‘Do I look like someone to mess with?” says Jenny Radcliffe, folding her arms in a really-don’t-mess-with-me kind of way. Her tattoos seem to be making the point, too. On her left forearm is a Latin phrase – facta non verba, actions not words – with a pair of devil’s horns; on her right, a feather, from the wings of an angel. Which is she, I wonder. Her boots – DM-like, many eyelets – suggest no angel; but the T-shirt is emblazoned with “Trust Me”.
Radcliffe has an unusual job: she’s a social engineer. “Also known as a professional burglar, physical penetration tester … though it’s difficult to say that one to old ladies on trains,” she says. Yes, I can see that.
And social engineering is? “It’s the manipulation of human elements to gain access to data, information, physical premises – the active weaponisation of human traits and errors.” In practice, what this means is that Radcliffe cons and breaks her way into properties, both commercial and private. The difference between her and an actual criminal is that she is asked – and paid – to do so, in order to put security systems to the test. Got it?
We’re in a studio in north London, doing photos. Radcliffe’s phone just went off (ringtone: Been Caught Stealing by Jane’s Addiction), and I told her I was going to try to nick it – the phone – during our interview later. It’s the kind of thing she does in her line of work: she’ll be tasked with getting into an office building, then getting hold of the managing director’s phone, finding out the passcode and sending a text from it. She once did it to a man named Mr Big (not his real name, we’ll come to him later).
Anyway, my (hollow, let’s be honest) threat is what prompted her to say: “Do I look like someone to mess with?” but then she laughs – I think I’m all right, for now. Later, she’ll tell me there’s plenty of banter in her work and her world; she’s fine with it, so long as it’s well meaning. “But you don’t want to be the person when I choose to take offence, because if it’s coming from a malicious place it will be dealt with accordingly, do you know what I mean?” Understood.
Right, photos finished and it’s into the waiting car, a Tesla, for the short journey to central London to do the interview. Radcliffe’s husband doesn’t like Teslas, she says. And that’s the only thing she’ll tell me about her spouse, or her family. There are children, but she won’t say how many, let alone names, ages, anything like that. “There’s no reason to know about the family.” Fair enough, it’s not about them. But it is about her. She tells me she will be 50 this year, lives in the north-west … and that’s kind of it. “The details don’t need to be out there.” But she is very happy to talk about her work, which is really interesting, and I think you get a good sense of her through it.
Your school career adviser never told you about social engineering as a possible path? Mine neither. But you probably broke into a building or two as a kid, just because you weren’t supposed to; that was the attraction. That’s what Radcliffe did, growing up in Liverpool in the 1980s, with older cousins. They got into abandoned factories, and offices, and other people’s houses, just for a laugh and to use the loo; and Southport Zoo, where she nearly became a midnight snack for a lion named Caesar.
Radcliffe went to Glastonbury festival, got in over the fence. It became an annual pilgrimage, a place not just to break into, but also to observe people coming and going, including the litter patrol, who wore hi-vis vests and carried black bin bags … guess how Radcliffe got in that year? And suddenly this wasn’t just breaking and entering, it was an introduction to social engineering.
Back in Liverpool, it led – through the cousins – to odd jobs, and scams, making connections, and actual work, getting paid to test out and advise on security. It might easily have led to a life of crime. “I understood the appeal. A romantic side of me wanted to be the villain, because it’s a better part, and I would be a great villain. But I saw the effects of crime and what it does to people. It can ruin people’s lives and sometimes simple things can prevent that. I was never going to be a villain. I’m not saying I’m Snow White, and to do what I do I have to be able to think like a criminal.”
Social engineering is the perfect solution: all the fun of playing the criminal without the consequences. And the tattoos make sense now; the angel’s feather is bigger, but the devil one is still very much there.
Radcliffe has written a book, an entertaining chronicle of capers, a journey that begins as an illicit obstacle course on Merseyside, then adds elements of psychology and play-acting, and gains momentum and legitimacy as it progresses.
The first proper job came from a top-flight footballer the cousins knew who had been burgled. When one of them went to advise him on home security, Radcliffe went along for the ride, and ended up writing the report. The footballer’s wife was pleased to have input from a woman, even though Radcliffe was only a student at the time, doing English language and literature.
After – and through – the first footballer, came another. This one Radcliffe did on her own. He wasn’t at home, so she had a wander around, peeked in through the windows, and saw piles of cash lying around the place, heard girlfriends leave messages on the answering machine, and – most bizarrely – witnessed a flock of parrots flying about inside. “You meet a lot of dickheads in my game,” she says.
I’d love to know who that was. “Some of the details have been slightly changed or composited, so that people’s or company’s identities are not revealed. For security reasons, but also because I want to work again.”
I wonder if the well-known Liverpool councillor and politician might be a little bit recognisable and that “Mr Trilby” might be a clue, someone who might have a … hat on … “Oh, you do, do you?” she laughs. “Any puns are purely accidental.” This job was about checking the security of a government building at a time when spending for public departments was being slashed. If she could show that security was woeful, they might be able to get a bit more funding. And the way to do it was to take De– … Mr Trilby’s diary from his desk drawer and post it to him. Another success, even if in the process the diary was left on a roof in the rain and got soaked.
Radcliffe’s journey continues up service staircases and across rooftops to financial institutions in London and Europe to the mansions of dodgy geezers in the far east. There are plenty of hairy moments, near misses and some actual tumbles along the way, including a fall from a roof in Romania. She was doing a surveillance job, watching a cafe across the street from the roof of her hotel, when she slipped, landing on a narrow ledge. Any distance either side and she would have fallen four storeys, but she escaped with bumps and bruises.
To begin with, the work was a side hustle to something a careers adviser might have known about (procurement manager purchasing industrial hardware). Then Radcliffe went all in, as a full-time people hacker, burglar for hire, con artist, then keynote speaker, too. On forms, she tends to put “security consultant”.
Right, here we are, in central London. But we can’t figure out the doors of the Tesla, to get out. The irony doesn’t go unnoticed, and Radcliffe laughs. She has a line about locks in her book: “I don’t look at picking a lock, I look at the person whose job it is to keep the lock closed, then persuade them to open it.” Meaning it’s all about the people. To be fair, the driver doesn’t require much persuasion or social engineering; he just opens the doors and lets us out.
We head to an office building with a public space attached, open to everyone; it’s somewhere to chat out of the cold. There’s a reception desk at the entrance: she goes straight up and asks if she can leave her wheelie suitcase there. They seem to agree, she goes to put it behind the desk … oh, no, they didn’t understand, not there, but she can take it in with her. She didn’t really want to leave her case there; she was just engaging, checking out communications levels, seeing how things work. She’s very charming when she speaks to people. Is it an advantage to be a woman, I ask. “People might be more willing to trust me and talk to me because I am less physically threatening.”
Sitting in the atrium, she tells me that shared buildings come with their problems. “You’re only as secure as the company that is least secure; public space provides a real challenge.”
She tells me, in rough terms, the way she goes about testing a company’s security. She researches the building, the company, the staff. Online first, then physically, the old-fashioned way – she goes to have a look for herself. She is interested in entrances and receptions, security, passes and lanyards, parking, deliveries and cleaning companies. Again, most of all, she’s interested in people and their stories. Are there any potential weaknesses that could be targeted, careless or disgruntled staff, perhaps? What are their weaknesses in turn – carelessness, ego, greed?
In the book, she tells the story of Mr Big, managing director of a “large UK business”, whose security team had decided the best way to get further funding was if he himself was hacked, so had approached Radcliffe with the job. She describes an incredibly elaborate ruse that, after extensive research, targeted Mr Big’s PA, and his wife, then his charity work. Radcliffe posed as a journalist, attended an event and set up an interview with him, an interview that would take place in his office. That’s where she got to his phone; she already had the passcode from an earlier part of the scam, so now she could send the text to the security team to prove the job had been done. That’s how it works – a text from a targeted phone, an email from a company account, a stolen diary, or a calling card left behind, all to say: mission accomplished.
But surely commercial security breaches these days don’t tend to be about physically breaking into buildings and nicking stuff from the boss’s office, or running off with a sack of bullion; it’s data that the bad guys are after. Radcliffe admits she isn’t a techie herself; she’s a people hacker not a cyber hacker. But she says it all comes down to people in the end. “The vast majority of cyber-attacks are about human error and manipulation.” A phishing email needs to be “a convincing script – it has to convince someone that it is genuine for them to click on it”. That’s not so very different from her convincing Mr Big that she was a journalist who wished to interview him about his wonderful charity work, though that was more targeted – “spearphishing” is the term used for a targeted cyber-attack, rather than indiscriminate trawling.
It all sounds very time-consuming, and expensive. How much does a security health test cost – to physically get into a building, with proof? “I don’t think I want my price list in the Guardian.” Ballpark? Well, it depends on a lot of factors, but we’re talking “tens of thousands”.
It’s time to go for a wander to look at a couple of other buildings in the area. Nearby is a building site for a huge new office block. It could be useful for an intruder to get in now, Radcliffe says, to find out where the fire escapes are, the shafts, and what they’re putting on the roof. Probably staff hot tubs. I see her looking up, at the building, but also noting the positions of the cameras around the perimeter fence. There’s one guarded works entrance, with dozens of work people coming and going. She reckons she could get in.
I’m not going to try. We walk to a building that belongs to a university and also has areas of public access. There are dozens of people coming and going, a place where the public bit ends and electronic passes are needed. That way would be difficult, but coming back out there’s a glass door that leads to a lift. Just as we’re passing, someone is coming out. Without a moment’s hesitation and almost imperceptibly, Radcliffe alters course and accelerates towards the door, with a smile that says: hold it, we’re coming through. The man holds the door open for us, also with a smile, “Thank you.” That’s it, we’re in, at the bottom of the lift. Which floor?
But, thankfully, we have to go. Radcliffe has a train to catch, back to Liverpool. Ah, so she still lives in the city! From Jenny Radcliffe, that counts as pouring her heart out and laying open her soul. “Well, the train goes to Liverpool,” she says, before adding, “I’m worried you feel you didn’t get everything you need. This is not the sort of thing I normally do. I do a lot of industry interviews, which are all the same.”
It’s really fine – I get it about the personal stuff. It’s a been an enlightening and thoroughly entertaining couple of hours, if a little alarming at times. Not going to lie, it’s something of a relief when her car turns up to take her to the station before she can cause any trouble. Not a Tesla this time, no issues getting in. Yeah, but do you know where your phone is, Jenny … ? No, of course I didn’t even attempt it; it might have unleashed the devilish side. Plus, it would have been utterly futile.
I calculate that at a conservative estimate, the number of buildings I have in some way infiltrated is in the hundreds, most of them with the full permission of the owners. While the majority of these jobs were not remarkable, some of them stand out because of the location, events or people I met on the way.
There was the time when I was asked to test the security of a large funfair in the south of England, and had to hide inside a ghost train while security guards with dogs looked for me. I was asked to play poker in a hotel in Northern Ireland in order to give feedback on “tells” to a friend of a client. I’d studied body language for years, applying my knowledge to negotiations and to help me read people better on my infiltration jobs.
I once investigated a guy suspected of selling company information to a competitor, and was rooting around his office late at night when he suddenly returned and I had to make a run for it. I had found upskirt pictures, presumably of female colleagues, in his desk, along with numerous keys hidden around his office and maps of the building pinned on the walls, but concealed by photographs and training certificates. I had to run down corridors and out of a fire escape as he chased me, shouting threats and expletives.
Occasionally, I employed small teams on a job-by-job basis. They had helped me infiltrate everything from banks to theatres, theme parks to nuclear power plants, factories and the offices and mansions of the super wealthy. While there was an increasing need for technical hacking, it wasn’t something I pursued myself, and I had many an occasion where pure cheek and quick thinking unlocked a site for me and the team. Often just doing our research and working with the shortcuts and culture that already existed in a client’s premises would be enough for us to find a way in.
One factory we worked on required creative thinking. We had been brought in to test for vulnerabilities in its site security. The security team had just spent a fortune on perimeter defence, and their manager doubted I’d get past. “It cost two million quid, Jen. That fence is rock solid. The only way you’ll ever get past is if someone leaves a door open for you!” he’d laughed over a gin and tonic and a pie in his local. “Good luck, and I’ll see you for the debrief on Friday.”
We’d uncovered a couple of potentially useful things during our reconnaissance. First, we had found from an open job specification that employees on the site were covered by an auto-repair insurance policy. Little issues with their company vehicles, such as a replacement headlight or flat tyre, would be covered by the firm and repaired on site by local mechanics. We’d also noticed that several older fleet cars were permanently parked at the rear of the car park, seemingly unused, near the brand-new exterior fence.
Research had shown that the employees themselves were a solemn bunch who seemed to be very rules-driven and respectful of hierarchy. I assumed that this would equate to an obedient and risk-averse working culture, and a plan had formed in my head. With only their head of security fully aware of the timing, we made our way to the site shortly before five o’clock on the day of the test in a small white van with a magnetic sign we had had made, saying: “JR Auto Repair – Windscreens, Tyres and Repairs – we come to you!”
My confederate pulled up and handed a “job sheet” to one of the guards. “Here to look at a vehicle for a reported cracked windscreen,” he said, giving the registration number. The guard went back into the hut and tapped at a computer; he came back. “Yeah. I’ve not got a visit down today, but it’s in the back of the car park, on the right, mate,” he said and raised the barrier. “When the right guy gets back in tomorrow, I’ll let him know you’ve had a look.”
“OK,” we replied and drove through, making our way to the scruffy car at the rear of the site.
The night before, we had crept up to the site on foot and looked at the fleet car parked about three metres behind the fence. We had aimed a few pebbles at the windscreen in an attempt to crack the glass, but throwing through the fence had proved difficult and we had aborted. My friend had dug a pellet gun out of his car and returned at first light that morning. He reported back that the car looked like it hadn’t been moved for weeks and was covered in bird mess and leaves. After several attempts with the pellet gun, he had managed to hit home on the windscreen and had made a decent chip in the glass. It was enough.
We drove to the car, and while he got out and looked around, I stayed in the passenger seat. After much shaking of the head and making notes on a clipboard, he got back into the van and slowly made his way to the security gate. As we passed the edge of the factory building, he stopped near a back door and I got out and went over to some large rubbish bins and pallets. I crouched behind them and watched as he returned to the security barrier, which lifted and let him leave.
A few staff had started to come out through the door as their shift finished. I was nicely hidden, and waited for a quiet moment before quickly tacking an A4 piece of paper to the door. We had written the following on it: “Please DO NOT close this door! Thank you!” We’d scrawled a vague signature beneath it.
A couple more people came out, chatting and removing ear defenders, letting the door close behind them and oblivious to me crouching behind the bins. Before too long, a guy in a suit came out, looking at his phone and dawdling a little. He stopped, reading something on a text, then glanced up at the door to make sure it closed behind him. He seemed to hesitate briefly and then push it back open and walk inside. After that, more people came through the door, although now I could hear them before I saw them, and I’d stopped hearing the gentle plunk noise as it closed behind them. I waited some more, and gradually the flow of people slowed then eventually stopped as the car park emptied.
I stood up cautiously and moved from my hiding spot. Looking at the door, I could see it had been wedged open by a paper towel. Obey the rules or be damned, I thought, and walked into the site and finished the job.
Apart from a fraught few minutes waiting for the security guards to patrol so I could duck under the barrier and leave, there was nothing unusual to report. On the Friday, in front of the security guy and his team, I explained what had happened, showing them some bits and pieces I’d picked up from the factory and office interior and handing them the now-scruffy sign I’d pinned on the door.
They were attentive and responsive clients, and as far as I know made good efforts to harden off the gaps we had found in their site and procedures. I couldn’t help but feel sorry for the security guy, though. As I described how I got in and handed him the sign, he put his head in his hands and looked at his colleague. “Two million quid, Brian,” he muttered, forlornly. “Two million quid.”
