Hidden Credit Card Skimmers
New credit card skimmers are hidden inside the card readers, making them impossible to spot.
EDITED TO ADD (3/11): Brian Krebs on this from over a year ago.
Entries Tagged "theft"
Page 6 of 22
Pirates Hack into Shipping Company's Database
A group of pirates—the real kind—determined which cargo to steal by hacking into a shipping company’s database.
Here’s the report.
Burglary Footage Turned into Commercial
Earlier this month, a Las Vegas taco shop was robbed in the middle of the night. The restaurant took the video-surveillance footage and turned it into a combination commercial for their tacos and request for help identifying the burglars.
How an Amazon Worker Stole iPads
A worker in Amazon’s packaging department in India figured out how to deliver electronics to himself:
Since he was employed with the packaging department, he had easy access to order numbers. Using the order numbers, he packed his order himself; but instead of putting pressure cookers in the box, he stuffed it with iPhones, iPads, watches, cameras, and other expensive electronics in the pressure cooker box. Before dispatching the order, the godown also has a mechanism to weigh the package. To dodge this, Bhamble stuffed equipment of equivalent weight,” an officer from Vithalwadi police station said. Bhamble confessed to the cops that he had ordered pressure cookers thrice in the last 15 days. After he placed the order, instead of, say, packing a five-kg pressure cooker, he would stuff gadgets of equivalent weight. After receiving delivery clearance, he would then deliver the goods himself and store it at his house. Speaking to mid-day, Deputy Commissioner of Police (Zone IV) Vasant Jadhav said, “Bhamble’s job profile was of goods packaging at Amazon.com’s warehouse in Bhiwandi.
Measuring the Expertise of Burglars
New research paper: “New methods for examining expertise in burglars in natural and simulated environments: preliminary findings“:
Expertise literature in mainstream cognitive psychology is rarely applied to criminal behaviour. Yet, if closely scrutinised, examples of the characteristics of expertise can be identified in many studies examining the cognitive processes of offenders, especially regarding residential burglary. We evaluated two new methodologies that might improve our understanding of cognitive processing in offenders through empirically observing offending behaviour and decision-making in a free-responding environment. We tested hypotheses regarding expertise in burglars in a small, exploratory study observing the behaviour of ‘expert’ offenders (ex-burglars) and novices (students) in a real and in a simulated environment. Both samples undertook a mock burglary in a real house and in a simulated house on a computer. Both environments elicited notably different behaviours between the experts and the novices with experts demonstrating superior skill. This was seen in: more time spent in high value areas; fewer and more valuable items stolen; and more systematic routes taken around the environments. The findings are encouraging and provide support for the development of these observational methods to examine offender cognitive processing and behaviour.
The lead researcher calls this “dysfunctional expertise,” but I disagree. It’s expertise.
Claire Nee, a researcher at the University of Portsmouth in the U.K., has been studying burglary and other crime for over 20 years. Nee says that the low clearance rate means that burglars often remain active, and some will even gain expertise in the crime. As with any job, practice results in skills. “By interviewing burglars over a number of years we’ve discovered that their thought processes become like experts in any field, that is they learn to automatically pick up cues in the environment that signify a successful burglary without even being aware of it. We call it ‘dysfunctional expertise,'” explains Nee.
See also this paper.
Operating a Fake Bank
Here’s a story of a fake bank in China—a real bank, not an online bank—that stole $32m from depositors over a year. Pro tip: real banks never offer 2%/week interest.
Medical Records Theft and Fraud
There’s a Reuters article on new types of fraud using stolen medical records. I don’t know how much of this is real and how much is hype, but I’m certain that criminals are looking for new ways to monetize stolen data.
Cell Phone Kill Switches Mandatory in California
California passed a kill-switch law, meaning that all cell phones sold in California must have the capability to be remotely turned off. It was sold as an antitheft measure. If the phone company could remotely render a cell phone inoperative, there would be less incentive to steal one.
I worry more about the side effects: once the feature is in place, it can be used by all sorts of people for all sorts of reasons.
The law raises concerns about how the switch might be used or abused, because it also provides law enforcement with the authority to use the feature to kill phones. And any feature accessible to consumers and law enforcement could be accessible to hackers, who might use it to randomly kill phones for kicks or revenge, or to perpetrators of crimes who might—depending on how the kill switch is implemented—be able to use it to prevent someone from calling for help.
“It’s great for the consumer, but it invites a lot of mischief,” says Hanni Fakhoury, staff attorney for the Electronic Frontier Foundation, which opposes the law. “You can imagine a domestic violence situation or a stalking context where someone kills [a victim’s] phone and prevents them from calling the police or reporting abuse. It will not be a surprise when you see it being used this way.”
I wrote about this in 2008, more generally:
The possibilities are endless, and very dangerous. Making this work involves building a nearly flawless hierarchical system of authority. That’s a difficult security problem even in its simplest form. Distributing that system among a variety of different devices—computers, phones, PDAs, cameras, recorders—with different firmware and manufacturers, is even more difficult. Not to mention delegating different levels of authority to various agencies, enterprises, industries and individuals, and then enforcing the necessary safeguards.
Once we go down this path—giving one device authority over other devices—the security problems start piling up. Who has the authority to limit functionality of my devices, and how do they get that authority? What prevents them from abusing that power? Do I get the ability to override their limitations? In what circumstances, and how? Can they override my override?
The law only affects California, but phone manufacturers won’t sell two different phones. So this means that all cell phones will eventually have this capability. And, of course, the procedural controls and limitations written into the California law don’t apply elsewhere
EDITED TO ADD (9/12): Users can opt out, at least for now: “The bill would authorize an authorized user to affirmatively elect to
disable or opt-out of the technological solution at any time.”
How the bill can be used to disrupt protests.
Sidebar photo of Bruce Schneier by Joe MacInnis.