Social Engineering

Video demonstrating how easy it is to social engineer your way into clubs by pretending you're the DJ.

Posted on July 30, 2008 at 1:30 PM • 21 Comments

Comments

ArkhJuly 30, 2008 1:51 PM

And he's wearing a bag which could house a lot of things. Like a bomb or more simply, guns.
Tells us how much terrorist are lazy. Or over-feared.

Davi OttenheimerJuly 30, 2008 2:34 PM

What they don't show is the places they were denied entry/access.

This is hardly a believable report as clearly they edited the tape themselves. After all, their story-line is about how easy it is to abuse trust and lie.

I see a similar thing among party goers every club night. They cruise to all their favorite spots and pretend to be a VIP or with a VIP, etc.. The next day they talk up all the "cool" places that let them in for free. They never mention the ones that turned them down. That would spoil the image/fame, right?

A more realistic study would be of events like the musician in Santa Cruz who was severely delayed because he was denied entry to his own concert by guards who profiled him. He went outside for a quick smoke, leaving his ID and such behind, and then couldn't get back in without a struggle.

Mr. EJuly 30, 2008 3:02 PM

Uhh, yeah, I'm with the band.

Yes, it works almost all of the time and it really helps if you're holding musical / audio equipment at the time of entry.

Is this really news to anyone?

mikeJuly 30, 2008 3:05 PM

no. what this is is a demo of how a noted security expert can be tricked into shilling for a soft-drink.

note the credits at the end of the piece.

see, it really is all about expectations. :-)

AnonymousJuly 30, 2008 3:19 PM

As opposed to being female and having large, practically (or actually) bare breasts? There are many, many ways into clubs without proper checks.

KennethJuly 30, 2008 3:42 PM

I worked as a doorman/security for two bars/clubs during college. If someone walked up to me dressed like that claiming to be the DJ, I would have probably let them in too. Then again, these were not your typical NYC or LA nightclubs that are heavily guarded - so good points @Davi.

If he tried and we didn't have a DJ there that night, it would have caught my attention.

Matt WhartonJuly 30, 2008 3:47 PM

What's more worrying is that the same con seem to have worked at Parliament House, Sydney. Although as a public building it is probably freely accessible however the security guard didn't query why a DJ might be playing a gig in Parliament and just ushered him in.

Matt D.July 30, 2008 3:59 PM

@Matt Wharton: If you listen closely to the Parliament bit, the guard indicates that the "DJ" still has yet to go through a security checkpoint (as opposed to the front door), which they didn't show in the video.

bradpJuly 30, 2008 4:39 PM

I worked at a music publication for a few years, and ever since I've gotten into a lot of shows for free just by saying I'm with a local paper or magazine. Although there were a couple times when I was legitimately supposed to get in for the paper when someone else had already used the trick on the doorman. Nowadays I usually only try that one if it's something that's sold out, though.

RoyJuly 30, 2008 5:37 PM

I was one of four guys who breezed past the ticket checkers at a Jefferson Airplane concert at the Syria Mosque in Pittsburgh without saying a word, simply because we looked and acted like roadies.

cmosJuly 30, 2008 6:03 PM

Having spent years as a door guy I'm familliar with the "I'm the dj trick." People try it all the time (and this is not social engineering, this is lying. Social engineering would be more of knowing the guy at the side door and not needing to dress like the DJ). While, yes on occasion you will get the new guy who doesn't know who is DJing or whatnot- but its not common. When I ran my crews all DJ's/staff were wrist banded or stamped and were always greeted by the manager of the evening... But then again, I was keen on security and being a jerk of a bouncer ;)

That being said, it is amusing to watch some folks get duped.

clipboardJuly 30, 2008 7:47 PM

When I was in the US Air Force, I found I could wander almost anywhere I wished simply by carrying a large aluminum clipboard, and acting purposefully. Once, that included a base command post, despite my lack of controlled area credentials.

John Hyland / dj SpinMonkeyJuly 30, 2008 10:29 PM

Speaking as a dj, this absolutely works (at clubs and shows, at least - I've never tried it at government buildings). I've never abused it, but as any regular Crypto-Gram reader probably would, I've noticed that hardly anybody ever checks when I show up with some dj gear and announce that I'm playing tonight. It usually extends to a +1 as well (typically my wife, in my case), and for events when I'm bringing my whole rig, a couple friends to carry everything could get in, too.

In my town, there was also a "floating" gay club for a while that would take over local venues with themed parties. It was a two part operation. First a bunch of people would show up and start running up tabs. ("What are all these gay cowboys doing at the goth night?" "I don't know, but they sure are thirsty!") Then, later in the night, the dj shows up and announces that he was booked to do the party months ago, and hey, just *look* at all the patrons who came out to support him! If they were *really* going to cancel it with no warning at the last minute like this, then fine, but all his people were liable to walk out on their tabs when they heard.

So, the manager would reluctantly agree to give him a short set, and for a couple hours there would be a costumed gay disco in the middle of the biker bar / oldies / top 40 / whatever format the club usually ran. And then everybody paid their tab and left.

Tried and failedJuly 31, 2008 3:26 AM

Here's my experience.

I was sat in the bar with the DJ and several friends. I went to buy some drinks and was refused service because the bar was closing to prepare for the evening session. I said I was with the DJ and the barmaid laughed. I returned to the table and took the DJ to the bar. The barmaid still refused to believe us. That was until the DJ flashed his ring which had his initials on it -- also his DJ name. Thereafter drinks were generally on the house.

After we had finished in the bar we moved onto a nightclub were a fellow DJ was playing. We arrived at the door and were refused entry due to the time of the evening. Once again we cited we were with the DJ. We were refused admision. Even with the DJ on the phone -- during his set! -- the door staff would not let us in. Eventually the DJ left his decks and came to the door. The door staff apologised, took us to the VIP area and arranged some drinks.

So in my experience it is difficult for DJs to convince people of their identity. However, if they aren't believed it typically results in free drinks.

Dave RJuly 31, 2008 9:00 AM

I've actually seen the reverse happen. When Portishead did a secret set at a venue here in Bristol last year, the bouncer charged Beth Gibbons to get in.

Peter PearsonJuly 31, 2008 10:54 AM

Who would have guessed that readers of this blog had so much experience with clubs, bouncers, and DJs?

John Hyland / dj SpinMonkeyJuly 31, 2008 3:24 PM

Tried and Failed: I would guess your mistake was saying that you're "with" the DJ. Bouncers get that - or even more commonly, "I'm with the band" - all the time, and I'm not surprised that it's difficult to convince them they've made a mistake once they decide you're trying to slip past them. The trick is to say that you *are* the DJ, preferably with some DJ-related accoutrements. Or, to actually walk in with the guy who looks like he is the DJ.

David KeechJuly 31, 2008 10:34 PM

I have applied the same trick to stage musicals as opposed to night clubs. The differences with a musical are that you have a large cast (50 or so people), a large orchestra (30 - 40 people) and the customers are paying $40 - $100 to get in.

If you show up wearing all black and carrying a musical instrument and go for the stage door rather than the main entrance the security guards won't give you a second glance. The best thing is that it works better during the second week because the security guards are getting to recognise your face.

pacmanjiAugust 4, 2008 11:58 PM

The most recent example on a really grand scale of social engineering in Australia has to be when the satirical comedy team from The Chasers War on Everything http://www.abc.net.au/tv/chaser/war/ put together a fake motorcade under the Canadian flag to see how far into the government declared no go "Red Zone" they could get during the 2007 Asia Pacific Economic Cooperation (APEC) conference, in Sydney Australia. http://www.smh.com.au/news/apec/... The government passed special laws to secure parts of Sydney, including restricted no fly airspace patrolled by Royal Australian Air Force FA-18 Hornets http://www.defence.gov.au/opdeluge/images/...
Social Engineering, plays a major part in The Chaser teams comedy, it never ceases to amaze me how, just being dressed in a non-descript business suit and tie, being average height and build, clean shaven with short hair, seems to be the main key to gaining un-authorised entry to many places. http://www.youtube.com/watch?v=kOEWd_M5m44

Old NewsAugust 19, 2008 1:20 AM

Australian comedian John Safran did this years ago by dressing up a bunch of teenagers as members of slipknot and getting them into an exclusive nightclub.

This isn't new and these guys probably ripped the idea from Safran.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..