Notes on getting into well-guarded events using social engineering

From Bruce Schneier’s “How to Crash the Oscars” (7 March 2006):

If you want to crash the glitziest party of all, the Oscars, here’s a tip from a professional: Show up at the theater, dressed as a chef carrying a live lobster, looking really concerned. …

“The most important technique is confidence,” he said. “Part of it is being dressed the part, looking the part, and acting the part and then lying to get in the door.”

The biggest hole in the elaborate Oscars security plan, Mamlet said, is that while everyone from stagehands to reporters have to wear official credentials, the celebrities and movie executives attending the event do not.

“If you really act like a celebrity, the security guards will worry that they will get into trouble for not recognizing you,” Mamlet said.

From Bruce Schneier’s “Social Engineering Notes” (15 May 2007):

This is a fantastic story of a major prank pulled off at the Super Bowl this year. Basically, five people smuggled more than a quarter of a ton of material into Dolphin Stadium in order to display their secret message on TV.

Given all the security, it’s amazing how easy it was for them to become part of the security perimeter with all that random stuff. But to those of us who follow this thing, it shouldn’t be. His observations are spot on:

1. Wear a suit.
2. Wear a Bluetooth headset.
3. Pretend to be talking loudly to someone on the other line.
4. Carry a clipboard.
5. Be white.