Schneier on Security
A blog covering security and security technology.
« 1959 Random Number Generator |
| How Not to Test Airport Security »
December 17, 2004
Burglars and "Feeling Secure"
From Confessions of a Master Jewel Thief by Bill Mason (Villard, 2003):
Nothing works more in a thief's favor than people feeling secure. That's why places that are heavily alarmed and guarded can sometimes be the easiest targets. The single most important factor in security -- more than locks, alarms, sensors, or armed guards -- is attitude. A building protected by nothing more than a cheap combination lock but inhabited by people who are alert and risk-aware is much safer than one with the world's most sophisticated alarm system whose tenants assume they're living in an impregnable fortress.
The author, a burglar, found that luxury condos were an excellent target. Although they had much more security technology than other buildings, they were vulnerable because no one believed a thief could get through the lobby.
Posted on December 17, 2004 at 9:21 AM
• 4 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I am reminded of a theft that amazed me when I was a child. Two men picked up an aluminum boat on display at a Sears and walked out the door. No one stopped them - who would ever steal something so brazenly? That taught me an important lesson.
Years later while developing gambling software for a large gambling syndicate, I was getting endless flack about very minor security details when there were far more important issues to deal with. To make a point, I breached several levels of physical security, bluffing my way past several guards while flashing fake credentials and insisting that my job was very important and time critical and they had best not impede me.
I got through, called the manager hassling me from the "very secure" main server room and told we had some issues with physical security which needed to be addressed first.
Of course i should have gotten permission for my physical pen test first, but I was young and brash at the time:)
Ted, you where lucky when I proved to the Cheif Enginner at a company I was working at that the new design for a nice expensive finger print scanner could be easily circumvented with the wax from an Edam cheese, some WD40 (thin penetrating oil) and some Copydex (ruber solution glue) I got sidelined and then pushed out the door within six weeks.
Oh the idea although I discovered it for myself was not original, read Sherlock Holms stories for the earliest refrence I can find to faking fingerprints with wax...
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.