Approaches to Information Gathering in Physical Penetration Testing - Part I: Gathering Information via Photography
The first phase of an attack, and in a security assessment, is to gather as much data on the target as possible. It is actually considered one of the most critical steps when carrying out an attack. But while most articles discuss information gathering through means such as Internet queries, social engineering, dumpster diving, domain name searches and non-intrusive network scanning, the first part of this article discusses information gathering through photography for physical penetration purposes. You can think of yourself as acquiring or trying out a new hobby – street photography.
Below, we discuss the parts of the target that you will most likely be interested in, we cover some basics when choosing a camera for collecting the intelligence, we give some tips on blending into the environment, and we lay out the basics of remaining "invisible" when taking the photos (those are mostly camera settings that you must configure), along with the basics of what you will need to take discrete photos in an unlit place during the night.
Earn two pentesting certifications at once!
Enroll in one boot camp to earn both your Certified Ethical Hacker (CEH) and CompTIA PenTest+ certifications — backed with an Exam Pass Guarantee.
2. Points of interest in gathering photographic intelligence
There are numerous points which would be of interest when preparing for a physical penetration. The graph below illustrates the most crucial ones.
Key Points to Photograph for Safe Physical Penetration
Remaining inconspicuous when collecting photographic information
It is essential to be able to take pictures of people without being noticed. If you are familiar with street photography then you probably know what this is about and know that people behave quite differently when they know they are being photographed than when they are unaware.
Most of the skills acquired from the field of street photography are easily exchangeable to discrete photography, as both require the ability to remain unnoticed and unseen and make close and personal images. Being unseen is crucial, as you would have to, for example, take a high quality picture of an entry pass.
Firstly, you would need to set up your camera appropriately:
Choose RAW, DNG or TIFF modes in that order of preference, where RAW is the most preferred mode. These three modes offer superior quality, which allows you to do better post-processing of the images. Whenever possible – always choose one of these unprocessed image formats.
Using a proprietary RAW mode will prevent any loss of data, meaning that what the camera sees would be exactly represented in the content of the file and maximum color bit depth would be used. RAW modes are the most susceptible to photo editing programs – camera settings such as white balance and color saturation can be modified after the exposure.
When you use RAW mode, it is quite likely that you will be unable to read the file in a couple of years, because the format is not standardized. Rhe file format is actually the raw data that the apparatus receives from the chip responsible for capturing the image. The volatility of this file format would most likely not be an issue, because the information captured by the image would be obsolete after such a period.
DNG is an open standard "RAW" format designed by Adobe. The RAW file is incorporated into the DNG file which means that the "original negative" does not get lost. The fact that it is developed by Adobe pinpoints that it is supported in all their variety of digital image editing software, such as their famous Adobe Photoshop.
TIFF or Tagged Image File Format is also useful as no image data gets lost, no matter the compression. It offers better quality than JPEG fine quality and is supported in almost all photo editing software, it is lenient towards badly exposed images and consists of the maximum color bit depth of the device.
If you want to get noticed and seen, be sure that you have turned your flash on! Otherwise, there are few situations where you would want to blast someone in the face with a flash and remain inconspicuous.
Use auto focus if it does not take too much time for the device to focus. If the auto focus appear slow, resort to manual mode, but be sure to configure a hyperfocal distance that suits the device and the objects to be photographed.
This is the beam which is projected by the apparatus to the subject with the purpose of aiding the auto focus to measure the distance and the contrast between the two. The beam can be a red, blue, green or an invisible infrared light, and the device's flash can also be used. All of the aforementioned except the explicitly declared to be invisible (the infrared light) are perfectly visible and pinpoint with accuracy your location, so be wary when using focus assistance.
All kinds of beeps and clicks are unwelcome. Compact cameras can be configured to be 100% silent, this is clearly a big advantage when involved in discrete photography than SLRs (Single Lens Reflex cameras) which emit a characteristic mirror slap. The particular slap/operating noise of the SLRs is heavily dependent on the original purchase price, as pro models would be less noisy than amateur ones, and on the age and condition of the apparatus.
Given the fact you would not have enough time to compose your shot the way you want it, nor would you have the opportunity to use a tripod for the camera, automatic ISO assist would be helpful to maintain the shot in focus. Such an ISO assist can bring noise to the shots, but in most cases it would not be so much as to ruin your goals. ISO, in this context, means sensitivity to light. Lower ISO speed products (lower sensitivity) need a prolonged exposure and are, therefore, called slow films. On the other hand, higher sensitivity means that you can shoot the exact same object with a shorter exposure. In general, higher ISO is used to shoot night scenes or objects that are not still, while lower ISO is used for exhaustive portraits. Thus, Automatic ISO Assist would automatically set the ISO (which affects the exposure speed) upwards, reducing the exposure time.
Save these six settings in a custom slot and you will be ready to photograph your points of interests in a single click.
4. Taking pictures at night
It is quite a challenge to take discrete photos at night. Costly SLRs that are able to shoot at exceptionally high ISOs may render useless images if there is no flash and the light is scarce. Nonetheless, this does not mean that it is impossible – photos can be taken in utter darkness with a 35mm camera that has an infrared film and an infrared flash available. The good fact about infrared flashes is that they are absolutely invisible to the human eye, even in complete darkness and the subject is less than a meter away.
The film's price varies from as low as $9 to more than $100 per roll and the processing is costly as well, but if you want to do discrete night time shots – you don't have much of an alternative. Although you may create an infrared lens filter for a variety of compact digital cameras which do not filter infrared to boost the makings of the photo, this method is not suitable for our purposes, as the exposure time involved for proper shots is unreasonably long.
5. Choice of camera
For street photography, and discrete photography as well, rangefinder cameras have been admired for a long time. A rangefinder is a camera equipped with a focusing mechanism that enables the photographer to measure the distance of the subject and take shots in sharp focus. Rangefinders are able to take shots without a battery, they are time-efficient in terms of operation, silent when it comes to shutter sound, and last but not least, they are relatively tiny and inconspicuous. The most famous models of rangefinder are the Leica, the Leica M9 in particular.
However, for a physical penetration tester and not a photographer, a rangefinder would prove to be difficult to use as they are fully manual and he would have to continually adjust the camera for frequent changes in the lighting that occurs, etc.
Some people might prefer DSLRs for their high image quality, affordable price, fast shutter speed and their interchangeable lens, but the downfalls of using one are pretty obvious: they are big in size and appear intimidating to the target. Furthermore, they produce a loud clicking sound when you take a photo, due to the presence of a mirror inside the camera, and this makes your intentions and deeds quite conspicuous.
Point and Shoots
High-end point and shoots are available nowadays which have relatively large image sensors, so you can produce images of good quality and they still appear clear at high ISOs. They are tiny in size, really silent and quite inconspicuous. The disadvantage of using one is that many of them have shutter-lag which makes taking pictures of moving targets without them becoming blurred a bit difficult.
It is best to use a discrete camera (a covert camera) which you can get from the various spy shops on the Internet and in the real world. To be useful, it would have to be absolutely portable with a decent battery life and offer a high quality video feed. Cameras with these characteristics are present but not for the 200 bucks that most spy shops require. Such cameras usually have bad image quality and they are high in noise, which fits a static surveillance of a particular room, but would not work in an environment of fast-paced alterations in which you will find yourself when pursuing a target in public. However, technology is changing as of the moment that I write this, and most likely in the near future prices for what we consider now a high quality covert camera will keep falling down.
6. How to blend in
There are many books about covert photography, but a few points of advice will suffice for our purposes. Most modern compact cameras are very tiny and in reality everybody owns one. If you really look at the surroundings the next time you are on the street, you will be able to notice how many people have cameras placed around their necks or in their hands and view that they are photographing. Most people that take shots are tourists and people pass them by without giving them a second glance. This is a thing that you can take advantage of when photographing targets on the street.
You have to act nonchalant and look like you belong where you are. This will make others not take a second glance at you, just like you don't take a second glance at tourists.
When you are preparing to photograph from a close range, keep your hand over the shutter release continuously so it would appear as if you are holding it to avoid swinging.
When photographing the target, it is better to appear absorbed in another object, simulating interest in an object located in another direction, examining the architecture of a building, a sign, a guide book, enjoying a view, etc. Anything that diminishes possible attention as to what you are really doing would work.
In the case that somebody approaches you and questions you, be prepared and produce an answer and that is natural and as trustworthy as possible. Whether you deny all allegations, assert that you are a renowned street photographer, or claim that you are just taking random photos, it is up to you – just one general advice would suffice here – your answer should indicate that you are not doing anything illegal.
Finally, do not be overly worried about the image quality. It is not necessary for the images to be of high quality as you are not taking them to participate in a competition. They just have to be good enough for you to extract the needed information.
In this article we have discussed some approaches to efficient gathering of photographic intelligence, but nothing stops you from being innovative. There is a myth regarding Henri Cartier-Bresson which states that he would wrap his apparatus in a handkerchief and take pictures while simulating a sneeze. Although the veracity of that statement cannot be proven, your imagination is probably good enough to make up your own methods of remaining inconspicuous and figure out camera settings and even camera model that suits your personal needs.
What should you learn next?
You can even rely not on being inconspicuous but on the exact opposite – being obtrusive but having a good pretext for taking the photos. There is no such thing as the "best camera for discrete photography" – the answer to this statement depends entirely on the reader's preferences, needs and environment. Similarly, there is no perfect strategy for blending in – just tested by experience, time, and advice that proves to be working. What we have hoped to have achieved with this article – is get you to a better starting position for future endeavors of this kind.
- HumanScape, 'Digital File Formats – JPEG, TIFF, RAW, DNG'. Available at: http://humanscape.com/JPEG_TIFF_RAW_DNG.htm
- Ebay.com, 'Do I Need An Auto-Focus Assist Beam?'. Available at: http://www.ebay.com/gds/Do-I-Need-An-Auto-Focus-Assist-Beam-/10000000177628248/g.html
- Wikipedia, 'Hyperfocal distance', Available at: http://en.wikipedia.org/wiki/Hyperfocal_distance
- Photo.net, "Mirror Slap: Best and Worst Nikon SLR's?". Available at: http://photo.net/nikon-camera-forum/00ZglX
- Wil Allsopp, "Unauthorised Access", 2009
- Eric Kim, "The BEST Camera for Street Photography". Available at: http://erickimphotography.com/blog/2010/08/30/the-best-camera-for-street-photography/
- Wikipedia, "Rangefinder camera". Available at: http://en.wikipedia.org/wiki/Rangefinder_camera
Tom Olzak, 'The five phases of a successful network penetration'. Available at: http://www.techrepublic.com/blog/it-security/the-five-phases-of-a-successful-network-penetration/