Forgot your password?
typodupeerror
Security Government Portables The Courts Hardware News

The Khaki Bandit Strikes At IT - 130 Stolen Laptops 249

Posted by Zonk
from the not-my-portable-device dept.
destinyland writes "'The khaki bandit' posed as an office worker at several corporations and successfully stole over 130 laptops which he later sold on eBay. The ease of theft from the corporate offices (including FedEx and Burger King) shows just how bad corporate security can be. In some cases, the career thief just walked into the office behind an employee with a security badge. Two million laptops were stolen just in 2004, and of those 97 percent were never recovered. Ultimately it was the corporate headquarters of Outback Steakhouse who caught the thief with a bugged laptop that notified them when he re-connected it to the internet."
This discussion has been archived. No new comments can be posted.

The Khaki Bandit Strikes At IT - 130 Stolen Laptops

Comments Filter:
  • by elrous0 (869638) * on Tuesday October 30, 2007 @08:26AM (#21169627)
    Considering the cavalier way many people treat laptops and projectors, I'm not surprised. No one would think of leaving $3000-$4000 in cash just laying around in the open. But I've seen plenty of people where I work leave brand new laptops and projectors sitting out in the open, unattended for long periods.

    In fact, just a couple of weeks ago, one of our directors went on vacation and left his laptop and projector just sitting on the conference room where he had last used it (a large, wide-open conference room used by hundreds of outside people each week). They sat there for several days before anyone noticed.

    • by tommeke100 (755660) on Tuesday October 30, 2007 @08:31AM (#21169679)
      people don't care when they don't have to pay for it.
      It's the same at our company. You wouldn't believe the state some of our laptops are after just a couple of months. cracked screens, missing keyboard keys, full of spyware, coffee spilled all over it, ....
      I don't think ppl would treat their laptops that poorly if they had to pay for it.
      • Re: (Score:2, Interesting)

        by Chosen Reject (842143)
        A few years ago I was working in IT for a university. One of the professors didn't like the buttons by the touchpad because he would bump it with his palms while typing and end focus would change to some other app. So instead of disabling the touchpad, he just broke the buttons off. That was fun to explain to the Dell rep when he had some other hardware problems that needed to be replaced.
        • by Nimey (114278)
          Gods know that either understanding & fixing the problem or asking someone knowledgeable would be too hard or make him look weak.

          I hope you got his supervisor to LART him well.
          • Re: (Score:2, Insightful)

            by Anonymous Coward
            Gods know that either understanding & fixing the problem or asking someone knowledgeable would be too hard or make him look weak.

            He did fix the problem in a way that was suitable to him. And he's the guy who uses the laptop and must've been happy with his cheap fix. I'm sure that in whatever field he's a professor in, he probably doesn't make fun of you for not understanding something. He probably wouldn't even make fun of your poor choice of words with "Gods know".

            Yours is a problem that many people
            • by beef curtains (792692) on Tuesday October 30, 2007 @01:36PM (#21174433)

              He did fix the problem in a way that was suitable to him. And he's the guy who uses the laptop and must've been happy with his cheap fix.

              In this scenario, it doesn't matter that his solution was "suitable to him", or that "he's the guy who uses the laptop"...the fact of the matter is that he doesn't OWN the laptop, the university does. So basically he borrowed the laptop and broke it to suit his whims. That's generally not acceptable.

              If you lent your laptop to a friend, and he brought it back with buttons crudely torn out because they were getting in his way, would you commend him on his clever workaround? Likely not (unless you have very little regard for your valuable belongings).

              I'm sure that in whatever field he's a professor in, he probably doesn't make fun of you for not understanding something.

              It sounds like the GP understands quite clearly: this professor damaged university property. If I was a student in this professor's class, and decided one day to demolish his overhead projector because it was blocking my view of the whiteboard (assuming professors still use overhead projectors & whiteboards...if not, substitute your own analogy ;) ), would he be wrong to be upset with me? Or would his displeasure merely demonstrate his lack of understanding?

              He probably wouldn't even make fun of your poor choice of words with "Gods know".

              Ah, the ad hominem attack...I now feel that I might be feeding a troll. Oh well, I've typed too much to delete it all, so I soldier on....

              Yours is a problem that many people have. Once you understand something, you can't understand how someone else doesn't understand that problem. Different strokes for different folks.

              Once again, I fail to see the GP's "problem"...he's stating that this professor damaged university property. Are either one of us missing something? "Different strokes for different folks" is completely invalid in this situation; the professor's "strokes" violated the ownership rights (and probably the terms of use) of the "folks" who owned the laptop.

        • by mikael (484)
          I feel like that about the power switch on my laptop when it runs Linux. An ordinary user can no longer power down the system by typing "shutdown", but the slightest tap to the power button, and shut down mode is activated automatically. No grace period, no "Are you sure, please confirm", no "System is shutting down in 10 seconds, press [XX] to cancel". It's just "The system is shutting down now" and the desktop just disappears , goes back to the command line and that's it - system is off.
          • Re: (Score:3, Informative)

            by vivian (156520)
            Mabey you want to consider changing the powerdown options n your laptop's BIOS.
      • by hodet (620484)
        We had a user check it with her luggage on a flight. She was shocked when it didn't come around on the conveyor belt with her suitcase. :-)
        • Re: (Score:3, Interesting)

          by cayenne8 (626475)
          "We had a user check it with her luggage on a flight. She was shocked when it didn't come around on the conveyor belt with her suitcase. :-)"

          Now while I wouldn't every check mine, due to concerns over damage/rough handling, and the fact that I like to 'play' with my laptop while flying....I'd not automatically think it would be quickly stolen as checked luggage.

          I'm hoping stolen luggage is a fairly rare thing? I've had luggage lost, but, never had anything permanently taken from me.

          This is a pretty sad

    • by Four_One_Nine (997288) on Tuesday October 30, 2007 @08:32AM (#21169689) Journal
      Apparently in most business we trust most people to not steal laptops, projectors, LCD monitors, etc.

      However it seems that NOWHERE in corporate America does any company trust it's employees (at least the male ones) to not steal the paper towels out of the mens room. The dispenser is ALWAYS locked up !

      • Re: (Score:3, Funny)

        by j-pimp (177072)

        It seems that NOWHERE in corporate America does any company trust it's employees (at least the male ones) to not steal the paper towels out of the mens room. The dispenser is ALWAYS locked up !

        It really comes down to the fact that paper towel technology has reached the point that the right balance of security and usability has been achieved. In IT we have to pick an extreme.

      • by Hoi Polloi (522990) on Tuesday October 30, 2007 @09:31AM (#21170447) Journal
        We must keep paper towels out of the hands of terrorists. Even the janitor's closet has better security than most offices.

        Seriously though, companies will take you to court over stealing a few hundred bucks worth of equipment but if you rob the company blind with sleazy accounting, incompetence, and outright robbery as an executive you get let go with millions in severance.
        • by metlin (258108)

          Seriously though, companies will take you to court over stealing a few hundred bucks worth of equipment but if you rob the company blind with sleazy accounting, incompetence, and outright robbery as an executive you get let go with millions in severance.
          Hey. Be nice to Stan O'Neal.
    • by Bodrius (191265)
      Yeah, it's amazing how people have different expectations about the vulnerability of property vs untraceable cash.

      I've even seen 30K+ vehicles parked on the street for HOURS, where anyone could pick them up with some minimal effort!

      • by Buran (150348)
        At least it's gotten a lot harder to just make a wax key impression. My car won't start up without the right chip from the right key, but of course you could still drag it onto a flatbed truck and steal it that way. Sad thing these days is that people are so jaded to screaming alarms that they don't call 911 if they see a car, alarm screaming, being hauled on a flatbed. We see crime right under our noses and we're too lazy to care.
        • s/lazy/desensitized
          • by Buran (150348)
            I'm not sure what's with that weird syntax, but I really think laziness is a big part of the problem. We can't be bothered to expend any effort on anyone other than ourselves. 'it's not my car, why should I go to the effort to give a damn what someone is going to have to go through now?'
  • $150 a laptop? (Score:2, Interesting)

    by andy.ruddock (821066)
    From the article "Over the years he'd pocketed at least $20,000", which comes to a mere $153.85.
    No wonder eBay shoppers were happy with the deals they got.
  • Laptops are easy (Score:5, Insightful)

    by necro81 (917438) on Tuesday October 30, 2007 @08:37AM (#21169741) Journal
    For the bold and motivated thief, walking in and then out with a laptop is easy. Just look like you are supposed to be there. Slipping it into a briefcase helps with the illusion.

    On the other hand, someone waltzed off with a 24" LCD monitor from the desk of a co-worker not long ago. His office was the furthest in from the door, so someone needed to be particularly bold to go all the way in, disconnect the monitor, and walk back out. No one saw him either, which is impressive considering the size of the load he was carrying. It's a lot harder to look and act natural about carrying a large monitor than a laptop.
  • by Tastecicles (1153671) on Tuesday October 30, 2007 @08:38AM (#21169759)
    ...I work in a shop on occasion, and the number of stolen laptops that come through with people trying to sell them to us is simply mind-boggling. I'm not talking about pissy little Pentiums, either, these are the latest, greatest in portable number crunching. Some have passwords on them as their only real identifying feature (the serial numbers and Microsoft licenses are usually scratched off), which I tell the seller is not possible to circumvent (in some cases they're not, being on the BIOS rather than the OS). Other tricks they have is coming in claiming they've lost or wrecked the power adapter (how convenient) and need a cheapo universal one. Sure, I'll sell them the universal brick but they're not testing the thing in the store.

    Net bugs are a good thing to have, I think (got one on here), particularly given the plentiful supply of open wireless points in most large cities now. Turn on machine, bug sends data burst, thief is cornered. Hell, he doesn't even need to physically connect to a network these days.
    • Other people who aren't smart: those who don't realize it's possible to bypass "BIOS passwords".
      • by dintech (998802) on Tuesday October 30, 2007 @08:59AM (#21170033)
        It's a bit unfair to see he's not smart. It's just a piece of knowledge you have that he doesn't. And yes, I know knowledge is power...
        • He also has no qualms about breaking social rules we take for granted. We assume everyone in our nice, cozy workspace is friendly and professional and that everyone we meet in business attire must be ok. He just took advantage of that trust and those assumptions people make. It wasn't just smarts he had but a lack of shame and empathy for others.
          • Re: (Score:3, Interesting)

            by idontgno (624372)

            It wasn't just smarts he had but a lack of shame and empathy for others.

            There's a phrase that's rattled around in my (mostly empty) head. It was used in some piece of literature I read a mammal's age ago, describing the nature of such a person. In lieu of, or in addition to, what we've been calling "smarts".

            That phrase seemed to perfectly capture the essence of such a person.

            "Low animal cunning."

            I like it.

    • Re: (Score:3, Insightful)

      by antifoidulus (807088)
      Is the real money nowadays even in just pawning the computer as quick as you can? I would guess that nowadays, esp. in the corporate world, the data is often worth more than the device itself. I'm surprised more enterprising thieves haven't either held the data ransom or sold it to someone else. But then again, as you point out, thieves aren't necessarily the brightest bulbs in the box....
      • Re: (Score:3, Insightful)

        by Ours (596171)
        They are smart. Image the complexity of ransom. How do you get paid without getting traced? Who do you contact (1800-OUTBACKRAMSON)? How do you know what's important and what's not?
        It's probably safer to steal bigger volume for a small profit. People watch too much TV.
  • by Tacobowl8 (1175465) on Tuesday October 30, 2007 @08:40AM (#21169791)
    "If the theives guild invested in blue overalls with Al on them, they could get away with anything." Social engineering IS one of the easiest to exploit security holes. It isn't much of a surpise that laptops were stolen using this technique.
  • This sounds like something Ricky and Julian, er, I mean Cory and Trevor would pull
  • Obviously laptops and similar technology are the most desirable things to snatch in the workplace, but this is by far a new story, and old fashion thieves still steal old fashioned things.

    We had a thief walk in one day and snatch a purse right off a desk 3 feet from me. I wasn't at my desk at the time. The thief walked right out the front door and even nodded to the receptionist, who noticed him as unusual and didn't recognize him but didn't see the purse. She did remember it was a man and that's about
    • Re: (Score:3, Interesting)

      by Hoi Polloi (522990)
      I knew a woman who was a researcher at MIT in a biochem lab. Before MIT refurbished its biochem labs they were wide open. Anyone could walk into almost any room. Grad students were notorious for being lax about security. The local bums and thieves also knew this and would wander in and steal student's purses, wallets, laptops, etc. One day she came in and found that someone had rifled through a fridge full of bacteria in liquid media. Good thing for them they didn't think it was free Hi-C and guzzle i
  • ID cards... (Score:3, Interesting)

    by Veetox (931340) on Tuesday October 30, 2007 @09:10AM (#21170163)
    ...are really not enough for security. I work at a building that I need keycard access to, but cards eventually become worn and some break so that they cannot be displayed anymore, and the company won't pay for a new one every time that happens. So there are two results: People don't wear them explicitly, and people don't question who they are letting into the front door behind them. I'm personally in favor of having a guard stationed at a single entry, at least for larger buildings; someone who can recognize people's faces and can be held responsible for stopping people he doesn't know. ...There's the danger of him being an asshole, but I'd be willing to take that chance.
    • by itsdapead (734413)

      There's the danger of him being an asshole

      ...there's also the danger of the guy he doesn't recognize and challenges being an asshole that goes to the same golf club at the CEO. It only takes a few SIPs* to throw a hissy fit after being rightly denied entry and the security staff, unless adequately defended by the management, will stop bothering and/or just hassle anybody that doesn't look like a big shot.

      (* Self-Important-Persons)

    • There is the case where there are a thrid party person to fix whatever... There have been cases where I was to fix a printer and I realized that I needed to bring it to the office for more diagonostics (aka I don't know what is wrong and have the experts take a look at it) So I tell the manager and walk out with the printer and no one stops to ask me or checks with managers I just walk right our without having an ID Card Becase I just sign the guest list going in. And the security guard asks me if I know wh
    • by un1xl0ser (575642)
      The problem here may be the technology (if the card wear or failure rate is very high). In the end your company just has to suck up the costs and deal with it. The idea of having someone who recognizes everyone doesn't scale, doesn't work when you have many entrances and doesn't work well when you terminate someone.
  • Not really news (Score:5, Insightful)

    by Opportunist (166417) on Tuesday October 30, 2007 @09:22AM (#21170305)
    I was working in a high security environment. You know, the whole thing with magnetic cards, guards sitting there and watching people going in and out of the building, timestamps everywhere, in short, the company knew down to a second where you've been all day.

    Or rather, where your key card has been.

    You guess what happened? Exactly. One of those cards was stolen, one of the high level IT cards to boot, and the thief just waltzed in and went out with 2 servers. Nobody bothered to ask him what he's doing there. He has access to highly sensitive areas, so why bother asking why he's hauling around servers. That's his job, you know?

    When nobody is supposed to do something, nobody expects anything's wrong when someone does what isn't supposed to be done. Especially in a high rotation hire and fire environment. Do you think anyone would question it when you put on a uniform and a trainee button and just go behind the counter of some fast food restaurant? Just tell everyone you're the new guy and avoid the manager.

    It works.
    • Re: (Score:3, Insightful)

      by everphilski (877346)
      I was working in a high security environment. You know, the whole thing with magnetic cards, guards sitting there and watching people going in and out of the building, timestamps everywhere, in short, the company knew down to a second where you've been all day.

      A couple of things:
      1) add a photo.
      2) add name, company affiliation and division.
      2) add personal information on the flipside. My badge has my height / eye color / hair color.
      (Back when I worked for the Army, it also had things like the contract
      • 1) Only helps if someone actually cares to look at said picture.
        2) Only helps the thief knowing where to go and what security level he has.
        2 (the other 2) See 1.

        I agree with you that some physical inspection by a person is the ONLY way this can be avoided. But try to convince a suit that they should hire new people for something a machine can do. Well, the machine can't, but it's good enough for standard situations.

        What suits don't seem to get is that security ONLY deals with non-standard situations. As lon
        • Re: (Score:3, Insightful)

          by everphilski (877346)
          Only helps the thief knowing where to go and what security level he has.

          Not really, in my case anyways, I'm a contractor so I work in a mixed facility with a bunch of other companies on several projects. It's easy for a guard to flip over the badge and interrogate you. Knowing the contract and company name will not help you find my desk :) In a smaller company setting, which I guess you were percieving, you would have more limited data. to work with, but there is still data to be had. Title, tenure, etc.
  • by farker haiku (883529) on Tuesday October 30, 2007 @09:23AM (#21170315) Journal
    I couldn't find the post asking how the guy was caught (i.e. what software), but here you go.
    FTA:
    Larry Brass, the Tampa Police detective who arrested Eric Almly this spring, says he's not permitted to endorse a particular product. But he says if Outback's laptops were not outfitted with software called Computrace LoJack for Laptops, made by Absolute Software, there is "no question" Almly would be walking free today.

    Here is how it works: after a computer is stolen, the victim notifies Absolute's recovery team. When the thief accesses the Internet via that computer, the Computrace software on his computer silently broadcasts information that allows the team to determine his physical location.

    With a street address in hand, police can make an arrest. The corporate version of the software gives subscribers the ability to remotely delete sensitive information from a computer.
    • by Anne_Nonymous (313852) on Tuesday October 30, 2007 @09:40AM (#21170591) Homepage Journal
      >> how the guy was caught

      It was an Outback Steak-Out.
    • Re: (Score:3, Informative)

      by madigan82 (1179493)
      We have Computrace installed on over 5,000 laptops in the field. It is installed in the BIOS so a simple format won't get rid of it. In fact, if they format it, the BIOS agent actually reinstalls the OS agent. One thing they don't mention is that you need to file a police report on the stolen laptop first before you can track it. But it works nice. We've had several that were "stolen" to wind up at the user's house or a friend's house. Not sure if any were actually ever stolen though since I don't han
    • by jollyreaper (513215) on Tuesday October 30, 2007 @12:33PM (#21173421)

      With a street address in hand, police can make an arrest. The corporate version of the software gives subscribers the ability to remotely delete sensitive information from a computer.
      Laptops are only worth a few thousand bucks, a reputation is priceless. I say put Sony batteries in the fuckers. Once you have the thief pegged, send a remote command to detonate. Nobody but nobody is going to steal from you after you blow up a thief. And if you've got a webcam built into the thing, put his final moments on youtube.
  • by sootman (158191) on Tuesday October 30, 2007 @09:47AM (#21170683) Homepage Journal
    Ultimately it was the corporate headquarters of Outback Steakhouse who caught the thief with a bugged laptop that notified them when he re-connected it to the internet.

    Which is funny as hell, because I've read several times on Slashdot (sorry, no time to search) about people who have their laptops set to do just that, but when they inform the police that their laptop is in use by a customer of this ISP with that IP address, they're told to go pound sand, that the police don't have time to go catch criminals that you can lead them to. It's trivial--especially with MacBooks--to have it send you not only the IP address but a picture of the theif if you want--but it seems to do no good.

    Maybe the thing to do would be to get laptop insurance and then have the info emailed to the insurance company.
    • Re: (Score:3, Interesting)

      by anticypher (48312)
      Which goes to show the difference in professionalism between an individual with l33t hacking skills and a corporation that does bugging/tracking as a business model.

      The tracking companies hire ex-police detectives to speak "cop" when asking for an investigation to be opened with a police force. They are experienced in providing testimony before a court, filing paperwork, and saying the right thing to the right person to start a case. You, and all of slashdot, really, REALLY, want to maintain the current sit
  • by internetcommie (945194) on Tuesday October 30, 2007 @10:05AM (#21171007)
    It consists of never buying new equipment unless it is absolutely necessary, and then buying second-hand if at all possible.
    If a thief made it into the building and walked out with all the computers here, he might make $150 on ebay if lucky.
    But he'd be more likely to just get a hernia.
  • by LoudMusic (199347) on Tuesday October 30, 2007 @10:11AM (#21171095)
    Somehow I have a hard time believing 2,000,000 laptops were stolen in a single year. That's nearly 5,500 per DAY. I don't think Dell even move than many laptops in a day. And I don't know a single person, personally, who had their laptop stolen. Ever. Where do these numbers come from? Are people just reporting stolen laptops for insurance claims? And now they have two laptops?
    • Re: (Score:3, Funny)

      My bad. My friend and I have a competition to see how many times we steal this one laptop from each other. Everytime he goes to the bathroom I grab it from his cubicle...that's probably throwing the numbers off.
  • What this guy did I've done many times. Sure I didn't steal anything but using this tactic to get the advantage over others is dead easy. for example... long line in front of a store selling the new Wii "sorry, passing trough - sorry i work here." and 5 minutes later I walked out with my wii while others spend hours waiting. It just takes a certain aura really when people see you walk by they have to think "he belongs here" you'd be surprised how easily I can cut a line in a attraction park wearing a old
    • by Buran (150348)
      So you're the asshole who flies down the lane that's closing and forces me to slam on my brakes as I pass the huge flashing LED arrow and the orange and white construction barrels. Thanks, prick.
    • If there's one thing worse than someone who "leeches" off of the foibles of everyone else, it's the person who brags about doing so.

      I pity you & maybe when you're on your deathbed dying alone because you've spent your selfish life screwing everyone else over to the point that they don't want to know you, maybe you'll understand what living *WITH* other people is really about.

  • by SnarfQuest (469614) on Tuesday October 30, 2007 @11:08AM (#21171995)
    This is another case of an illegal wiretap of American citizens! They did not get a warrent from the FISA court before installing the software on his laptop, making it completely illegal. This is an abuse of private citizens by an overzealous government! This poor fellow should be immediately freed, his criminal history cleared, and an apology with monetary reimbursements for his trouble! The owners of the Outback Steakhouse should immediately be imprisoned for casuing this travesty of justice!
  • The university I work for requires that all devices used on campus have their MAC addresses registered. If a device is reported stolen we can then find out which switch port or AP the thing is connected to. I've recovered several notebooks this way for users who had been ripped off by someone on campus.

In order to get a loan you must first prove you don't need it.

Working...