Stealing Laptops For Class Credit 138
First time accepted submitter core_tripper writes "Students at the University of Twente have stolen thirty laptops from various members of the university's staff. They were not prosecuted for this, so they could just get on with their studies. Indeed, these students even received ECTS credits for these thefts. UT researcher Trajce Dimkov asked the students to steal the machines as part of a scientific experiment. Stealing these laptops turned out to be a pretty simple matter."
Looks like a familiar contest. (Score:5, Interesting)
This sounds like Pwn2Own taken to the next (and otherwise illegal) level. In this case, it looks like they were auditing physical security amongst other things.
Re:Looks like a familiar contest. (Score:5, Interesting)
Two relevant anecdotes from when I was in college:
1) In an artificial life course we got to propose our own semester project. One guy wanted to write a worm, but the professor was afraid that his tenure would not be enough to protect his job if the worm got out of hand.
2) One faculty member that taught a computer security course used to make the offer that anybody who could successfully access his gradebook and change their grade could have the higher grade. He stopped doing this after students switched from trying to electronically break in to just casing his house.
Re:Security without security? (Score:5, Interesting)
From the description, I suspect the notification was more along the lines of "If you catch a student stealing a laptop, see if they are on this list before you call the cops" and not "sure, they can take whatever they want"
Re:"Human behavior" (Score:4, Interesting)
It doesn't mention whether the cleaners or caretakers knew the people they were letting in or not.
Given that the University has 9,000 students and 3,300 faculty/staff, and that they were 60 attempts of thefts (only 30 of which succeeded). And given that this experiment was conducted in the context of a security audit, I doubt that the successful cases were all due the cleaners actually knowing the student (may be some of them knew some of the students, but surely not all of them did, and in at least one case, the student got to the laptop just because the door was found unlocked when the door was supposed to be locked).
Besides, "knowing" someone and building rapport can be faked in an extremely short amount of time. For instance, when Steven Spielberg was still a teenager, he got into the Universal Studios through a guided tour, but when he left the Studio that night, he escaped from the guided tour, he dressed himself up in a suit, and he made a point to address the guard on his way out by his first name. After that night, he was able to go back and forth through that security checkpoint as long as that same guard was there, no questions asked. He was wearing the right uniform, a suit, plus the guard "knew" him from the previous day.
Re:Laptops are easy. (Score:5, Interesting)
I work for a large company, large enough that I see people I don't recognize on our campus every single day.
Two years ago this weekend (Presidents Day, which is a holiday at our office) we had an enterprising thief roll a cart around our office around 5 PM on Friday, loading up laptops. Of course, by then most everyone had skipped out for their long weekend, but if someone was in the office he'd tell them it was for the "weekend virus scanner upgrade", promising people that their machines would be back on Tuesday morning.
I don't know this part for a fact -- our security people and management don't talk about this at all -- but I've heard it enough that I believe it: When someone objected to having their laptop taken, he'd act irritated and ask why they "didn't reply to any of the emails about the upgrade" and then make a show of updating his clipboard -- he'd collect the asset tag from the machine, office number and actually get the person to sign on the line.
I have no idea how many machines he made off with, but it was enough that we all had to suffer new BS security procedures for a year afterword. I would imagine that you could do this at pretty much any big office and get away with it.
Well done (Score:4, Interesting)
I once gave my undergrad students a similar assignment where they had to each score an ounce of weed for me.
It was also a great success and provided them with an important life lesson about society and individual liberty. Or something.
The Dean of my department at the time was not amused, though he did think the sticky red bud was the bomb.
I had (Score:2, Interesting)
heard of laptops being stolen from large businesses by people dressed and acting like UPS/delivery/IT personel. These types of people are generally ignored. Act as if you belong there and people will think you do, even though they have never seen you before.
The most sucessful ones that I had heard of had dressed themselves as delivery people and walked in with a 2 wheel cart with empty boxes on it. The boxes were not empty when the walked out again.