Acrobatic Thieves

Some movie-plot attacks actually happen:

They never touched the floor—that would have set off an alarm.

They didn't appear on store security cameras. They cut a hole in the roof and came in at a spot where the cameras were obscured by advertising banners.

And they left with some $26,000 in laptop computers, departing the same way they came in—down a 3-inch gas pipe that runs from the roof to the ground outside the store.

EDITED TO ADD (4/13): Similar heists.

Posted on March 24, 2010 at 1:51 PM • 47 Comments

Comments

GreenSquirrelMarch 24, 2010 2:10 PM

I wonder if this is actually how it happend. I hope so, just for the cool Mission Impossible issue!

On a more serious note, I presume that this will have had to involve serious insider knowledge or lots of casing the joint visits....

PhilippeMarch 24, 2010 2:15 PM

Seems like a lot of efforts for 26 000$ worth of laptops which will probably sell for half of that price on the street...

IsaacMarch 24, 2010 2:19 PM

I was wondering why they went to all this trouble for so little payoff, and they I saw a story about a subsequetn theft of $75M of drugs through the roof of an Eli Lilly warehouse.

http://online.wsj.com/article/...

So, perhaps the Best Buy hit was a practice run.

Atam TMarch 24, 2010 2:19 PM

I agree. They didn't get much really. Some computers. Perhaps the computers can be tracked at some point if they are sold and their serial numbers are left intact. The only way to try and get them now is to find out who cased the place. Someone is going to be watching a lot of boring security footage....

mcbMarch 24, 2010 2:23 PM

Sounds like a reasonably proficient burglary making use of inside job. Pros would have passed on it for a bigger score (or they were disappointed in the take). We had a similar burglary once where the perps come in through the roof on knotted bed sheets and left the same way with several kilobucks worth of DRAM modules (back when 1 meg modules cost $600 a pop). They came in and left via the roof because they knew access controls and cameras would detect and record their exit. We learned all this after the fact because one of perpetrators was a former temp who still had his hand drawn map of the premises in his wallet when arrested on a different beef several _months_ later. The high tech crime unit told us bedsheets were used instead of rope because a couple sets of sheets in a Mervin's bag don't look like burglar tools in the event the crew gets stopped on the way to the job. Aah, good times...

HJohnMarch 24, 2010 2:23 PM

Two points

1) I wonder who at Best Buy will be on the hot seat for this, even though any countermeasures would likely have cost far more than the $26,000 lost.

2) How much of a payoff really depends on who took them. Even if they sell them at only half price, $13,000 is quite a bit for a days work, especially for someone low on the economic todum pole.

AppSecMarch 24, 2010 2:26 PM

@Atam T..
According to some, those cameras will be of no use.

Why do I have the start of "Sneakers" running through my head -- The thief is going to return with a bag full of equipment and say something to the effect of: "I decided I didn't want these any more."

BTW: I could really see this as getting a boatload of machines that can be used in a "cloud" setup to do some serious data mining or Internet attacks.

Brandioch ConnerMarch 24, 2010 2:50 PM

@mcb
"Pros would have passed on it for a bigger score (or they were disappointed in the take)."

Yeah, that's what I was thinking. Real pros would have taken the delivery truck while it was in transit.

This sounds more like some competent employees (current or former). And the problem with that is that it makes it easier to narrow the suspects.

Who decided where to hang the banners or who moved them last?

periMarch 24, 2010 3:28 PM

I think the Dubai incident spoiled me! I was sad to see there was no video online.

mcbMarch 24, 2010 3:36 PM

Sorry, my first sentence should have read "Sounds like a reasonably proficient burglary making use of inside information."

A reasonable preventative against such attacks need not cost a bazillion dollars, especially if deployed during routine PMs of BB's security systems and physical plant, but they should know that already.

clvrmnkyMarch 24, 2010 3:52 PM

Wasn't this just a plot device from "Chuck"? This must just be an elaborate way to advertise for that show.

Yes, I believe that is the correct interpretation.

OdalchiniMarch 24, 2010 3:58 PM

huh? There's a 3-inch *gas* pipe on the outside of the building?

Lucky it didn't break, eh? If it had then (a) there could have been a quite pretty explosion and fire, and (b) any surviving perps would now be suing the store for endangering them...

SolsaMarch 24, 2010 4:00 PM

Darn. Any minute now the TSA will rush in emergency regulations to search my luggage for 3 inch pipe. No chance of me getting that spare bit of plumbing home on the plane.

CybergibbonsMarch 24, 2010 4:04 PM

Interesting - it does seem like a lot of work for $26k tops though. I'd imagine the serial numbers etc. are recorded, so you'd need to be fairly careful when selling them on as well.

One thing to note is that you can only rappel (abseil to Europeans) down. To get back up, you can climb the rope (most men don't have the strength or skill to climb a thick hemp rope, never mind a thin climbing rope) or uses ascenders - a real pain nonetheless.

How did they cut the hole in the roof? If it was a 100% metal roof, I'd bet drill a hole and then use a nibbler to cut an aperture. Much quieter, though slower, than using a petrol powered angle grinder. If it had plastic skylights, I'd remove one of these.

The engadget story is interesting as well - it mentions they stole the store safe through the roof. I've got my own safe, insurance rated for £6k in cash. It's bolted down with 6 bolts, 4 into the wall and two into the floor. There is no way you could move this thing, and even if you could, it weighs about 100kg - really quite hard to haul out of a roof. Would a store have a safe any worse than this?

Nick PMarch 24, 2010 4:51 PM

@ all

To those thinking the heist was too small, too much work, etc, the payoff versus the risk and work was very nice imho. They just had to do presumably a few hours of risky work, way less than the local, bottom-feeder drug dealer who scores less than 10% of that in a month. They made anywhere from a few grand to over $20k if they eBay fence it, which is nice pay for one night's work. Also, the planning involved & night cover kept the risk very low, meaning even pro's might do this while looking for a better heist.

There's one other thing to consider: notoriety. Many thugs do this stuff for both money and the thrill, and some do it for thrill alone. Back in my high school days, one group of students broke through the glass roof one day, rappelled down to the floor, and grabbed a trophy everyone had joked about stealing for years. They were only busted because one used the story to get laid. (LOL). They returned the trophy anonymously before that & only motivation was the thrill of doing it.

So, the scenario: Big T is all about thrills, nice cars, easy girls, and easy money. He usually steals credit cards or hits cash registers if particularly desperate. He wants a better score than he's been getting: a few hundred dollars for well-planned, risky work. The geek on the crew's got a plan to bust into Best Buy through the roof, snatch a bunch of shit, make bank, and book it before the store knows what hit him. He said the cameras & high tech bling aint no bang. Payoff supposed to be 26 large. The question is, "Is Big T up for having a good time?"

JamesMarch 24, 2010 4:54 PM

The problem is what they stole isn't easily "laundered". The serial numbers can be tracked. Considering it's an apple laptop, you'll likely to be using the automatic update. If apple has the serial numbers, they can track who's updating their software (or perhaps even using it since when OS X starts you likely register and it might connect to apple). You get the IP number, get that person's information, talk to them and where they got the computer and nab the guys that stole them. Too much trail as opposed to jewlery or something like that (even more regular computers have less capability to be tracked). I don't know if the serial feature is used or disabled.

NobodySpecialMarch 24, 2010 5:09 PM

@ Philippe
On the other hand it is considerably less effort than trying to buy a computer at Bestbuy.

I don't want to pick it up in three days when you have 'installed' it.
I don't want to pay $80 for you install a bunch of nagware.
I don't want to pay $300 for an extended warranty on a $400 laptop.

novaphileMarch 24, 2010 6:19 PM

@Sean

They used the external 3 inch gas main as hand holds, as they scaled the outside of the building.

Boot prints were found adjacent to the pipe.

Filias CupioMarch 24, 2010 6:55 PM

I'm conflicted. Half of me hopes they go on to greater things, because they have skill and style. The more traditional half of me hopes they get caught because they're crooks.

I know - I hope they nearly get away with some elaborate heist, but get caught because an alert security guard notices some tiny detail which is 'wrong'.

I don't see much similarity between this and the drug heist (Isaac, #3). This was quick, in-and-out, never touch the floor, use camera's blind spots. The drugs was hours loading a large truck having disabled the cameras. The only similarity is point of entry.

Nick PMarch 25, 2010 12:24 AM

@ James

This is true, but that doesn't stop laundering with one-time fences. Smart criminals use Craigslist to hire eBay sellers, give them some legit stuff to build their rep & inspire trust, then give them a bunch of stolen crap at once. Most of the money gets through before serial number tracing or deactivation even happen. They can also sell through stores with no feedback or easily spoofed high feedback. Stolen electronics are fenced through eBay all the time & quite a few crooks make it over a long time. Will these guys pull this kind of laundering off? I don't know that. I just know it's actually pretty easy and standard operating procedure for many successful fences.

BillMarch 25, 2010 5:01 AM

Movies make out that abseiling (rappelling) is difficult. It's easy! A skill learned in minutes by a child and useful for years (climbing became a hobby).

The gear is inexpensive too, from a few quid (dollars). Ascenders are trivial to use which I carry ever since I did something really dumb.

Jan DoggenMarch 25, 2010 5:04 AM

This also means that Bruce can no longer hold his movie plot contest without being accused of planting bad ideas in peoples' head.

BillMarch 25, 2010 5:29 AM

Um... I don't think they'll sell on ebay. Ebay is broken for laptop sales just ask Bruce!

wumpusMarch 25, 2010 6:50 AM

Just out of curiosity, how hard would it be for a bunch of best buy insiders to lift the gear at the dock. After they cut a hole in the roof and slap a boot against a pipe, they can come back to work and stand around the hole with everybody else and say "ohhh, ninja-pirates. I'm not sticking around after work in case they show up."

ytMarch 25, 2010 7:19 AM

@Bill: For some reason I'm reminded of the old saying that it's not the fall that kills you, it's the sudden stop at the end.

MrOutcomesMarch 25, 2010 8:23 AM

'High level of sophistication', 'High-level planning', 'daring', 'professional', etc

Anyone here concerned that we might be sending out the wrong signal to thieves, 'acrobatic' or otherwise?

RTMarch 25, 2010 8:34 AM

Oh, it says $26K of Apple laptops. That's what, 3 or 4 laptops?

And I am highly suspect of the "touching the floor sets of an alarm" part of the story. The expense to wire this very large area with a sensitive floor cover would be prohibitive, and the security would be designed more towards the perimeter. Why pay so much for this when the event of an attack of this sort is unlikely? Plus, if the floor is wired, as soon as you move any displays or put a box down somewhere on it you are going to trigger it. Can you imagine trying to set the alarm for the night and it won't let you because a sensor input is being triggered? You'd have to walk over the entire store to find what was causing the problem, although the system could be set up with multiple "zones" for the floor to allow easier searching, that would add even more to the cost. If you have a fault (short circuit) in the sensor, you have to rip up the entire section of foor to fix it. I say it's more of a BS story by the security company and it was told to others who believed it, and perhaps the crooks heard it and decided not to take any chances.

DayOwlMarch 25, 2010 8:35 AM

Many of the computer components have unique media access control numbers that may or may not be accessible over the internet. It depends on settings at the other end.

According to comments on the news site, this was just one of several similar break ins at Best Buy's around the country. I wonder if they all targeted the same kind of laptop? Are they filling an order?

I try to teach my guards to look UP, as well as around.The ceiling is very commonly overlooked by security.

TSMarch 25, 2010 9:00 AM

@RT

The floors aren't wired. The motion detectin sensors are all aimed at ground level, triggered if anyone walks by. They're set low so you can't crawl under them. But apparently you can walk on top of the racks and not set them off.

Grane MochaMarch 25, 2010 11:41 AM

My guess is that this was done by a high school or college aged short-term employee and his buddies who are into rock climbing. If you've already got some gear and you've watched some action movies, then this might seem kind of cool.

Of course, Apple hardware is going to be impossible to fence because it's so easy to trace (due to the software update in OS X). The only way to use this hardware without getting caught would be to install Linux on it and use some drivers which change the MAC address reported for the ethernet and wifi chipsets. How many black market buyers are going to want to do that?

@Bill
"The gear is inexpensive too, from a few quid (dollars). Ascenders are trivial to use which I carry ever since I did something really dumb."

Really?? You carry ascenders everywhere you go? I only carry them on aid climbs. Even on long multi-pitch trad climbs a pair of prussics is a lot lighter than a pair of ascenders.

AliMarch 25, 2010 12:49 PM

I wonder why a lot of people feel that a stolen laptop is immediately traceable due to the update feature? Have any of you who claim such a thing actually had your laptop stolen and recovered because you have updates switched on?

I don't believe it is possible because:

1. Laptops have identical hardware configurations to others of the same make/model, after they are all made on assembly lines using standard hw.
2. Modern OSes purposely remove uniquely identifying information like serial numbers from transmitted data about a laptop (anonymity it) to alleviate privacy concerns.

Are you saying that apple (or microsoft) is uniquely able to filter and to trace back to a particular laptop from the millions of update requests all over the world that come to their servers? Then we should be really concerned about our privacy.

Btw, I had my laptop stolen and neither microsoft or kaspersky (I have their antivirus which updates every 15 mins) offered any help due to reasons I explained above.

JohnCaseyMarch 25, 2010 1:48 PM

Next thing you know "The Ring" will be rappelling into the Buy More in Burbank...

JamesMarch 25, 2010 3:56 PM

@ Ali:
It's true in some cases, but these are Apple computers. The software and hardware are more tightly integrated than most other computers and include hardware chips that uniquely identify it (you can overwrite the OS that came with it but the serial number is still there). It might be reprogrammable but that's a lot of work. They rely on the serial numbers for many things such as verifying software and when you do repairs to the machine at the apple store(if you sell it to a regular guy it's bound to happen). Also, you don't have control of the OS completely and if Apple implements some way to contact a server with the serials some guy that thought he got a legit computer likely won't avoid them. Are you really going to use an external firewall to prevent this?
The issue here is that a user that bought the computer would never think to do any of this. However, if the thieves stole the computers for their personal use, it's likely that they can overcome most any way apple implemented the checks (might require reversing though)
I don't think apple is in the business of tracking stuff for LE agencies so it's not a problem, and I don't think a couple of rogue computers are really a big deal for these companies, but they do have the capabilities to do it.

Clive RobinsonMarch 25, 2010 5:24 PM

@ RT,

"... Plus, if the floor is wired, as soon as you move any displays or put a box down somewhere on it you are going to trigger it. Can you imagine trying to set the alarm for the night and it won't let you because a sensor input is being triggered? ..."

Whilst you are correct in the rest of your points with regards the floor sensors, I guess there is something you are unaware of.

That is "Delta" or "state change" alarm switches.

The floor is laid out with a grid of preasure pads each one reports back individualy to the alarm box (usually they are multiplexed like the keys on a key board but in a "non blocking" way).

The alarm when set knows which pads are active and which pads are inactive. The alarm is triggered when a pad changes state.

This sort of system is not cheap (infact we are talking both arms and both legs) but it has the advantage of variable sensitivity thus not being triggered by rats / cats / dogs etc depending on how sensitive you set it. Thus you can have an area with "unleashed guard dogs" as well...

Unlike the cheaper downwards facing or "knee knocker" "IR fan" or microwave sensors that just report movment irespective of volume or mass.

This system has other advantages as well in that it can be used to monitor the track of guards and dogs etc, thus a log of guard movment is automatic. Plus in some cases the pad resolution is better than 100gm (4oz) at 150Kg (330lb or ~24st) so you can tell if a guard picks up an item etc (or as a friend of mine put's it "you can tell where muttly has done his business and thus where to send the clean up crew").

Oh and one little oddity, if you want to "do it yourself", under floor heating of various kinds can act as "transducers" as well as providing heat and often come in conveniant 2ft x 2ft units. I was shown this when I was working for a Korean company, the engineers had designed a system as a "hobby" project to be published there.

Clive RobinsonMarch 25, 2010 6:01 PM

@ Julian,

Not sure if it's the same incident but in the UK the press is having a bit of a field day with an incident that happened at Heathrow airport.

Apparently a young female member of staff has been "severly traumertised" by a male colleague. As far as I can tell she stood unaware in the field of view of a "virtual nude" scanner. He made some comment about "big breasts" and filed a formal complaint with the police under the "anti stalker / harrasment" legislation.

As was noted by one commenter, she was traumertised by a loud mouth, how many of his colleagues will do the same to passengers but keep their mouths shut...

So it's a case of nail the loud mouth, not because he and his colleagues can letch at members of the public, but because he made comment on a co-worker...

I must admit if I was still able to fly I'd be very tempted to make a special pair of underpants, which clearly said what I thought (not sure what they could do about it but I'm sure they'd rush new legislation through to cover it).

bobMarch 26, 2010 7:15 AM

"...On top of the building, they used a saw to cut through several inches of rubber and insulation, then sliced a 3-foot-wide square in the metal roof..."

Shame they had to do $50,000 worth of damage to the facility to steal $26,000 "worth" of laptops (must have been MacBooks; $26,000 of wintel computers wouldnt fit through a 3x3 hole). And fenced they are probably only worth 10% of retail.

If they were this sophisticated why didn't they go ahead and make it worthwhile? Maybe this was a training run for a jewel theft someplace else?

Furthermore, at 00:02:26 (ie

@NobodySpecial: lol

Jim A.March 26, 2010 9:25 AM

I'll have to agree with the idea that "because it looked fun," was probably the motivation, and "probably an inside job" posts. Even if they do make it less likely that they were "stolen during business hours" and the roof hole was just a ruse. If you can't really fence them, the reason that they stole so few was that's all they needed, or those were the only ones piled high enough that they were above the motion sensors.

RTMarch 26, 2010 10:18 AM

@ Clive Robinson

Yes, a state change mat system like this could be used. Like you said, it would cost even more than the simple floor sensor system I mentioned. An operation like Worst Buy would probably not spend the kind of money needed to do this. It's the old "Parable of the locks" thing that Bruce has discussed on here before. Don't pay more for the lock than what you paid for what's inside the locked box.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..