to conversations in nearby cafes and bars to hear where dissatisfaction with your employer is emerging.

“Every organization has its quirks. We see how likely people are to fall for suspicious emails due to workload and fatigue.

An unhappy security guard may slack off at work. “We’re looking at accessibility, delivery for example.”

The high turnover rate evidenced by frequently advertised vacancies also indicates dissatisfaction and lack of engagement with security responsibilities. Tracking people who are likely to open up access to a follower is another tactic.

Using this intelligence, plus a little trickery, security passes can be copied, and the red team can enter the building pretending to be an employee.

Once on site, Dan knows how to open doors, file cabinets and desk drawers. He is armed with lock pick keys known as jigglers, with multiple lines that can open the lock.

It looks for typed passwords, or will use a smart USB adapter to mimic a computer keyboard, and break into the network.

The final step in the so-called murder chain falls into Stanley’s hands.

Stanley, a cybersecurity expert, knows how to hack the most secure computer systems and is working on a survey report from his colleagues.

“In movies, it takes seconds for hackers to break into a system, but reality is different.”

He prefers his “escalation approach,” which works through a system with administrator access and searches for a “confluence,” a collection of shared information in one place, such as a workplace intranet.

It can roam through files and data using administrator access. One way the murder streak ends is when Stanley sends an email impersonating the company’s CEO over the internal, and thus trusted, network.

Although they work with the target customer’s consent, they break into the site as complete strangers. How does this feel?

“If you have access to a server room, it’s nerve-racking, but it gets easier the more times you do it,” Dan says.

There is someone in the target location who knows what is happening. “We are keeping in touch with them so they can issue instructions not to shoot these people,” Charlie adds.