theft Archives - Page 9 of 22 - Schneier on Security

Entries Tagged "theft"

Page 9 of 22

Dance Moves As an Identifier

A burglar was identified by his dance moves, captured on security cameras:

“The 16-year-old juvenile suspect is known for his ‘swag,’ or signature dance move,” Heyse said, “and [he] does it in the hallways at school.” Presumably, although the report doesn’t make it clear, a classmate or teacher saw the video, recognized the distinctive swag and notified authorities.

But is swag admissible to identify a defendant? Assuming it really is unique or distinctive—and it looks that way from the clip, but I’m no swag expert—I’d say yes.

Posted on April 19, 2012 at 1:03 PM • View Comments

This article talks about a database of stolen cell phone IDs that will be used to deny service. While I think this is a good idea, I don’t know how much it would deter cell phone theft. As long as there are countries that don’t implement blocking based on the IDs in the databases—and surely there will always be—there will be a market for stolen cell phones.

Plus, think of the possibilities for a denial-of-service attack. Can I report your cell phone as stolen and have it turned off? Surely no political party will think of doing that to the phones of all the leaders of a rival party the weekend before a major election.

Posted on April 18, 2012 at 6:49 AM • View Comments

Lost Smart Phones and Human Nature

Symantec deliberately “lost” a bunch of smart phones with tracking software on them, just to see what would happen:

Some 43 percent of finders clicked on an app labeled “online banking.” And 53 percent clicked on a filed named “HR salaries.” A file named “saved passwords” was opened by 57 percent of finders. Social networking tools and personal e-mail were checked by 60 percent. And a folder labeled “private photos” tempted 72 percent.

Collectively, 89 percent of finders clicked on something they probably shouldn’t have.

Meanwhile, only 50 percent of finders offered to return the gadgets, even though the owner’s name was listed clearly within the contacts file.

[…]

Some might consider the 50 percent return rate a victory for humanity, but that wasn’t really the point of Symantec’s project. The firm wanted to see if—even among what seem to be honest people—the urge to peek into someone’s personal data was just too strong to resist. It was.

EDITED TO ADD (4/13): Original study.

Posted on April 4, 2012 at 6:07 AM • View Comments

British Anti-Theft Briefcase from the 1960s

Fantastic.

Posted on March 5, 2012 at 6:45 AM • View Comments

Using False Alarms to Disable Security

I wrote about this technique in Beyond Fear:

Beginning Sunday evening, the robbers intentionally set off the gallery’s alarm system several times without entering the building, according to police.

The security staffers on duty, who investigated and found no disturbances, subsequently disabled at least one alarm. The burglars then entered through a balcony door.

Posted on January 19, 2012 at 6:36 AM • View Comments

Cutting Wallets Out of Drunks' Pockets on New York City Subways

It’s a crime with finesse:

But he is actually a middle-aged or older man who has been doing this for a very long time. And he is a fading breed.

“It’s like a lost art,” the lieutenant said. “It’s all old-school guys who cut the pocket. They die off.” And they do not seem to be replacing themselves, he said. “It’s like the TV repairman.”

Lush workers date back at least to the beginning of the last century, their ilk cited in newspaper crime stories like one in The New York Times in 1922, describing “one who picks the pockets of the intoxicated. He is the old ‘drunk roller’ under a new name.” While the term technically applies to anyone who steals from a drunken person, most police officers reserve it for a special kind of thief who uses straight-edge razors found in any hardware store.

EDITD TO ADD (11/14): Pick-pockets of all kinds may be a dying breed in New York.

Posted on November 7, 2011 at 12:43 PM • View Comments

Another ATM Theft Tactic

This brazen tactic is from Malaysia. Robbers sabotage the machines, and then report the damage to the bank. When the banks send repair technicians to open and repair the machines, the robbers take the money at gunpoint.

It’s hardly a technology-related attack. But from what I know about ATMs, the security of the money safe inside the machine is separate from the security of the rest of the machine. So it seems that the repair technicians might be given access to only the machine but not the safe inside.

Posted on October 31, 2011 at 8:18 AM • View Comments

Burglars Tip Off Police About Bigger Crime

I find this fascinating:

A central California man has been arrested for possession of child pornography, thanks to a tip from burglars who robbed the man’s property, authorities said.

I am reminded of the UK story of a burglar finding some military secrets on a laptop—or perhaps a USB drive—that he stole, and returning them with a comment that was something like: “I’m a crook; I’m not a bloody traitor.”

Posted on October 14, 2011 at 12:34 PM • View Comments

A Professional ATM Theft

Fidelity National Information Services Inc. (FIS) lost $13M to an ATM theft earlier this year:

KrebsOnSecurity recently discovered previously undisclosed details of the successful escapade. According to sources close to the investigation, cyber thieves broke into the FIS network and targeted the Sunrise platform’s “open-loop” prepaid debit cards. The balances on these prepaid cards aren’t stored on the cards themselves; rather, the card numbers correspond to records in a central database, where the balances are recorded. Some prepaid cards cannot be used once their balance has been exhausted, but the prepaid cards used in this attack can be replenished by adding funds. Prepaid cards usually limit the amounts that cardholders can withdraw from a cash machine within a 24 hour period.

Apparently, the crooks were able to drastically increase or eliminate the withdrawal limits for 22 prepaid cards that they had obtained. The fraudsters then cloned the prepaid cards, and distributed them to co-conspirators in several major cities across Europe, Russia and Ukraine.

Sources say the thieves waited until the close of business in the United States on Saturday, March 5, 2011, to launch their attack. Working into Sunday evening, conspirators in Greece, Russia, Spain, Sweden, Ukraine and the United Kingdom used the cloned cards to withdraw cash from dozens of ATMs. Armed with unauthorized access to FIS’s card platform, the crooks were able to reload the cards remotely when the cash withdrawals brought their balances close to zero.

This reminds me of the RBS WorldPay theft from a couple of years ago.

Posted on September 2, 2011 at 6:38 AM • View Comments