The Khaki Bandit Strikes At IT - 130 Stolen Laptops 249
destinyland writes "'The khaki bandit' posed as an office worker at several corporations and successfully stole over 130 laptops which he later sold on eBay. The ease of theft from the corporate offices (including FedEx and Burger King) shows just how bad corporate security can be. In some cases, the career thief just walked into the office behind an employee with a security badge. Two million laptops were stolen just in 2004, and of those 97 percent were never recovered. Ultimately it was the corporate headquarters of Outback Steakhouse who caught the thief with a bugged laptop that notified them when he re-connected it to the internet."
Look at the way many people treat their laptops (Score:5, Insightful)
In fact, just a couple of weeks ago, one of our directors went on vacation and left his laptop and projector just sitting on the conference room where he had last used it (a large, wide-open conference room used by hundreds of outside people each week). They sat there for several days before anyone noticed.
Re:Look at the way many people treat their laptops (Score:5, Insightful)
It's the same at our company. You wouldn't believe the state some of our laptops are after just a couple of months. cracked screens, missing keyboard keys, full of spyware, coffee spilled all over it,
I don't think ppl would treat their laptops that poorly if they had to pay for it.
Re:if he was so smart (Score:4, Insightful)
Laptops are easy (Score:5, Insightful)
On the other hand, someone waltzed off with a 24" LCD monitor from the desk of a co-worker not long ago. His office was the furthest in from the door, so someone needed to be particularly bold to go all the way in, disconnect the monitor, and walk back out. No one saw him either, which is impressive considering the size of the load he was carrying. It's a lot harder to look and act natural about carrying a large monitor than a laptop.
To quote discworld... (Score:3, Insightful)
Re:Laptops are easy (Score:3, Insightful)
Re:if he was so smart (Score:3, Insightful)
I doubt it. Most likely they got lazy and just cleaned XP without reinstalling leaving the rooted snitchkit to do it's thing. I guess if large access provider like T-Mobile's Hotspot had the MAC Address of a taken machine and a process to report to the right person it's presence on the network it could be traced. I also don't think MS is checking MAC addresses gathered from WGA against any criminal databases. Maybe an app on a separate, untouched partition and autorun but a simple drive wipe would've taken that out.
If you did devise a way for a MAC device to "call home" without user action then it would be easy to take the next step and turn it into a kick ass DDOS bot, something I don't think most device companies would risk.
Not really news (Score:5, Insightful)
Or rather, where your key card has been.
You guess what happened? Exactly. One of those cards was stolen, one of the high level IT cards to boot, and the thief just waltzed in and went out with 2 servers. Nobody bothered to ask him what he's doing there. He has access to highly sensitive areas, so why bother asking why he's hauling around servers. That's his job, you know?
When nobody is supposed to do something, nobody expects anything's wrong when someone does what isn't supposed to be done. Especially in a high rotation hire and fire environment. Do you think anyone would question it when you put on a uniform and a trainee button and just go behind the counter of some fast food restaurant? Just tell everyone you're the new guy and avoid the manager.
It works.
Re:Not really news (Score:3, Insightful)
A couple of things:
1) add a photo.
2) add name, company affiliation and division.
2) add personal information on the flipside. My badge has my height / eye color / hair color.
(Back when I worked for the Army, it also had things like the contract I was on, weight, etc.)
This requires either (a) modification of the card or (b) the thief to pick off someone very similar, and dress the part. Not to mention rote memorization. When I enter and leave where I work, I don't just have to wave the RFID over the door, there is a guard who physically inspects my badge, seeing if I look like the guy and match the description on the back.
That, IMO, is about as good as you can get, short of a DNA sample every time you come to work. You need to be able to match a keycard to a person, you need multiple facets to make a unique match.
Re:Thieves aren't that smart... (Score:3, Insightful)
Re:Thieves aren't that smart... (Score:3, Insightful)
It's probably safer to steal bigger volume for a small profit. People watch too much TV.
Re:Not really news (Score:3, Insightful)
Not really, in my case anyways, I'm a contractor so I work in a mixed facility with a bunch of other companies on several projects. It's easy for a guard to flip over the badge and interrogate you. Knowing the contract and company name will not help you find my desk
I agree with you that some physical inspection by a person is the ONLY way this can be avoided. But try to convince a suit that they should hire new people for something a machine can do. Well, the machine can't, but it's good enough for standard situations.
Part of it is skewed, I guess, because I work on a military arsenal. Every car gets stopped with guys with guns, and everyone in the car hands over a badge to the guy with the gun. No badge, you turn around, and yes, they carefully inspect the badge.
I can see a small business having problems coughing up money for physical security, and large businesses trying to preserve the bottom line, but if you think about it, if your IP is truly valuable to you then spending some money on physical security is a requisite. Some people just have to learn the hard way.
Re:Look at the way many people treat their laptops (Score:2, Insightful)
He did fix the problem in a way that was suitable to him. And he's the guy who uses the laptop and must've been happy with his cheap fix. I'm sure that in whatever field he's a professor in, he probably doesn't make fun of you for not understanding something. He probably wouldn't even make fun of your poor choice of words with "Gods know".
Yours is a problem that many people have. Once you understand something, you can't understand how someone else doesn't understand that problem. Different strokes for different folks.