There are two kinds of piggybacking. Electroluic piggybacking is dialing up a computer and finding yourself connected to the account of the last person who logged off. Physical piggybacking is using another person's access to gain entry to a computer or computer room.
One way of getting in at hospitals, offices and other buildings which require the insertion of a magnetic card to gain access is to stand around and wait for someone with access to open the door for you. Many offices stay open late at night and on weekends, for people who need to come in to clean or work overtime. I especially
like going into big office buildings on Sundays. Just wait around outside until you see a car pull up, then time yourself so you will be behind the employee as he or she heads toward the door. Let the person unlock the door and hold it open for you. If you can get in, the whole building is yours for the asking. There may not
even be a maintenance crew around to get in your way.
The thing is, though, you have to plan ahead to be successful at this and not arouse suspicion. If you're going to try piggybacking your way into an office building, dress like an office worker. Perhaps carry a briefcase or a lunch bag.
I know these things are possible because I have done them. I spent last week at the regional head-quarters of a large bank, doing temporary work for them. From the moment I drove into the parking garage I was inundated with all sorts of warnings about security measures. First there were the signs hanging up in the
parking garage about how my car would be towed if I parked there without a hangtag. A guard was sitting in a little booth near the entrance of the place. I went over and explained to him that I was a temp worker and I didn't have a hangtag. He told me not to worry about it, that they don't really tow cars unless there is some problem with them, like if they are double parked.
Then I went into the building, up to the seven-teenth floor, and came out of the elevator facing a locked door that required a magnetic card to get in. A sign informed me that I was supposed to buzz the receptionist and have her open the door for me, but there was no receptionist sitting at the desk. I waited a few moments until an office worker ap-proached the door from the other side, held it open for me, then went on his way.
The entire week I 'got in and out of the office without a security card, and in fact later on I even found a concealed door that allowed entrance to the same offices, without a key or card of any kind.
So you see, piggybacking - the use of another's legitimate access to gain entry into a building or computer - is an on-site hacker's best friend!
