Slashdot Mirror
Note To Criminals — Don't Call Tech Support
Billosaur writes "Darwin Awards, here he comes: Ars Technica has up a story about a would-be identity thief who did himself in by calling tech support about printer drivers. Timothy Short must have thought he'd hit the mother-lode when he stole a PC and a Digimarc printer from the Missouri Department of Revenue, perhaps with dreams of cranking out thousands of fake ids. Problem: he could not unlock the computer he stole and without the necessary drivers, he couldn't use the printer. Ever resourceful, Short called Digimarc tech support a couple of days later (twice), which brought him to the attention of a Secret Service agent, who recognized his voice from a recording of the calls. Short now faces a $250,000 fine and up to 10 years in prison."
I wonder how far he would have gotten printing those IDs, even with the driver...
At least that's one petty thief removed for the good of everyone.
haha
Um, Darwin awards? Unfortunately, criminals are still allowed to procreate and spread their genes. So unless he's either dead or rendered an eunuch, we're still screwed. -W
use driverguide or google, ya moron!
proud caffeine whore
Geez, talk about a close call for people living in Misery...I mean Missouri
Why the Department of Revenue uses a laptop with sensitive information, making easier to stole than a desktop?
Inquiring minds want to know...
Slashdot ya no es que lo era!
Probably used too much leaded gasoline when he was younger.
It must have been something you assimilated. . . .
...My current province of residence uses a standard Fargo ID printer to crank out Driver's Licenses. I happen to have a Fargo printer for my current workplace.
It would take NOTHING in terms of effort to crank out fake ID's - hell, the province in question (at least at this point) doesn't even use any fort of hologram or anything to secure the ID.
I mean, this guy is braindead for calling for tech support to use his stolen goods - but at least through his stupidity & security measures they caught him. If I was an ass, I could easily crank off what I wanted to without anyone being the wiser.
(Posted as AC, not because I do anything wrong, but I'd rather not have anyone realize the stupidity of this province & take advantage of it just out of my location in profile)
This is funny, really funny. But it's not Darwin funny which unless I'm mistaken are feats of stupidity which remove you from the gene pool. Stealing a ID printer and asking for drivers, to make fake IDs, while funny it isn't as funny as trying to steal the legs off an abandoned yet erect water tower.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
"Hello tech support, yes I'll hold" KNOCK KNOCK KNOCK "Hmmm must be the pizza"
The Australian University of Newcastle Engineering Department once had a undergraduate lab of Sony NEWS BSD Unix workstations http://en.wikipedia.org/wiki/Sony_NEWS , possibly one of the first institutions in the country to roll out such a setup. As you may of guessed, the lab was soon broken into and several of the machines stolen.
About a week later, Sony Australia Support got a call.. from someone asking how they could install MSDOS onto the machines. The Rep handling the NEWS said they could courier and C.O.D replacement diskettes to the caller... got their address, and then said "Actually, could you do me a favour, and please return those stolen computers to the University of Newcastle..."
I believe the intent is to say that he will end up as a Darwin Award winner in the future, even if he hasn't yet managed the feat.
No one should call Tech Support - it's too frustrating.
Well that would be true if, as shown on TV and movies, criminals are fiendishly clever Snidely Whiplashes, twirling their thin mustaches slowly as they ponder deeply the implications of their next criminal caper.
But they're not. Pretty much anyone with an IQ above 90 figures out before he's 12 that crime does not pay, in the long run, and he goes into other lines of business as an adult. That doesn't mean he has to give up being antisocial or deploying his uglier personality traits to advantage, of course. Would-be rapists and contract murderers can become divorce lawyers, bullshit artists and con-men can go into subprime lending or telemarketing, and so forth. You can be a very successful legitimate businessman instead of a crook with some fairly small adjustments in your choice of victim and methodology.
So as a rule those we have left in the actual criminal class tend to be irredeemably stupid, the kind who pull stunts like this -- and who would not learn anything useful by reading the story, since they lack the ability to generalize the lesson.
So the Secret Service just happened to be listening to the tech support line, hoping to recognize a criminal voice? I believe this is what they call a "buried lead" - the story should be, Secret Service Listens to Tech Support Lines. I assume, perhaps naively, that the secret service was listening in on the hope that their thief would call, and that they therefore had a warrant, but this un-addressed bit of the story is disturbing to me. My first question was "how did the Secret Service agent hear the voice to begin with?" Maybe he was moonlighting as a phone support monkey.
And here I thought getting printer drivers from HP was tough.
Reminds me a bit of former UK pop star Gary Glitter. His career ended in tatters after a PC World technician discovered child porn on his PC while repairing it. Easily the best example of why criminals shouldn't call tech support (especially when you keep incriminating evidence on your bloody computer...)
I write bullshit
10 years for stealing a printer? Seems a little harsh.
The Kruger Dunning explains most post on
I don't get it, can you Show Me?
music lover since 1969
This is funny and all. But I can't help but wonder how often this kind of thing goes on that we aren't aware of and is perpetrated by non-Darwin candidates. I mean, news is only "news" when it's interesting and unusual (given that it's usually reported by a for-profit institution).
"What kind of music do pirates listen to?" -Paul Maud'dib
"Yeeeaaarrrrr n' Bee!!" -Stilgar, Leader of Sietch Tabr
A company that sells and services printers used to make state IDs has the secret service on speed dial. So if you get a random person calling up and asking for drivers for a particular unit, and you know that one of them has been stolen recently, and the guy is calling from a private line, you put him on hold and call the feds.
A positive result from calling vendor tech support! And resolution in record time!
Free Adam Smith! (Or best offer.)
Had he been able to get the printer working with his computer, he probably would've promptly made a posting to his local Facebook network reading: "HAY GUYS I CAN HOOK YOU UP W/ FAKE ID LOL" and been busted anyway.
Yeah, all laws, prisons and police should be secret and all trials be held in the Star Chamber.
idiot
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
I'll rephrase it for you: "Guy calls customer service for a company that makes printers designed to print government-issued IDs, and customer service has been alerted that one of their printers has been reported stolen. Customer service forwards call log to government agency by request and they provide it to FBI and SS." This isn't like someone stealing an HP LaserJet -- there are a limited number of these printers in service, and the government tends to keep very good track of them.
I remember a few years back when a group of preps and jocks from the local private school were busted for selling fake IDs. These kids' mommies and daddies had their bank accounts stuffed well enough for them to afford to properly produce, en mass, said IDs. The fakes were so perfectly manufactured that the only way anyone ever caught on is that the drunken little snobs failed to spell "license" correctly!
"He who can destroy a thing, controls a thing." --Paul Atreides, Dune
FACT: neither the article part of the Slashdot page contains the word "laptop", nor does any of the arstechnica.com page contain such. I'm honestly not sure where you're coming from with this; however, control+F happens to fail when the author's of a document do not actually use the terms you searched for (laptop and portable). Desktops are not exactly hard to steal. If he looked like he's supposed to be "moving" the computer, and if he didn't look nervous, he might have done it almost effortlessly. Not to mention the little cart things with the plastic covers that you see in the movies that they do have at office-like places, some of which are already carrying neglected, obsolete computer equipment, so even if the curtains were only partially covering the equipment, it would blend in. If you've ever been to the DMV in the Northeast or otherwise, all their equipment is dirty with black grime, obsolete, and slow. They only seem to upgrade it when it fails. This may save money in terms of equipment but certainly not in terms of man hours when you're paying for operators to essentially wait an hour each time the computer has to load and then just relay you the information. It seems like everything else in this world is advanced enough to not require a paid operator, except the stuff that the state has to pay for.
At this particular university the networking equipment we had (DEC repeaters) didn't have the subnetting capabilities to split nthe "business" side of the network from the "student" side of the network. Thus, until the network equipment was to be upgraded over the following summer, students were required to have an Intel, 3Com, or Xircom NICs to reduce the chance of some off-brand card storming the network. Of course, this rule was unpopular with students since these cards tended to cost a bit more than the PowerPipes cards available at Best Buy's bargain bin for $4.99. We kept track of the MAC addresses of students' cards to avoid the "Hey, let me borrow your MAC address" and also had a table that we updated with the first 3 pairs of octets in the MAC address. So, to say we enforced this policy with due diligence is an understatement.
The machines we had for the people who conducted university business were also equipped with 3Com cards. We always inventoried these machines upon arrival and saved the MAC addresses in the database as well to keep people from borrowing one from the lab machines. Yes, the process was annoying and, as I said, it was eliminated once the network equipment was replaced.
My boss, the helpdesk manager, tried in vain to search the repeaters for the missing lab machine's MAC address. Finally, one Friday about 2 weeks after the computer disappeared we decided to try again on a lark.
Bingo! We found the machine coming off of a port in one of the residence halls. A quick call to the university police and we were on our way over to the room where the MAC address was currently being used.
The guy who was in the room at the time denied having stolen anything and granted the officer permission to search. The officer gave me the go-ahead to open the student's machine and, lo and behold, there was the NIC with our MAC address on it (3Com does an excellent job of putting it top-center for easy reference). The student said that he purchased the card from a store and that it was his and that this whole thing was a huge misunderstanding...
After that the student was arrested on the spot. Last I heard he was expelled and was ordered to pay back the $1500 cost of the machine (he had taken a few choice parts and tossed the rest. It was a Gateway; I would have done the same).
It just goes to show that even the smart ones get caught from time to time. If you're going to steal technology it's probably best to get the hell out of dodge after doing so and NOT call tech support or, in this case, plus a stolen NIC into the network.
"This food is problematic."
So, why did the Secret Service have a tap on this guy's line? Or was the tap on Digimarc?
Short apparently couldn't stop thinking about it, as he broke down and called Digimarc for support--twice--a couple of days later asking whether he would be able to obtain printer drivers. Secret Service Special Agent John Bush told IDG that he recognized Short's voice on the recording from another, unrelated investigation and that the phone number that Short had provided matched up to another identity theft case. Here's another tip for thieves: don't use your regular phone number for all of your crimes. Get a business line or something.
(Dripping sarcasm mode off)
Seriously, this story does illustrate the importance of computer literacy by users and corporations alike, and the consequences of ignorance. If this guy had bought the machine at one of the many auctions corporations and governments around the world use to dump unwanted machines, the chances are that the machine would have been just as loaded with personal information usable in an identity theft scam and just as in need of special drivers to unlock it. In this case, the guy is almost certainly not innocent, but next time an innocent might easily be unfairly accused and convicted of holding sensitive (or classified) information. Remember, auctioned and resold disks frequently have such information. I believe studies have reported 30% of disks bought had highly valuable commercial information either exposed or in an easily recoverable form, and that classified information has been occasionally exposed this way.
It also shows the importance behind training tech support staff at companies to be aware of social engineering techniques, as that has always been - and remains - the greatest weakness. Technological weaknesses are commonplace but have limited value in comparison. (The possible exception was a report some years back that reporters were finding that they could war-dial banks and access the main computers without needing a username or password. However, I believe that in most cases, that problem has been consigned to the trash heap of history.)
Finally, it shows the US needs a better class of thief. ("Huh???") Throughout history, security has been considered a political tool, not a social or technical one, until after the fact of it being defeated. The evolution of locks from a simple key to the medieval "thief lock" (you turned the key backwards - turning it forwards would make it impossible to unlock unless you knew how to release a catch in the lock) to the Yale lock's deadlocking mechanism to some of the highly sophisticated locks of today were all driven by thieves forcing the pace of progress. If we'd waited for companies to progress on their own, we'd still be waiting for the lock to be invented.
However, security isn't just about malicious intent. The Internet Worm demonstrated that accidental releases of buggy software can cause widespread havoc. Security that is incapable of containing unintentional potential disasters is just as problematic as security that is incapable of containing malicious persons. As software has become more sophisticated and powerful, the need for better security against bugs has grown. However, the implementation of such security does not really exist. Where security exists, it exists because of the malicious users. Buggy software is often dismissed as a hazard of the trade, whether it crashes a hard drive, a multi-billion dollar rocket or a high-speed semi-autonomous or fully-autonomous UAV.
(Here, I'm including writing better software as better security, as programmers seem allergic to the idea that they should be writing far cleaner code than they are. Bugs are supposedly inevitable, but I'm not convinced that that is true in general or even in the specific cases where bugs have caused serious problems. Any integrated test worth a damn should pick up whether one module is using feet and another is using miles, whatever NASA might say. A recent report on a UAV crash cited a console crash. Fault-tolerance and High Availability, anyone? If a full Linux OS takes 5 seconds to boot from cold, then that is the maximum time for a cold standby swi
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I'm making a note here: HUGE SUCCESS
The 'Stainless steel Rat' series is a fun series about a far future criminal.
At one point, early in his career, he decides to get thrown in jail to learn from the criminals.
After getting in jail, he realizes that the stupid criminals are in jail. So he leaves.
Only the most sensational crimes, or the most stupid of criminals gets any note.
"security has been considered a political tool, not a social or technical one, until after the fact of it being defeated. "
That's false.
"Bugs are supposedly inevitable, but I'm not convinced that that is true in general or even in the specific cases where bugs have caused serious problems."
I believe that in complex systems, bugs are inevitable... initially.
I also know coders who use that as an excuse tow rite sloppy code.
I also know with enough proper testing the bugs can be completely eliminated. Proper testing includes testing a confined set of parameters making it impractical for the PC. Again, I see that used as an excuse for sloppy code.
The Kruger Dunning explains most post on
This is Slashdot, we don't have room for reasonable discourse!
The Kruger Dunning explains most post on
Who is Neilson? [grin]
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
What everybody should know better by now that:
...to the attention of an automated Secret Service agent, who recognized his voice from real time voiceprinting all maior-telco domestic calls
Can't print a drivers license without the drivers. Can't get drivers without a drivers license.
Because if this one had any clue, he would have used Knoppix to boot the thing and see what was on it, or even run OPHCRACK on it to crack the admin password. I've found the OPHCRACK to be remarkably effective.
And the drivers for the Digimarc printer, I did a google search and they do make it hard to find drivers. But if the method I outlined in the last paragraph was used, there'd be no need to get the driver.
Stupid criminals! But I guess that's redundant.
Sure it was a dumb mistake and it's kinda funny, but c'mon... why keep showing how people are getting caught.
If it was never reported that anyone ever got caught, then more people may try it. For example look at the early days of Napster and KazZa. Now that people are getting caught, people are either stopping, or using other harder to detect methods. KazZa and Limewire are big no-no's, but who do you know who has been busted for bringing an iPod to a friends house and swapping files like my kids do. iPods and friends houses often equal copyright violations. Chance of getting caught is very slim. If through some magic, they busted every 10th kid who did this, the chilling effect on the remaining 90% would be swift as they flee to find something else safer to do.
The truth shall set you free!
Odds are, with a $10 usb 2.5" drive caddy, he could have removed all of the data that he needed from the unencrypted hard drive. Or he could have booted into one of those nifty live cds with cracking tools installed.
I see you have never been asked to recover an IBM laptop with hard drive encryption turned on.
http://www.pc.ibm.com/us/security/securecomm.html
Some agencies who have had high profile data leaks of consumer data now require it. It is effective. A live CD will simply show the entire hard drive is really encrypted. It is handled in hardware. The fix for a lost password is to toss the drive and replace it or spend lots of time on the chance you might brute force it. With a secure key, your chances are slim.
FYI the new version of Ubuntu supports full hard drive encryption! Use the alternative installer. You too can protect your laptop from data disclosure in a theft.
The truth shall set you free!
One of my buddies is a cop and recently went out to serve his first warrant. The suspect had a Dell machine he'd lifted from his former employer over two years ago. His mistake was calling Dell tech support, where the serial number was on the stolen list. Dell called the local cops. The doofus might have gotten away with it if he'd waited another six months or so, either because Dell would have dropped the entry from their stolen list or the locals would have done something similar.
the way you spelled it there's no 'r' in either tag :p
My Babylon
Is there some sort of web site where all the cool slashdoters (I know, an oxymoron) hang out and discuss what tags they are going to use or something?
I mean, I just can't believe that a load of people randomly typed "!darwinawardunlesshedies" so that it became one of the most popular tags for this article unless you are all discussing it somewhere without letting me in on it.
I want to be invited to the party god damn it!
You will forget this sig before you next see it