walkitout (walkitout) wrote,
walkitout
walkitout

Complaining about _When Gadgets Betray Us_

First, a quick trip to wikipedia should reassure everyone that Malaysia and Indonesia are not the same place.

Back in March of 2005, there were reports of a very, very unpleasant carjacking that happened in a suburb of Kuala Lumpur. Which is in Malaysia.

http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm

Slightly more detail can be found here:

http://groups.yahoo.com/group/beritamalaysia/message/76677

The good news is, Mr. Kumaran survived his ordeal, altho he did lose his car and his right index finger.

In _When Gadgets Betray Us_, Vamosi inaccurately summarizes this incident as follows:

"A group of young carjackers in Indonesia, for instance, will, out of frustration when confronted with a state-of-the-art biometric-protected luxury auto, simply cut off the victim's index finger and use the severed digit's fingerprint to steal the vehicle." (about location 140 in the kindle edition)

This story sets off my "Really? Prove it." meter. Hard. I cannot speak to whether this actually happened (fake news makes it into the press all the time, but some implausible things do turn out to be true), much less whether it happened more than once, in more than one location. What I _can_ say is that it's easy to find details about this one incident in Malaysia -- and impossible to find information about the same gang doing this a second time, much less some other gang pulling the same crime in Indonesia. Sensible thieves don't try to steal Mercedes; there's just no point. These were uninformed thieves, and one assumes that once they understood the issues, they went and picked on more readily defeatable luxury autos instead.

It's completely impossible to convince me that it happened repeatedly in Indonesia and I just failed to find coverage of it. For one thing, my initial searches included the word "Indonesia".

When someone is getting all wound up and oratorical, it's extremely easy to take a single incident and generalize it. Sometimes, that works out really well. If you're sitting in the left turn lane and the guy behind you swerves out and takes the left turn around you WHILE THE LIGHT IS RED and you tell the story of all these people who swerve out from behind the law-abiding driver to take an illegal left turn on a red light, who is going to argue with you? But when it's cutting off a finger to steal a biometric protected luxury car? No. You do not get to generalize this.

This was preceded by a series of stories about people following GPS directions and doing stupid things (driving off the road, into the path of a train, etc.). Which is Not Good, truly. However, I remember the world before GPS, and people drove off the road and into the path of etc. all too often back then, too. I Am Not Impressed.

I'll keep reading. For now.

ETA: Oh, and that fingerprint scanner on the car? Aftermarket.

If nothing else, it is incomprehensible to me that anyone with the resources to have biometric security on their luxury auto (aftermarket) would leave it there in the wake of the first report of this kind of thing happening.

ETAYA: I may not make it much further.

The very next sentence is:

"In another take on this criminal realm, a streetwise thug in Prague who today uses a laptop with software downloaded from the Internet to steal cars is essentially no smarter than the thief who used a screwdriver and a pair of scissors to hot-wire a car ten years ago."

Without getting into the screwdriver and the pair of scissors, take a look at this:

http://www.asktheadmin.com/2007/08/can-you-steal-car-with-just-laptop.html

There's some reason to think that anyone actually pulling this off is really quite intelligent, if indeed they can do it at all.

ETA Still more:

"The consequences of having a tollbooth transponder monitor our daily comings and goings escapes most of us -- until a divorce lawyer ..."

Having just read that LA Times coverage of the guy saved from likely prison time by electronic bread crumbs, I'm not so sure that worrying about how to eliminate bread crumbs is what all of us would want to be doing.

ETA (and yes, there will probably be more):

http://www.thinkspain.com/news-spain/19702/police-break-luxury-car-theft-gang

I got kind of curious about how people go about stealing really expensive cars.

"It appears that the thieves choose the cars they are going to steal then follow the owners in the vehicles to their homes, breaking in during the early hours of the morning to take the keys and steal the car."

This makes a lot more sense. If you're just stealing to drive it somewhere, or to part it out, you're going to pick something common and easy. If you're picking high value, you might as well take the project seriously and just lift the keys first. Much, much easier than all this breaking encryption crap.

People who _write_ about hacking get all wrapped up in pseudo-hysteria about the technical details, which they (often as not) get wrong, because they trust some hustler who is exaggerating his accomplishments. People who actually intend to accomplish a goal go about it in a methodical way that makes sense psychologically (you know, rifling through a wallet in search of where the person writes down their ATM PINs).

This is a really terrible book. I think the most annoying part is the assumption that we should OBVIOUSLY fortify and hide and behave in a paranoid and besieged fashion. It's like the guy has no idea that lots of people still leave their houses unlocked. You know, like in Canada.

ETA Really, you'll laugh at this one: He thinks that instead of all this high tech stuff, we should be careful of the neighborhood we park in, park in well-lit areas and ... wait for it ... use The Club.

Bwahh ha ha ha ha.

Suggesting LoJack, I might take seriously (really seriously, actually). But The Club? It is to laugh.

ETA Another Day and Still More Complaints:

"Tobias and a colleague once demonstrated before a live audience how he could open a $100 Medeco-brand lock in a matter of minutes. ... Medeco has refused to acknowledge his feat publicly."

Why should they?

http://hackaday.com/2009/05/22/marc-weber-tobias-vs-medeco/

Minutes = NINE minutes. Who gets _NINE FUCKING MINUTES_ of time to pick a lock without someone interrupting you? Where is your Medeco lock that you get _NINE FUCKING MINUTES_ to mess with it without someone coming along, noticing you, backing away slowly and calling 911? Even _slow_ police response times will get there in plenty of time to stick your ass in a place with locks _and_ guards.

"These hundred-dollar locks are used to safeguard embassies and even the White House." Yeah, and Marines and the Secret Service, too. The lock is there to slow you down. And it does. It slows the very best, most dedicated guy out there down for nine minutes. That is a very long time for a young man (or woman) with significant armament and backup to approach you.

More relevantly, if you are now worried about having one of these $100 locks on your front door, think about this: rock, meet window. That's about 5 seconds. Alternatively, Sawzall, meet typical residential wall. That's a few minutes -- and louder.

This is exactly the same as the laptop-to-steal-a-car thing: someone who tried to duplicate that on their own car was approached by a cop for loitering near a car with a laptop. When you are thinking about security, you cannot think about the technology in the absence of humans.

"How many of you know that an ordinary Bic ballpoint pen was enough to defeat the popular Kryptonite brand U-locks used on bicycles?"

Not any more.

http://en.wikipedia.org/wiki/Kryptonite_lock

My husband has actually replicated this particular feat on old-style locks and when you bring the subject up, he'll rattle off other bike lock peculiarities. Young men leave MIT but MIT does not leave young men, even when they are middle-aged.
Tags: not-a-book-review
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 0 comments