Entries Tagged "forgery"

Page 12 of 13

E-Hijacking

The article is a bit inane, but it talks about an interesting security problem. “E-hijacking” is the term used to describe the theft of goods in transit by altering the electronic paperwork:

He pointed to the supposed loss of 3.9-million banking records stored on computer backup tapes that were being shipped by UPS from New York-based Citigroup to an Experian credit bureau in Texas. “These tapes were not lost – they were stolen,” Spoonamore said. “Not only were they stolen, the theft occurred by altering the electronic manifest in transit so it would be delivered right to the thieves.” He added that UPS, Citigroup, and Experian spent four days blaming each other for losing the shipment before realizing it had actually been stolen.

Spoonamore, a veteran of the intelligence community, said in his analysis of this e-hijacking, upwards of 15 to 20 people needed to be involved to hack five different computer systems simultaneously to breach the electronic safeguards on the electronic manifest. The manifest was reset from “secure” to “standard” while in transit, so it could be delivered without the required three signatures, he said. Afterward the manifest was put back to “secure”? and three signatures were uploaded into the system to appear as if proper procedures had been followed.

“What’s important to remember here is that there is no such thing as ‘security’ in the data world: all data systems can and will be breached,” Spoonamore said. “What you can have, however, is data custody so you know at all times who has it, if they are supposed to have it, and what they are doing with it. Custody is what begets data security.”

This is interesting. More and more, the physical movement of goods is secondary to the electronic movement of information. Oil being shipped across the Atlantic, for example, can change hands several times while it is in transit. I see a whole lot of new risks along these lines in the future.

Posted on December 9, 2005 at 7:41 AMView Comments

Counterfeiting Ring in Colombia

Interesting:

Police assisted by U.S. Secret Service agents on Sunday broke up a network capable of printing millions of dollars a month of excellent quality counterfeit money and arrested five suspects during a raid on a remote village in northwest Colombia, officials said.

It’s a big industry there:

Fernandez said Valle del Cauca, of which Cali is the state capital, has turned into a center of global counterfeiting. “Entire families are dedicated to falsifying and trafficking money.”

And:

Colombia is thought to produce more than 40 percent of fake money circulating around the world.

Posted on November 29, 2005 at 4:29 PMView Comments

Ex-MI5 Chief Calls ID Cards "Useless"

Refreshing candor:

The case for identity cards has been branded “bogus” after an ex-MI5 chief said they might not help fight terror.

Dame Stella Rimington has said most documents could be forged and this would render ID cards “useless”.

[…]

She said: “ID cards have possibly some purpose.

“But I don’t think that anybody in the intelligence services, particularly in my former service, would be pressing for ID cards.

“My angle on ID cards is that they may be of some use but only if they can be made unforgeable – and all our other documentation is quite easy to forge.

“If we have ID cards at vast expense and people can go into a back room and forge them they are going to be absolutely useless.

“ID cards may be helpful in all kinds of things but I don’t think they are necessarily going to make us any safer.”

Posted on November 18, 2005 at 6:48 AMView Comments

Real ID and Identity Theft

Reuters on the trade-offs of Real ID:

Nobody yet knows how much the Real ID Act will cost to implement or how much money Congress will provide for it. The state of Washington, which has done the most thorough cost analysis, put the bill in that state alone at $97 million in the first two years and believes it will have to raise the price of a driver’s license to $58 from $25.

On the other hand, a secure ID system could save millions in Medicare and Medicaid fraud and combat identity theft.

Why does Reuters think that a better ID card will protect against identity theft? The problem with identity theft isn’t that ID cards are forgeable, it’s that financial institutions don’t check them before authorizing transactions.

Posted on October 14, 2005 at 11:20 AMView Comments

Forging Low-Value Paper Certificates

Both Subway and Cold Stone Creamery have discontinued their frequent-purchaser programs because the paper documentation is too easy to forge. (The article says that forged Subway stamps are for sale on eBay.)

It used to be that the difficulty of counterfeiting paper was enough security for these sorts of low-value applications. Now that desktop publishing and printing is common, it’s not. Subway is implementing a system based on magnetic stripe cards instead. Anyone care to guess how long before that’s hacked?

Posted on September 27, 2005 at 7:43 AMView Comments

Fingerprinting Paper

This could make an enormous difference in security against forgeries:

The scientists built a laser scanner that sweeps across the surface of paper, cardboard, or plastic, recording all of the unique microscopic imperfections that are a natural part of manufacturing such materials.

This scan serves as a fingerprint which, the scientists said, has two surprising properties: The fingerprints are robust, surviving scorching, dousing in water, crumpling, and scribbling over with pens. And these fingerprints depend on structures that are so complex and so small—on the scale of between one tenth and one ten-thousandth the diameter of a human hair—that nobody on the planet will be able to copy one for the foreseeable future. Unlike other methods such as using holograms or special inks, the fingerprint is already there.

Scientific American has more details:

All nonreflective surfaces are rough on a microscopic level. James D. R. Buchanan and his colleagues at Imperial College London report today in the journal Nature on the potential for this characteristic to “provide strong, in-built, hidden security for a wide range of paper, plastic or cardboard objects.” Using a focused laser to scan a variety of objects, the team measured how the light scattered at four different angles. By calculating how far the light moved from a mean value, and transforming the fluctuations into ones and zeros, the researchers developed a unique fingerprint code for each object. The scanning of two pieces of paper from the same pack yielded two different identifiers, whereas the fingerprint for one sheet stayed the same even after three days of regular use. Furthermore, when the team put the paper through its paces—screwing it into a tight ball, submerging it in cold water, baking it at 180 degrees Celsius, among other abuses—its fingerprint remained easily recognizable.

The team calculates that the odds of two pieces of paper having indistinguishable fingerprints are less than 10-72. For smoother surfaces such as matte-finished plastic cards, the probability increases, but only to 10-20. “Our findings open the way to a new and much simpler approach to authentication and tracking,” co-author Russell Cowburn remarks. “This is a system so secure that not even the inventors would be able to crack it since there is no known manufacturing process for copying surface imperfections at the necessary level of precision.”

To ensure the security of currency, you could fingerprint every bill and store the fingerprints in a large database. Or you can digitally sign the fingerprint and print it on the bill itself. The fingerprint is large enough to use as an encryption key, which opens up a bunch of other security possibilities.

This idea isn’t new. I remember currency anti-counterfeiting research in which fiber-optic bits were added to the paper pulp, and a “fingerprint” was taken using a laser. It didn’t work then, but it was clever.

Posted on August 12, 2005 at 10:30 AMView Comments

Forged Documents in National Archives Change History

A recently published book claims that Himmler was murdered by the British Special Operations Executive, rather than him committing suicide after the Allies captured him. The book was based on documents found—apparently in good faith—in the UK’s National Archive, which now appear to have been faked and inserted.

Documents from the National Archives used to substantiate claims that British intelligence agents murdered Heinrich Himmler in 1945 are forgeries, The Daily Telegraph can reveal today.

It seems certain that the bogus documents were somehow planted among genuine papers to pervert the course of historical study.

The results of investigations by forensic document experts on behalf of this newspaper have shocked historians and caused tremors at the Archives, the home of millions of historical documents, which has previously been thought immune to distortion or contamination.

It seems that the security effort at the National Archives is directed towards preventing people from removing documents. But the effects of adding forged documents could be much worse.

Posted on July 14, 2005 at 8:40 AMView Comments

Counterfeiting in the Sudan

It’s an NPR audio story: “Peace Also Brings New Currency to Southern Sudan.”

Sudanese currency is printed on plain paper with very inconsistent color and image quality, and has no security features—not even serial numbers. How does that work?

While [he] concedes the bills are poorly printed, he’s not worried about counterfeiting. This is because anyone who does it will be put in front of a firing squad and shot.

That’s one way to solve the problem.

Posted on June 6, 2005 at 7:46 AMView Comments

Stupid People Purchase Fake Concert Tickets

From the Boston Herald

Instead of rocking with Bono and The Edge, hundreds of U2 fans were forced to “walk away, walk away” from the sold-out FleetCenter show Tuesday night when their scalped tickets proved bogus.

Some heartbroken fans broke down in tears as they were turned away clutching worthless pieces of paper they shelled out as much as $2,000 for.

You might think this was some fancy counterfeiting scheme, but no.

It took Whelan and his staff a while to figure out what was going on, but a pattern soon emerged. The counterfeit tickets mostly were computer printouts bought online from cyberscalpers.

Online tickets are a great convenience. They contain a unique barcode. You can print as many as you like, but the barcode scanners at the concert door will only accept each barcode once.

Only an idiot would buy a printout from a scalper, because there’s no way to verify that he will only sell it once. This is probably obvious to anyone reading this, but it tuns out that it’s not obvious to everyone.

“On an average concert night we have zero, zilch, zip problems with counterfeit tickets,” Delaney said. “Apparently, U2 has whipped this city into such a frenzy that people are willing to take a risk.”

I find this fascinating. Online verification of authorization tokens is supposed to make counterfeiting more difficult, because it assumes the physical token can be copied. But it won’t work if people believe that the physical token is unique.

Note: Another write-up of the same story is here.

Posted on June 2, 2005 at 2:10 PMView Comments

Spelling Errors as a Counterfeiting Defense

This is a weird rumor.

ID cards in Belgium are being printed with intentional misspellings in an attempt to thwart potential fraudsters.

Four circular arcs on the ID cards show the country’s name in different languages—French, Dutch, German and English. According to the article, the German and English arcs will be spelled incorrectly, and misspellings will also appear elsewhere on the cards. The idea is that people making counterfeit cards won’t notice the misspellings on the originals and will print the fraudulent cards with the names spelled properly.

More information is here:

To trick fraudsters, the Home Office has introduced three circular arcs on the card—just beneath the identity photos—where you will find the name of the country in the official languages spoken in Belgium—French, Dutch and German, as well as in English. But instead of ‘Belgien’ in German, the ID card incorrectly uses the name ‘Belgine’ and instead of ‘Belgium’ in English, the card reads ‘Belguim’. Vanneste has promised other errors will be printed on the card to “further confuse fraudsters”. With any luck, these will not be revealed.

I’m not impressed with this as a countermeasure. It’s certainly true that poor counterfeits will have all sorts of noticeable errors—and correct spelling might certainly be one of them. But the more people that know about the misspellings, the less likely a counterfeiter will get it wrong. And the more likely a counterfeiter will get it wrong, the less likely anyone will notice.

I’m all for hard-to-counterfeit features in ID cards. But why make them grammatical?

Posted on June 1, 2005 at 7:58 AMView Comments

1 10 11 12 13

Sidebar photo of Bruce Schneier by Joe MacInnis.