1971 Social Engineering Attack

From Betty Medsger's book on the 1971 FBI burglary (page 22):

As burglars, they used some unusual techniques, ones Davidon enjoyed recalling years later, such as what some of them did in 1970 at a draft board office in Delaware. During their casing, they had noticed that the interior door that opened to the draft board office was always locked. There was no padlock to replace, as they had done at a draft board raid in Philadelphia a few months earlier, and no one in the group was able to pick the lock. The break-in technique they settled on at that office must be unique in the annals of burglary. Several hours before the burglary was to take place, one of them wrote a note and tacked it to the door they wanted to enter: "Please don't lock this door tonight." Sure enough, when the burglars arrived that night, someone had obediently left the door unlocked. The burglars entered the office with ease, stole the Selective Service records, and left. They were so pleased with themselves that one of them proposed leaving a thank-you note on the door. More cautious minds prevailed. Miss Manners be damned, they did not leave a note.

Posted on February 5, 2014 at 6:02 AM • 22 Comments

Comments

AnonFebruary 5, 2014 9:08 AM

There were more than a few stories in "The Soul of a New Machine" about MIT student/hackers doing similar acts. One in particular involved a student who entered a professor's office after hours through the ceiling tiles and left a nice foot print on the desk. Lock picking seems to have been very popular among MIT hackers at the time for obvious reasons.

John CampbellFebruary 5, 2014 10:09 AM

I would not be surprised if the note wasn't just "please leave this door unlocked" but had the additional "for cleaning".

They likely did a nice job of cleaning the floor.

(smirks)

AnonFebruary 5, 2014 11:19 AM

@Evan Anderson: yes & thanks on the correction and yes, they were/are both excellent books. I'll blame the confusion on poor memory. Maybe I should dig them out of the closet and read them again during the next snow storm. ;^)

AlexFebruary 5, 2014 2:44 PM

I'll admit that in my misspent youth, I did leave a similar note "please leave door unlocked" at a building which I wanted to gain entry into after business hours. It worked rather well. Although it sounds like the FBI burglars put the note on the outside of the door. I put mine on the inside during business hours and came back several hours later once everyone had left.

In general, social engineering remains my most fav. and most effective "hack" I can think of. Even with my legitimate work today, I often find myself doing a little bit of social engineering to obtain information which would be a royal PITA to obtain using the normal process.

65535February 5, 2014 11:18 PM

I can assure you that Social Engineering (confidence game) is alive and working 43 years later.

My elderly relative got a pop up on her yahoo account asking her to change her password and input her cell phone number for verification (the con-artists wanted her new yahoo password which was daisy-chained to her facebook, gmail, and so on. The cell phone number would probably have helped in the above scam and in credit card theft).

I saw the situation and moved her to an uninfected computer and she accessed her yahoo account with no problems or pop-ups asking for a change of password and cell phone number. It think this kind of scam happens every day.

kingsnakeFebruary 6, 2014 6:10 AM

I once got to a college class early, wrote "Class is cancelled" on the white board, and walked back out. I'm sure th professor wondered why nobody showed up ...

JenFebruary 6, 2014 8:58 AM

@kingsnake: The most likely thing that happened is when the professor arrived 3 minutes later, they erased your message. Everyone else attended the class, and you were marked absent.

What's the point of paying for college if you don't care about what you're trying to learn?

kingsnakeFebruary 6, 2014 11:53 AM

@Jen: One class, one day, in 250 college credits, with a 3.7 GPA. Mighty judgemental, aren't we?

bilgobaFebruary 6, 2014 12:10 PM

How much did your classmates spend on that class? How much planning and time went into preparing for it for them? Collectively, how much do you think was wasted because of your not particularly imaginative prank?

You weren't even there to see it. How many years have you been laughing at what you imagined happened? It must be such a happy little fantasy. Do you imagine the professor throwing his papers down in frustration? "Who did this?!" he must have said, "I'll get them one day!" Do you imagine the cute kid who sat next to you looking around longingly and wondering where you went, suspecting that you were the only person cool enough to write the note? It must be so exciting to dream about what happened that day you weren't there.

I can't imagine a more lame thing to do. No, wait. Bragging about it years later in a thread about clever social engineering. That would make it just pathetic. Oh! Wait. That's exactly what you just did here, isn't it?

SchneieronSecurityFanFebruary 7, 2014 9:09 PM

Trust on the inside could lead people to let their guard down.
The hacker, Kevin Mitnick, would walk through an office he was targeting and leave behind a floppy disk with a label similar to "payroll.xls". Actually, the disk had an infected file on it that allowed him to gain access to the office remotely.

ErasFebruary 11, 2014 2:11 AM

I've got one better than the class is canceled story.

1st year physics students go to their first class. A graduate student knew the professor was late so he went ahead to the class. There he proceeded to talk about Math Physics (senior level stuff) and that there would be a test on the material next class. When all the students were suitably dumbfounded and near fainting, he got out of there just minutes before the professor arrived.

I always thought that guy was just mean.... :-)

William LeeFebruary 13, 2014 9:43 PM

love the 'mods minecraft' spam comment - it's actually appropriate! You know what they say about stopped clocks...

Peter ShenkinFebruary 15, 2014 1:41 PM

In the '80s I did a post-doc at Columbia with Cy Levinthal, on protein folding. We used Davidon's cubic-interpolation algorithm in our minimization routines. Cy was an active anti-war and peace activist, and I met Davidon one time when he came through and gave a talk in the Engineering department. When I read about Davidon's masterminding of the theft I was amazed but also amused. Given Cy's background, I would not have been surprised if he knew about it all along. In any event, a number of people did, and were able to keep a pretty good secret for many years. I have to say, hats off to Bill Davidon. Black hats, perhaps, but hats nonetheless.

Y. PercoMarch 14, 2014 3:51 AM

Here is an example of daylight robbery I heard recently. Several strong men in broad daylight went into the shopping center, raised ATM on their hands and carried it through the main entrance before visitors’ eyes. Then they loaded ATM in truck (maybe it was a mini-van) and went to unknown direction. I don’t know whether they were caught or not.

EugenioMarch 15, 2014 11:39 AM

Time ago, at launch time in our company (that has its own cafeteria) my colleague jokingly said, "let's go for launch because they are closing 1/2 hour earlier", but it still took us about 15 minutes to finally get together and go to the cafeteria, when we got there the cafeteria was crammed with people and more were arriving!, some of them bitching about the earlier closing for the day, apparently somebody heard my college comment not knowing he was just kidding so she/he spread the word. It seem liek people will fail on the safe side and follow rather that verify or challenge.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..