The wait was killing him. His iPod had gone dead an hour ago. How could I forget to charge the batteries? It was still an hour until show time, n3m0 had considered going before his set out time but in the end he forced himself to stay put. It’s better if no one is around.
The last hour seemed to take longer than the entire day. When the alarm he had set finally went off, n3m0 felt sore and tired. Here goes, he thought while leaving the room.
His first stop was the coffee machine. It tasted like the coffee had been scraped of the wheel of a car before being brewed. But it was late and n3m0 needed to stay awake. He returned to his cubicle farm, booted up Thomas’ computer and entered Thomas’ username and password. n3m0 had been practicing his shoulder surfing skills and didn’t think his coworkers were aware of his exercises. He knew what Thomas’ password was two months ago, if it didn’t match now all he had to do was to increment the last digit by a number or two.
Off to the throne room then. Next to the entry door was a keypad with the numbers 0-9. n3m0 chuckled at the memory of Mark and a sysadmin guy telling the helpdesk staff about the security in place to protect the company assets. When talking about the lock that n3m0 was standing in front of now, Mark had said:
“To pass the door an attacker has to enter the correct four digit code.”
Keith, the sysadmin, filled in, “if someone tries more than five times within half an hour the alarm goes off.”
“And how many combinations were there, three million?” Mark asked with a smile.
“Let’s see,” Keith pretended to think. “It might have been four, well it’s millions anyway.”
“Not even I know the code, and you’re not going to tell me are you?”
“I could,” Keith started, “but I would have to kill you.”
Mark laughed together with the group.
“I guess a good sledgehammer would do the trick.” James pointed out.
“Not true,” Mark said, “if the door isn’t opened by the keypad the alarm goes off.
It might have had millions of combinations when the system was introduced. Mark’s had made the mistake of viewing security as a constant; once in place it would always protect you. The only constant is change, n3m0 thought. The numbers 0, 1, 2, 6, 7, 9 looked like they had never been used, the numbers 3 4 5 8 were so worn that it was hard to make out the digits.
A million different combinations, ha! Try 24! (4*3*2*1) A few months ago n3m0 had wanted to see what the server room looked like, so when he was leaving for the day he had walked by the server room and punched in three different codes. Mark might have lied about the number of codes you could try before the alarm went off and n3m0 didn’t want to risk that by testing five in one go. Anyway, at a rate of three he would have access to the server room in eight days, if he really wanted to it could be done in a day if he went there once every 30 minutes. He had opened the door on the fourth day, but on the third he didn’t even try since someone had been standing outside the door.
n3m0 punched in the code 5834. A green light was lit and the door opened, he could hear the buzz from the servers on the inside.
[tags]security, stories, fiction, insider threat, disgruntled employee, physical security[/tags]
Hrm, key code doors. Just for my own amusement…how to better protect that door?
– Always put in a wrong code first using the other numbers, so they all get worn out over time (or just regularly replace the pad). One could also make a longer code using more digits.
– For important doors like this, there should be a camera on the inside recording who comes in and when (or outside, but I prefer inside as it can’t directly be tampered with)
– Use key cards or, if budget permits, biometrics instead of a keypad or in addition to a keypad.
Patrick Ogenstad says
They didn’t have to stick with the same code long enough for the numbers to be worn. They could have changed the code at regular intervals. But most people find that inconvenient 🙂