Entries Tagged "theft"

Page 19 of 21

Thief Disguises Himself as Security Guard

Another in our series on the security problems of trusting people in uniform:

A thief disguised as a security guard Tuesday duped the unsuspecting staff of a top Italian art gallery into giving him more than 200,000 euros ($253,100), local media reported.

The thief showed up Tuesday morning at the Pitti Palace, a grandiose renaissance construction in central Florence and one of Italy’s best known museums, wearing the same uniform used by employees of the security firm which every day collects the institution’s takings.

After the cashier staff gave him three bags full of money, he signed a receipt and calmly walked out.

Posted on May 12, 2006 at 6:10 AMView Comments

iJacking

The San Francisco Bay Guardian is reporting on a new crime: people who grab laptops out of their owners’ hands and then run away. It’s called “iJacking,” and there seems to be a wave of this type of crime at Internet cafes in San Francisco:

In 2004 the SFPD Robbery Division recorded 17 strong-arm laptop robberies citywide. This increased to 30 cases in 2005, a total that doesn’t even include thefts that fall under the category of “burglary,” when a victim isn’t present. (SFPD could not provide statistics on the number of laptop burglaries.)

In the past three months alone, Park Station, the police precinct that includes the Western Addition, has reported 11 strong-arm laptop robberies, a statistic that suggests this one district may exceed last year’s citywide total by the end of 2006.

Some stories:

Maloney was absorbed in his work when suddenly a hooded person yanked the laptop from Maloney’s hands and ran out the door. Maloney tried to grab his computer, but he stumbled across a few chairs and landed on the floor as the perpetrator dashed to a vehicle waiting a quarter block away.

[…]

Two weeks before Maloney’s robbery, on a Sunday afternoon, a man had been followed out of the Starbucks on the corner of Fulton Street and Masonic Avenue and was assaulted by two suspects in broad daylight. According to the police report, the suspects dragged the victim 15 feet along the pavement, kicking him in the face before stealing his computer.

In early February a women had her laptop snatched while sitting in Ali’s Café. She pursued the perpetrator out the door, only to be blindsided by a second accomplice. Ali described the assault as “a football tackle” so severe it left the victim’s eyeglasses in the branches of a nearby tree. In the most recent laptop robbery, on March 16 in a café on the 900 block of Valencia Street, police say the victim was actually stabbed.

It’s obvious why these thefts are occurring. Laptops are valuable, easy to steal, and easy to fence. If we want to “solve” this problem, we need to modify at least one of those characteristics. Some Internet cafes are providing locking cables for their patrons, in an attempt to make them harder to steal. But that will only mean that the muggers will follow their victims out of the cafes. Laptops will become less valuable over time, but that really isn’t a good solution. The only thing left is to make them harder to fence.

This isn’t an easy problem. There are a bunch of companies that make solutions that help people recover stolen laptops. There are programs that “phone home” if a laptop is stolen. There are programs that hide a serial number on the hard drive somewhere. There are non-removable tags users can affix to their computers with ID information. But until this kind of thing becomes common, the crimes will continue.

Reminds me of the problem of bicycle thefts.

Posted on March 31, 2006 at 1:06 PMView Comments

Blowing Up ATMs

In the Netherlands, criminals are stealing money from ATMs by blowing them up (article in Dutch). First, they drill a hole in an ATM and fill it with some sort of gas. Then, they ignite the gas—from a safe distance—and clean up the money that flies all over the place after the ATM explodes.

Sounds crazy, but apparently there has been an increase in this type of attack recently. The banks’ countermeasure is to install air vents so that gas can’t build up inside the ATMs.

Posted on March 10, 2006 at 12:26 PMView Comments

Kent Robbery

Something like 50 million pounds was stolen from a banknote storage depot in the UK. BBC has a good chronology of the theft.

The Times writes:

Large-scale cash robbery was once a technical challenge: drilling through walls, short-circuiting alarms, gagging guards and stationing the get-away car. Today, the weak points in the banks’ defences are not grilles and vaults, but human beings. Stealing money is now partly a matter of psychology. The success of the Tonbridge robbers depended on terrifying Mr Dixon into opening the doors. They had studied their victim. They knew the route he took home, and how he would respond when his wife and child were in mortal danger. It did not take gelignite to blow open the vaults; it took fear, in the hostage technique known as “tiger kidnapping”, so called because of the predatory stalking that precedes it. Tiger kidnapping is the point where old-fashioned crime meets modern terrorism.

Posted on February 27, 2006 at 12:26 PMView Comments

Identity Theft in the UK

Recently there was some serious tax credit fraud in the UK. Basically, there is a tax-credit system that allows taxpayers to get a refund for some of their taxes if they meet certain criteria. Politically, this was a major objective of the Labour Party. So the Inland Revenue (the UK version of the IRS) made it as easy as possible to apply for this refund. One of the ways taxpayers could apply was via a Web portal.

Unfortunately, the only details necessary when applying were the applicant’s National Insurance number (the UK version of the Social Security number) and mother’s maiden name. The refund was then paid directly into any bank account specified on the application form. Anyone who knows anything about security can guess what happened. Estimates are that fifteen millions pounds has been stolen by criminal syndicates.

The press has been treating this as an issue of identity theft, talking about how criminals went Dumpster diving to get National Insurance numbers and so forth. I have seen very little about how the authentication scheme failed. The system tried—using semi-secret information like NI number and mother’s maiden name—to authenticate the person. Instead, the system should have tried to authenticate the transaction. Even a simple verification step—does the name on the account match the name of the person who should receive the refund—would have gone a long way to preventing this type of fraud.

Posted on February 8, 2006 at 3:42 PMView Comments

RFID Zapper

This is an interesting demonstration project: a hand-held device that disables passive RFID tags.

There are several ways to deactivate RFID-Tags. One that might be offered by the industries are RFID-deactivators, which will send the RFID-Tag to sleep. A problem with this method is, that it is not permanent, the RFID-Tag can be reactivated (probably without your knowledge). Several ways of permanently deactivating RFID-Tags are know, e.g. cutting off the antenna from the actual microchip or overloading and literally frying the RFID-Tag by placing it in a common microwave-oven for even very short periods of time. Unfortunately both methods aren’t suitable for the destruction of RFID-Tags in clothes: cutting off the antenna would require to damage the piece of cloth, while frying the chips is likely to cause a short but potent flame, which would damage most textiles or even set them on fire.

The RFID-Zapper solves this dilemma. Basically it copies the mircowave-oven-method, but in a much smaller scale. It generates a strong electromagnetic field with a coil, which should be placed as near to the target-RFID-Tag as possible. The RFID-Tag then will recive a strong shock of energy comparable with an EMP and some part of it will blow, most likely the capacitator, thus deactivating the chip forever.

An obvious application would be to disable the RFID chip on your passport, but this kind of thing will probably be more popular with professional shoplifters.

Posted on January 4, 2006 at 6:35 AMView Comments

How Much High Explosive Does Any One Person Need?

Four hundred pounds:

The stolen goods include 150 pounds of C-4 plastic explosive and 250 pounds of thin sheets of explosives that could be used in letter bombs. Also, 2,500 detonators were missing from a storage explosive container, or magazine, in a bunker owned by Cherry Engineering.

The theft was professional:

Thieves apparently used blowtorches to cut through the storage trailers—suggesting they knew what they were after.

Most likely it’s a criminal who will resell the stuff, but it could be a terrorist organization. My guess is criminals, though.

By the way, this is in America…

The material was taken from Cherry Engineering, a company owned by Chris Cherry, a scientist at Sandia National Labs.

…where security is an afterthought:

The site, located outside Albuquerque, had no guards and no surveillance cameras.

Or maybe not even an afterthought:

It was the site’s second theft in the past two years.

If anyone is looking for something to spend national security money on that will actually make us safer, securing high-explosive-filled trailers would be high on my list.

EDITED TO ADD (12/29): The explosives were recovered.

Posted on December 20, 2005 at 2:20 PMView Comments

E-Hijacking

The article is a bit inane, but it talks about an interesting security problem. “E-hijacking” is the term used to describe the theft of goods in transit by altering the electronic paperwork:

He pointed to the supposed loss of 3.9-million banking records stored on computer backup tapes that were being shipped by UPS from New York-based Citigroup to an Experian credit bureau in Texas. “These tapes were not lost – they were stolen,” Spoonamore said. “Not only were they stolen, the theft occurred by altering the electronic manifest in transit so it would be delivered right to the thieves.” He added that UPS, Citigroup, and Experian spent four days blaming each other for losing the shipment before realizing it had actually been stolen.

Spoonamore, a veteran of the intelligence community, said in his analysis of this e-hijacking, upwards of 15 to 20 people needed to be involved to hack five different computer systems simultaneously to breach the electronic safeguards on the electronic manifest. The manifest was reset from “secure” to “standard” while in transit, so it could be delivered without the required three signatures, he said. Afterward the manifest was put back to “secure”? and three signatures were uploaded into the system to appear as if proper procedures had been followed.

“What’s important to remember here is that there is no such thing as ‘security’ in the data world: all data systems can and will be breached,” Spoonamore said. “What you can have, however, is data custody so you know at all times who has it, if they are supposed to have it, and what they are doing with it. Custody is what begets data security.”

This is interesting. More and more, the physical movement of goods is secondary to the electronic movement of information. Oil being shipped across the Atlantic, for example, can change hands several times while it is in transit. I see a whole lot of new risks along these lines in the future.

Posted on December 9, 2005 at 7:41 AMView Comments

1 17 18 19 20 21

Sidebar photo of Bruce Schneier by Joe MacInnis.