Schneier on Security
A blog covering security and security technology.
« Secret Questions |
| Disabling Cars by Remote Control »
March 17, 2010
Using insider knowledge the two hacked into software that controlled remote betting machines on live roulette wheels, the report said.
The machines would print out winning betting slips regardless of the results on the wheel, Peterborough Today said.
I'd like to know how they got caught.
EDITED TO ADD (4/17): They got their math wrong:
However, the scheme came unstuck after an alert cashier noticed a winning slip for £600 for a £10 bet at odds of 35-1. The casino launched an investigation that unearthed a string of other suspicious bets, traced back to Ashley and Bhagat, IT contractors working at the casino at the time of the scam.
Posted on March 17, 2010 at 6:33 AM
• 58 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
From what I read they were caught when they tried to cash a slip for £600 winnings on a £10 bet. A savvy cashier noticed the discrepancy, given that the win should have paid 35/1.
Gamblers do this stuff all the time, and usually get caught by greed or talk. There was a quarter-horse exploit where a couple of bettors found they could cancel a bet if their horse didn't get out of the gate well (it matters in quarter-horse races). Word got around, and a gabby bettor let it slip to the management, who shut down the facility to cancel bets after a race started.
"'These men not only used their intimate knowledge of two complex systems to break the law and make these fraudulent claims, they also breached the trust of their employers and any semblance of professional integrity.''
... all while failing at basic math skills.
I'm surprised we don't see more of this sort of thing.
To quote Willie Sutton when asked by the FBI why he robbed banks "It's where the money is"...
Casino's are about the largest "cash" business you are likley to be able to walk into and get to put play with the machines that make the cash flow and the huge profits.
Both are from "Sarf Lon'non"
Andrew Owen Ashley, aged 30, of Laleham Road, Catford, and 31-year-old Nimesh Bhagat, from Balham...
Hmm anybody want their mobile phone numbers?
For "master criminals" they sure leave a lot of their details littered all over the web...
I'm surprised at how lenient the punishment is. It seems like it would be worth the risk for a copy cat to scam casinos in the same way... unless of course the casinos have changed their systems to remove this risk.
The big push in the security industry these days is to replace people with technology. This is an object lesson on how one alert human made all the difference when technology failed or was subverted.
When the Montreal casino opened, the keno game was flawed. One man made 600 000$ by exploiting a flaw in the pseudo-random number generator. He was able to predict winning numbers that reoccured because the game was restarted daily.
How they got caught?
Most likely, they got greedy.
Anomalies caused by statistic irregularities are easy to spot. Multiple high value wins would probably trigger various alerts.
Ran into a guy at costco who fixes poker machines and slots in vegas. He said to never ever play any gambling machine that comes with a computer screen.
"software that controlled remote betting machines on live roulette wheels"
This sounded far more evil the first time I read it. I take it "betting machines" referes to a devices that takes bets and verifies wins, not the actual wheel itself?
"The men, who stole close to $70,000, were given 12 month jail sentences suspended for two years and ordered to pay back $30,000 each, Peterborough Today reported."
Failing at basic math skills? They stole $70,000, had to pay back $30,000 each - seems like they still made $10,000.
It would have been interesting if they had of thought about their hack a bit more and made the payments to match the odds, they would still be free men?
Although probably reflagged in the casinos if they got greedy and became regular visitors and kept winning.
With a background check their software expertise would have provided more clues also.
Oh yeah. Read this in the Register http://www.theregister.co.uk/2010/03/15/...
@Clive "I'm surprised we don't see more of this sort of thing."
I think it's testament to how organized gambling controls its risk.
It's the technology that gives the gaps though.
Mitnik tells a story (same case that @wiredog refers to) in Art of Intrusion about a couple of geeks who bought a slot machine to figure out it had a weak random number generator, wrote an algorithm to track when the device would pay off, built wearable computers to run the calculation. Bingo! The casino knew the machine was paying off too often for the player so they trotted out their tech support to pull the boards and inspect for tampering while the player was on the machine. The tech guy had another guy (the kind with bulges in his coat) watching him to see if there was collusion. Estimates are they took the casinos for about a million. One got caught for being greedy. Vegas baby!
I guess this case is an example of why you guard the machines and a guard on the Tech.
I'd like a gig at a casino; it'd be nice to work for a client who takes security seriously.
I thought the register article was interesting in how Leyden framed the perps. "undone by greed and a schoolboy maths error". Ridicule is a long used social control. But doesn't that only work in a known social environment? With them bein' on linkedIn I guess virtual ridicule is possible.
And I would have gotten away with it too, if it wasn't for my lousy math skills.
If they didn't make this silly mistake, how long could they have kept this up until someone noticed? As long as you're not greedy hacks like this can easily make sure you don't need a day job.
@Sam "... seems like they still made $10,000."
Okay let's say they made 5000. The hundreds of hours community service makes that about 25$ an hour plus the court costs and lawyer fees. Two years probation that if they screw up they'll spend a year in jail which makes it about .55 cents an hour. Congratulations boyos there are children in 3rd world sweatshops earning more than you.
Add to that they now have to pursue new careers. We wouldn't hire a tech who had grand theft (esp a FAILed grand theft) in their background to carry out garbage let alone touch machines.
Failed basic math. Yah. I'd say.
@phillipe, @BF Skinner
Daniel Corriveau was the engineer who beat the Montreal Keno system back in 1994 (http://www.catless.org/Risks/15.80.html#subj2). The casino refused to pay originally when he and two family members hit 19 out of 20 numbers three times in a row. It appears that the real time clock was missing from the system, therefore the PNG kept using the same seed. Took a few weeks for the casino to pay out, but other than investigating where the clock went, they cleared Corriveau. I'd have to check Mitnick's book to see if that is the same story.
Their maths fail puts them well below the UK minimum wage:
They made an "estimated" £33,000. hey have had to pay back £16,000 each.
At *best* that leaves them £1000 (assuming the casino estimate is an accurate sum of what they took...).
So their 200 hours community service brings in £500 or £2.50 an hour even when you ignore the other costs, time spent in the casino earning the money, time spent in court etc.
It really is a situation where they would have been better off getting a real job - even a paper round 10 years ago would have paid more than this.
@Eric - unusual advice. The original reason for using computer screens was to get around some patents for the reels. These days, it's also a cheaper way to add some other features.
@BF Skinner- it's been about a decade, but I used to work for the gambling industry. I was often appalled at the unbelievable security gaps (and, heck, basic reliability gaps) lying all over the place, some of which required little effort to overcome (i.e. someone with little inside knowledge, scouting or skill could overcome with minimal effort). The industry just seems to work in the costs of a small amount of scamming into their profit calculations.
"EDITED TO ADD (4/17): They got their math wrong:"
So says the security guru who can't count months
Huh. There were supposed to be snark tags in the last message.
It doesn't sound like the same story. But maybe Mitnik just tells it better.
@John P " unbelievable security gaps "
I was ciphering on that. Did the perps figure out an unknown weakness or one left there for other people. If you an owner have a system built with gaps it's either what--incompetence or deliberate.
If it's incompetence we have full employment but if it's deliberate it'll be because someone benifits. (I class this kinda thing differently from a cost-benefit decision.)
Casino's, as Clive points out, are hugh cash slurpees. In Tokyo Vice Adelstein reported that the Yakuza was using Vegas to launder money, by appearing to gamble, to be used to pay for liver transplants for ailing Yakuza bosses.
If you exploit a bad random number generator (Montreal Keno, Mitnik's slot machine story) are you doing anything illegal? I suspect in most juristictions you are not.
I'm also surprised at the leniency of the sentence. And at the disconnect between subversion skills and basic maths skills. Especially when they had a computer to do the maths for them.
Why no jail time? Something's fishy.
wiredog et al: The "Eudamonic Pie" hack didn't involve slot machines, but roulette wheels. The authors had noticed that you could still place bets between the time the wheel was spun, and the time it came to rest. (I don't think you can do that anymore, pretty much because of this issue.)
They figured out a way to partially predict the result by watching the ball's motion on the moving wheel -- not the exact number, but enough to beat the house on some of the other bets available (quartets of the wheel? I forget exactly). Then they went in with custom computers built into their shoes, using the then-new 6502 chips. They had various adventures (including getting shocked by wires running up their sweaty legs), but never did manage to turn a significant profit from the scheme.
Nowadays, of course, casinos will throw you out (or worse) if they catch you using electronics at the tables....
Now, I understand the words used in that comment but it makes no sense to me. It is so generic, and in this instance inaccurate, it could have been a comment on any blog post in the world.
Also, as your URL points to a "finance" website, am I right in thinking your comment is simply script generated spam.
If I am wrong, I am genuinely sorry but could you please elaborate on what you are trying to say here.
I wont hold my breath waiting for an answer though....
@fitflops, I think the same about you....
(and your comment on the previous post)
We say casino thieves always get greedy or mouthy and then get caught. Trouble is, if there are any smart casino thieves, they'll never be caught and we'll never hear about them. (Unless they write a book, like the Eudaimonic Pie people.)
@Locksmith spam - is there any actual return of investment on this, or does it (as I suspect) just deter even the most tenuous of potential customers?
I've got to agree with Greensquirrel here. This statement sounds almost as if it was intended for another blog and topic. It's a bit Dada.
I was wondering about the jail time. I reckon it was plea bargined but after reading a couple of Clive's posts I've decided I REALLY don't know how the English system works. In the US though any sentence that is under a year means, in general, the crime is a misdemenor. Given the size of the loss, I'd've thought it was a felony.
I think the suspect comments are Markov-chain generated spam. It's the new hit for blog comments because it looks kinda-sorta related to the topic.
With the predictable IANAL caveat, this isnt that unusual a punishment (although our justice system does seem erratic at times, this is more down to the publicity an offence attracts rather than how heinous it is).
Not only am not a lawyer, but I am not a criminologist. However, it seems to be a reasonable punishment for this crime - the victim only suffered financially and is repaid. The offenders are given a punishment which allows them to "pay back" to their community. All this is done without incurring costs to the state of detaining them in the prison system.
This is basically a 12 month suspended sentence (2 year good behaviour order, so their libert can be revoked at any time, for minimal evidence) supplemented with 200 hours community service (25 eight hour days for example).
As I say, it sounds fair punishment for the crime.
@ BF Skinner,
"after reading a couple of Clive's posts I've decided I REALLY don't know how the English system works"
I don't think the English system knows how it works either...
We have a bunch of political idiot's some are trying to get re-elected, a large number of whom have been caught out on the lax rules on MP's expenses (the sort of laxness that would get you or I jailed if we did it to a company). Anyway the Police where called in and some of the MP's may face charges. However I suspect it will all quietly disapear as happened with "cash for questions" and Lord Levey and Labour party backhanders ie become a Lord for donating to the bankrupt (moraly as well as financialy) Labour party.
Now importantly to get re-elected these numpties have to take a "moral high ground" and show they have "Policies that work".
So what easier way to go than be "tough on crime". So we have one of the highest numbers of people locked up in the west per head of population.
Well the problem is our jails are full, and as we have to be "seen to be tough on crime" we obviously cannot clear the jails out (even of very low risk prisoners). And as we are bankrupt as a country (due to the same political idiots) we cannot build new jails.
So we have a problem "no where to stack the bodies".
Now the class system is still very much working in the UK, only it's softened around the edges due to money buying power and political ears.
So judges have effectivly been given orders about who gets locked up and who does not.
But more importantly "people" not "organisations" vote and we will be doing that in the next few months.
Thus the only people getting "banged up" are those who have victimes who are "people".
Now look at this pair of would be criminal master minds, who have they hurt, well the casin's but, casino's are very unpopular not just with the politicos but also the voters. So this pair get the "Robinhood effect" in their favour.
Then of course the "class system" comes into play you have your "blue collar workers", your "white collar workers", your "geeks" and those "who don't get their hands sullied with work".
Now your average judge is not the brightest individual in the world and out side of their own speciality they are but naves in the woods (the same applies to the rest of the world but most of us are self honest enough to admitt it). Judges have to project this air of worldly wiseness but when it comes to tax or technology crime they are so far out of their depth they are going to need rescuing.
And this is the trouble "expert witnesses" are starting to be the "judge and jury" in court partly due to the CSI effect but also due to judges not allowing them to be cross questioned "in a way that would confuse the jury" (AKA don't make the judge look stupid). It has of recent times become obvious that "expert witnesses" are increasingly becoming "strawmen" (in the original meaning) and that they are abusing their position of "representing the court" not a plaintiff or defendant.
So this case would have been a nightmare and would have potentialy turned into a very expensive three ring circus. Worse the victim (ie the casino) would have come off in a very very poor light, the judge likewise (their not the brightest lights technicaly in Croydon). Then there was a very good chance the pair would have got off simply due to arguing it out infront of a jury that are going to be overly sympathetic to the defendants any way.
So yes in a way they did plee bargin, they stood up and said "yup we shoudn't have done it" which immediatly gets them a reduction in any sentance, but as their representative would have made clear in the first place there is an extra price for not alowing a three ring circus to happen which would only benifit the defendants not the crown or the court.
Then there is the question of "time sofar served" it has taken the courts two years to get to this stage, what we don't know is what conditions they where bailed under or why it has taken so long, and thus we don't know how weak the prosecution case may have been...
And of course there is another issue, "what would have come out at an open trial" I suspect that the two know rather more than many would like aired in public and worse any testomany they might give in court becomes "special" should a future case involving the casino or the manufactures of the equipment come up.
Remember in the UK casino's are licenced and any wiff of impropriatory on the casino's behalf could cost them their licence to operate...
So for instance what if the pair chalenged the casino and sent in a buch of forensic accountants what do you think they would uncover?
At the very least it's likley to reveal serious short comings in security etc and very possably that the casino's are getting hit by fraud all the time...
All in all the way this has paned out, the corner of the carpet has been lifted there have been a couple of deft strokes of the broom and the problem has (potentialy) gone away for all concerned, including it appears for the defendants (unless the linkedin page is inacurate).
@ Lesser Whark,
"We say casino thieves always get greedy or mouthy and then get caught."
Because we think that "all thieves" are the same.
Irrespective of what you may get told or led to belive the simple fact is that criminals are caught due to one of two things,
In any activity legal or otherwise there is risk or a "chance that something will go wrong" the chance is always there, thus it falls to the probability of that chance occuring and the mitigation you put in place.
The thing about a chance, is it's best compared to a major lottery ticket. It's not just a simple case of either "it wins" or "it loses" ie just two states. The question is do we know all the states ie we know lose but there are usually many more than one prize, and can we give them accurate probabilities. The answer is no as more than one ticket can win the main lottery prize, and the size of that is dependant on how many of the fixed small prizes are won.
Thus mitigation of risk is quite a complex issue and thus almost impossable to do even for people who are far from stupid...
So on to "stupidity", crime comes in many forms from "oprtunistic crime" through to carefully planed and executed crime.
Most criminals make the mistake of "seeing the prize" not the "issues" thus they tend to take risks that are "stupid".
They often also fail to understand probability and human nature. Thus fail to realise that you cannot go on doing exactly the same thing and expect to get away with it like the last time (the Police do understand this and give it the monica "MO").
Worse some think they are clever and actualy tell people how clever they have been and surprisingly of those not caught by MO something like 80% are caught because they flap their lips...
Now there are crimes you can commit where you will get away with it except by chance, due to simple economics.
These are crimes that are "low value" not just individualy but in agrigate in any given juresdiction. Which is why Internet scamming can be so lucrative.
If you say hit 20 people in each US "county" for 100USD provided you do not live in the county or state the chances are you will get away with it because the cost of investigation is not going to clear the hurdle for the local Police Dept. Which is why you have the FBI, but again there is a threshold that has to be reached, and it is different for each type of crime and where the criminals potentialy are (ie in the US, in a country with extradition agrement, in a country which has no extradition agreement etc etc).
One side effect of this is "crime value inflation". We know that Credit Card information only sells for a very low value thus a cracker is only expecting to realise say 1USD per set of information. However the theft of that information is regarded by the authorities as say 300USD/card (I cannot remember the actual value so use a pinch of salt). Even though there is little likleyhood of that sum being lost, let alone raised by the criminals concerned. Likewise we see ridiculous values being put on the cost of "cleaning up" after a Malware infection.
It does how ever get the crime above the investigation threshold.
There are other tricks such as using the US "Racketeer Influenced and Corrupt Organizations Act" or RICO laws for what are not realy crimes (ie where people within the US have sold "get rich quick our way" scheams and have made the mistake of "off shoring" some of the money).
"Trouble is, if there are any smart casino thieves, they'll never be caught and we'll never hear about them. (Unless they write a book, like the Eudaimonic Pie people.)"
If they are "realy smart" they won't be thieves as they won't be breaking any laws when they take the money, but those who follow in their footsteps will in all probability will be thieves as the laws will be changed, such is the power of lobbying ;)
@Clive - at the risk of getting into a political debate the only bit I didnt agree with is:
"We have a bunch of political idiot's some are trying to get re-elected, a large number of whom have been caught out on the lax rules on MP's expenses (the sort of laxness that would get you or I jailed if we did it to a company). "
As I seem to recall things, most of the MPs simply made expenses claims within the excepted norms for their organisation. The problem was *we* as a people had been tricked into allowing them to claim for things we now feel are inappropriate.
There is a big difference between making a fraudulent expenses claim and simply claiming all the available expenses. When I am fortunate enough to be doing expenses paid work I certainly make sure I claim everything possible and I dont have the slightest hint of a urge to repay - If I can claim for a taxi, I will get one rather than the tube for example.
The MD of the company I am working with at the moment regularly claims banquets and champagne on his expenses - its accepted as part of the business package. If, next year, the company changes it mind and wants him to stop they cant just assume "asking him nicely" will do it, nor should he have to repay anything he has legitimately claimed. To stop him they need to change the policy and cease approving his claims.
The *most* annoying thing for me about the MP expenses farce, is that I find myself feeling sorry for, and defending the actions of, bloody MPs....
re: Mr. Harmon
Yes, you are correct. Today, physically playing roulette, the bets are fixed in place before the ball is launched into the wheel.
If you watch carefully, you'll see the person running the table sweep their hand over the table, both to indicate that no more betting is allowed and to give him/herself a pretty good idea about what bets have already been placed.
PS - They're thirds, and the fun bit is that the major difference is how horizontal the wheel is. As a gyroscope, the wheel will spin at a constant speed at any angle, but the ball will go faster or slower whether it's going uphill or downhill. Obviously, when the ball is going slower, it's more likely to drop. J.
"The *most* annoying thing for me about the MP expenses farce, is that I find myself feeling sorry for, and defending the actions of, bloody MPs...."
Don't, there is a bit more to the story than most newspapers have said.
The MP's rules may have alowed them to play fast and lose with the expenses.
But some of those "second homes" are covered by tax law.
Take Harriot Harman for instance who has repayed some of the money. But by so doing, she has effectivly addmitted making a false tax return (a criminal offence). Which might also involve tax evasion (another criminal offence).
So the question is will the "tax man" come and visit as he would if you or I had done the same thing?
I realy don't think they will which means some MP's get away with it where as you or I would be looking at having all our assets siezed under laws supposadly designed to "asset strip" oganised crime bosses, but are being used instead to go after people who may not have actually commited a crime to stop them being able to defend themselves...
Have a read of,
It might make your eyes water.
Sadly we have a long history of legislation finding new purposes and POCA is no different.
The tax evasion issues are quite complicated, but mostly because the more foolish MPs paid back their expenses claims (creating very cumbersome tax situations).
The problem is we have craven politicians in all parties who would happily publically humilate themselves if it had a chance of getting a swing voter to side with them. This lead to the rush of pointless attempts to pay back legitimately claimed expenses.
The only thing worse than MPs are the ones who really control the country (Daily Mail, Express, etc).
Interesting story considering the article in today's WSJ: http://online.wsj.com/article/... Methinks it's time for the hospitality industry to get serious about data security, especially since Nevada's new data privacy law specifically references PCI DSS.
I must have, I must have put a decimal point in the wrong place
or something. Sh**. I always do that. I always mess up some mundane
Humans are the weakest and the strongest link to run computer operated machine. If these two people can create havoc, what do you think the mischief mind of a business owner can do? Think about it when you back in casino and playing at computer operated poker or black jack machine. I’m sure there are regulations regarding this bamboozling behavior but the key is who is monitoring these casinos, whoever that might be should be totally independent
@GreenSquirrel "more down to the publicity an offence attracts rather than how heinous it is...offenders are given a punishment which allows them to "pay back" to their community. All this is done without incurring costs to the state of detaining them in the prison system."
Interesting motivation for being smart and quiet. But as for the logic...non-violent offenders sanctioned and made to restitute...it's just too logical. Give me smiting! I don't think there's enough smiting! going on.
Been following the MPs woes. But be fair--moats are not cheap to maintain.
Oh and on the subject of national justice "systems"? America's system is name only but there is a fair amount of vigourous smiting..
Fitflops was certainly a real person--Markov chains aren't anywhere near that good. The person clearly read the entry, and their English is perfectly serviceable. It's just Indian English as written by a second-language speaker who's in a hurry. It would be easy to mistake that for a legitimate comment if it weren't for the username, the link, and the fact that they really don't have anything to say. I assume that Fitflops is being paid to do this -- probably underpaid, since they're paying more attention than most.
The locksmith also looks to be a human coming in on a search for "Home Security Blogs." They're probably going down the list of Google results for that phrase and cut-and-pasting an ad. My guess is that that's the actual locksmith, since only an amateur would think including a phone number was a good idea.
A lot of "spam" nowadays is human-powered, or at least human-assisted, and most of it seems to come from people using Google to find targets. So Bruce's high Google ranking is a bit of a mixed blessing.
A while ago I noticed there was less handcrafted advertising coming in, especially the completely off-topic kinds (ads for shoes, and so forth). It turned out that when the blog homepage moved from http://www.schneier.com/blog/ to just http://www.schneier.com/, it slipped from the second to the third page of Google results for the word "blog." I guess a lot of people give up before they get that far.
@ BF Skinner,
"Been following the MPs woes. But be fair--moats are not cheap to maintain."
Ok I'll give you that but what about the duck house?
And how about a brand new double bed every year?
Call me nieve but what on earth are they upto to wear out a double bed every year...
"Oh and on the subject of national justice "systems"? America's system is name only but there is a fair amount of vigourous smiting.."
You remind me of an old joke (opps done that one before sorry ;)
Two Russians are siting in a siberian labour camp drinking their cabbage water soup. One turns to the other and says "hey Stephanofonvich what did you get?"
The other replies "fifteen years hard labour, how about you?"
To which the first replies proudly "five years hard labour for writting a poem! What was it you did to get fifteen?"
Stephanofonvich replies "I don't realy know"
To which the first says "Come on it must have been something serious for fifteen years?"
Stephanofonvich say's "well I was charged with being drunk in charge of a dog, and the judge was summing up and I lent across to my brief and wispered 'what's this idiotic old windbag saying' and the next thing I know the judge screams fifteen years."
The first man thinks for a moment and says knowingly "Aghh sedition!, you where lucky my freind to only get fifteen years."
I must be the only skeptic reading this, because for me this smells worse than week old fish.
I'll bet the scheme was exposed by other means and this "I can't multiply, I'm stupid" cover story was cooked up because the casino didn't want the truth to be known. Under such circumstances is is not surprising that free passes were issued....
This is not a "nice" hack. If they didn't get caught then maybe it would've been an elegant hack...
@RT: That is EXACTLY what I was picturing as I read this story. Mundane detail, indeed!
Agreed that it is a fair punishment for the crime committed. However, anybody who has the time to offer any of the ''casino hackers'' personal details need to take a long hard look at themselves. What value would that give this discussion, absolutely none. Get a life!! Done and dusted.
"However, anybody who has the time to offer any of the ''casino hackers'' personal details need to take a long hard look at themselves. What value would that give this discussion, absolutely none."
Their basic details are a matter of public record and have been put on the web by their respective local newspapers and can be found in ten second google search.
They also have put their personal details up on the web for amongst other things getting employment.
As has been noted atleast one of them has said they have received a promotion etc since being arrested.
As they appear to work for an organisation that "rents them out" to other casino's it begs the question of if the material fact that they have been arrested charged and pled guilty has been disclosed to their employers clients...
If not then this may give rise to significant legal issues.
In the UK not declairing material facts such as criminal convictions on CV's and other employment related documentation can not only result is summery termination of employment without appeal, but can also result in further criminal penalties for fraud.
Further in the UK an employer has a legal duty of care to many people and would be required to disclose such material facts where known to them where relavant or face similar penalties.
But worse not doing so may be trading illegaly as it is a material fact an insurance organistion would require to know. And not informing them would in most cases result in the termination of any and all policies including public liability insurance...
Because of the seriousness of hiding such information in the UK there is actually an act of Parliment that is directly related to it (Rehabilitation of Offenders Act 1974 as ammended see http://www.lawontheweb.co.uk/rehabact.htm ) which deals with when a criminal conviction is "spent" and when and when not it nolonger is a material fact and for whom (some convictions for some types of employment never become spent).
Over and above all of this is the simple fact that they have chosen willingly at some point to put all their "personal details" into the public domain. This fact alone might for many call into question their judgment irespective of any crimes they might have been convicted of...
So from the "security" asspect yes these details are relevant.
@clive "a brand new double bed every year"
What can you say? but "Dude! way to go" Does National Health distribute the Viagra as well?
Another gulag joke:
1st guy. Why are you here?
2nd guy. I critized Kamerov. Why are you here?
1st guy. That's funny I commended Kamerov. Why are you here?
3rd guy. That's funny. I AM Kamerov.
@ BF Skinner,
"Does National Health distribute the Viagra as well?"
A friend of mine from Scotland who climbes mountins has been prescribed Sildenafil citrate (viagra) to help with breathing when they are on top....
Apparently it's a vasodilator and is realy good for prevention of one form of altitude sickness, also known as HAPE (High Altitude Pulmonary Edema).
Saddly although I regularly get PE's (at ground level these days) viagra will apparently not be perscribed as it's "off book" or some such (But hey I'm willing to give it a try ;)
Apparently viagra's use for HAPE was discovered by a group of french doctors. Which begs the question what on earth where a bunch of french doctors doing so far up a mountin with viagra...
However the real work was, my friend tells me done by a group of doctors from Scotlands Capital who took a bunch of 100 Uni student to a lab up a Bolivan mountain and gave half of them 1.5 times the normal viagra dose three times a day and watched to see what would happen. Apparently several got quite frisky and zoomed up and down to the summit at 18,000ft several times a day...
Oh and apparently one form of Pulmonary Hypertension does respond to Sildenafil but... they don't call it viagra but something else.
So for those taking it for recreational activities not only does it help you stay on top but improves your breathing to get more oxygen into the system...
In the UK not declairing material facts such as criminal convictions on CV's and other employment related documentation can not only result is summery termination of employment without appeal, but can also result in further criminal penalties for fraud.
The expense account comments are interesting. When I travel, I get a certain amount of per diem, and mileage if I use my p.o.v. I am not required to actually spend it. Likewise, upper management often prefer lax expense accounts to salary increases for tax reasons. The most wiley expense account user was George Washington, who served for 8 years without pay. If you read "George Washington's Expense Account", you will discover his expenses were far higher than his salary, which has been true for almost every president who ever served.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.