Archive for the ‘Crime’ Category

« Older Entries
Newer Entries »

Why do we have Chip & Pin?

Tuesday, July 24th, 2007

If like me you have fun trying to recall the seventeen different PIN numbers you have, and so now only use a single card for everything, while the others gather dust and interest charges, you might like to know one of the reasons why signature verification was phased out for most things.

I’m not going to pretend that the UK didn’t have far more motivated signature checkers than the US guys encountered by our new hero, but it was still pretty poor.

http://www.zug.com/pranks/credit/index.html gives a humorous reminder of what you could get up to, before V day 2005. Meanwhile, http://www.zug.com/pranks/credit_card/index.html is simply mind-blowing!

Posted in Commentary, Crime | No Comments »

Empty housing – a social crime?

Friday, June 1st, 2007

This is a bit of a social comment. When I am out doing work for councils and companies, I get to go to some really charming places. Others are not so charming. Others, well, they leave you scratching your head.

This street in Manchester is typical of a number that I see when doing my job. It’s Leven street, M40 9DG, and I spent a good half hour talking to one of the few remaining residents.

Leven street: 8 empty homes, 1 occupied, 3 more empty (Click to zoom)

This used to be a good area, with strong social ties, but, with the rumours of redevelopment and the council pushing drug addicted and anti-social persons into the area, those who could started to leave.

It has in fact been 12 years since the first of these houses were boarded up. The remaining residents have campaigned, written letters, been to meetings, and tried almost every avenue open to them. Sadly, nothing has been done. Due to lack of heating and roof repairs, the remaining residents face damp problems coming through the walls, as well as social isolation and rising crime.

These houses, perfectly nice terraced houses, probably worth at least £40K each even in their current state, have just been abandoned, along with those who still live with them.

This seems to me to be an ideal case for an organisation like Shelter to lobby, and see what can be done towards getting these houses re-opened for lives and life, at a time when so many are in hostels, and affordable housing seems to be out of the reach of so many.

Posted in Cheers & Jeers, Commentary, Crime | No Comments »

Locksmith on £2,750 benefit fraud charges – we need licensing!

Friday, April 20th, 2007

http://www.peterborough.gov.uk/page-4620

From August 19th 2005:

Locksmith sentenced on £2,750 benefit fraud charges

A self-employed locksmith, who fraudulently claimed more than £2,750 in job seeker’s allowance and housing benefit while working, was given a 40-hours community punishment order and told to pay £100 prosecution costs at Peterborough Magistrates’ Court yesterday (Thursday 18 August).
Darron Williams, 33, formerly of Oxney Road, Peterborough, but now living in Willingham, Cambridgeshire, pleaded guilty. The court was told that he has started to repay the £1,366 in job seeker’s allowance and £1,392 in housing benefit that had been over-paid.
The prosecution was brought jointly by the Department for Work and Pensions and Peterborough City Council using information provided by a government database that identifies anomalies between benefit claims and employment records.
“To date this financial year, we have secured four formal cautions, four financial penalties and two prosecutions through this procedure,” said Diane Baker, benefits fraud manager with Peterborough City Council.
“We will continue to work across departmental boundaries to minimise the opportunity for fraud and to ensure that those who abuse the system are brought to justice. Tackling fraud is a priority for the council.”

A “self-employed” locksmith who steals from the benefits agency? I know I wouldn’t want him round my house, drilling my locks. Yes, times are hard as a UK locksmith, but fraud? Perhaps worst of all, there is nothing, no law or regulation, that stops this criminal from trading as a locksmith! He wouldn’t be allowed to watch the sweeties in your local supermarket as a security guard now, but he can freely break into homes for money?!? The Institute of Certified Locksmiths (of which I am a full member) carries out background checks, and lobbies for regulation of locksmiths across the UK.

Write to your MP!

Posted in Cheers & Jeers, Commentary, Crime | No Comments »

Bumpkeys – what they are, and how to stop them!

Tuesday, April 3rd, 2007

(Continued from yesterday’s post)

So, how do we stop this new and very effective attack?

Buying your own keyway is possible for a large company or the very wealthy – get in touch! – but, for the rest of us, there are only two options. The first is to buy a bump-proof lock. As far as cylinder locks go, there are only a handful available for under £40 + VAT, which makes replacement an expensive option, especially for a business with perhaps hundreds of locks. And this is before we talk about masterkeying!

The second option, however, is a new treatment for your locks, which is designed to stop bumpkeys, as well as to hinder picking. The treatment is long lasting and unaffected by oil or other common chemicals, weather, UV exposure and temperature. Reasonably quick and simple to apply, a whole building can be re-secured in an afternoon, and with little disruption.

Call us now for an anti-bumpkey protection quote! We can also do a full security report on your home, unit or office, and improve the safety and security of you and yours, at the same time, for no extra cost.

Posted in Crime, Jobs | No Comments »

Bumpkeys – what they are

Monday, April 2nd, 2007

Bumpkeys are specially cut down keys that will open almost any cylinder lock currently on the market. Sometimes they are temperamental, and other times they will open an otherwise very secure lock in a matter of seconds. Your uPVC door is probably at risk, along with your expensive Mul-T-Lock or Garrison cylinders at work. Lever locks are not affected – well, not good ones – as this attack has been known on them for over 100 years. Bumpkeys have been a better kept secret, until the internet let the cat out the bag.

There are literally hundreds of videos online about making bumpkeys, pages with tips for opening, and how to obtain blanks and even lists of which locks are easy to bump, and which aren’t. Perhaps most worryingly, there are websites selling bumpkeys to anyone who wants one. (We won’t be linking those)
How can you be more secure? Well, there are a few options. For example, about 85% of all keyways are based on the A1 blank, and just three different bumpkeys can let even an unskilled beginner walk through those doors. The best option is to change to a more secure lock. These range from a few tens of pounds, up to hundreds of pounds. However, a thief with the right bumpkey may still be able to get in by using a bumpkey for that lock. Cost is absolutely no way to tell if a bumpkey will work, and, due to the better tolerances in the more expensive locks, they are easier to bump!

A restricted or semi-restricted keyway is one only available to a certain locksmith or group of locksmiths. This cuts down the odds of a bumpkey being made commercially available to almost zero, but, again, it is no guarentee. Someone with determination could still buy the same type of lock, and use the provided keys to make a bumpkey. And they could even test it on their lock before opening yours…

Join us tomorrow for real answers!

Posted in Crime, Jobs | No Comments »

Too much security, re-visited

Monday, February 26th, 2007

Well, yet again, we see spam coming in on a weekly basis, asking us to “Clcik here, and verify your online bank details” and other humorously low grade spoof attempts. A lot of this is for banks, as well as the usual PayPal and eBay stuff.

Today, we got a phonecall, purporting to be from the bank. So how do you tell? Your bank phones you, asks you to go through the security questions, and since they ask them, and they haven’t given you anything beyond “it’s a personal banking matter” you have no idea if it really is the bank. So, try asking them anything at all, and they say “Sorry, until you have gone through the security questions, we can’t tell you that.” We tried to get a reference number off them, so we could call them back, and were told “Not until you have been through security”!

Imagine our lack of suprise when the number they gave us to call didn’t tally with anything on Google search, and when called, it simply said “Thank-you for calling Card Services” and giving us another phone number to call!

So, was this a cunning scammer? No, amazingly enough, it wasn’t. It was actually the bank calling to confirm our contact telephone number. Which surely they did, when they were passed to the person they requested by name?

Not all companies are this stupidly insecure through too much security. Two days ago, I challenged a caller in the same way. His inspired response was to say “The last two digits of xyz added together are nn” which is a hash function which is non-reversible, and gives away nothing unless you hold the shared key and the secret numbers. Since this was correct, the odds of a correct guess was pretty small. Not tiny, but about 1 in 12. (Should I do the maths? 19 possible answers from 0 to 18, and the most likely ones being at best 9 in 91, and the worst being 1 in 91) For the purposes of the call, that was enough.

The best example of this one-way hash is the credit card companies. They sat for a long time, trying to find ways to avoid data protection issues, whilst still ensuring that the high levels of card fraud were reduced. They came up with a few different ideas, to solve different parts of the issue. To prevent electronically skimmed cards from being used without the card being present, they started using the “security number” on the back of the card, which isn’t recorded in the strip or the chip. As far as I know this is simply a reference for the card print run, but it does the job. Guessing it right would be 1 in 1000.

That wasn’t enough, though, since a stolen card being used via internet or phone would still work. So they decided they wanted address details. Uh oh! That’s an issue! Despite the merchant having the address, and the card company having it too, there was room for an attack by a corrupt merchant, or a cracker, who could simply try many, many card details until getting the address, or trying many addresses until getting the card number, or whatever.

The solution they came up with was to use only a part of the postcode and address. The number parts. This keeps it compatible with existing card terminals (as they already have numbers!) and, it is a one way hash. From the letters, you could determine where someone lived, and that would be bad. From the number part, however, you still have a good set of odds against a guess, and it is totally non-reversible. The entry 35, 2 cannot find a person, as they could be in any one of hundreds of major postcode areas, and hundreds of thousands of streets. Problem solved.

Large and small companies need to think a little about these issues. It is all well and good telling us to never respond to unexpected emails asking for details, but unexpected phone calls are surely just as big a worry today, as VoiP allows international calls for pennies, and voice recognition software can carry out basic phone conversations. It wouldn’t take much for a system to be built to specifically target this area, to socially engineer important data from targets by phone, without a human presence. This needs to be looked at now, not later.

Posted in Commentary, Crime, on-line | No Comments »

WaveBubble – an automatic wireless jammer

Saturday, February 24th, 2007

With the rather amusing title How Jews celebrate christmas, LadyADA announced to the world her latest creation. It is a simple and cheap automatic radio frequency jammer.

For not very much money, this pocket sized device will knock out cellphone calls and GPS within a 10 to 30 metre radius of itself. This has some important conotations, from avoiding parking tickets and police pursuit, to the disabling of wireless video cameras and alarm systems.

Unlike like most systems, you see, this one automatically tunes to jam anything in range within milliseconds. So it doesn’t have to use a high power transmitter broadcasting all the time across a whole range of the radio spectrum, and it can work unattended. Ideal for stopping un-democratic “voting computers” that offer no proof that you pressed a button, let alone that your vote was actually counted any place. Also ideal for jamming wireless video cameras in public places, or, less civic-mindedly, private places.

Note that a wireless burglar alarm would simply sound forever, as this would keep track of the frequency hops it carried out to try to avoid the interference, and wipe it out, triggering a tamper alarm. Of course, with nothing visible, it would be silenced by law after the neighbours complained, leaving the clever criminal free to enter.

A more positive use would be a way to track down bugs in a security sweep. If the PLL locked to anything, it’s a transmitter, and those formerly listening in wouldn’t know to cut and run, or even turn off the transmitter, as it would be effectively jammed until it was located. Covert cameras could then be used to ensure that when the bug was retrieved, those monitoring would be caught in the act.

Like all technology, this has both a light and dark side.

Posted in Commentary, Crime, on-line | 1 Comment »

“I’d give my right arm for that car” “I’d give your right arm for it too!”

Monday, February 5th, 2007

From the BBC website: Police in Malaysia are hunting for members of a violent gang who chopped off a car owner’s finger to get round the vehicle’s hi-tech security system.

The Mercedes S-class was ‘protected’ by a fingerprint recognition system. So the answer? Run the driver over as he opens the door, then kidnap him, rather than simply stealing the keys. The armed gang took the keys to his car but these alone won’t start the car, so they beat him up, stripped him naked and took him with them!
The attackers forced Mr Kumaran to put his finger on the security panel to start the vehicle, bundled him into the back seat and drove off. But having stripped the car, the thieves became frustrated when they wanted to restart it. They found they again could not bypass the immobiliser, which needs the owner’s fingerprint to disarm it.

They stripped Mr Kumaran naked and left him by the side of the road – but not before cutting off the end of his index finger with a machete.

Hardly a brilliant idea to improve security, when it simply means that the level of violence has to increase. Somewhat like CCTV, it is deeply flawed, at least in this instance.

The issue with CCTV I have is that it only acts after the fact, often way after the fact, and deeply discourages citizens from taking part in society, since “the watchers” will deal with it later, or will have seen it on CCTV, and so won’t need a witness or a call to say something has happened. As a result, the UK has more cameras than ever, and more criminals than ever, and a lot more kids roaming the streets with hoodies to hide their faces all the time. Which doesn’t reassure anyone! And when crimes are prepared & planned, the face is hidden and the response time is expected to be faster, so the speed and violence goes up in response.

In this case, the driver could have lost his entire hand. While some people say they would give their right arm for such a car, I suspect most don’t really mean it! Biometrics on my car? Not a chance!

Posted in Commentary, Crime, Trauma, Whoops! | No Comments »

A new blog

Saturday, December 23rd, 2006

This is a blog to tell the (slightly changed and anonymised) stories that this locksmith sees. I’m wondering what the public reaction will be, and I await comments with interest.

I’ve written a few bits already, I’ll be adding them shortly. Today’s story, coming on the very verge of Christmas, is very sad, and somewhat indicative of the times. And it is one of the few jobs that I hate.

A lovely little old lady, burgled while she slept. The thief climbed in through a window that had been left ajar, and helped himself* to the presents. Obviously she was very upset, so I changed the front door lock, since a key was missing. I also taught her how to deadlock the nightlatch, and fitted alarm units to help ensure that no more sneak-thievery could occur.

*Statistically, most burglars are males and young.

Posted in Crime, Jobs, Trauma | No Comments »

The “751 key”

Friday, November 10th, 2006

From Local 8 news in the USA.

“For the past month Local News 8 reporter Josh Davis has been investigating what is known as the “751 Key” which is the key you got when you bought your [mobile home].

The problem is that all the keys are the same.”

Unlike cars, the same cut of key is used for nearly all mobile homes! Get your locks changed today, or someone on the same campsite, or even a thief, might just let themselves in to yours. This job can be done for about £50, including the locks, in most cases.

We can also install better security on the doors of your mobile home. We recently fitted a BS2004 mortise deadlock to a motorhome, due to concerns over a French gang that has been gassing tourists and then forcing a way in to camper vans, and stealing everything of value. This was a difficult and relatively expensive job, at £100, but it is almost certainly the most secure useable-from-both-sides motorhome door in the country right now.

Posted in Crime, Jobs | No Comments »

« Older Entries
Newer Entries »