FOOTHILLS FASHION MALL UNREQUESTED REDTEAM SECURITY ANALYSIS by Briq|Haus Ltd.

Purpose & Intent

BRIQ | HAUS LTD. SECURITY & INTELLIGENCE intends to interface and contract with other professionals and services to create customized logistical and analytical solutions for our clients while developing innovation at a physical headquarters.

This is the mission statement of my company, whose design is security-centric with the purpose of providing private sector security analysis on contractual basis. On October 10th, 2017, the owner/operator, myself, Robert Brooks Authement, went to the mall to try out the new city gym. In approaching the mall I was astounded at the countless abundance of security vulnerabilities I witnessed, so I pulled out my camera and began with great intentions a meager and cursory security analysis of the structure, personnel, and network integration present.

As a disclaimer, I am a rather unconventional thinker, which may be viewed from the narrow concept that would label such perspective a danger, or from the considerate standpoint that perhaps unconventional methodology such as I present here may in fact be an advantageous asset with which to ally oneself and one’s company.

Entry Into Building

I was chagrined to have entered the complex on foot from the south, coming up from Horsetooth road passing between the construction area near the sleep store to the west, and the facade of the Marriot Hotel to the east. As I entered the complex on foot, my path took me directly to an abutment and not a single sign nor portal within the mall could be located. I found this to be incredibly poor design, as I should have been met with an entrance to at least some retail business and perhaps signs with advertisements. Check 1; poor user experience based on un-mindful design.

I walked around the exterior of the building, and lo and behold, the first and only way inside I found was a backdoor which was PROPPED OPEN. Surely this was an “employee only” portal, but a gentleman within pointed through the hallway to how I may actually reach the mall, and my destination, the new city gym.

Further Exploration

I made it through my workout and put on my secret normal person costume. Here I perform a couple of feats of social engineering to be enjoyed by you and your affiliates. What am I doing? I’m demonstrating the effortless ease with which I can interpenetrate the supposed ‘boundaries’ of the establishment and even seamlessly bypass the scrutiny of onsite employees. Later I will demonstrate major defunct operability of the mall security team.

What Security???

Advantage Security Inc. was the chosen contractor to protect the people and assets of this multi-business establishment. Surely bigger does not mean better, as this under-equipped but highly versatile security analyst will demonstrate. My initial contact with security was brief and on the up and up, but what followed was demonstrably laughable in the confusion that ensued. Check 2; poor choice and lack of training/oversight for so-called ‘security staff.’

The Byzantine Attack, Bust, and Near-Meltdown

Your team will kindly forgive my resulting to use the vernacular during this video. I was followed outside by the security staff whom had taken to their neat-o rent-a-cop-mobiles. Despite walking away on friendly terms and having literally explained my intention and purpose for being there in clear and concise language, the team decided that since there was absolutely nothing to do, that I must be the lowest hanging fruit and therefore a legitimate threat. I entered the building at another side and then the team had positioned themselves in the center where I approached.

I pulled out my phone and told Blueteam Leader Captain Andrew, “Check this out.” With a $30 phone purchased off eBay I performed in less than 60 seconds time an effective cybersecurity audit of the pubic wifi network. Without going into the boring details of how I did that, the story continues by Andrew informing me that I would have to leave for the day because I was not “allowed to do ‘that’ or record at the mall.” Not allowed to record at the mall??? Oh I think he meant that I would not be allowed to record their lackadaisical and in my humble opinion totally insufficient security protocols and behavior. I acquiesced to the demand, but I put the personnel to a stress test by escalating the situation with language. No harm, no foul, they did perform professionally under the stress however my main analysis is that their aim was wrongfully directed at me as a danger.

I feel I should have been brought in and interviewed regarding my tradecraft and security expertise, however their behavior was key in encouraging me to follow through with due diligence and present my case to your team.

And as a disclaimer, my adrenaline was up from the quasi-confrontation so you will kindly allow for the little f-bomb I drop in here. This is what I mean by unconventional. Effective; but unconventional.

Last But Not Least. . .

One more little accident waiting to happen here.

Conclusive Analysis

Bigger is not always better! I remember the previous incarnation of our lovely town mall, and the present structure reminds me so much of a jail. Surely it was built to “trap” the tourists between the retail and restaurants/entertainment venues like some sort of citadel. Clearly the design was made by person’s whose main attention is to profitability and raising the bottom line. From the standpoint of this plucky and intrepid security analyst, wealth without security is only a target.

Check 3; total assessment = vulnerable. This facility is open season for petty thieves, grand larceny, social engineering and confidence schemes, network infiltration and identity theft, and would-be attackers with malicious intent. From my standpoint the Fort Collins Foothills Fashion Mall totally fails the BRIQ | HAUS LTD. SECURITY & INTELLIGENCE unrequested redteam security audit. Judging from my insider sources of DC employers, a great deal of people coming to Fort Collins for its charm and quiet appeal are either members of the United States Intelligence Community or War Veterans and Ex-Military or Government personnel. These people are extremely security conscious, and will see the flaws present in the design and systems integration of the mall. They may not pay much heed to the thought, but subconsciously, they will know that it is not a safe place.

The infrastructural vulnerabilities and risk exposure are just too numerous to count. Take a walk with me and I’ll show you, for a small consultation fee.

The network vulnerability is typical of public networks, however an astute system administrator can patch these vulnerabilities and make them go away.

With the 2017 holiday season incoming it is highly advisable to protect not only your property and investment, but the families of customers who go to the mall hoping for a peaceful and safe shopping experience. Thank you for reading my report, I can be reached at the following e-mail:

mailto:briqhausltd@gmail.com

Respectfully submitted this 10th day of October, 2017,

Sir Robert Brooks Authement; Owner/Operator

BRIQ | HAUS LTD. SECURITY & INTELLIGENCE

Advertisements