Entries Tagged "theft"

Page 14 of 22

Los Alamos Explains Their Security Problems

They’ve lost 80 computers: no idea if they’re stolen, or just misplaced. Typical story—not even worth commenting on—but this great comment by Los Alamos explains a lot about what was wrong with their security policy:

The letter, addressed to Department of Energy security officials, contends that “cyber security issues were not engaged in a timely manner” because the computer losses were treated as a “property management issue.”

The real risk in computer losses is the data, not the hardware. I thought everyone knew that.

Posted on February 17, 2009 at 5:00 AMView Comments

Shoplifting on the Rise in Bad Economy

From the New York Times:

Police departments across the country say that shoplifting arrests are 10 percent to 20 percent higher this year than last. The problem is probably even greater than arrest records indicate since shoplifters are often banned from stores rather than arrested.

Much of the increase has come from first-time offenders like Mr. Johnson making rash decisions in a pinch, the authorities say. But the ease with which stolen goods can be sold on the Internet has meant a bigger role for organized crime rings, which also engage in receipt fraud, fake price tagging and gift card schemes, the police and security experts say.

[…]

Shoplifters also seem to be getting bolder, according to industry surveys.

Thieves often put stolen items in bags lined with aluminum foil to avoid detection by the storefront alarms. Others work in teams, with a decoy who tries to look suspicious to draw out undercover security agents and attract the attention of security cameras, the police said.

“We’re definitely seeing more sprinters,” said an undercover security guard at Macy’s near Oakland, Calif., referring to shoplifters who make a run for the door.

A previous post listed the most frequently shoplifted items: small, expensive things with a long shelf life.

EDITED TO ADD (1/13): Maybe shoplifting isn’t on the rise after all.

Posted on December 29, 2008 at 2:52 PMView Comments

How to Steal the Empire State Building

A reporter managed to file legal papers, transferring ownership of the Empire State Building to himself. Yes, it’s a stunt:

The office of the city register, upon receipt of the phony documents prepared by the newspaper, transferred ownership of the 102-story building from Empire State Land Associates to Nelots Properties, LLC. Nelots is “stolen” spelled backward.

To further enhance the absurdity of the heist, included on the bogus paperwork were original “King Kong” star Fay Wray as witness and Willie Sutton, the notorious bank robber, as the notary.

Still, this sort of thing has been used to commit fraud in the past, and will continue to be a source of fraud in the future. The problem is that there isn’t enough integrity checking to ensure that the person who is “selling” the real estate is actually the person who owns it.

Posted on December 15, 2008 at 12:23 PMView Comments

TSA Aiding Luggage Thieves

In this story about luggage stealing at Los Angeles International Airport, we find this interesting paragraph:

They both say there are organized rings of thieves, who identify valuables in your checked luggage by looking at the TSA x-ray screens, then communicate with baggage handlers by text or cell phone, telling them exactly what to look for.

Someone should investigate the extent to which the TSA’s security measures facilitate crime.

Posted on December 2, 2008 at 2:15 PMView Comments

UPC Switching Scam

It’s not a new scam to switch bar codes and buy merchandise for a lower value, but how do you get away with over $1M worth of merchandise with this scam?

In a statement of facts filed with Tidwell’s plea, he admitted that, during one year, he and others conspired to steal more than $1 million in merchandise from large retailers and sell the items through eBay. The targeted merchandise included high-end vacuum cleaners, electric welders, power winches, personal computers, and electric generators.

Tidwell created fraudulent UPC labels on his home personal computer. Conspirators entered various stores in Ohio, Illinois, Indiana, Pennsylvania and Texas and placed the fraudulent labels on merchandise they targeted, and then bought the items from the store. The fraudulent UPC labels attached to the merchandise would cause the item to be rung up for a price far below its actual retail value.

That requires a lot of really clueless checkout clerks.

EDITED TO ADD (11/7): Video of talk on barcode hacks.

Posted on October 31, 2008 at 6:43 AMView Comments

UK Ministry of Defense Loses Memory Stick with Military Secrets

Oops:

The USB stick, outlining training for 70 soldiers from the 3rd Battalion, Yorkshire Regiment, was found on the floor of The Beach in Newquay in May.

Times, locations and travel and accommodation details for the troops were included in files on the device.

It’s not the first time:

More than 120 USB memory sticks, some containing secret information, have been lost or stolen from the Ministry of Defence since 2004, it was reported earlier this year.

Some 26 of those disappeared this year == including three which contained information classified as “secret”, and 19 which were “restricted”.

I’ve written about this general problem before: we’re storing ever more data in ever smaller devices.

The point is that it’s now amazingly easy to lose an enormous amount of information. Twenty years ago, someone could break into my office and copy every customer file, every piece of correspondence, everything about my professional life. Today, all he has to do is steal my computer. Or my portable backup drive. Or my small stack of DVD backups. Furthermore, he could sneak into my office and copy all this data, and I’d never know it.

The solution? Encrypt them.

Posted on September 16, 2008 at 6:21 AMView Comments

Security Idiocy Story

From the Dilbert blog:

They then said that I could not fill it out—my manager had to. I told them that my manager doesn’t work in the building, nor does anyone in my management chain. This posed a problem for the crack security team. At last, they formulated a brilliant solution to the problem. They told me that if I had grocery bag in my office I could put the laptop in it and everything would be okay . Of course, I don’t have grocery bags in my office. Who would? I did have a windbreaker, however. So I went up to my office, wrapped up the laptop in my windbreaker, and went back down.

People put in charge of implementing a security policy are more concerned with following the letter of the policy than they are about improving security. So even if what they do makes no sense—and they know it makes no sense—they have to do it in order to follow “policy.”

Posted on August 6, 2008 at 1:52 PMView Comments

Laptop with Trusted Traveler Identities Stolen

Oops. A laptop with the names of 33,000 people enrolled in the Clear program—the most popular airport “trusted traveler” program—has been stolen at SFO. The TSA is unhappy.

Stealing databases of personal information is never good, but this doesn’t make a bit of difference to airport security. I’ve already written about the Clear program: it’s a $100-a-year program that lets you cut the security line, and nothing more. Clear members are no more trusted than anyone else.

Anyway, it’s easy to fly without an ID, as long as you claim to have lost it. And it’s also easy to get through airport security without being an actual airplane passenger.

None of this is security. Absolutely none of it.

EDITED TO ADD (8/7): The laptop has been found. Turns out it was never stolen:

The laptop was found Tuesday morning in the same company office where it supposedly had gone missing, said spokeswoman Allison Beer.

“It was not in an obvious location,” said Beer, who said an investigation was under way to determine whether the computer was actually stolen or had just been misplaced.

Why in the world do these people not use full-disk encryption?

Posted on August 5, 2008 at 12:09 PMView Comments

1 12 13 14 15 16 22

Sidebar photo of Bruce Schneier by Joe MacInnis.