Schneier on Security
A blog covering security and security technology.
« Seat Belt Use and Lessons for Security Awareness |
| Frank Furedi on Worst-Case Thinking »
April 28, 2010
Hiding your valuables in common household containers is an old trick.
Diversion safes look like containers designed to hide your valuables in plain sight. Common diversion safes include fake brand name containers for soda pop, canned fruit, home cleaners, or even novels. Diversion can safes have removable tops or bottoms so that you can put your goods in them, and the safes are weighed so that they appear normal when handled.
These are relatively inexpensive, although it's cheaper to make your own.
Posted on April 28, 2010 at 1:21 PM
• 58 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
The old hollowed-out Bible trick!
Not applicable to this thread, but definitely to this blog:
The message was on the mirror.
Expect a trend, anyone wants to mess with a flight.
Your money is better spent buying "The Big Book of Secret Hiding Places." At the time, it had about everything I ever thought of and then some. For instance, most people don't think about the space under the floor of the cabinet under the sink. There is usually a few inches of space between the floor and sink cabinet bottom. An enterprising individual may create a discrete method of opening this area, either from inside or front of cabinet, and store things there. It also talks about how searchers operate (at that time, anyway) and ideas for fooling them.
Link to Book
How To Hide Anything (the originator!)
I got a Pabst Blue Ribbon beer can safe a few years ago for a giggle, but it's pretty obvious that it's not real and we don't use it. It just serves as comic relief. Anyone who knows us knows that the only way we'd drink PBR around here is at gunpoint.
Another great place to hide stuff is in an Arby's bag... No one would ever look there!
No Canadian packaging! My stash of drugs, weapons and anti-government propaganda would be identified in seconds.
Bruce, can I store some stuff at your house?
I know someone years ago who had spare keys to his house hidden in a fake pile of dog poop. Who is going to search that?
Careful at night... not fun to pick up the wrong pile.
Um, RC Cola??? One can, just sitting there? I haven't seen RC in years. Let's make a plea to Costco to carry it. Then at least we can put the "safe" in with 20,000 other look-a-likes.
There's also quite small "safes" available - for example a D-Cell battery that is hollow inside but has a metall shell and is weighted so that it's almost as heavy as the real thing - and since it's metal, when you put it into a flashlight with real batteries, the flashlight will actually WORK (weaker, though, as if the battery is running out - but still...)
Of course, you can't hide much in there - but for small valuable items like that SD card full of "liberated" documents it's large enough.
Speaking of which - what about the opposite side of this game? Think about the police searching your house with a search warrant, looking for incriminating data. Sure, they'll confiscate your PC, all external HDs, CDs, DVDs etc. they can get their hand on, and if you store stuff in the cloud they'll know because they had a warrant for your ISP, too... but if you put the data on a Micro-SD card, just think how many places a common household offers to hide that little bit of plastic, metal and silicon.
I suppose in a few years small storage cards will have integrated RFID chips in order to allow the government to actually find them...
So what happens when that RC Cola can finds its way into the icechest and bobbing around in the icewater? Do the contents wind up soaked?
I hide everything valuable in a hollowed-out copy of Secrets and Lies
Oops, time to choose a new spot.
Another trick similar to the dog poop one....buy a new toilet brush with holder put it beside the toilet and hide your valuables in it. Then keep your 'real' toilet brush tucked away in a cupboard.
I always think the biggest risk with these hidden safes is that they might inadvertently end up in the trash, especially when the owner dies - think of the articles you've read about the lucky fellow who bought an old pair of jeans at a garage sale with thousands of dollars in the pocket, or the hapless daughter who threw away her mother's mattress, only to discover that was where she stored her life savings.
I could easily see myself tossing a hairspray bottle (and the valuables in it) along with my old cosmetics.
Hiding your valuables in a cleaner makes more sense to me than in a fake beverage. I can picture people breaking in and grabbing sodas or especially beer from the fridge, but I have a hard time picturing someone breaking in and doing some light housework.
But PBR is a great hiding can - once the thieves see PBR they'll abandon all hope of finding valuables.
The best place to hide stuff if outside of your home. If you've done any geocaching, you will have developed some skills on hiding things in plain sight, and what's easy vs difficult to find given a complete GPS location. Chances of getting a warrant for that are very slim. The question is, where do you hide the map to the location? Me? I'd probably use stego and put it in Flickr.
Hmm. Now that I think about it, why not put something in a watertight container into a bottle of dark rum?
PBR only tastes good when its free.
So this is an effective example of security through obscurity.
And that's why I am surprised why it is frowned upon by security experts. Same experts who analyze effectiveness of other security mechanisms, like passwords, not just by its theoretical complexity, but price tag as well.
A few thoughts:
First, most of these 'safes' are big only big enough for a few dollars. They would be insufficient to hide most things of "real" value.
Second, do not underestimate the ease with which *you* can forget where you hid something. True story.. A friend hid several thousand dollars in his house many years ago. When he sold his house, he knew that money was hidden somewhere but he did not know where. He never found it. Stories abound about wives who throw away an old coat, not realizing that the husband had stashed savings in the lining.
Third, do not underestimate the ease with which you can forget that you *hid* something. "Out of sight, out of mind" as the saying goes. When you move, you may simply forget that you ever had hidden something. Easy examples are the $20 that you find in your coat pocket with no recollection of how it got there.
Fourth, diversion safes only work if everyone in the household knows about the safe. That's fine, but you should probably realize that your kids are, at some point, going to take the money. Or tell their friends about how clever their dad is for hiding money in a fake beer can. Or the housecleaner will mention to his coworker about how one of his customers has a Lysol sprayer full of gold.
Fifth, thorough thieves are thorough. They'll clean out your cupboards with a sweep of the arm, and look for things that don't fall correctly. They'll knock every book off your bookshelf. Or so I'm told.
Oh yes dear, I did throw that old can of soda away. Yes, it was kinda heavy. What do you mean 25 Golden Eagles? What's a Golden Eagle?
I wouldn't trust anything more valuable than chocolate or Easter eggs to security through obscurity.
The biggest problem is entropy. People have a really tough time generating sufficient entropy for their passwords so they should use a true RNG to generate passwords protecting valuables. So I find it improbable that secret hiding algorithms are as unique as people think they are.
Valuables stashed in secret hiding places occur frequently enough that all attackers know about them and use their own rainbow tables with the order optimized by human learning.
Another big problem is side channel attacks. Are you sure you aren't giving away information about where you have hidden something? The first example that comes to mind is the dust layer; a black light might help. If you have accessed you secret hiding place since the last time you dusted then it leaking information.
I thought your second and third points were both amusing and insightful!
A thing is only valuable to the extent that others have a desire for it.
I have a great desire for chocolate and Easter eggs, so ...
This reminds me of Jurassic Park and the DNA in the Barbasol can....I thought that was the coolest thing when I was younger. Unfortunately I didn't have a CC# so I could order online
The book on hiding stuff is Secret Rooms Secret Compartments by Jerry Dzindzeleta.
...before they can you.
True story. Many years ago I found a $100 dollar bill in my thesaurus. Apparently I had stashed it there so no one would find it and forgot all about it.
True story, I found $100 in my old EE circuit theory text book, I though it really strange because I had absolutely no recollection of ever hiding money in any books, but $100 is $100, so I put it in my pocket and thought nothing more of it. About a month later my wife is frantically thumbing through my old books.....
I have the ultimate can safe - an actual can seamer (the gizmo that seals the end on...can be found used), plus a supply of cans and ends. Labels come from the trash.
If someone wants to go through the entire kitchen with a can opener, good luck to them. Obviously not the best way to store things you'll need more than once.
Works great until the first day you forget to tell the cleaning service, or your mother in-law visits and tidies up the living room while you're asleep.
I'm a strong advocate of "hide it in plain sight". However, don't hide valuables inside other items that may be valuable to a thief, such as computer cases, etc. Containers of food in the freezer can easily hide items underneath the food. Family photos can hide things inside the frames. Items can be concealed in the toes or heels of work boots. Diamonds can be hidden inside bottles of vitamins (who is going to steal a bottle of vitamin C?). The list of hiding places in almost endless.
@Courtney "I always think the biggest risk with these hidden safes is that they might inadvertently end up in the trash, especially when the owner dies"
@Scared "Oh yes dear, I did throw that old can of soda away. Yes, it was kinda heavy. What do you mean 25 Golden Eagles? What's a Golden Eagle?"
True story [in french], where gold was thrashed away with the cooker:
How can you trust buyasafe.com or budgetsaresexy.com not to inform looters ?
@sam: "thorough thieves are thorough"
They are. My apartment was robbed once. Beeing a poor student at the time I had little of interest to the robbers. They have taken an old tent (somewhat torn and tattered), my jackboots, two English dictionaries and all the food from the fridge. Were they gearing up for a hike to England or what? My computer and TV were not even touched - probably they were too bulky for the robbers to care.
Besides, all my garments, books, papers, toiletries etc. - literally anything that was kept in drawers, cupboards and wardrobes - was lying on the floor in a horrible mess. They have searched everywhere.
So I really won't recommend stashing your valuables in books, among old socks or - for that matter - in containers disguised as food cans. Unless you want to get sued by a robber for breaking his teeth on your own diamonds put in a can of SPAM(tm).
On the other hand, they apparently haven't tried to move the furniture or knock holes in the walls. So the old trick of a safe hidden behind a picture of your ancestor may actually work.
I would be worried that someone would throw the container without realising.
I always think the safe concealed behind a picture frame is a good start.
For those wishing to hide micro SD cards...
Take a candle stick, clean out all the old wax, put a little "fresh melt" wax in the bottom from a dark coloured candle drop the SD card in and a bit more fresh melt on the top and stick the candle in on top let it all cool down and pop it in the middle of your dining room table.
Likewise with "tea lights" in those little aluminium holders, lift the tea light candle out before you light it the first time put the SD card in the bottom and light the tea light and let it burn for a few minutes until the compressed wax has melted just enough to melt the top part into the aluminium case...
Another place, pull the return/enter key off of your keyboard and use wax or some low melt or rubber solution glue to hold it underneath and put back on the keypad.
And then there is the hem on your curtains...
The list is almost endless and a little bit of self adhesive copper foil solves the RFID (or non linear junction detector) issues.
how 'bout a wiki? The kind of information your blog delivers is great but in it's unstructured form difficult to find (even with Google).
@Clive "self adhesive copper foil"
or brass if copper is too expensive. I found replacing copper screen with brass was in my faraday cage was cheaper and as effective.
And of course the criminal booster community uses aluminmum lined shopping bags to shield the tag.
The best way to foil non-linear junction detector (or rather its operator) is to hide your electronic stuff where a piece of ordinary household electronics is expected to be present.
The bottom of your Enter key may not be the best place as you may get your whole computer seized when presented with a warrant - keyboard, mouse and all.
Hide your micro SD in a radio clock by your bed, a quartz clock on the wall, or maybe better some semi-permanently installed electronic stuff like an AC controller or even plain lights dimmer sitting on your wall.
Well seems like some Russian arms Company is using standard shipping containers for a mobile cruise missile plattform. Just a concept but the same concept, just on a bigger scale.
And bad news for civilians, when they start bombing every container bearing vehicle/ship/train...
@ BF Skinner,
" I found replacing copper screen with brass was in my faraday cage was cheaper and as effective."
Now that raises an interesting thought about why you would have a Faraday Cage, based on some of your other posts about what you do for a living ;)
Me I'm a communications engineer amongst other things so a cage is part of the standard kit, and in another part of my life the "cell" happened to be a Faraday with a "safe door" (you locked from the inside 8)
@ Peter A.,
"The best way to foil non-linear junction detector (or rather its operator) is to hide your electronic stuff where a piece of ordinary household electronics is expected to be present."
Careful or you will have Nick P complaining you are giving away all the secrets 8)
Might as well construct a bunch of things that look like real safes, but can't be opened all. Thieves would waste a lot of time making lots of noise carrying off and/or cutting open such "chaff" safes only to find nothing in them (or some worthless thing just to make it sound like something valuable was inside).
@Clive "interesting thought about why"
I could tell you but then you'd have to kill me.
Call it a hobby. People seem happy to accept that.
Ok...I'm going to make a safe that is solid (little space inside), looks real and weighs 400lbs. It will be in the garage. when the feds/thieves raid they will have fun. Meantime, cloud computing, VPN, encryption, and the hidden microSD will prevent any real damage.
At least I can chuckle maniacally in my cell. Wait, maybe that's not such a good idea. ;) Who am I kidding. I have nothing of real interest to anyone important.
But why even bother hiding a micro SD card because the information is encrypted, right? ;-)
Carefull about your copper or brass Faraday cages. Copper and brass are high value targets these days.
@ BF Skinner,
"I could tell you but then you'd have to kill me."
As advertised in Futureramas "Stop and Drop" which method do you prefer,
1, Quick and painless?
2, Slow and painful?
Then of course which "Green" disposal method is your preferred option "Soylent"?
@ Count 0,
"But why even bother hiding a micro SD card because the information is encrypted, right? ;-)
Well it depends on how you like your fingernails (attached to nail bed or not) and what other people might do to you with various rubber objects such as hose pipes, gloves and torches (flash-lights for those on the west side of the puddle).
I'm told that extracting the key via a lower orifice can be quite effective...
As per the plotline for episode 4 of BBC's "The invisibles"
I keep my most secret valuables in an old, discolored, hollowed out vibrator.
Maybe you do have secrets worth hiding. Not too likely a thief or cop is going to just pick that thing up. This discussion has really descended into chaos.
Back to subject...Why not just hide the server in the wall???MicroSD in the spice bottle.
Personal, thiefs broke in and stole some things. They missed the jewelry. They didn't know where the case opened. Stock items and being a slob has its advantages. I could deal with a burglar rather easily. After he has knocked himself out cold tripping on the kids' toys, and mauled by the dog he will be prepared to be tazed. I don't believe that it would call for a double tap. You don't have to be terribly clever just hide where they typically don't look. Who would look for cash IN the kitchen table? Just an example, I am married, I never have cash.:)
This story is only good to provoke ideas and to let the public know that you can buy these things ready-made. The people on this site could hide the bodies and use bleach. NCI effect, another story.
sorry meant to say ncis or csi. After today I need expresso and a nap in that order.
If you have multiple diamonds of value then instead of hiding them with the vitamin C and possibly choking one of your friends or realizing they got thrown out after the vitamin C passed it's expiration date why don't you SELL ONE AND BUY A REAL SAFE!?
The fundamental questions for this then become:
1.) Would someone inadvertently steal it (eg. hiding money in your laptop)?
2.) Would someone throw it out by mistake (Hiding money in a half empty jar of salsa in the fridge)?
3.) Could you ever find it again? (MicroSD cards in general)
I've heard that you should "hide" a relatively small amount of money in a well known hiding spot for thieves to quickly find in the hope that they would leave right away instead of tearing the whole place up.
Luckily, I've never been robbed...that I know of.
Randy -- butnowitwillhappentonight
One idea I have considered (if I ever had anything small enough that needed hiding) is hiding things in the ice of my fridge or freezer.
Hiding things in food packets etc. is a common enough technique, and with a bit of time a robber could check, but something hidden within the ice itself:
I know from experience that they'd be digging for a long time (if they even thought of the possibility) before they got to whatever I'd hidden.
So would I, of course, but I can afford to spend a bit of time defrosting my freezer when I need that money/micro-sd card holding blackmail information on the president/plan for a time machine.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.