The next morning, Gregor parked his van within sight of the back employee entrance of a local CloudShield office.

I need to be within forty feet of the badge, Gregor reminded himself. He positioned himself to work from the back of his van.

Foot traffic seems low, probably because of the holidays.

The antenna booster was tucked out of sight. After what seemed like hours, two men started making their way to the back employee entrance. Gregor positioned himself.

Need the right moment.

One employee held up his RFID proximity card for access, and Gregor started the scanner; his computer was picking up some activity. Gregor knew from experience that it took about twenty seconds to clone a badge. This is taking too long, Gregor thought. A loud beep emanated from his computer. A message appeared, saying, ERROR: incomplete data read.

“Damn!” Gregor spat.

Gregor wasted no time resetting the scanner. The second employee hadn’t badged in; he was on his phone, and from the looks of it, the call was personal. Gregor rolled down one of the van’s windows so he could make out bits and pieces of the conversation. It sounded like the employee was having financial trouble.

Perfect! Gregor thought. He needed to identify the employee just in case the badge reader couldn’t pick up on his scan. He took out his camera, which was ideal for taking reconnaissance photos because the body was small and equipped with a telephoto lens. After taking several photos of the employee, he put the camera away. His mark was now making a move toward the door.

After checking the scanner receiving program on his laptop and scanner equipment, he was ready to clone any employee’s access card. Gregor looked up. The employee was now at the scanner! Gregor set the program for auto-scanning, and the computer started emitting various tones. These sound promising. He checked the computer, and a valid system message appeared. Gregor made a clone of the badge, pulled up a list of badge-reader data that he’d infiltrated from the company earlier, matched the badge identification number with his list, and then found an identity: Stephen Fishmann, operations manager. Hmm. Gregor couldn’t be sure, but Mr. Fishmann might have access to the server room. It was time for a quick test to find out. He waited for the back entrance to be clear of smokers; it was too cold for people to be hanging out outside without a purpose.

If you spot this tale on Amazon, know that it has been stolen. Report the violation.

Let’s see if this works.

He put the cloned RFID proximity card in the pouch just behind a fake mockup of a CloudShield badge, which matched the CloudShield uniform he’d purchased from the supply shop down the street. Gregor marveled at how weak physical security was at some companies; people were too trusting. All he needed was a fake offer letter, which he’d found on social media from an enthusiastic new hire who’d posted theirs online. It was now deleted, but Gregor could recover it; it was impossible to delete anything once it was posted online. He stepped up to the reader, swiped the card, and a light on the reader blinked both red and green, but the door didn’t budge. After waiting several seconds, he took the card out of the pouch and waved it in front of the reader. He heard a loud clicking noise, and this time a green light appeared on the reader.

Nice! Gregor opened the door and walked through.

The door led to an empty reception desk. Several boxes addressed to various people in the building were piling up. No one else was in sight. The server room should be in the center of the building, or in the subbasement, he thought. It was not referenced on the plans he’d acquired from the county, but his first guess was the center area on the first floor, away from the break room. As he made his way down the hall, two people nodded and said hello, but no one questioned his authority. After several more minutes of searching, Gregor was about to give up and look in the subbasement when he heard the distant sound of fans whirring. I’d know that sound anywhere, Gregor thought.

He followed the fan noise until he got to a set of double metal doors. One of them was propped open, so he walked in. No one was in sight; however, he noticed a cardboard box with a laptop on it. No one had bothered to lock the screen. My kind of company! A few seconds later, he had verified root credentials. This was too easy! Five minutes later, he had accomplished his task, his backdoor was installed, and as a bonus, he’d installed a keystroke-logging malware that would send a daily digest of all keyboard activity. Gregor turned to leave the facility, but froze as he heard someone enter the room from the other side. He snatched a peek through a gap in one of the server racks. A man dressed in blue jeans and a stained shirt entered holding a fast food bag. The man tripped over a box and almost lost his lunch.

Why would a world-class cloud protection company hire such a bumbler? It worked well for me! Gregor thought.

Gregor exited the room before the man made his way around the server racks. He didn’t see anyone else as he left the facility.