Symantec deliberately “lost” a bunch of smart phones with tracking software on them, just to see what would happen:
Some 43 percent of finders clicked on an app labeled “online banking.” And 53 percent clicked on a filed named “HR salaries.” A file named “saved passwords” was opened by 57 percent of finders. Social networking tools and personal e-mail were checked by 60 percent. And a folder labeled “private photos” tempted 72 percent.
Collectively, 89 percent of finders clicked on something they probably shouldn’t have.
Meanwhile, only 50 percent of finders offered to return the gadgets, even though the owner’s name was listed clearly within the contacts file.
Some might consider the 50 percent return rate a victory for humanity, but that wasn’t really the point of Symantec’s project. The firm wanted to see if—even among what seem to be honest people—the urge to peek into someone’s personal data was just too strong to resist. It was.
EDITED TO ADD (4/13): Original study.
Posted on April 4, 2012 at 6:07 AM •
I wrote about this technique in Beyond Fear:
Beginning Sunday evening, the robbers intentionally set off the gallery’s alarm system several times without entering the building, according to police.
The security staffers on duty, who investigated and found no disturbances, subsequently disabled at least one alarm. The burglars then entered through a balcony door.
Posted on January 19, 2012 at 6:36 AM •
It’s a crime with finesse:
But he is actually a middle-aged or older man who has been doing this for a very long time. And he is a fading breed.
“It’s like a lost art,” the lieutenant said. “It’s all old-school guys who cut the pocket. They die off.” And they do not seem to be replacing themselves, he said. “It’s like the TV repairman.”
Lush workers date back at least to the beginning of the last century, their ilk cited in newspaper crime stories like one in The New York Times in 1922, describing “one who picks the pockets of the intoxicated. He is the old ‘drunk roller’ under a new name.” While the term technically applies to anyone who steals from a drunken person, most police officers reserve it for a special kind of thief who uses straight-edge razors found in any hardware store.
EDITD TO ADD (11/14): Pick-pockets of all kinds may be a dying breed in New York.
Posted on November 7, 2011 at 12:43 PM •
This brazen tactic is from Malaysia. Robbers sabotage the machines, and then report the damage to the bank. When the banks send repair technicians to open and repair the machines, the robbers take the money at gunpoint.
It’s hardly a technology-related attack. But from what I know about ATMs, the security of the money safe inside the machine is separate from the security of the rest of the machine. So it seems that the repair technicians might be given access to only the machine but not the safe inside.
Posted on October 31, 2011 at 8:18 AM •
I find this fascinating:
A central California man has been arrested for possession of child pornography, thanks to a tip from burglars who robbed the man’s property, authorities said.
I am reminded of the UK story of a burglar finding some military secrets on a laptop—or perhaps a USB drive—that he stole, and returning them with a comment that was something like: “I’m a crook; I’m not a bloody traitor.”
Posted on October 14, 2011 at 12:34 PM •
Fidelity National Information Services Inc. (FIS) lost $13M to an ATM theft earlier this year:
KrebsOnSecurity recently discovered previously undisclosed details of the successful escapade. According to sources close to the investigation, cyber thieves broke into the FIS network and targeted the Sunrise platform’s “open-loop” prepaid debit cards. The balances on these prepaid cards aren’t stored on the cards themselves; rather, the card numbers correspond to records in a central database, where the balances are recorded. Some prepaid cards cannot be used once their balance has been exhausted, but the prepaid cards used in this attack can be replenished by adding funds. Prepaid cards usually limit the amounts that cardholders can withdraw from a cash machine within a 24 hour period.
Apparently, the crooks were able to drastically increase or eliminate the withdrawal limits for 22 prepaid cards that they had obtained. The fraudsters then cloned the prepaid cards, and distributed them to co-conspirators in several major cities across Europe, Russia and Ukraine.
Sources say the thieves waited until the close of business in the United States on Saturday, March 5, 2011, to launch their attack. Working into Sunday evening, conspirators in Greece, Russia, Spain, Sweden, Ukraine and the United Kingdom used the cloned cards to withdraw cash from dozens of ATMs. Armed with unauthorized access to FIS’s card platform, the crooks were able to reload the cards remotely when the cash withdrawals brought their balances close to zero.
This reminds me of the RBS WorldPay theft from a couple of years ago.
Posted on September 2, 2011 at 6:38 AM •
This is a picture of a pair of wire cutters secured to a table with a wire.
Someone isn’t thinking this through….
Posted on August 26, 2011 at 3:07 PM •
The security problems associated with moving $12B in gold from London to Venezuela.
It seems to me that Chávez has four main choices here. He can go the FT’s route, and just fly the gold to Caracas while insuring each shipment for its market value. He can go the Spanish route, and try to transport the gold himself, perhaps making use of the Venezuelan navy. He could attempt the mother of all repo transactions. Or he could get clever.
Which leaves one final alternative. Gold is fungible, and people are actually willing to pay a premium to buy gold which is sitting in the Bank of England’s ultra-secure vaults. So why bother transporting that gold at all? Venezuela could enter into an intercontinental repo transaction, where it sells its gold in the Bank of England to some counterparty, and then promises to buy it all back at a modest discount, on condition that it’s physically delivered to the Venezuelan central bank in Caracas. It would then be up to the counterparty to work out how to get 211 tons of gold to Caracas by a certain date. That gold could be sourced anywhere in the world, and transported in any conceivable manner—being much less predictable and transparent, those shipments would also be much harder to hijack.
But here’s one last idea: why doesn’t Chávez crowdsource the problem? He could simply open a gold window at the Banco Central de Venezuela, where anybody at all could deliver standard gold bars. In return, the central bank would transfer to that person an equal number of gold bars in the custody of the Bank of England, plus a modest bounty of say 2%—that’s over $15,000 per 400-ounce bar, at current rates.
It would take a little while, but eventually the gold would start trickling in: if you’re willing to pay a constant premium of 2% over the market price for a good, you can be sure that the good in question will ultimately find its way to your door.
Any other ideas?
Posted on August 25, 2011 at 12:43 PM •
This is a pretty scary criminal tactic from Turkey. Burglars dress up as doctors, and ring doorbells handing out pills under some pretense or another. They’re actually powerful sedatives, and when people take them they pass out, and the burglars can ransack the house.
According to the article, when the police tried the same trick with placebos, they got an 86% compliance rate.
Kind of like a real-world version of those fake anti-virus programs that actually contain malware.
Posted on May 13, 2011 at 7:11 AM •
Sidebar photo of Bruce Schneier by Joe MacInnis.