Activity: Think like a Hacker

For this activity, we will be engaging in a thought experiment to help us get a sense of how attackers might seek to exploit a system.

Setting

You are a graduate of Kalamazoo College and have returned for a day to visit the campus. You have spent the morning talking with all your favorite professors (specifically Dr. Polanco) and have decided to get something to eat at Hick's Dining Hall. However, you realize you have left your credit cards all the way back in your car parked on Academy Street. Luckily, Kalamazoo College seems to be having trouble with the swipe system and is using a paper sign-in system. At the entrance to the dining hall an attendant has a clipboard with all of the student IDs listed. The students line up, show their ID, and their ID number is crossed off of the list.

How would you exploit this system to get a free meal?

Analysis Questions

1. What would be your first steps (e.g., trial/error, observing students, checking entrances)?
2. What is the plan to get lunch? You need to be as detailed as possible.
3. What if you observed that students who left the dining hall were able to gain access again by getting a small orange line drawn on their hand with a marker? What is a way you could leverage this new information to get into lunch? You need to be as detailed as possile.
4. What if you had the contact information of a current student (and friend) who was coming to lunch later in the day. What is a way you could leverage this new information to get into lunch? You need to be as detailed as possile.
5. What other observations/factors could be added to this scenario to make it easier to gain access to the dining hall?
6. How do you think this applies to cybersecurity?

You need to submit your answers to Kit under 'Activity 1: Think like a Hacker'