## Saturday, 8 August 2015

### Calais migrants find the door to Britain wide open

According to the Telegraph, dozens of migrants got the code for the gate that lets you get to the tunnel. Their theory is that they noticed that 2, 4 and 0 were dirtier than the other numbers.

A few problems with this theory.

First of all, this kind of lock tends to have four digits, not three, because three digits means 1000 combinations, and if you try one per second, that will take you 20 minutes. With four digits, it would take you three hours. Still doable, of course, if you can spend three hours on the job without someone wondering what you are up to.

The "dirty numbers" idea does help ... except that it's the other way round. The ones that are heavily used are rubbed clean by the fingers. But still ...

Here's how I'd do it. No, wait, here's how I did do it. I was asked by a company to look at their security and give them feedback on how good it was. So I turned up, and sat in the waiting room, with their receptionist, and I had a very clear sight of the keypad defending their entrance. People keyed themselves in, and I watched where their fingers went. You can do the same with the iPhone; when someone logs themselves in, look at where their fingers go, and more than half the time, you'll have their four digit code, and it's great fun to ask them "What's the significance of 3948?" or whatever it is.

So anyway, I soon had the code, so I stood up and walked confidently through the door, No-one tried to stop me - if you look like you're supposed to be there, people don't question. If they do, it's usually with "Can I help you?" which (in my experience) is dealt with every single time by "No thanks, I'm fine." Look - if you're going to challenge a stranger wandering around, don't let yourself be fobbed off. Ask them who they're visiting, and then helpfully (but insistently) conduct them to that person.

So I wandered around until I found the office of the guy I was supposed to be visiting, went in, and waited for him.

When he turned up, he was quite surprised to see me already there. Security, you see. So he asked me how I got in. "Oh," I said, "it's all explained in a file on your computer, look for the filename drsolly.txt".

He sat down.

"Only kidding," I said, and I explained how I'd gotten in.

And that's how it's done. It's called "shoulder surfing."

I notice that they've added a handy looking lock, which will (I hope) take more than a couple of minutes to pick. But look at that picture. If I wanted to get through that gate and already had the keycode, I'd use a fairly ordinary wirecutter on the 1/8 inch cable and be through it in seconds.

Let's hope that migrants don't read this blog. Or the Daily Telegraph.

Sigh.

1. I have worked in offices with various levels of security over the years. One of the worst experiences was at the offices of a high profile international news agency in Docklands. The reception desk had run out of visitor passes, so I was let in to be escorted everywhere by a supposed colleague. In order to even visit the loos area, it was necessary to borrow a doors access pass. Of course, the escorting colleague would disappear to their own meetings and I would be left to tailgate someone else visiting said loos. The first time I did this, I discovered that a pass was also needed to get out of the loos back to the office. Whoops.
I also worked in government offices at times when they had amber (or higher) security alerts in force. The security manager briefings said that we should always wear passes visibly and challenge any stranger seen wandering around. I have always had issues with such instructions as "Ask them who they're visiting, and then helpfully (but insistently) conduct them to that person". I was not employed as a security guard. If, in the worst scenario, someone carrying explosives had gained access and was looking for the office of the most senior civil servant there to blow them up, I would not want to panic them into making an earlier detonation in my vicinity!