Social Engineering: Lessons from a clandestine rooftopper photographer
If you’ve been on social media in the last few years, you’ve most likely seen the photos and/or videos of a craze known as rooftopping. First it was dizzying photos of people hanging off of scaffolding and construction equipment, then it was tall buildings and rooftop cranes. Before long, these daredevils were hanging from the railings, or ascending the lightning rods of the world’s tallest skyscrapers and posting the content to social media.
"Sometimes it’s just the way you walk and the way you present yourself..."
While most people focus on the vertigo inducing photos and first person view videos of rooftopping, my curious nature always left me scratching my head. Just how did they get up there? Were they picking locks? Hiding in a closet until after the offices shut down and the building is a ghost town? Crawling through air conditioner ducts like Bruce Willis in Die Hard? It turns out the answer is, “it depends.” For one rooftopper, @_adventuredan_ on Instagram, it’s a complex dance of skill-sets.
While Dan understands the ramifications of what he does, he's not utilizing his advanced skill-set for "evil" in that he doesn't tag walls, destroy things or steal property in his rooftopping endeavors; all he leaves with are memories and photos. He relies heavily on social engineering, but acknowledges he does break rules and possibly some laws, however justified he might feel by the fact that he’s not there to steal or damage anything. Further peaking my curiosity was the way he documents and showcases his traipsing, coming off more as a teacher than a braggart. He uses brains vice brawn to achieve his objective. Walking around an office with a clipboard and tie may not have the same level of sex appeal as running around the city in the dark with bolt cutters, but Dan’s methods are far more intriguing. They’re also a good lesson on the way the mind works and the fallacies of human nature.
Urban Exploration Roots
Daniel began his intriguing hobby by getting into abandoned buildings and construction sites while engaging in what he calls “UrbEx” (Urban Exploration). He and some friends would get into the various sites, cameras en tow, and take urban decay themed photographs. It was during this time that he began to realize that his passion was no longer one hundred percent vested in the photographs, but in the sense of adventure and thrill sparked by figuring out ways to get into the sites; it was around this time that Dan began to toy with social engineering. “Infiltration was kind of a sub-genre of UrbEx,” Dan explained. Essentially, it became less about getting some great photos, and more about the process it took to get there; Dan fell in love with the hunt.
He and a few friends would scout a building or construction site, then don reflective vests and hardhats, walking right in just as the actual workers would. “Sometimes it’s just the way you walk and the way you present yourself,” Dan said, “there would be workers around and we would walk in with our cameras like we owned the place. When the workers would see that we weren’t lurking around or hiding in the shadows, which would make someone suspicious, we’d actually wave at them and say hi. When you wave at someone in a place you’re not supposed to be in, often times they don’t think you’re not supposed to be there; it puts people at ease.”
After a few excursions, Dan decided to up the ante and get into bigger and more challenging buildings, as well as rooftopping downtown skyscrapers. Often times these skyscrapers are actively utilized by banks or federal entities, and as such, security is a little tighter than in an abandoned building. He realized he’d need to do more than just dress the part and wave, he’d need to fully assume the role.
"Knowledge can get you into anything..."
One of Dan’s first rooftopping targets was one of the tallest buildings in Dallas. He and his friends began to reconnoiter the building, poking and prodding, feeling for soft spots in the building’s security for potential avenues to the roof. Dan and his crew began to understand the fallacies in human behavior as well as the overall efficacy of skyscraper security (or a lack there of) during this phase. “If I can walk into your lobby and you don’t have any kind of key card access, reception desk, or any barrier to access the elevator, it’s highly likely I’ll make it to the roof; this is what we consider a big failure on the part of skyscraper security,” Dan exclaimed.
Dan and his crew conducted multiple "missions" trying to figure out how to get to the roof; skyscrapers don't exactly have maps that someone can utilize to find their way to the top, and there are generally multiple elevators that stop at varying levels well below the roof vice just one for the whole building. Ultimately, they discovered that the highest floor they could get to was an office space, with a reception desk at the their only entryway and they began to question whether there was even rooftop access at all from inside the skyscraper. Each venture into the building increased the chances that they would be caught and barred from the sky scraper entirely and Dan knew he had to find a way to the top, and find it quick.
Dan kept on studying the building, both in person and online. Searching the Internet, he pulled up an image of the skyscraper on Google Earth and found an assuring clue; anti-collision lights for aircraft at the top of the building. “I knew that if there was a light bulb on anything, that it would have to be changed," Dan said during our interview. Now confident that there was in fact a way to get onto the roof, he devised a plan to get up the building, past the top floor reception desk and through the office area without drawing unwanted attention. This would allow him to look for what he knew had to be there, a hatch, stairwell, or ladder leading to the roof.
"Clipboard of power, vest of authority..."
At one point, Dan worked as an electrician and remembered that while executing contracts, once they’d get clearance from the front desk, they could more or less move around the building with little oversight. Digging into his work history repertoire, he decided to assume the role of an electrician and attempt to get through the top floor reception area under the guise of conducing an inspection of the skyscraper’s electrical panels. If successful, this would give him unbridled freedom to search for the coveted opening to the roof. “We even had kind of a running joke about it,” Dan stated, in regards to the maintenance worker theme, "we called it the 'clipboard of power and vest of authority.' Having just those two simple items alone, has gotten us into a lot of places.”
"Always have an out..."
As previously stated, Dan worked as an electrician at one point, but for this venture, decided to go for a little more of an authoritive presence, and thus, Dan promoted himself to Electrician - Inspector. To dress the part of an electrical inspector, he put on khaki pants, a polo shirt and donned a vest, tool belt, safety classes, clipboard, calculator and a white RFID badge on a retractable lanyard, imitating the inspectors he had previously worked for.
“Putting a badge on gives you the appearance of authority. It shows that you have permission to be there because you have an access card and you’re trusted to be somewhere, even if it's not specifically for that building. This puts people at ease.”
Somewhat comically, Dan’s RFID badge had neither data imprinted on it, or any markings on the outside. For all intents and purposes, it was simply a white piece of plastic on a retractible lanyard. True to his meticulous nature, he even drafted a work order for his clipboard to round out his rooftopping alter ego, modeled after the work orders he saw during his tenure as an electrician. While the work order looked utterly legitimate (See above photo), nothing on the work order was real; there was a made up business at a fake address, fake phone number and obviously, fake inspections that Electrician Inspector Dan needed to conduct in the skyscraper.
The Exit Plan
Dan felt he had a feasible plan to get to the roof, but he also understood that in reality, there was a less than zero chance of getting caught. He decided to design an alibi that would protect him even if he was denied access, leaving the staff or security none the wiser of his actual intent. Having a rehearsed story would enable him to maintain cover and avoid any sort of trouble.
The owners of the building he was trying to access owned another building down the street, so Dan came up with a cover story of being confused as to which building he was actually supposed to be in. Should his cover be blown, he’d simply act as if he went to the wrong building and that he was really supposed to be down the road, making his presence just an innocent mistake vice one of malicious intent.
He rehearsed both his cover and his exit plan in the mirror multiple times before his actual attempt at the Dallas skyscraper; he wanted the stories to come naturally and his cover to feel authentic. He also didn't want to choke once the adrenaline he knew would come with being questioned would start surging through his blood stream, causing multiple physiological changes that could potentially make it harder for him to think quickly and on the spot.
Making a Good First Impression
The day of execution came and Dan made his way up the skyscraper. Bypassing the security measures he’d already bypassed on previous trips was the easy part, his first real challenge of the day would be at the reception desk. He got to the top floor turned towards the reception desk and although extremely nervous, confidently approached the secretary and stated he was there to conduct an electrical panel inspection. Slightly confused, she asked if he was with building maintenance, to which he said yes and that he was just there to conduct a quick and routine check. “That’s good timing,” she said, “the other maintenance guys are up here right now too.”
Dan started worrying immediately, “I was crapping my pants at this point and I thought, 'oh great,' of all the people that could be up here right now, it’s the people that I’m saying I’m supposedly with and who could call me on my BS story immediately.” Although slightly deflated, he maintained his composure, relieving the anxiety and adrenaline he was feeling by looking around the area and scribbling notes on his clipboard, playing the part of a bored employee just trying to get the work done.
The secretary had Dan follow her through the office area and took him to meet with the maintenance crew. They approached two of the maintenance guys who turned out to be maintenance managers. “Hey gentlemen, this man is here to conduct an inspection,” the secretary told them. They looked at each other confused and then looked back at Dan and the secretary.
Dan politely introduced himself and gave his spiel to the two men. “I think the most important part of a successful social engineering penetration is the first impression. I think when you see someone and the first impression you get of them and who they are, your brain really concretes that as the truth. When they looked at me, I was obviously in their eyes an inspector. I had my clipboard, I had my tools, I was dressed nicely, so it became not a question of who I was, or who I said I was, but a question of was I in the right place,’’ Dan told me of the encounter.
Maintaining Cover with Authority
The two gentlemen asked if he was with building maintenance or with a tenant. Although not prepared for this question, Dan remembered from his time as an electrician that buildings often had their own maintenance that the tenants would contract out for specific tasks. “I’m with a tenant,” Dan stated confidently. The two men immediately relaxed and told the secretary they’d show him to the electrical room.
“I couldn’t believe it, they instantly weren’t at all suspicious, even pulling out their keys to the room to let me in. It was a huge relief,” said Dan. They took him to the room and Dan noticed that the main electrical panel was locked and asked, “Is that the electrical main?” They replied yes and Dan said, “That’s a code violation. The main can’t be locked, if there’s a fire you need to be able to get into there.” The two men looked briefly concerned and stated they would see to it that the lock be removed. In a slightly comical turn of events, this is a real building code and Dan, in his guise as an inspector, got them to fix it.
Maintenance Workers: Keys To The City
The maintenance managers escorted him to the various electrical equipment rooms, where Dan checked breaker panels and electrical components as an electrician would. Unknown to the maintenance guys, Dan was also using this opportunity to scout the area to complete his Roof Topping mission. After going through the last room Dan knew he had to make a move quick if he was going to find a way to the roof. “The last thing on my list is the emergency lighting in the stairwell leading to the roof, as well as the junction panel for the anti-collision lighting,” Dan told the men. They made their way to the stairwell leading to the roof, which was a nice open carpeted stairwell right in the middle of the office area. This was somewhat surprising to Dan, given that the entryways are usually industrial type stairs and ladders.
Once in the stairwell, Dan noticed a tripped circuit breaker and told the manager that he needed to check something on the back of the light itself. “Sure, go on ahead, there’s a ladder right over there,” one of the men told him. Dan then grabbed the ladder, climbed up and there it was, a rooftop view of the city of Dallas. A view that very few are privileged to see. Dan took it all in; a non cleared person with roof top access in one of the tallest and most secure skyscrapers in Dallas. Out of view from the manager he quickly began to take photos and video of himself with the skyline. “I was freaking out a little bit,” Dan said. He gathered himself together, told the manager his inspection was complete and walked back down the stairwell. He bid the secretary good day as he left the top floor, making his way down the lobby and out of the skyscraper.
The End of the Road
This was the first skyscraper Dan managed to ascend and although it wasn’t his first use of social engineering, it was definitely the most complex and risky. It also wasn’t his last. As of this writing, Dan has worked his way to the top of almost all of the skyscrapers in Dallas, as well as multiple other buildings and sites of varying nature. Given the growing popularity and the saturation of rooftopping, as well as the attention it’s getting, Dan expressed the desire to retire.
I asked Dan for some closing thoughts on rooftopping and with no hesitation he said, “Nothing is perfect, nothing is impenetrable. With the right amount of knowledge and the right planning, anything is possible.” I’m almost curious to know what Dan chooses to tackle next, almost.