Tags

Related Posts

Share This

How it Was Done: Security Expert Explains How To Infiltrate An Animal Lab

Detailed account of how one team got inside a “high security” animal research lab.

In 2010 I posted a short article from ALN (a trade magazine for animal research labs) on weaknesses found in a security audit done at an animal research lab.

Recently I was sent a similar but much more thorough article, which I am posting below. This one is a detailed story by a security expert who was paid by a large animal research lab to get inside their lab and tell them how he did it.

This type of work is called “penetration testing”. Companies will pay penetration testers to break into their buildings (or computer systems) in order to identify weaknesses in security. In this instance, the client was a pharmaceutical company that does research on animals and was concerned about a raid by the Animal Liberation Front.

The article is from a book titled Unauthorised Access by Will Allsopp (British title, thus the spelling). Subtitled “Physical Penetration Testing for IT Security Teams”, the book essentially functions as a how-to guide to breaking into buildings. The book is incredibly detailed and insightful for anyone interested in the tactics of those who access high-security (and low-security) buildings surreptitiously and without permission. For example, the Animal Liberation Front.

The article, title “Night Vision”, begins with a synopsis of the penetration tester’s mission:

“A couple of years ago my team was invited to simulate an attack by intruders on a medium-sized business in the Netherlands…. The company (We’ll call them Nederlabs BV) was a leader in the drug development industry and world leaders in the field of brain perfusion. This lead to them being targeted…. by animal rights groups.”

The article goes on:

“When I say animal rights, I’m not talking about the people who genuinely care about animals and don’t eat meat. I am talking about groups that firebomb family homes of employees they perceive to support animal testing or those who dig up and steal the remains of relatives.”

And the author explains why the company had reason to fear an ALF raid:

“Our client was more worried about animal rights groups than corporate spies…. The biggest concern was a night time raid on the premises because a previous raid to free laboratory animals was launched and aborted.”

The mission

Specifically, the attack they were hired to simulate called for the planting of fake explosive devices in “key locations” around the building. They were instructed to access the building at night, plant the fake bombs, and get out undetected.

The article is extensive, and details the several phases of the security audit:

The information gathering phase (identifying alarms, surveilling the property via Google Earth, identifying placement of guards, locating key offices, and finding the ideal place to plant the “explosives.”)

The planning phase (obtaining information over the phone via social engineering, getting a look at employee ID cards, doing a physical dry run of the raid.)

And finally, carrying out the attack (cutting a fence, using a fake ID, picking locks, and more.)

The conclusion

The raid was carried out successfully by the penetration testers, who concluded:

“Protecting your staff and facilities from terrorists and bombers is virtually impossible.”

Read the article in full:

Penetration Test at Animal Research Lab

Receive updates via email: Subscribe here.