This website does readability filtering of other pages. All styles, scripts, forms and ads are stripped. If you want your website excluded or have other feedback, use this form.

Schneier on Security: Blog Entries Tagged kidnapping

Schneier on Security

Blog > Entries by Tag >

Entries Tagged “kidnapping”

Page 1 of 2

Worst-Case Thinking Breeds Fear and Irrationality

Here's a crazy story from the UK. Basically, someone sees a man and a little girl leaving a shopping center. Instead of thinking "it must be a father and daughter, which happens millions of times a day and is perfectly normal," he thinks "this is obviously a case of child abduction and I must alert the authorities immediately." And the police, instead of thinking "why in the world would this be a kidnapping and not a normal parental activity," thinks "oh my god, we must all panic immediately." And they do, scrambling helicopters, searching cars leaving the shopping center, and going door-to-door looking for clues. Seven hours later, the police eventually came to realize that she was safe asleep in bed.

Lenore Skenazy writes further:

Can we agree that something is wrong when we leap to the worst possible conclusion upon seeing something that is actually nice? In an email Furedi added that now, "Some fathers told me that they think and look around before they kiss their kids in public. Society is all too ready to interpret the most innocent of gestures as a prelude to abusing a child."

So our job is to try to push the re-set button.

If you see an adult with a child in plain daylight, it is not irresponsible to assume they are caregiver and child. Remember the stat from David Finkelhor, head of the Crimes Against Children Research Center at the University of New Hampshire. He has heard of NO CASE of a child kidnapped from its parents in public and sold into sex trafficking.

We are wired to see "Taken" when we're actually witnessing something far less exciting called Everyday Life. Let's tune in to reality.

This is the problem with the "see something, say something" mentality. As I wrote back in 2007:

If you ask amateurs to act as front-line security personnel, you shouldn't be surprised when you get amateur security.

And the police need to understand the base-rate fallacy better.

Posted on November 18, 2018 at 1:12 PMView Comments

Kidnapping Fraud

Fake kidnapping fraud:

"Most commonly we have unsolicited calls to potential victims in Australia, purporting to represent the people in authority in China and suggesting to intending victims here they have been involved in some sort of offence in China or elsewhere, for which they're being held responsible," Commander McLean said.

The scammers threaten the students with deportation from Australia or some kind of criminal punishment.

The victims are then coerced into providing their identification details or money to get out of the supposed trouble they're in.

Commander McLean said there are also cases where the student is told they have to hide in a hotel room, provide compromising photos of themselves and cut off all contact.

This simulates a kidnapping.

"So having tricked the victims in Australia into providing the photographs, and money and documents and other things, they then present the information back to the unknowing families in China to suggest that their children who are abroad are in trouble," Commander McLean said.

"So quite circular in a sense...very skilled, very cunning."

Posted on May 29, 2018 at 9:31 AMView Comments

Virtual Kidnapping

This is a harrowing story of a scam artist that convinced a mother that her daughter had been kidnapped. More stories are here. It's unclear if these virtual kidnappers use data about their victims, or just call people at random and hope to get lucky. Still, it's a new criminal use of smartphones and ubiquitous information.

Reminds me of the scammers who call low-wage workers at retail establishments late at night and convince them to do outlandish and occasionally dangerous things.

Posted on October 17, 2016 at 6:28 AMView Comments

Bizarre High-Tech Kidnapping

This is a story of a very high-tech kidnapping:

FBI court filings unsealed last week showed how Denise Huskins' kidnappers used anonymous remailers, image sharing sites, Tor, and other people's Wi-Fi to communicate with the police and the media, scrupulously scrubbing meta data from photos before sending. They tried to use computer spyware and a DropCam to monitor the aftermath of the abduction and had a Parrot radio-controlled drone standing by to pick up the ransom by remote control.

The story also demonstrates just how effective the FBI is tracing cell phone usage these days. They had a blocked call from the kidnappers to the victim's cell phone. First they used a search warrant to AT&T to get the actual calling number. After learning that it was an AT&T prepaid Tracfone, they called AT&T to find out where the burner was bought, what the serial numbers were, and the location where the calls were made from.

The FBI reached out to Tracfone, which was able to tell the agents that the phone was purchased from a Target store in Pleasant Hill on March 2 at 5:39 pm. Target provided the bureau with a surveillance-cam photo of the buyer: a white male with dark hair and medium build. AT&T turned over records showing the phone had been used within 650 feet of a cell site in South Lake Tahoe.

Here's the criminal complaint. It borders on surreal. Were it an episode of CSI:Cyber, you would never believe it.

Posted on July 29, 2015 at 6:34 AMView Comments

The Eighth Movie-Plot Threat Contest

It's April 1, and time for another Movie-Plot Threat Contest. This year, the theme is Crypto Wars II. Strong encryption is evil, because it prevents the police from solving crimes. (No, really -- that's the argument.) FBI Director James Comey is going to be hard to beat with his heartfelt litany of movie-plot threats:

"We're drifting toward a place where a whole lot of people are going to be looking at us with tears in their eyes," Comey argued, "and say 'What do you mean you can't? My daughter is missing. You have her phone. What do you mean you can't tell me who she was texting with before she disappeared?"

[...]

"I've heard tech executives say privacy should be the paramount virtue," Comey said. "When I hear that, I close my eyes and say, 'Try to imagine what that world looks like where pedophiles can't be seen, kidnappers can't be seen, drug dealers can't be seen.'"

(More Comey here.)

Come on, Comey. You might be able to scare noobs like Rep. John Carter with that talk, but you're going to have to do better if you want to win this contest. We heard this same sort of stuff out of then-FBI director Louis Freeh in 1996 and 1997.

This is the contest: I want a movie-plot threat that shows the evils of encryption. (For those who don't know, a movie-plot threat is a scary-threat story that would make a great movie, but is much too specific to build security policies around. Contest history here.) We've long heard about the evils of the Four Horsemen of the Internet Apocalypse -- terrorists, drug dealers, kidnappers, and child pornographers. (Or maybe they're terrorists, pedophiles, drug dealers, and money launderers; I can never remember.) Try to be more original than that. And nothing too science fictional; today's technology or presumed technology only.

Entries are limited to 500 words -- I check -- and should be posted in the comments. At the end of the month, I'll choose five or so semifinalists, and we can all vote and pick the winner.

The prize will be signed copies of the 20th Anniversary Edition of the 2nd Edition of Applied Cryptography, and the 15th Anniversary Edition of Secrets and Lies, both being published by Wiley this year in an attempt to ride the Data and Goliath bandwagon.

Good luck.

Posted on April 1, 2015 at 6:33 AMView Comments

Hiding a Morse Code Message in a Pop Song

In Colombia:

The team began experimenting with Morse code using various percussion instruments and a keyboard. They learned that operators skilled in Morse code can often read the signals at a rate of 40 words per minute ­ but played that fast, the beat would sound like a European Dance track. "We discovered the magic number was 20," says Portela. "You can fit approximately 20 Morse code words into a piece of music the length of a chorus, and it sounds okay."

[...]

Portela says they played with the Morse code using Reason software, which gives each audio channel or instrument its own dedicated track. With a separate visual lane for certain elements, it was possible to match the code to the beat of the song -- and, crucially, blend it in.

Hiding the Morse code took weeks, with constant back-and-forth with Col. Espejo and the military to make sure their men could understand the message. "It was difficult because Morse code is not a musical beat. Sometimes it was too obvious," says Portela. "Other times the code was not understood. And we had to hide it three times in the song to make sure the message was received."

Posted on February 2, 2015 at 7:01 AMView Comments

Organized Crime in Ireland Evolves As Security Increases

The whole article is interesting, but here's just one bit:

The favoured quick-fix money-making exercise of the average Irish organised crime gang had, for decades, been bank robberies. But a massive investment by banks in branch security has made the traditional armed hold-up raids increasingly difficult.

The presence of CCTV cameras in most banks means any raider would need to be masked to avoid being identified. But security measures at the entrances to many branches, where customers are admitted by staff operating a buzzer, say, means masked men can now not even get through the door.

By the middle of the last decade, cash-in-transit vans delivering money to ATMs were identified by gangs as the weak link in the banks’ operations. This gave rise to a huge number of armed hold-ups on the vans.

However, in recent years the cash-in-transit companies have followed the example of the banks and invested heavily in security technology. Most vans carrying money are now heavily protected by timing devices on safes in the back of the vans, with staff having access to only limited amounts of cash at specific times to facilitate their deliveries.

These security measures have led to a steady decline in robberies on such vans in the past five years.

But having turned from bank robberies to armed hold-ups on cash vans, organised crime gangs have once again changed tack and are now engaging in robberies with hostage-taking.

Known as “tiger raids”, the robberies involve an organised crime gang kidnapping a family member or loved one of a person who has access to cash because of their work in a bank or post office.

Family members are normally taken away at gunpoint, threatened with being shot and or held until the bank or post-office worker goes to their work place, takes a ransom sum and leaves it for the gang at a prearranged drop-off point.

The Garda has worked closely with the main banks in agreeing protocols for such incidents. The main element of that agreement is that banks will not let money leave a branch, no matter how serious the hostage situation, until gardaí have been notified. A reaction operation can then be put in place to try and catch the gang as they collect the ransom.

These protocols have been relatively successful and seem to be deterring tiger raids targeting bank workers.

However, gangs are now increasingly targeting post offices in the belief that security protocols and equipment such as safes are not as robust as in the banking sector.

Most of the tiger raids now occurring are targeting post-office staff, usually in rural areas.

The latest raid occurred just last week, when more than €100,000 was taken from a post office in Newcastle West, Co Limerick, when the post mistress’s adult son was kidnapped at gunpoint and released unharmed when the ransom was paid.

Posted on July 8, 2011 at 6:19 AMView Comments

Registry of Cell Phone Owners

In Mexico:

Also Tuesday, the Senate voted to create a registry of cell phone owners to combat kidnappings and extortions in which gangs often use untraceable mobile phones to make ransom demands.

Telecoms would be required to ask purchasers of cell phones or phone memory chips for their names, addresses and fingerprints, and to turn that information over to investigators if requested.

At present, unregulated vendors sell phones and chips for cash from streetside stands. It is unclear how such vendors would be made to comply with the new law.

How easy is it to steal a cell phone? I'm generally not impressed with security measures, especially expensive ones, that merely result in the bad guys changing their tactics.

Posted on December 22, 2008 at 12:01 PMView Comments

1 2 Next→

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.