Posted on November 06, 2015 by Rift Recon
It’s been a loooong while since we’ve hosted a public Art of Escape training. It’s getting on to be a year. We have been inundated with requests to run another public AoE for some time but we’ve been pulled in different directions as Rift Recon is a growing company, and putting on private Art of Escapes for companies.
Another direction that we’ve been pulled is my other new venture Dark Sum a Darknet indexing company that was born out of research here at Rift Recon and tested in DARPA MEMEX. So it just hasn’t left much time in the day for us.
So why am I writing this post exactly? The title does say “The Next Art of Escape - Coming Soon”. Well I’ll tell you, we are curious to hear from you, our customers, fans, and colleagues when would the next AoE suit you?!
As Art of Escape takes time to roll out and setup because of the resource intensive nature (this doesn’t go into cost (which is going up), a future post will explain why and how it’s needed to keep exceeding your expectations), we are curious when you want to do it.`
So to help us figure this out (or we’ll just pick a random date), go to this link here: Art of Escape - Coming Soon and fill in the Out of Stock window when it pops up. As requests come in we’ll send out a questionnaire to ask when you are available to attend the next Art of Escape in San Francisco.
We’re targeting the public class to be Q1 2016.
We look forward to hearing from you so don’t hesitate to click this link: Art of Escape - Coming Soon
Just remember this: You come in a target, you leave a harder target.
It’s not determined yet when we’ll be pushing a separation of branding between Rift Recon/Art of Escape related goods, services, and branding but it will happen in the future.
Posted on July 14, 2015 by Rift Recon
There’s a new show about hackers on the USA Network. It’s called Mr. Robot, and Christian Slater is in it, which pretty much guarantees that it will get canceled, but it’s pretty good thus far. At least with the hacking scenes, the hacker doesn’t have a GUI to get into everything. There’s no drag and drop stuff; the hacking is (to my mostly untrained eye) plausibly believable. There’s even a lockpicking scene in Episode 2. The camera angles make it difficult to see exactly what he’s doing, but it too looks fairly believable.
Now that you’ve been spending some time with your locks, going through and fiddling with the pins one at a time, you are probably mentally revisiting your favorite movies and television shows and screaming “bullshit!! There’s no way you can pick a lock that fast!” But here’s the thing: it is completely possible to pick a lock that fast. Want to know how?
What are rakes, you ask? Well, think about your lockpick. You may be using the hook, you may be using the diamond tip, but the point is to try and lift a pin and set it before moving onto the next one. A rake has a number of peaks and valleys of various heights/depths to try and lift a bunch of pins all at once. Most lock pick kits will have a rake or two in them. Mine has two, both of them pretty short. I’ve never really gotten too good with them, because there are rakes, and then there are Rakes. And the king of those rakes is what’s known as a Bogota.
Bogotas are named after the mountains that surround the city of Bogotá, Colombia. There are a number of different styles, like the Monserrate or the Sabana (also named after the mountains in the area) that have different humps and are optimized for different lock set ups, but they all function the same.
Rakes are meant to be quick and dirty. There’s no painstaking picking of individual pins, just some quick raking (see where the name comes from) through the lock to try and knock pins into place. It’s pretty easy to feel like a champion with your rakes, because you can get through locks in nothing flat. Talking about it doesn’t even begin to do it justice, so I’ll let you see for yourself:
See how fast that was? It’s ridiculous. Now all those fictional depictions don’t seem so fictional, now do they? But enough sitting here reading. Go try it for yourself!
Posted on July 07, 2015 by Rift Recon
Get ready to start yelling at your television.
I’m going to make a guess here. Heist flicks, caper films, con-man stories…you eat them up. Even the bad ones. You’ve fancied yourself a master thief, you just lack some of the required skills (and would like to avoid the inside of a jail cell).
So maybe you aren’t cut out for a life of crime, but that doesn’t mean you won’t eagerly lap up a rerun of Ocean’s 11, or an episode of Leverage, or something else along those lines.
I’m the same way, but this weekend I found myself shaking my head in disgust during a particular scene of a break-in. The scene where they had to pick a lock.
Why was I shaking my head? Because I know how to pick locks, and they were doing it wrong.
I’m just beginning, and I’ve never had to pick a lock in a high-pressure situation, but I know enough to know when a character isn’t using the right tools. Soon, you will too.
Not everyone is a security expert, and everyone started from somewhere. Me, I’m starting from scratch, and I’m inviting you, the reader, along for the ride. You’ll learn as I learn. I’ll point you in the directions of resources, how-to vids, and equipment that you can buy, repurpose, or make yourself. We can share in the triumphs and the frustrations, and hopefully this can serve as your jumping-off place for a brand-new set of skills. So let’s get started.
To start, let’s get our supplies together. I’m using a set of HPC PIP13 Lockpicks from Rift Recon. As for locks, I’ve just got a handful of door locks and padlocks from the bottom of a drawer. If you don’t have any of those, just look for “lock set” on eBay or Craigslist, and pick up a dozen or so. Every lock picks differently, so having more than one set is a definite plus. Pickers who want to see exactly what they are doing can try picking up a clear plastic lock, which allows you to see inside the lock mechanism.
Before you dive in, it’s worth knowing a little bit more about how locks work. For that, I suggest going the same route I did, and looking at a few different resources:
The first is a series of YouTube videos by lockpicker Schuyler Towne. I suggest watching all of them, but if you are really itching to get started, take a look at episode #4. This will explain exactly how locks work.
The second is the LSI Guide to Lock Picking (LSI stands for Locksport International). It’s laid out like a comic book, with informative illustrations and a conversational style. When you navigate to page 9, you’ll see why lockpicking works (tension and mechanical tolerances).
Confused? That’s okay. Now that we have a little bit of information under our belts, it’s time to pick up your tools.
Before we get started with picking the lock, let’s figure out how many pins are in it. It’s ridiculously simple…just grab any flat tool (I usually use the diamond pick) and insert it into the keyway. Push up, all the way to the top, and then hold the lock up to your ear. Making sure the pick stays flat, slowly slide it out of the lock.
Hear that click? That’s a pin dropping into place. Count the clicks, and you’ve counted the pins. Three clicks? Three pins. Five clicks? Five pins. One click? You get the picture.
Test out all your locks. Find the lock with the least number of pins, and let’s get started!
The first tool you’ll need is a tension tool, which looks like this:
This tool puts tension on the lock, simulating the turn of the key. I like to put my tension tool at the base of the keyhole, and then, while holding the lock in the webbing between the thumb and forefinger of my left hand (I’m right-handed), I put a little bit of pressure on the shaft of the tension tool with my finger tip. The pressure on the tension tool will cause one of the pins in the lock to bind. This is great.
Now, grab your pick. To begin with, I prefer the diamond-tipped pick, because I feel like it offers a little bit more control. Insert it in the keyhole just above the tension tool, and gently tap up. You should feel the pins bounce a little bit (they are spring-loaded, after all). As you test the pins, you should feel one that doesn’t bounce quite as easily as the rest. That’s your binding pin. Tap up on it gently, and as it pushes the driver pin above the shear line, you’ll feel the lock spin just a hair.
One pin down, just a few more to go!
Once you’ve gotten one pin in place, feel around for the next binding pin. Repeat the process from the previous paragraph, and one-by-one you’ll slowly move all the driver pins up above the shear line. When the last one clicks into place, the lock will spin a significant amount, and voilà! You’ve just picked your first lock!
At the beginning, it will be a lot harder and more frustrating than it looks / sounds. But keep at it, and soon you’ll be ready to move on to some more advanced techniques. We’ll talk about those next time!- Aaron Autrand is a trainee at Rift Recon. He is a novice lockpicker who is just trying to stay one step ahead.
Posted on July 05, 2015 by Rift Recon
Rift Recon has spent two years assisting and collaborating with some of the most brilliant and innovative minds in the security industry. In doing so, we’ve categorized ourselves as adhering to a certain level of quality and expertise, and have recently intuited that that level may feel inaccessible to folks who are just testing the waters of cyber security, physical security, or both. As a result, we polled a vast number of our beginner and intermediate level trainees and company allies and determined there was a demand for a more elementary approach to certain skills we advertise. Thus the “Rift Recon Beginner Series” was born!
We asked the newest member of our team, Aaron Autrand, to take control of the series, and he readily agreed. We’ll be publishing Beginner Series posts every week on our website. Look for the first post, “Rift Recon Beginner Series Presents: Picking Locks 101 with Aaron Autrand”, on Tuesday July 7th!
Aaron Autrand is a writer and editor. He was a member of the editorial staff of Anthem Magazine, the co-founder of music website Ground Control, and part of the team at the PBS documentary series Roadtrip Nation. He’s worked in startups, taught all over the world and surfed many waves badly. He believes in breaking things to learn how to fix them and make them better. It doesn’t necessarily always happen in that order.
- Arianna Travaglini
Executive Assistant at Rift Recon
Posted on June 24, 2015 by Rift Recon
Last week Rift Recon trainers teamed up with an exclusive cache of forward-thinkers in the start-up and financial industries to offer a “micro” version of our renowned Art of Escape training. The unique urban escape and evasion workshop was sponsored by innovative venture capital organization Ribbit Capital and covered basic lockpicking techniques as well as restraint-escape tactics. This intimate gathering was one of a few private functions Rift has been offering on a limited basis to corporations and organizations interested in buffing up their security competency as necessitated by their individual professional demands. Lucky for the attendees, it’s just as much work as it is play, and fun was had by all!
To book Rift trainers for your next team-building workshop, employee security consultation, or custom group skill acquisition, email email@example.com.
About Ribbit Capital
Ribbit Capital is a new venture capital organization with one single, relentless mission: to change the world of finance. They have raised a bunch of money to invest in entrepreneurs who see
finance with the same hungry eye for change with which others have
looked at commerce, networking and gaming. Their goal isn’t just to write checks. It’s to deposit and grow ideas. They are deeply knowledgeable about the complexities of building financial
businesses, and will share their experience with ambitious entrepreneurs. For more information, visit their website.
- Arianna Travaglini
Executive Assistant at Rift Recon
Posted on June 07, 2015 by Rift Recon
Last week, the 2015 Oslo Freedom Forum united hundreds of international voices to address some of the world’s most critical human rights issues with the goals of challenging ideas and implementing change. The Rift Recon Team was on site running the conference’s first Tech Lab, which was designed to advise the attending activists, journalists, attorneys, artists, government officials, and other warm bodies on sensitive issues of security, privacy, and anonymity.
“This year’s company presence was markedly different from last year’s,” said Rift Recon CEO Eric Michaud, “Last year we combined a presentation with subsequent focus groups, but we discovered an incredible demand for extensive individualized attention and for competent security practitioners to be present in an ‘on-call’ manner. We then pitched the concept of a “tech lab” to OFF and began planning for the next phase.”
CEO Eric Michaud, Intelligence Instructor Brian O’Shea and Web Application Security Specialist Mike Fauzy worked together over a ten-hour period to address the concerns of a diverse array of inquiring minds, all with the common goal of attacking human rights violations. The team walked attendees through modified risk assessments to determine unique threat levels; probing for adversarial information, personal security capabilities, perceived danger to life, information on past security breaches, and more.
“We knew that presenting a trifecta of experts in their respective fields was critically important,” noted Brian O’Shea, “Unfortunately there tends to be a ‘one-size-fits-all’ approach to working with at-risk populations, when in fact their needs vary extensively and require tailored advice. For example, if we’re speaking to secure communication, some people aren’t using the internet at all and are exclusively sharing information face-to-face, while some are operating in a country where the prevalent phone company is targeting them, ensuring none of their phone communications are secure. You can’t provide those two parties with the same canned advice - the stakes are high, and you’re apt to get people killed.”
Rift Recon is in the process of following up with a handful of at-risk individuals they attended to at OFF and are busy laying the groundwork for an increased focus on human rights issues for the remainder of the year.
“We feel privileged to be welcomed into the trusted community that the Human Rights Foundation facilitates,” Michaud remarked, “We’re honored to be in a position to meet the needs of so many global pioneers.”
For more information on this year’s Oslo Freedom Forum, visit their website for press, upcoming events, and videos of this year’s speakers.
- Arianna Travaglini
Executive Assistant at Rift Recon
Posted on May 24, 2015 by Rift Recon
Tomorrow kicks off the seventh annual Oslo Freedom Forum (OFF) hosted by the Human Rights Foundation (HRF), a non-profit organization that promotes and protects human rights globally, with a focus on closed societies. At last year’s revolutionary conference Rift Recon traveled across the world to present a comprehensive security workshop to the crowds of rights defenders, scholars, dissidents, policymakers, Nobel Laureates,
visionaries, heads of state, journalists, and other activists. Due to the undeniable popularity of the workshop and the demand for more individualized attention to specific incidences of threat and vulnerability, Rift Recon returned to OFF this year in a refurbished capacity.
On Monday May 25th from 11:00-19:30 the team, consisting of CEO Eric Michaud, Intelligence Instructor Brian O’Shea and Web Application Security Specialist Mike Fauzy, will be receiving conference attendees, speakers, staff and sponsors in the 7th Floor Conference Center during a day-long “Tech Lab”.
My experience [at OFF] last year was incredibly enlightening,” said Michaud, who has advised on physical security, lockpicking, and hackerspaces for over a decade, “I was introduced to a number of people who were doing innovative global work, operating at a very high risk level while practicing minimal security measures. That’s terrifying! We want to provide the people fighting for our freedom with accessible, actionable ways to promote 360 degrees of security so that their voices can continue to be heard.”
When a layman hears the word “adversary”, they may think of a competitive coworker or a neighbor with a grudge. In human rights work, that adversary could be an oppressive dictatorship or a violent military regime, and activists must be proactive about educating themselves on preventative security practices and measures.
“Oftentimes with human rights work, the stakes are very high and the adversaries are very talented,” noted Fauzy, who has 15 years of combined experience in software development and Information Security,
“You have to have a clear understanding of who your threat agent is and what their capabilities and resources are, as well as accurately assess your own resources and capacity to defend yourself.”
Tech Lab participants are encouraged to arrive with specific inquiries in mind. They will first be filtered through introductory questions designed to highlight their priorities and determine whether their threats are predominantly physical, cyber, or social in nature. They will then be directed to the appropriate specialist(s) and complete a more thorough risk and vulnerability assessment before receiving customized advice and resource referrals. If necessary, more detailed follow-up appointments will be scheduled on site.
“The number one reason secure measures are not applied is because people are insecure about their own ability to implement them,” remarked O’Shea, who has spent over 20 years in the field of investigations and intelligence, “Knowledge is empowering - if you let yourself be intimidated by the unknown, you’re exposing yourself as a target. People like soft targets, not hard targets. The more expensive you are to go after, the less adversaries will be tempted to attack.”
Tech Lab visitors who are less concerned about a particular threat but curious about generally improving their security skills will also have the opportunity to attend a more informal session with multiple Rift Recon specialists later on in the week.
“These days I have to remind folks that security goes much farther than just downloading an application or installing a program,” Michaud pointed out, “We’re changing people’s idea of how security works. We’re here without agenda - we just want to help people.”
- Arianna Travaglini
Executive Assistant at Rift Recon
Rift Recon tailors its clients from a suite of exclusive security service providers, in order to meet their specialized needs in software or hardware, utilities for cyber/physical security assessment, tool creation and team outfitting, as well as specialized trainings, and expert referrals.
Our team meets and verifies all equipment needs from solid standards to exotic tooling, and deftly handles client needs for cyber and physical security specialist placement.
Rift operates across a variety of security disciplines including product security, physical security, hardware/software research, and development (including middleware, electronic devices and kits). We also cater to professionals who are striving to meet their own clients’ various cyber and physical security needs.
Our client range spans independent trainers, corporations, to high net worth individuals. We consult red teams, independent cyber or physical security contractors, product security teams, and companies that require exacting, and/or executive-grade assessment reports.
Rift provides a suite of services.
Rift Recon excels at identifying and recruiting top-level talent, and holds a strong track record for meeting our clients’ unique physical security needs.
Discreet and methodical, Rift stands as the premiere company in the world positioned to expertly source, secure, or innovate and manufacture hardware to meet the exacting - often critical - software and hardware security needs of its clients.
Contact Rift Recon day or night for gear, consultations, to explore opportunities, or even just to find out more: firstname.lastname@example.org