Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stealing Laptops For Class Credit

Posted by timothy on from the for-bonus-points-assassinate-the-prof dept.

First time accepted submitter core_tripper writes "Students at the University of Twente have stolen thirty laptops from various members of the university's staff. They were not prosecuted for this, so they could just get on with their studies. Indeed, these students even received ECTS credits for these thefts. UT researcher Trajce Dimkov asked the students to steal the machines as part of a scientific experiment. Stealing these laptops turned out to be a pretty simple matter."

15 of 138 comments (clear)

  1. Looks like a familiar contest. by sethstorm · · Score: 4, Interesting

    This sounds like Pwn2Own taken to the next (and otherwise illegal) level. In this case, it looks like they were auditing physical security amongst other things.

    --
    Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
    1. Re:Looks like a familiar contest. by daedae · · Score: 5, Interesting

      Two relevant anecdotes from when I was in college:

      1) In an artificial life course we got to propose our own semester project. One guy wanted to write a worm, but the professor was afraid that his tenure would not be enough to protect his job if the worm got out of hand.

      2) One faculty member that taught a computer security course used to make the offer that anybody who could successfully access his gradebook and change their grade could have the higher grade. He stopped doing this after students switched from trying to electronically break in to just casing his house.

    2. Re:Looks like a familiar contest. by stephanruby · · Score: 5, Informative

      This sounds like Pwn2Own taken to the next (and otherwise illegal) level .

      They did not do anything illegal. They technically didn't trespass, they had prior permission from the University Security office. And they technically didn't steal anything but loaner laptops that had been loaned out to staff for the express purpose of this experiment.

      The only reason you think they might have done something illegal is because of this phrase in the summary: "They were not prosecuted for this, so they could just get on with their studies." And the fact is, this sentence is just poorly worded (by the original non-native English author), and they were not prosecuted for this, not because of some weird altruist reason given by the University. The real reason they were not prosecuted is because they were given prior permission to do this experiment by the University Security office itself (and furthermore, the laptops they were stealing had been supplied by the grad student who wanted them stolen in the first place).

      So in all regards, this seems like this was a well executed experiment. And it goes without saying that you should get prior permission before doing any kind of penetration testing or security audit. And ideally, such a permission should be clearly spelled out and obtained in writing, since executives have been known to go back on their word with security auditors once they find out how bad their security really is.

      Also note that sometimes, con artists will recruit people to steal things for them under the guise of having them doing a security audit, so if you're going to participate in such an audit yourself, you better be damn sure that the person who's asking you to do such an audit is really the person they're claiming to be (and even if they are, that they're not setting you up for a theft that they've already committed themselves).

  2. More details on the marking scheme please! by martin-boundary · · Score: 5, Funny

    Suppose one of the students followed his friend around to see how he stole a laptop, and then later copied the method? Would he get credit, or be marked down for plagiarism?

  3. Re:outsourced cleaners with poor English don't kno by mooingyak · · Score: 4, Funny

    I have used social engineering to get past people that can speak the English real good,

    Have you used it on anyone who could speak English really well?

    --
    William of Ockham had no beard. The most likely explanation is that it was chewed off by squirrels every morning.
  4. Re:Security without security? by RyuuzakiTetsuya · · Score: 4, Insightful

    They were testing whether or not the staff followed good practices with physical security.

    --
    Non impediti ratione cogitationus.
  5. Re:Security without security? by Telvin_3d · · Score: 4, Interesting

    From the description, I suspect the notification was more along the lines of "If you catch a student stealing a laptop, see if they are on this list before you call the cops" and not "sure, they can take whatever they want"

  6. Re:Security without security? by KevMar · · Score: 4, Insightful

    I think its just the opposite. They didn't tell them to let the students steal the laptops, they let them know in advance that if they catch someone taking the laptop that it may be legit. Just by mentioning this would have made it harder because laptop theft would be on the security teams mind making it easier to spot.

    --
    Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
  7. Re:Why stop? by OhSoLaMeow · · Score: 5, Funny

    That's an odd name for a dog.

    --
    They can take my LifeAlert pendant when they pry it from my cold dead fingers.
  8. Re:Why stop? by Anonymous Coward · · Score: 5, Informative

    Cat's are perfectly capable of learning their own names. They simply don't give a fuck when you use it.

  9. Re:Security without security? by Darinbob · · Score: 4, Funny

    Of course, it would be a good scam to tell security that it's a class project anyway. Then after all the laptops are missing and don't show up again, they look up your name and find out you're not a professor and are nowhere to be found.

  10. Re:Why stop? by MightyYar · · Score: 5, Funny

    Of course cats can learn their name! How else would they be able to spitefully ignore you?

    --
    W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  11. Re:Laptops are easy. by Skyshadow · · Score: 4, Interesting

    I work for a large company, large enough that I see people I don't recognize on our campus every single day.

    Two years ago this weekend (Presidents Day, which is a holiday at our office) we had an enterprising thief roll a cart around our office around 5 PM on Friday, loading up laptops. Of course, by then most everyone had skipped out for their long weekend, but if someone was in the office he'd tell them it was for the "weekend virus scanner upgrade", promising people that their machines would be back on Tuesday morning.

    I don't know this part for a fact -- our security people and management don't talk about this at all -- but I've heard it enough that I believe it: When someone objected to having their laptop taken, he'd act irritated and ask why they "didn't reply to any of the emails about the upgrade" and then make a show of updating his clipboard -- he'd collect the asset tag from the machine, office number and actually get the person to sign on the line.

    I have no idea how many machines he made off with, but it was enough that we all had to suffer new BS security procedures for a year afterword. I would imagine that you could do this at pretty much any big office and get away with it.

    --
    Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
  12. Re:Why stop? by NotQuiteReal · · Score: 4, Funny

    ...speaking of food, I still think that as long as there are hungry people in the world, there is no such thing as an unwanted pet.

    --
    This issue is a bit more complicated than you think.
  13. Re:"Human behavior" by mattie_p · · Score: 5, Informative

    I assume you mean a citation for the Spielburg anecdote. Unfortunately, it is exaggerated. Read more here: http://www.snopes.com/movies/other/spielberg.asp