Slashdot Mirror
Note To Criminals — Don't Call Tech Support
Billosaur writes "Darwin Awards, here he comes: Ars Technica has up a story about a would-be identity thief who did himself in by calling tech support about printer drivers. Timothy Short must have thought he'd hit the mother-lode when he stole a PC and a Digimarc printer from the Missouri Department of Revenue, perhaps with dreams of cranking out thousands of fake ids. Problem: he could not unlock the computer he stole and without the necessary drivers, he couldn't use the printer. Ever resourceful, Short called Digimarc tech support a couple of days later (twice), which brought him to the attention of a Secret Service agent, who recognized his voice from a recording of the calls. Short now faces a $250,000 fine and up to 10 years in prison."
I wonder how far he would have gotten printing those IDs, even with the driver...
At least that's one petty thief removed for the good of everyone.
haha
Um, Darwin awards? Unfortunately, criminals are still allowed to procreate and spread their genes. So unless he's either dead or rendered an eunuch, we're still screwed. -W
use driverguide or google, ya moron!
proud caffeine whore
Geez, talk about a close call for people living in Misery...I mean Missouri
Why the Department of Revenue uses a laptop with sensitive information, making easier to stole than a desktop?
Inquiring minds want to know...
Slashdot ya no es que lo era!
Probably used too much leaded gasoline when he was younger.
It must have been something you assimilated. . . .
...My current province of residence uses a standard Fargo ID printer to crank out Driver's Licenses. I happen to have a Fargo printer for my current workplace.
It would take NOTHING in terms of effort to crank out fake ID's - hell, the province in question (at least at this point) doesn't even use any fort of hologram or anything to secure the ID.
I mean, this guy is braindead for calling for tech support to use his stolen goods - but at least through his stupidity & security measures they caught him. If I was an ass, I could easily crank off what I wanted to without anyone being the wiser.
(Posted as AC, not because I do anything wrong, but I'd rather not have anyone realize the stupidity of this province & take advantage of it just out of my location in profile)
This is funny, really funny. But it's not Darwin funny which unless I'm mistaken are feats of stupidity which remove you from the gene pool. Stealing a ID printer and asking for drivers, to make fake IDs, while funny it isn't as funny as trying to steal the legs off an abandoned yet erect water tower.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
I never understood why we have stories that help criminals figure out how to avoid mistakes. I mean was the poster wanting a good fake id, but can't now cause this guy got caught? Sure it was a dumb mistake and it's kinda funny, but c'mon... why keep showing how people are getting caught. This only makes criminals more cunning and elusive to catch.
Odds are, with a $10 usb 2.5" drive caddy, he could have removed all of the data that he needed from the unencrypted hard drive. Or he could have booted into one of those nifty live cds with cracking tools installed.
I am worried about how many times this sort of thing happens and the person who commits the crime actually has a clue. I'd like to think that idiot thieves outnumber the smart ones 10:1, but It would not surprise me if the ratio was turned around.
"Hello tech support, yes I'll hold" KNOCK KNOCK KNOCK "Hmmm must be the pizza"
He later swore up and down that all he wanted to do is print "McLovin" driver's licenses to sell on eBay.
The Australian University of Newcastle Engineering Department once had a undergraduate lab of Sony NEWS BSD Unix workstations http://en.wikipedia.org/wiki/Sony_NEWS , possibly one of the first institutions in the country to roll out such a setup. As you may of guessed, the lab was soon broken into and several of the machines stolen.
About a week later, Sony Australia Support got a call.. from someone asking how they could install MSDOS onto the machines. The Rep handling the NEWS said they could courier and C.O.D replacement diskettes to the caller... got their address, and then said "Actually, could you do me a favour, and please return those stolen computers to the University of Newcastle..."
I believe the intent is to say that he will end up as a Darwin Award winner in the future, even if he hasn't yet managed the feat.
http://slashdot.org/articles/07/10/23/207205.shtml
Then he'd be better off.
No one should call Tech Support - it's too frustrating.
Anyone else wondering how the secret service got in on the call? I mean, I know they had a record of calls made by him by the number before, but when is it routine for customer service to forward that info the the FBI?
I mean, I get that the guy had priors but there seems to be a missing step between "guy calls customer service" and "secret service arrests guy" that's being glossed over.
Well that would be true if, as shown on TV and movies, criminals are fiendishly clever Snidely Whiplashes, twirling their thin mustaches slowly as they ponder deeply the implications of their next criminal caper.
But they're not. Pretty much anyone with an IQ above 90 figures out before he's 12 that crime does not pay, in the long run, and he goes into other lines of business as an adult. That doesn't mean he has to give up being antisocial or deploying his uglier personality traits to advantage, of course. Would-be rapists and contract murderers can become divorce lawyers, bullshit artists and con-men can go into subprime lending or telemarketing, and so forth. You can be a very successful legitimate businessman instead of a crook with some fairly small adjustments in your choice of victim and methodology.
So as a rule those we have left in the actual criminal class tend to be irredeemably stupid, the kind who pull stunts like this -- and who would not learn anything useful by reading the story, since they lack the ability to generalize the lesson.
So the Secret Service just happened to be listening to the tech support line, hoping to recognize a criminal voice? I believe this is what they call a "buried lead" - the story should be, Secret Service Listens to Tech Support Lines. I assume, perhaps naively, that the secret service was listening in on the hope that their thief would call, and that they therefore had a warrant, but this un-addressed bit of the story is disturbing to me. My first question was "how did the Secret Service agent hear the voice to begin with?" Maybe he was moonlighting as a phone support monkey.
...or at least he will be after 10 years in prison... won't ever go back... i mean, front :P
And here I thought getting printer drivers from HP was tough.
Reminds me a bit of former UK pop star Gary Glitter. His career ended in tatters after a PC World technician discovered child porn on his PC while repairing it. Easily the best example of why criminals shouldn't call tech support (especially when you keep incriminating evidence on your bloody computer...)
I write bullshit
10 years for stealing a printer? Seems a little harsh.
The Kruger Dunning explains most post on
I don't get it, can you Show Me?
music lover since 1969
This is funny and all. But I can't help but wonder how often this kind of thing goes on that we aren't aware of and is perpetrated by non-Darwin candidates. I mean, news is only "news" when it's interesting and unusual (given that it's usually reported by a for-profit institution).
"What kind of music do pirates listen to?" -Paul Maud'dib
"Yeeeaaarrrrr n' Bee!!" -Stilgar, Leader of Sietch Tabr
Well, prison ass sex does not yield viable offspring, so it isn't SO far off base....
A positive result from calling vendor tech support! And resolution in record time!
Free Adam Smith! (Or best offer.)
Had he been able to get the printer working with his computer, he probably would've promptly made a posting to his local Facebook network reading: "HAY GUYS I CAN HOOK YOU UP W/ FAKE ID LOL" and been busted anyway.
I remember a few years back when a group of preps and jocks from the local private school were busted for selling fake IDs. These kids' mommies and daddies had their bank accounts stuffed well enough for them to afford to properly produce, en mass, said IDs. The fakes were so perfectly manufactured that the only way anyone ever caught on is that the drunken little snobs failed to spell "license" correctly!
"He who can destroy a thing, controls a thing." --Paul Atreides, Dune
FACT: neither the article part of the Slashdot page contains the word "laptop", nor does any of the arstechnica.com page contain such. I'm honestly not sure where you're coming from with this; however, control+F happens to fail when the author's of a document do not actually use the terms you searched for (laptop and portable). Desktops are not exactly hard to steal. If he looked like he's supposed to be "moving" the computer, and if he didn't look nervous, he might have done it almost effortlessly. Not to mention the little cart things with the plastic covers that you see in the movies that they do have at office-like places, some of which are already carrying neglected, obsolete computer equipment, so even if the curtains were only partially covering the equipment, it would blend in. If you've ever been to the DMV in the Northeast or otherwise, all their equipment is dirty with black grime, obsolete, and slow. They only seem to upgrade it when it fails. This may save money in terms of equipment but certainly not in terms of man hours when you're paying for operators to essentially wait an hour each time the computer has to load and then just relay you the information. It seems like everything else in this world is advanced enough to not require a paid operator, except the stuff that the state has to pay for.
At this particular university the networking equipment we had (DEC repeaters) didn't have the subnetting capabilities to split nthe "business" side of the network from the "student" side of the network. Thus, until the network equipment was to be upgraded over the following summer, students were required to have an Intel, 3Com, or Xircom NICs to reduce the chance of some off-brand card storming the network. Of course, this rule was unpopular with students since these cards tended to cost a bit more than the PowerPipes cards available at Best Buy's bargain bin for $4.99. We kept track of the MAC addresses of students' cards to avoid the "Hey, let me borrow your MAC address" and also had a table that we updated with the first 3 pairs of octets in the MAC address. So, to say we enforced this policy with due diligence is an understatement.
The machines we had for the people who conducted university business were also equipped with 3Com cards. We always inventoried these machines upon arrival and saved the MAC addresses in the database as well to keep people from borrowing one from the lab machines. Yes, the process was annoying and, as I said, it was eliminated once the network equipment was replaced.
My boss, the helpdesk manager, tried in vain to search the repeaters for the missing lab machine's MAC address. Finally, one Friday about 2 weeks after the computer disappeared we decided to try again on a lark.
Bingo! We found the machine coming off of a port in one of the residence halls. A quick call to the university police and we were on our way over to the room where the MAC address was currently being used.
The guy who was in the room at the time denied having stolen anything and granted the officer permission to search. The officer gave me the go-ahead to open the student's machine and, lo and behold, there was the NIC with our MAC address on it (3Com does an excellent job of putting it top-center for easy reference). The student said that he purchased the card from a store and that it was his and that this whole thing was a huge misunderstanding...
After that the student was arrested on the spot. Last I heard he was expelled and was ordered to pay back the $1500 cost of the machine (he had taken a few choice parts and tossed the rest. It was a Gateway; I would have done the same).
It just goes to show that even the smart ones get caught from time to time. If you're going to steal technology it's probably best to get the hell out of dodge after doing so and NOT call tech support or, in this case, plus a stolen NIC into the network.
"This food is problematic."
Someone tagged this !dawinawardunlesshedies, after !dawinawardunlesshedies was already there. Note the r in daRwin.
Well, I thought it was funny.
So, why did the Secret Service have a tap on this guy's line? Or was the tap on Digimarc?
Short apparently couldn't stop thinking about it, as he broke down and called Digimarc for support--twice--a couple of days later asking whether he would be able to obtain printer drivers. Secret Service Special Agent John Bush told IDG that he recognized Short's voice on the recording from another, unrelated investigation and that the phone number that Short had provided matched up to another identity theft case. Here's another tip for thieves: don't use your regular phone number for all of your crimes. Get a business line or something.
(Dripping sarcasm mode off)
Seriously, this story does illustrate the importance of computer literacy by users and corporations alike, and the consequences of ignorance. If this guy had bought the machine at one of the many auctions corporations and governments around the world use to dump unwanted machines, the chances are that the machine would have been just as loaded with personal information usable in an identity theft scam and just as in need of special drivers to unlock it. In this case, the guy is almost certainly not innocent, but next time an innocent might easily be unfairly accused and convicted of holding sensitive (or classified) information. Remember, auctioned and resold disks frequently have such information. I believe studies have reported 30% of disks bought had highly valuable commercial information either exposed or in an easily recoverable form, and that classified information has been occasionally exposed this way.
It also shows the importance behind training tech support staff at companies to be aware of social engineering techniques, as that has always been - and remains - the greatest weakness. Technological weaknesses are commonplace but have limited value in comparison. (The possible exception was a report some years back that reporters were finding that they could war-dial banks and access the main computers without needing a username or password. However, I believe that in most cases, that problem has been consigned to the trash heap of history.)
Finally, it shows the US needs a better class of thief. ("Huh???") Throughout history, security has been considered a political tool, not a social or technical one, until after the fact of it being defeated. The evolution of locks from a simple key to the medieval "thief lock" (you turned the key backwards - turning it forwards would make it impossible to unlock unless you knew how to release a catch in the lock) to the Yale lock's deadlocking mechanism to some of the highly sophisticated locks of today were all driven by thieves forcing the pace of progress. If we'd waited for companies to progress on their own, we'd still be waiting for the lock to be invented.
However, security isn't just about malicious intent. The Internet Worm demonstrated that accidental releases of buggy software can cause widespread havoc. Security that is incapable of containing unintentional potential disasters is just as problematic as security that is incapable of containing malicious persons. As software has become more sophisticated and powerful, the need for better security against bugs has grown. However, the implementation of such security does not really exist. Where security exists, it exists because of the malicious users. Buggy software is often dismissed as a hazard of the trade, whether it crashes a hard drive, a multi-billion dollar rocket or a high-speed semi-autonomous or fully-autonomous UAV.
(Here, I'm including writing better software as better security, as programmers seem allergic to the idea that they should be writing far cleaner code than they are. Bugs are supposedly inevitable, but I'm not convinced that that is true in general or even in the specific cases where bugs have caused serious problems. Any integrated test worth a damn should pick up whether one module is using feet and another is using miles, whatever NASA might say. A recent report on a UAV crash cited a console crash. Fault-tolerance and High Availability, anyone? If a full Linux OS takes 5 seconds to boot from cold, then that is the maximum time for a cold standby swi
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I'm making a note here: HUGE SUCCESS
The 'Stainless steel Rat' series is a fun series about a far future criminal.
At one point, early in his career, he decides to get thrown in jail to learn from the criminals.
After getting in jail, he realizes that the stupid criminals are in jail. So he leaves.
Only the most sensational crimes, or the most stupid of criminals gets any note.
"security has been considered a political tool, not a social or technical one, until after the fact of it being defeated. "
That's false.
"Bugs are supposedly inevitable, but I'm not convinced that that is true in general or even in the specific cases where bugs have caused serious problems."
I believe that in complex systems, bugs are inevitable... initially.
I also know coders who use that as an excuse tow rite sloppy code.
I also know with enough proper testing the bugs can be completely eliminated. Proper testing includes testing a confined set of parameters making it impractical for the PC. Again, I see that used as an excuse for sloppy code.
The Kruger Dunning explains most post on
This is Slashdot, we don't have room for reasonable discourse!
The Kruger Dunning explains most post on
Who is Neilson? [grin]
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
[ideology]
Although it runs foul of my personal interpretation of the second amendment of the USA Constitution, I do not possess wealth sufficient to afford a private military equipped with nukes, break the dollar (like George Soros broke the British Pound in 1992), and/or pervert justice. If I were that wealthy, I would not express such dissent for that would jeopardize my position as well as my possessions (I won't spew my infamous positional goods list, everyone here knows).
[/ideology]
Under current geopolit^H^H^H^H^H^H^H^Hjurisprudence, These sort of devices are not intended to be possessed or used by the general public. These are considered 'controlled devices' much like locksmithing tools. Unauthorized possession of these is covered under various criminal statutes of the 50 USA states (counterfeiting device, burglar's tools, etc.) as well as the USA federal zone (18 USC 1029 et. seq.).
Submission as evidence constitutes plaintiff and/or prosecutorial misconduct.
I know, I hate taking those calls.
What everybody should know better by now that:
...to the attention of an automated Secret Service agent, who recognized his voice from real time voiceprinting all maior-telco domestic calls
Can't print a drivers license without the drivers. Can't get drivers without a drivers license.
Because if this one had any clue, he would have used Knoppix to boot the thing and see what was on it, or even run OPHCRACK on it to crack the admin password. I've found the OPHCRACK to be remarkably effective.
And the drivers for the Digimarc printer, I did a google search and they do make it hard to find drivers. But if the method I outlined in the last paragraph was used, there'd be no need to get the driver.
Stupid criminals! But I guess that's redundant.
All I've got to say is that this dude is one heck of a sucker!
All the sexy babes want me... to fix their PC.
One of my buddies is a cop and recently went out to serve his first warrant. The suspect had a Dell machine he'd lifted from his former employer over two years ago. His mistake was calling Dell tech support, where the serial number was on the stolen list. Dell called the local cops. The doofus might have gotten away with it if he'd waited another six months or so, either because Dell would have dropped the entry from their stolen list or the locals would have done something similar.
The punishment is not actually $250,000 and 10 years in prison. What they meant to say was a $250,000 cell phone bill and 10 years on hold with Tech Support.
Is there some sort of web site where all the cool slashdoters (I know, an oxymoron) hang out and discuss what tags they are going to use or something?
I mean, I just can't believe that a load of people randomly typed "!darwinawardunlesshedies" so that it became one of the most popular tags for this article unless you are all discussing it somewhere without letting me in on it.
I want to be invited to the party god damn it!
You will forget this sig before you next see it