Monday, June 01, 2009

Pick Any Lock, Fleece Any Flock

You would like to believe in a world that is safe from terrorists, thieves, spies, and busybodies. But that would not be the truth. There is no lock that cannot be hacked. The security procedures of governments, corporations, and homes is more of a convenient fiction than a reality.
Tobias thinks of himself as a humble public servant. When he attacks the Kryptonite bike lock or the Club (or those in-room safes at Holiday Inn or Caesars Palace), he's not a bad guy—he's just Ralph Nader with a slim jim, protecting consumers by exposing locks, safes, and security systems that aren't actually locked, safe, or secure. At least, not from people like him.

The problem, if you're a safe company or a lock maker, is that Tobias makes it all public through hacker confabs, posts on his Security.org site, and tech blogs like Engadget. He views this glasnost as a public service. Others see a hacker how-to that makes The Anarchist Cookbook read like Betty Crocker. And where Tobias sees a splendid expression of First Amendment rights, locksmiths and security companies see a criminal finishing school. Tobias isn't just exposing problems, they say. He is the problem.

But forget bike locks and hotel room safes: These days, Tobias is attacking the lock famous for protecting places like military installations and the homes of American presidents and British royals...

...Kids study Tobias' online video, crack the lock off Dad's Glock, and put holes in things that shouldn't have them. Enterprising junkies embark on habit-feeding crime waves. Hotel rooms, no longer secure, become magnets for burglary and rape. High school truants walk the halls shimming combination locks off rows of lockers. Crime gangs use Tobias' case study to copycat the 2003 Antwerp diamond heist, while tech terrorists simply co-opt the master list of Marc Weber Tobias problems to outwit America's Keystone Kop-homeland security and generally blow stuff up. The world is unzipped. And our innocence—not to mention a good deal of our cash, jewelry, and portable electronics—is lost.

Tobias shrugged off such concerns, along with the hate mail. Scaring citizens to attention is part of his educational program. "Do you really think ignorance will keep you safe?" he asks. "Is it even an option?" ...

..."It's not about me. It's about what these locks protect," Tobias says. "Medeco locks are the best in the world—that's why they're used by the Pentagon, the embassies. These agencies believe that the locks can't be picked in under 15 minutes, that they can't be bumped, that you can't trace keys onto plastic. It's the definition of high security—and it's wrong! We proved it."

"Look," he says, taking it down a few notches. "If we can do it, so can the bad guys. Medeco needs to acknowledge it and let the locksmiths know it—and the DOD, FBI, CIA, Secret Service, and all their clients." _Wired
And so we are left with a world without security. Nothing is safe, not really. But if that is true, are we not better off knowing the facts and learning to take the necessary precautions? Is it not past time for us to outgrow our psychological neoteny, and to move through our rites of passage into adulthood?

That is when the fun really starts.

No comments: