"So, you got three of us that are kind of walking through this campus with antennas sticking out of our laptops," Dahvid Schloss said, describing how plainly visible equipment and a plausible pretext opened doors that should have been closed.
Dahvid Schloss's red-team visit
Schloss, a professional red teamer, was engaged to test both the physical and network security of a company described in his account as near the top of the Fortune 500 and known for sponsoring and providing the trophy for an international sporting competition. He and two colleagues walked the campus carrying laptops with antennas, probing wireless networks while the site was undergoing construction. Schloss told the reporter that employees did not question their presence; instead, staff repeatedly approached them to ask if they were "going to fix the Wi‑Fi." That level of unquestioning access created the opening Schloss's team needed to move beyond a wireless audit and into the facility's interior spaces.
The trophy, its worth, and how it left the building
In the marketing department, Schloss found one of the competition trophies on display in a case. He said there were three copies of the trophy — one for the winner, one for the host nation, and one for the sponsor — and estimated the example he removed was worth at least $250,000, while also calling it "priceless" given the limited number produced. Knowing his assignment included physical security, he opened the display case and took the trophy. A marketing employee saw him doing it and asked, "Are you here to fix the Wi‑Fi?" Schloss replied "yes," and the staff ignored him as he slipped the trophy into his backpack and left the building.
Schloss held the trophy for two and a half weeks with "no one saying anything about it," then used the item during his executive briefing. "We walked to the boardroom and the first thing I do in this boardroom is I pull out the trophy and I put it on the table," Schloss told the reporter. "And all these executives are sitting around there as we're about to give this security report on where the maturity is at and that was like enough said, right? You could see the eyes just popping open."
Construction, Wi‑Fi outages, and pretexting as an attack vector
The presence of construction and widely noticed Wi‑Fi problems supplied the pretext that enabled social-engineering to succeed. Schloss described employees approaching the team not to verify credentials but to request help with connectivity — a normal, nonthreatening interaction that masked the team's probing activity. The story underscores how ordinary operational disruptions (construction, broken access points, poor connectivity) can be weaponized by someone with a credible-looking technical setup and a simple, plausible explanation.
A red team that tested more than networks: scope and demonstration
Schloss emphasized that his remit included testing overall security, not merely the wireless layer, and he used the opportunity to demonstrate the gap between policy and practice. The successful removal of an expensive trophy from a locked-looking display case — observed by staff who nevertheless did not intervene — became the central artifact of his presentation to executives. The staged theft served as an unambiguous demonstration of organizational weakness: visible equipment and a believable pretext, combined with inattentive staff, allowed an outsider to bypass controls and remove a high-value asset without challenge.
What this means for technologists, procurement leaders, and office employees
- Technologists and security teams: Pay attention to operational conditions that change the threat surface. Schloss's account links construction and persistent Wi‑Fi problems to increased social-engineering risk; teams should treat unusual maintenance or degraded services as periods of heightened exposure and coordinate physical-security checks accordingly.
- Procurement leaders and contract managers: The story highlights the need to verify contractor identity and scope in real time. Even visible technical gear and a plausible task can be used as cover — organizations should enforce badge checks, escorting rules, and clear limits on where contractors may work during audits or remediation.
- Office employees and on-site staff: Schloss's experience shows that staff will often assume someone who appears to belong in the building is benign. The practical takeaway offered in the report is simple: train employees to question people, even those who look like they belong, and to confirm credentials and authorization before letting them access sensitive areas or assets.
The episode is a compact case study in how social engineering and basic operational friction intersect: a visible technical posture, a believable pretext, and distracted or trusting staff combined to let a red teamer remove a high-value trophy and return it only when it served as proof to leadership. The immediate remediation is not technological alone — it is a set of observable behaviors and enforcement steps that the company could have taken that day, and that organizations in similar situations can put in place now.




