Entertaining video of a guy openly “stealing” his bike from various locations in Manhattan as people either ignore him entirely or offer hints on technique.

I’d argue that the more brazen the effort, the more likely people are to assume he’s authorized to be performing the activity. This is Social Engineering at a (street-level) societal scale. People assume those around them share the same basic value system, even when the evidence (the fact that he’s seemingly stealing the bike) is clearly in opposition to their beliefs.

There has also been a lot of study by psychologists to understand the Bystander Effect, in which people (usually in densely populated areas) will ignore even the most egregious behavior. This phenomenon was made famous, much of it driven by attempts to understand how, when Kitty Genovese was stabbed to death in the streets of Manhattan in 1964, 38 witnesses didn’t call the police or make any effort to help.

Or maybe he just happened to pick sections of Manhattan inhabited entirely by bike thieves.

I don’t actually know what the slang term for a 2 AUD coin is, but thanks to Bruce Schneier’s blog posting on an insider thief at the Australian Mint, I know that the prison term for stealing 130,000 AUD worth of them is three years in the Big House.

A judge has criticised security at the Royal Australian Mint while jailing a worker who stole more than $130,000 by hiding new $2 coins in his boots and lunchbox.

Justice Terry Connolly, in the ACT Supreme Court, said William Grzeskowiac had committed a significant breach of trust over a long period, and sent him to prison for three years, with a non-parole period of 18 months.

But Justice Connolly also criticised security at the mint, saying he was amazed a theft on this scale could happen.

When security fails, I’m not amazed; I’m interested.

The first question that comes to mind is, How much would it have cost to mitigate the risk of employee theft?

I’ll assume that there’s already physical security in place, so adding a couple of metal detectors, at $5,500 USD each (with free shipping!) is only $11,000 USD.

Even assuming that there were multiple points of entry into the mint, that’s still only $11,000 USD per entry point. If the metal detectors mean adding one guard per entry point, plus a floater or two to cover lunches and bathroom breaks, that’s probably a fully-loaded cost of $30-35,000 USD per entrance per year.

Compared to the value of the money the Mint produces each year, $137 million AUD in FY 2004-2005, that’s not much money for a significant countermeasure.

Going back to the news story…

Justice Connolly also said he was amazed the mint could give no indication of just how many coins had actually gone missing.

“I would like to think those working at the other mint factory printing $100 notes might be subject to a better system of security,” he said.

I don’t know why he was amazed. The Mint’s accounting system probably began when the coins left the manufacturing process. Until they crossed that threshold, probably the point at which the coins were packed into rolls and therefore getting turned into $100 units, they were probably considered to be raw metal and therefore valued as rolls of sheet metal, or however the base inputs to coin stamping are accounted for.

So why did he do it?

Justice Connolly said just why Grzeskowiac stole the coins was not clear.

Grzeskowiac said it started out of a sense of grievance following an argument with his boss and ended up as a challenge that produced a sense of empowerment. A psychological report said he was motivated by a need for security.

Grzeskowiac’s defence counsel, Steven Whybrow, said he was a person of previous good character and what had happened was a bizarre aberration.

“There is no evidence that this was for gambling or drinking or some other addiction or avarice. All the evidence is that he is a simple man with simple needs,” he said.

Much of the Mint’s security is probably centered around assumption of rational actors, just like the Judge. In the judge’s mind, the only reasonable motivator to steal money would be for its value. This leads to assumptions about what kinds of controls will be effective to prevent theft.

But even risk-averse people can be a little crazy and/or get angry with their bosses.

First, since Australian coinage would be fairly difficult to launder–legally, you can only spend ten $2 coins at a time (see #13)–coins are probably not a good target for theft. This fact was confirmed by the large amount of unspent coins recovered by the police.

Next, I’m sure the Mint tries very hard to only hire people who are quite risk-averse when it comes to things like going to jail, even if most of the population is descended from convicts ;-). The reasonableness of this assumption would be reinforced by what seems like some level of background checking of workers at the Mint.

Finally, we see that stealing the coins became a game. In his own mind, I think that Grzeskowiac wasn’t even stealing money. If he’d been working in a meat packing plant, he probably would have been stealing a steak every day. But since he worked in the Mint, he stole coins. When assessing security, never assume that people share your priorities or value assessments–if anything, you would probably be better-served to assume they don’t.

So what’s this going to mean for everyone at the Mint who’s not going to jail?

Justice Connolly said a consequence of Grzeskowiac’s breach of trust was that mint workers, once trusted, now faced a far more intrusive security regime.

“Your conduct is going to make life much more unpleasant for every other worker at the mint,” he said.

Which will, in turn, inspire the workers to develop new and different ways of making their lives easier by bypassing the security that will now make it hard.

I’ve written previously about the limitations of mitigating the risks from nosy national governments by moving to an offshore “Data Haven” like HavenCo, located in/on Sealand.

What do you do when the place burns down?

A FORMER wartime fortress which is now a self-proclaimed independent state has been left devastated after a fierce blaze tore through the structure.

The so-called Principality of Sealand, seven miles off the coast of Felixstowe and Harwich, was evacuated at lunchtime yesterdayafter a generator caught fire.

Thames Coastguard, Harwich RNLI lifeboat, Felixstowe Coastguard rescue teams, firefighting tug Brightwell, the RAF rescue helicopter from Wattisham and 15 Suffolk based firefighters from the National Maritime Incident Response Group (MIRG) were all called into action to tackle the blaze.

What kind of country doesn’t have a fire department? One that doesn’t plan on having a fire, as evidenced by the fact that Sealand/HavenCo didn’t have fire insurance.

A downhearted Michael Bates, known as the “Prince of Sealand”, today revealed the fort was not insured to cover damage by fire, leaving his family with a massive repair bill.

He added the fort, which leases offices to IT firm HavenCo Ltd, faces a tough future because it has no insurance policy for the damage.

I find this all more than a little bit ironic, given that one of the classic “selling security” analogies is, “You’re not planning to have a fire, and yet you still have fire insurance.”

At first glance, it would seem that the team at flickr has a risk appetite that would probably get them banned from most all-you-can eat buffets.

They’re willing to open their API for importing/exporting photo’s to competitors, so long as the competitors reciprocate:

Re API keys for direct competitors: this is something that we’ve never had any set policy on and this thread has sparked a lot of internal debate on the team: some people felt that it was unreasonable, some people felt like it didn’t matter since Flickr should win on the basis of being the best thing out there.

I actually had a change of heart and was convinced by Eric’s position that we definitely should approve requests from direct competitors as long as they do the same. That means (a) that they need to have a full and complete API and (b) be willing to give us access.

This probably isn’t as risky as it sounds, however.

1. Flickr is obviously confident that their service is superior for most users, so the net flow of users will be to them.
2. Flickr will now have the best information of any of their competitors about market flows, since they (and only they) will have the data on all their API partner flows.
3. Flickr will now have an effective “early warning system” if a cooperating competitor develops compelling features which are siphoning off users. Since they will also know the size of the flow, they can assign a value to the cost of competing for those users and avoid net-loss efforts.
4. By providing a common link between different services, they are creating a liquidity market for photo sharing. This means that if a API partner develops a revenue model around photo hosting and sharing, then Flickr will probably be able to negotiate a back-end deal to capture some of that revenue.

   For example, I can see a photo printing service supporting the API, so they can effectively let Flickr do the uploading/hosting work, and focus on printing & delivering the images. Something like this may have already been done, but I think it’s a representative example of the sort of relationships that might become possible in this model.

What Flickr is really doing here is leveraging their currently-strong market position to ensure that they remain a central player in the photo sharing business long term.

They’re accepting risk of user emigration in exchange for information which they can use to help mitigate the risk of being overtaken or rendered irrelevant by changing market conditions or a disruptive upstart. The fact that is also has some revenue possibilities is just icing on the cake.

(from Boing-Boing)

It’s not my thought, but as Peter Bernstein pointed out in Against The Gods, it took three years for Black & Scholes to figure out that Risk was the downside view of Volatility– and they were smart enough to win the Nobel Prize in Economics!

The probability that the price of AT&T stock might go up–or down–is irrelevant. The only thing that matters is how far the stock price might move, not the direction in which it moves. The notion that the direction of price change is irrelevant to the valuation of an option is so counterintuitive that it explains in part why Black and Scholes took so long to come up with the answer they were seeking–even when it was right in front of them.

–Bernstein, pp. 312-313, emphasis and any transcription errors mine.

When we talk about Risk, we generally are talking about the likelihood that Something Bad Happening. If I look it up in a dictionary, risk is “The possibility of suffering harm or loss; danger.”

This is especially true when talking about Risk within IT. I get asked questions like, “What’s the risk of Vulnerability X?” or “What’s the risk of allowing this protocol through a firewall?” (The answer is, “It depends.”) Even project status slides present events in separate sections labeled “Risks” and “Opportunities,” as if the two are somehow independent.

But we should always consider that Risk (likelihood of Something Bad happening) is just one side of Volatility (likelihood of Something Happening, good or bad). Never forget that without risk we cannot have reward.

Our job is not to eliminate risk. It is to identify the risks we should mitigate or avoid because they don’t provide adequate potential for reward and determine how best to transfer or accept the ones that do.

All the encryption in the world won’t protect your data if the recipient decrypts it to store it.

AUSTIN, Texas - Equipment containing the names and Social Security numbers of about 1.3 million Texas Guaranteed Student Loan Corp. borrowers has disappeared, company officials said.
…
“It was not a security breach where someone hacked into our system,” said Sue McMillin, Texas Guaranteed’s president and chief executive.

The piece of equipment, which the company did not identify, was lost May 24. Officials said encrypted electronic files containing the data were sent to Hummingbird Ltd., which helps companies manage large amounts of information. A Hummingbird employee downloaded, decrypted and stored the files on a piece of equipment that was later lost.

We don’t know whether the mysterious “piece of equipment” was a tape, CD, USB stick, floppy disk, laptop, desktop, or stone tablet. Not that it matters.

This is an updated version of propping open the data center door. If a control is deemed too inconvenient, users will find ways to bypass it, usually rendering it ineffective in the process.

The failure here was not the technology, but rather the people and processes at Hummingbird and the contract governance by TGSL which didn’t ensure that the data was only decrypted while in use.