You are on page 1of 48

TOP 5 WAYS TO DESTROY A COMPANY

I¶M CHRIS

MY CREDENTIALS

Shell doesn¶t matter

What do companies care about and how do we know?

Top 5

Born from the Fire

No one cares about your findings!

HOW WE FEEL ABOUT IT

HOW THEY FEEL ABOUT IT

WHAT

DO THEY CARE ABOUT?
You don¶t know« Admit it!

THE PRODUCT LINE

THE BRAND

THE EMPLOYEES

THE BOTTOM LINE

HOW TO FIGURE OUT WHAT IS
IMPORTANT
You don¶t know« Admit it!

STEP #1 YOUR OPINION DOESN¶T MATTER

STEP #2 THINK LIKE THEM

STEP #3: DO WORK
Yea« this is the boring stuff«but u gotta do it«.

Secret Confidential Internal Use Only Public

‡ Information that would be severely damaging to the company and brand.

‡ Information that would impede or cause significant financial damage to the organization if made public or shared internally.

‡ Information generally available to all or most employees but not approved for general circulation outside the organization

‡ Information approved for general circulation outside the organization

Integrity
Confidentiality

Availability

Integrity

Confidentiality

Availability

Criticality

Risk Factors
Confidentiality Patient Data Credit card Numbers Marketing Information Cash Integrity Availability

Possible Image/Brand Effect Legal/ Compliance/ Financial risk

Risk Factors
Integrity Availability

Confidentiality Patient Data Credit card Numbers Marketing Information Cash

H H L L

H M M M

H M L L

Inconvenience Possible profitability loss

Risk Factors
Confidentiality Integrity

Changed to H after conversation of how it impacts profitability
Availability

SCORE

Patient Data Credit card Numbers Marketing Information Cash

H H X M L

H X M M M

H M L L
LOW

5 4.3 1.6 1.6
HIGH 5 3 1 MEDIUM

Changed to L after conversation of how it was already public information

HOLY CRAP!!! THAT WAS BORING
But we had to do it to make sure we have a PROCESS to let them tell us what they care about««. Even when they don¶t know what it is«

THE TOP 5 WAYS TO DESTROY A COMPANY
‡ Tarnish the brand ‡ Alter the Product ‡ Attack the Employees ‡ Effect financials directly ‡ **It¶s your turn«**

What¶s in a name?

TARNISH THE BRAND

TARNISH THE BRAND (WHAT YOU WILL NEED)
‡ ‡ ‡ ‡ Understanding of the overall brand values Identification of key words used in marketing message Knowledge of competitor advantages/disadvantages Intelligence profiles on the ³Keepers of the Brand´ ‡ Executives ‡ Key personnel ‡ Entire Marketing/Design Team ‡ ‡ ‡ Reverse engineering of the ³go to market´ strategy Identification of the ³Customer Feedback´ loop Identification of the Market¶s ³Indicators of Quality´ and what drives customers to the ³product´

TARNISH THE BRAND (HOW TO DO IT)
‡ ‡ Attack the marketing team Compromise the marketing process ‡ ‡ ‡ ‡ ‡ ‡ Alter marketing communication Alter brand messaging (logo/slogans/tone) Extend Marketing deliverable times through deletion, alteration, confusion

Increase Time to market Pollute the customer feedback loop Take over the ³Indicators of quality´ and create ‡ ‡ ‡ ‡ False issues (product misdirection) Negative reviews Use by non standard customers False company response

Oopse« did I do that?

ALTER THE PRODUCT

ALTER THE PRODUCT(WHAT YOU WILL NEED)
‡ ‡ ‡ ‡ Complete listing of products (or services) depending on the organization Chain of command for product development or service integrity Historical review of the products timeline Understanding of where alteration can cause ‡ Degradation of the product quality ‡ Effect to the consumer ‡ Direct financial loss ‡ Physical loss ‡ General Harm ‡ Loss of competitive advantage

ATTACK THE PRODUCT (HOW TO DO IT)
VERY Company Specific (examples?!) #1 The Software Company ‡ Create bugs ‡ Make backdoors ‡ Cause errors in function (What if the calculations of a CRM product are off?) ‡ Add hidden features into their SVN/Software release cycle ‡ Remove feature tests or other parts of QA process

ATTACK THE PRODUCT (HOW TO DO IT)
VERY Company Specific (examples?!) #2 The Hospital/Healthcare business ‡ Change patient diagnosis or history (like allergies) ‡ Attack HVAC systems to cause heat into Operating rooms ‡ Disable critical alert functions for disease control ‡ Attack crashcarts to disable on the fly patient care and records ‡ Attack Pyxis and automated narcotic dispensing stations ‡ Alter patient doses through in line network monitored administration devices.

ATTACK THE PRODUCT (HOW TO DO IT)
VERY Company Specific (examples?!) #3 Manufacturing Company ‡ Alter the production line/process ‡ Cause the robots to over spray, weld, install wrong parts, go rogue ‡ Change formulas ‡ Speed or slow the line ‡ Create issues causing the company to fall out of compliance (9001/2 etc..) ‡ ‡ ‡ Add or remove features of the product Decrease quality Break shit..... Like a lot«. I mean« like all of it«. Beyond repair«

Tonight«..you!

ATTACK THE EMPLOYEES

ATTACK THE EMPLOYEES (WHAT YOU WILL NEED)
‡ Profile who they are ‡ Find out where they live ‡ Figure out what ³dangers´ they may have at the office ;) ‡ Can you get them sick (attack scada/water/etc) ‡ Can you attack them with company property (robots!) ‡ Do they operate anything that could « fail? ‡ Do they make things that could be dangerous? ‡ Can you put them in dangerous situations?

ATTACK THE EMPLOYEES (HOW TO DO IT)
‡ ‡ Figure out their daily routine then MAKE A KIDNAPPING PROFILE Use the company against them ‡ Food? ‡ Manufacturing equipment? ‡ General Terrorism ‡ Releasing the horde? ‡ ‡ ‡ Kill their benefits Reduce their pay Charge their accounts (amex DOS)

All your $$$ are belong to me

DIRECTLY EFFECT BOTTOM LINE

DIRECTLY EFFECT THE BOTTOM LINE (WHAT YOU WILL NEED)
‡ Understanding of the overall of how they make $ ‡ Identify what systems generate income ‡ Do they take credit cards? ‡ Do they have cash? ‡ Do they have other assets that have $$ ‡ Is there a market for their internal information (CI) ‡ Is there a secret formula? ‡ Products that they create

DIRECTLY EFFECT THE BOTTOM LINE (HOW TO DO IT) PROCESS

Figure Out What the Company Thinks is Important

Steal It !

What is #5

YOUR TURN

TRY AND MAKE THE WORLD BURN

WHAT ELSE?

KEEP BEATING THEM DOWN

WHAT DO WE TAKE AWAY FROM THIS

‡ Shell doesn¶t do anything ‡ Speak in their language ‡ Remove white/black hat and DO WORK ‡ Stop trying to rationalize why you are right«and change the game