Schneier on Security

Not bad, but what were the criteria for selection? Creativity? Originality?

The trouble with these sorts of lists is the best scams won't be eligable as they not only have not been aprahended but... nobody has made them public for whatever reason.

The 50,000 dollar one would nearly have been in the "undiscovered" catagory though.

Bernie Madoff didn't make the list? All the others are petty amateurs by comparison.

The social engineering of the craigs list bank robber is still the best

I'm mostly with Clive.

While I'm not certain that the best caper would go unpublished, I think "didn't get caught" is sort of a prerequisite (at least for #1). Now if the Craigslist posting had been done through TOR...

I do agree, with Romeo. If the Wired list is pretty good, I think that Bernie M. deserves a special prize, for the amount he stole and the longevity of his scam. Not very original, for sure, but brilliantly executed. Stealing so much money to such an educated crowd is almost an Art.

JeF.

@JeF
No, the Madoff scam is not brilliant. It's easy to defraud people who trust you. Not only is it despicable, it's also doesn't require much ability.

If you're going to describe scams as "brilliant" because they're technically clever, remember that it is more difficult to defraud people who either do not trust you or who have never heard of you.

"First spotted in 2005, this caper takes advantage of retail ATM owners and operators who leave the administrative passcodes on their Tranax and Triton cash machines set to the defaults published in easily-obtained service manuals."

I don't think the crooks should have been charged. Tell the owners/operators of the ATM machines that it's their own fault - which it was. And let them bear the losses.

I am fascinated to see that there is a positive correlation between a) the fortunes of the Republican Party, b) the (US) economy and c) Gay Rights. I bet that is not the connection he was intending to make.

@ITguy: Stealing from an unlocked house is still stealing. Though I'd agree whoever was responsible for maintaining and loading the machines (presumably not the owner, surely?) should take the hit.

Although not in the same league as an ATM, I note that some wireless access points have an annoying tendency to revert to the factory-default password, seemingly at random. At least once that I noticed, _only_ the password reverted. Other settings were not lost. If the designers of one embedded system can make that sort of mistake, surely so can others, so the ATM owner/operator/route-man _may_ not have done anything wrong.

OK, this was probably not the case, but I'm just saying that jumping on the purchaser of anything containing software for not realizing that the maker was a lying bozo is not productive. Unless they are election officials, of course :-)

Several ATMs I worked on had the money vault combination still set to the factory default of 0-50-0. I guess they were assuming the Quickset door lock on the facility was adequate security and resetting (well, SETTING actually) the combo on the bank vault wasn't worth the effort.