Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Khaki Bandit Strikes At IT - 130 Stolen Laptops

Posted by Zonk on from the not-my-portable-device dept.

destinyland writes "'The khaki bandit' posed as an office worker at several corporations and successfully stole over 130 laptops which he later sold on eBay. The ease of theft from the corporate offices (including FedEx and Burger King) shows just how bad corporate security can be. In some cases, the career thief just walked into the office behind an employee with a security badge. Two million laptops were stolen just in 2004, and of those 97 percent were never recovered. Ultimately it was the corporate headquarters of Outback Steakhouse who caught the thief with a bugged laptop that notified them when he re-connected it to the internet."

13 of 249 comments (clear)

  1. Look at the way many people treat their laptops by elrous0 · · Score: 5, Insightful
    Considering the cavalier way many people treat laptops and projectors, I'm not surprised. No one would think of leaving $3000-$4000 in cash just laying around in the open. But I've seen plenty of people where I work leave brand new laptops and projectors sitting out in the open, unattended for long periods.

    In fact, just a couple of weeks ago, one of our directors went on vacation and left his laptop and projector just sitting on the conference room where he had last used it (a large, wide-open conference room used by hundreds of outside people each week). They sat there for several days before anyone noticed.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
    1. Re:Look at the way many people treat their laptops by tommeke100 · · Score: 5, Insightful

      people don't care when they don't have to pay for it.
      It's the same at our company. You wouldn't believe the state some of our laptops are after just a couple of months. cracked screens, missing keyboard keys, full of spyware, coffee spilled all over it, ....
      I don't think ppl would treat their laptops that poorly if they had to pay for it.

    2. Re:Look at the way many people treat their laptops by Anonymous Coward · · Score: 2, Insightful

      Gods know that either understanding & fixing the problem or asking someone knowledgeable would be too hard or make him look weak.

      He did fix the problem in a way that was suitable to him. And he's the guy who uses the laptop and must've been happy with his cheap fix. I'm sure that in whatever field he's a professor in, he probably doesn't make fun of you for not understanding something. He probably wouldn't even make fun of your poor choice of words with "Gods know".

      Yours is a problem that many people have. Once you understand something, you can't understand how someone else doesn't understand that problem. Different strokes for different folks.

  2. Re:if he was so smart by $RANDOMLUSER · · Score: 3, Insightful

    ...after taunting his victim from a payphone, the victim dialed *69, and Almly was arrested...
    Yeah, smart.
    --
    No folly is more costly than the folly of intolerant idealism. - Winston Churchill
  3. Laptops are easy by necro81 · · Score: 4, Insightful

    For the bold and motivated thief, walking in and then out with a laptop is easy. Just look like you are supposed to be there. Slipping it into a briefcase helps with the illusion.

    On the other hand, someone waltzed off with a 24" LCD monitor from the desk of a co-worker not long ago. His office was the furthest in from the door, so someone needed to be particularly bold to go all the way in, disconnect the monitor, and walk back out. No one saw him either, which is impressive considering the size of the load he was carrying. It's a lot harder to look and act natural about carrying a large monitor than a laptop.

    1. Re:Laptops are easy by crafton · · Score: 3, Insightful

      are you sure it wasn't the co-worker that stole it?

  4. To quote discworld... by Tacobowl8 · · Score: 3, Insightful

    "If the theives guild invested in blue overalls with Al on them, they could get away with anything." Social engineering IS one of the easiest to exploit security holes. It isn't much of a surpise that laptops were stolen using this technique.

  5. Re:if he was so smart by Anonymous Coward · · Score: 3, Insightful

    They don't really go into details about it, but this might be something in the NIC chip or something else ingeniously specific to the hardware.

    I doubt it. Most likely they got lazy and just cleaned XP without reinstalling leaving the rooted snitchkit to do it's thing. I guess if large access provider like T-Mobile's Hotspot had the MAC Address of a taken machine and a process to report to the right person it's presence on the network it could be traced. I also don't think MS is checking MAC addresses gathered from WGA against any criminal databases. Maybe an app on a separate, untouched partition and autorun but a simple drive wipe would've taken that out.

    If you did devise a way for a MAC device to "call home" without user action then it would be easy to take the next step and turn it into a kick ass DDOS bot, something I don't think most device companies would risk.

  6. Not really news by Opportunist · · Score: 4, Insightful

    I was working in a high security environment. You know, the whole thing with magnetic cards, guards sitting there and watching people going in and out of the building, timestamps everywhere, in short, the company knew down to a second where you've been all day.

    Or rather, where your key card has been.

    You guess what happened? Exactly. One of those cards was stolen, one of the high level IT cards to boot, and the thief just waltzed in and went out with 2 servers. Nobody bothered to ask him what he's doing there. He has access to highly sensitive areas, so why bother asking why he's hauling around servers. That's his job, you know?

    When nobody is supposed to do something, nobody expects anything's wrong when someone does what isn't supposed to be done. Especially in a high rotation hire and fire environment. Do you think anyone would question it when you put on a uniform and a trainee button and just go behind the counter of some fast food restaurant? Just tell everyone you're the new guy and avoid the manager.

    It works.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Not really news by everphilski · · Score: 2, Insightful

      I was working in a high security environment. You know, the whole thing with magnetic cards, guards sitting there and watching people going in and out of the building, timestamps everywhere, in short, the company knew down to a second where you've been all day.

      A couple of things:
      1) add a photo.
      2) add name, company affiliation and division.
      2) add personal information on the flipside. My badge has my height / eye color / hair color.
      (Back when I worked for the Army, it also had things like the contract I was on, weight, etc.)
      This requires either (a) modification of the card or (b) the thief to pick off someone very similar, and dress the part. Not to mention rote memorization. When I enter and leave where I work, I don't just have to wave the RFID over the door, there is a guard who physically inspects my badge, seeing if I look like the guy and match the description on the back.

      That, IMO, is about as good as you can get, short of a DNA sample every time you come to work. You need to be able to match a keycard to a person, you need multiple facets to make a unique match.

    2. Re:Not really news by everphilski · · Score: 2, Insightful

      Only helps the thief knowing where to go and what security level he has.

      Not really, in my case anyways, I'm a contractor so I work in a mixed facility with a bunch of other companies on several projects. It's easy for a guard to flip over the badge and interrogate you. Knowing the contract and company name will not help you find my desk :) In a smaller company setting, which I guess you were percieving, you would have more limited data. to work with, but there is still data to be had. Title, tenure, etc.

      I agree with you that some physical inspection by a person is the ONLY way this can be avoided. But try to convince a suit that they should hire new people for something a machine can do. Well, the machine can't, but it's good enough for standard situations.

      Part of it is skewed, I guess, because I work on a military arsenal. Every car gets stopped with guys with guns, and everyone in the car hands over a badge to the guy with the gun. No badge, you turn around, and yes, they carefully inspect the badge.

      I can see a small business having problems coughing up money for physical security, and large businesses trying to preserve the bottom line, but if you think about it, if your IP is truly valuable to you then spending some money on physical security is a requisite. Some people just have to learn the hard way.

  7. Re:Thieves aren't that smart... by antifoidulus · · Score: 2, Insightful

    Is the real money nowadays even in just pawning the computer as quick as you can? I would guess that nowadays, esp. in the corporate world, the data is often worth more than the device itself. I'm surprised more enterprising thieves haven't either held the data ransom or sold it to someone else. But then again, as you point out, thieves aren't necessarily the brightest bulbs in the box....

    --
    Monstar L
  8. Re:Thieves aren't that smart... by Ours · · Score: 2, Insightful

    They are smart. Image the complexity of ransom. How do you get paid without getting traced? Who do you contact (1800-OUTBACKRAMSON)? How do you know what's important and what's not?
    It's probably safer to steal bigger volume for a small profit. People watch too much TV.

    --
    "You superiour intellect is no match for our puny weapons" - The Simpsons