Thiefhunters in Paradise

“Door-pushers” are a problem in some cities. These thieves saunter down the long corridors of giant hotels with their arms outstretched, methodically pushing on every door on each side of the hall. Some doors open. In one city I won’t name, police get 300 to 400 reports of theft due to door-pushers every month.

“But we know there are more,” a police officer told me. “Some hotels prefer not to report them to us, but door-pushers we catch tell us they work there.” These are huge, famous hotels that don’t want negative publicity.

The risk is completely preventable. Just make certain your door closes tightly when you leave your room, and when you enter it. Why wouldn’t the door close tightly? Air pressure in hermetically sealed hotels is one possible reason; alignment of door latches or frames is another. Bob and I stayed in one hotel, a phenomenal one in Spokane, where the doors to suites took almost a full minute to close, due to hydraulic systems. We couldn’t pull the doors closed or hurry them along in any way. Patience was the only option. (Ours always closed properly, eventually.)

Is it legal to take photos at airport security checkpoints, or not?

Occasionally I’ll politely ask a TSA officer if I may take a picture. Usually, they say no. You know, “for security reasons.”

But not always. A few times they’ve said yes, but don’t take pictures of the X-ray machines. That always leaves me a little puzzled: which X-ray machines? Which part of them? But the TSOs didn’t seem to care and left me unsupervised.

Turns out that many police and security officers, TSA included, aren’t exactly aware of what’s allowed and what isn’t. Believing photography is prohibited, or erring on the “side of security,” or just exercising their authority, no photos is the default reaction.

And many of us, meek and obedient citizens that we are, we accept that. Or we choose not to challenge the uniform. We don’t know what’s legal and what isn’t, either. We tend to have, in the back of our minds, that it’s illegal to photograph bridges, airports, even police officers.

But yes, it is perfectly legal to take pictures at TSA checkpoints, with a few minor limitations (not the X-ray monitors, not if you interfere with the screening process). You can even videotape if you like—yes, you can film the officers, too. You might be challenged. You might be delayed by the officers. You might even miss your flight.

In fact, pretty much anything can be legally photographed from a public place (again, with a few exceptions), including crimes in progress, police officers, federal buildings, the New York subway, and security checkpoints. Yep, if you can see it, you can shoot it. Pretty much. I’m talking strictly about the U.S. here.

The Washington Post’s interesting July 26 article, Freedom of photography: Police, security often clamp down despite public right reports that photographers are challenging unwarranted restrictions and posting disallowed photos online (usually after being forced to delete them, then recovering them).

…rules don’t always filter down to police officers and security guards who continue to restrict photographers, often citing authority they don’t have. Almost nine years after the terrorist attacks, which ratcheted up security at government properties and transportation hubs, anyone photographing federal buildings, bridges, trains or airports runs the risk of being seen as a potential terrorist.

Portland Oregon attorney Bert P. Krages II has posted a useful, printable document, The Photographer’s Right: Your Rights and Remedies When Stopped or Confronted for Photography, which should be in every photographer’s camera bag. On his website, Mr. Krages says:

The right to take photographs in the United States is being challenged more than ever. People are being stopped, harassed, and even intimidated into handing over their personal property simply because they were taking photographs of subjects that made other people uncomfortable. Recent examples have included photographing industrial plants, bridges, buildings, trains, and bus stations. For the most part, attempts to restrict photography are based on misguided fears about the supposed dangers that unrestricted photography presents to society.

This issue is pertinent to Bob and me in our thiefhunting exploits. We often feel on thin ice when shooting thieves in the wild, especially abroad. And perhaps sometimes we are. We’ve been challenged and chastised many times. Once we had a videotape seized, but we’d seen it coming and swapped the tape for a blank, pocketing the valuable footage we’d just shot.

I was admonished, not too long ago, for taking a few shots of a pair of armed and uniformed police officers drinking whiskey at an airport bar. Okay, it was in Trieste, Italy, not in the U.S.; I have no idea what my legal rights were. The officers leisurely sauntered over, after they’d finished their drinks, and said no photos. Okay. Then they left. Much later, when I left, they made a beeline for me and made me delete the photos. Had they been lying in wait? Anyway, I couldn’t recover the images.

Alleged member of the assassination team checks in at her hotel and waves toward the security camera. She's linked to the team by association. She wears various disguises during her stay.

For the last week, articles on the killing of Hamas operative Mahmoud al-Mabhouh in Dubai, have been a veritable smorgasbord of intriguing intelligence reports. Anyone working intelligence or security analysis has intensely followed the different, and often contradictory, summarizations of which organizations were behind the killing.

Experts and retired intelligence officers in both Israel and Europe have concluded with 99% certainty that it must be the Mossad. The most interesting conclusion was written yesterday as an opinion piece in the weekend edition of The Wall Street Journal, dated February 20-21, headlined Israel and the Dubai murder mystery, by Ronen Bergman (senior military and intelligence analyst for Yedioth Ahronoth, a daily Israeli newspaper).

Other observations and background bits that are far deeper and have more detail from the perspective of the intelligence community are posted as comments under Bruce Schneier’s blog post on the Al-Mabhouh Assassination. 

To quickly understand why Dubai officials and their own intelligence office were able to piece together so quickly what really happened, look at the 28-minute video Alleged Assassins Caught on Dubai Surveillance Tape on Wired.com

Two other alleged members in the hallway outside the victim's hotel room, making a turn to the right while looking to the left, where the victim's room is located.

Ronen Bergman (and many others) wonders how the Dubai police could connect team members and their activities so quickly. In his next-to-last paragraph, he states that casino and hotel surveillance security have long used techniques to track and apprehend suspects, cheaters and thieves.

There are already companies in Las Vegas that specialize in software and database analytics of known cheaters, and cutting-edge algorithms that analyze suspect behavior. This is not yet foolproof, but is already in place in large chains where thefts by employees or employee associates are high.

In analyzing behavior, irregular movement, body language, and interaction with others, it is extremely difficult to define what is regular behavior versus irregular. But looking at the Dubai tape, there are many moments when the suspects appear to be loitering or turning or tilting their heads unnaturally. I am sure in years to come this video will be used as a case study in how not to behave to avoid surveillance analytics.

We know from our conversations with thieves around the world that the smart ones are very aware of camera surveillance and what they are capable of. The thieves simply avoid these locations and work elsewhere. A surveillance system is only as good as the monitor team. It takes a critical eye to quickly judge and determine what is suspect or irregular in order to stop crime before it happens.

A fourth alleged member of the team in the same hallway, standing with unnatural feet position, turned inwards.

Much more common is analyzing video after the fact. Once a crime has taken place, security personnel simply go back on the video timeline to establish exactly what happened and when. It then becomes essential to determine all the secondary ‘players’ around the incident, both before and after the event (attack, theft, or attempt), and to follow each individual backwards and forwards on the timeline to see who else is connected with these suspects. Examples include running the license plates of any car involved.

Facial recognition software is a good step forward if the individual already exists in a database. But this form of surveillance depends on camera angles, lights, and the suspects’ use of disguises. The Dubai suspects used many disguises, including wigs and different dress modes. The technology is in its early stages, especially the algorithms required to make irregular pattern recognition useful.

The Dubai debacle is particularly timely and interesting as a starting point for the security conference in Las Vegas today and tomorrow at the World Game Protection Conference and trade show. The keynote speaker will be Kevin Mitnick, the world-famous hacker who showed the security industry that terminals which are supposed to be fail-safe can be infiltrated. Several cases in the last few years involved clever gangs who succeeded in tampering with slots and poker machines, making huge illegal payoffs. Pattern recognition software was not able to block these modifications; only silly mistakes by the gang members tipped them off to casino management.

Kevin Mitnick is a social engineering sleuth of world-class reputation. In a few days, we’ll report on his work and keynote address. The rumor mill has been churning these past few weeks about the content of his presentation. We expect some intriguing revelations previously hidden by the gaming industry, or at least made to appear insignificant.

The manner by which the Dubai suspects moved about in hotel lobbies and around elevators, reminds us of how sophisticated pickpockets and other deception thieves operate when tracking a high target, be it a Japanese high-roller or a diamond jeweler attending a jewelry trade show. The bottom line is that it is difficult to appear natural or to blend-in as a regular traveler or tourist when your mind is running in a different direction.

More about the gaming security trade-show in a few days.

The useless chain latch in my room at Miami's Radisson Mart Plaza Hotel.

See anything wrong with the chain lock on this door at Miami’s Radisson Mart Plaza Hotel? It’s mounted backwards! Upside-down. It’s useless this way and, worse, gives a false sense of security. Another serious security risk.

Do all the rooms have useless chain latches, or only our room, 612? A polite letter to management brought only a generic “We appreciate your recent message.”

How safe is the safe in your hotel room? Not safe at all, it turns out, unless you factor in the odds. Odds are, your safe won’t be broken into. But the fact is, the crackin’s easy. Of course it is—hotels must be able to rescue valuables from faulty memories (forgotten codes, departed guests who forgot to empty their safes), lost keys, dead batteries, and power outages.

Hotel management and/or security can always access room safes. But how? Depends on the kind of safe. Does it open with a metal key? By swiping a magnetic card, or punching in a code? Does it use a plastic key card with a pattern of holes punched in it?

A hotel in Palma de Mallorca, Spain.

Bob and I have long endorsed the use of safes in hotel rooms, as long as they are electronic. We’ve shied away from metal- and plastic-key safes, concerned about how many copies float around. But there are other ways to enter safes, and an untold number of people who have access, authorized or otherwise.

A deluge of thefts from hotel room safes in Palma de Mallorca, Spain, led to an investigative report by Burkhard Kress for Extra, a news show on German RTL TV (unfortunately not online).

Hidden camera captures master override code.

Kress booked a room there and mounted a hidden camera, then called hotel management for help opening his safe. The hidden camera footage captured the code that management punched into the safe’s keypad, which ended with the room number. With the permission of the guest in the room next to his, Kress tried the same code appended with the other room number. The neighbor’s safe opened. Anyone with the master code could open every safe in the hotel.

And anyone with a hidden camera could capture the master code.

These three, who shared a room, called police when they found cash missing from their safe. As there were no signs of a forced entry, they believe they were robbed by hotel staff. Police never responded to their call, so they went to the police station.

Kress had his cameraman stake out a different room for a week, waiting for a safe break-in. Alas, he was never hit. Eventually, Kress found out why. The thefts occur in rooms booked by two or more friends staying together. When a theft is reported, front desk staff insist the theft was committed by one of the “friends.”

Guests are required to pay a fee for the use of the safe. This, along with the fact that the only rooms hit are booked by two or more friends, leads me to suspect that these safe thefts are inside jobs. Who but front desk staff know both those facts? Of course the thieves might also be former employees, or individuals in cahoots with an employee.

According to Eric Fischer, a tour leader interviewed by Kress, these thefts have been going on for years at this and other hotels in Palma. He’s kept a log of them. He himself had €14,500 stolen from the safe in his room. When the Spanish police investigated the theft without much interest, Fischer suggested that they take fingerprints. “The police responded no,” he said, “you must be watching too much German TV—we don’t do that.”

These old safes can still be found in budget hotels.

What about those plastic key cards with a pattern of holes punched in them? They can be copied onto cardboard by anyone with a pencil and a hole punch. Safes that open with a keypad or your own magnetic card (credit card, grocery store card, or anything swipeable) often have a visible keyhole for a tool held by hotel management or security. Or, the safe may have an innocuous-looking panel that simply snaps off to reveal the keyhole. Whose got that key?

Bob and I have also come across safes screwed to loose shelves in closets.

In our book, we wrote:

Safe-cracks are extremely rare, although a man was recently arrested in Palma de Mallorca and charged with a spate of hotel safe robberies. Somehow, he had come into possession of a master tool which hotel security uses to open certain jammed electronic safes. (Other electronic safes can be opened by security using numerical bypass codes.) Presumably then, the man also had the tools to get into the hotel room itself. The burglar posted his female accessory at the elevator. They each had a cellphone and kept an open connection between them. When people came to the elevator, the woman would delay them for one minute. The burglar would hear the conversation, tidy up, and get out of the room.

Travel Advisory: How to Avoid Thefts, Cons, and Scams While Traveling
Chapter Four, Hotels: Have a Nice Stay

The “international conman” captured last September social-engineered his way into guest rooms and tricked hotel staff into opening safes. Hotel management, meanwhile, walks a fine line, compromising somewhere between providing real security and reluctance to inconvenience guests.

So how does Mr. International Conman get into your safe? Or—maybe not your safe because, obviously, he’s going to target a “whale,” or some other affluent hotel guest. First, he needs to get into your room—when you’re not there. Like any good con artist, he knows that front desk staff at most hotels will ask for ID, so he’s prepared. Here’s how. First, he follows you to learn your room number. Later, he goes to the front desk and, giving your room number, asks for a printout of “his” charges to date. Bingo. He’s now got your name and address. Next job is to whip out a fake ID, right in his car in the parking lot. Sounds like a lot of trouble, doesn’t it? But look at the payout.

Our usual set of old, beat-up Halliburtons.

What should you do, then, with your million-dollar bauble? Carry the stuff and get pickpocketed or mugged? Leave it in the hotel safe for the safe-cracker to burgle? Put it in the front office safe? Often, Bob and I choose to lock our stuff into our largest hardsided (aluminum) luggage.

This is a good moment for intuition, or at least for some conscious reasoning. Bob and I stay some 200 or more nights a year in hotels and, though we don’t always use the safe, we’ve never had a problem with one. YMMV. The practical danger in using the hotel safe is remembering to empty it before you check out. When I expect a hurried or groggy, pre-dawn check-out, I scrawl a bedside note to myself.

What kind of joints do you stay in? What do you carry?

If your room number is printed on your key, complain.

The Hilton Tokyo-Bay, aka Japan’s Disneyland Hilton, was shockingly behind the times when we visited. Our paper electronic room keys had our room number printed right on them, instead of on an envelope. That’s a serious security risk. This was two years ago. Anyone know what their keys look like today?

We checked into a hotel last month and plodded through the tedious check-in procedure in a daze. It was a Millennium Hotel, but I won’t say in what city.

I liked our room right away because it had an open window. Then I thought: isn’t it strange that the window is already open? And the tv was on and tuned to CNN—also unusual. It wasn’t until all our bags were settled in that I noticed a man’s jacket sprawled on a chair. The room was already occupied.

I tried calling the front desk, but in ten minutes of trying, they never picked up the phone. Then I noticed that the room number printed on the phone didn’t match the number of the room I was in. Sloppy.

Bob took the elevator down to the lobby, leaving me alone in the room to face the jacket-man when he returned, or emerged from under the bed. We changed rooms without incident—just inconvenience.

Who's jacket is in my hotel room? Or, whose room am I in?

I wonder now how many times other people have entered our various hotel rooms while we’ve been out. It happened once while we were in—in bed. It was in Paris. Two men entered our room in the dead of night. Luckily, we woke up and Bob dramatically commanded them to get out. “Pardon,” they said, “c’est une erreur,” it is a mistake. The strange thing was that they had been standing there whispering for a moment. If it had truly been a mistake, wouldn’t they immediately back out of an occupied room?

How are hotel rooms assigned to multiple parties? The most basic computer system shouldn’t allow it.

Mammut MicroTool pocketknife.

Brother-in-law, though a frequent flyer, forgot to move his pocket knife from his carry-on to his checked bag. He groaned when TSA discovered it. The knife was a gift from us, a gorgeous little oval less than two inches long, but heavy and well-made. Bob and I found it on a trip to Germany, and bought one for ourselves, too. A Mammut MicroTool, it’s called.

B-I-L, the self-proclaimed Swedish Okie and country bumpkin, was on his way back to Sweden. When the TSA officer dangled the contraband with its dangerous half-inch blade, B-I-L recognized a glint of proud ownership in the eye of the new beholder. The officer beheld a prize. B-I-L is a sore loser.

B-I-L snatched the knife away, determined that it should not slip beneath the crumpled handkerchief in the warm pocket of the TSO. He could not bear the thought of his fine knife snug among the unmentionables, in pilled cotton intimacy under an overhanging gut. B-I-L intended to destroy the little tool.

He hadn’t counted on the strength of the precision German instrument. He ripped, he stomped, he tried to bend. It took him fifteen minutes to render the tool unusable, the stubborn vengeful bumpkin.

I know a man in Las Vegas who makes his living on the forgetfulness of travelers. He buys great lots of TSA’s confiscated pocket knives for pittance at auction, and sells them one by one on eBay. (The profit, they say, is in the “shipping and handling” fee.) He’s never seen a fine little tool like the exotic Mammut MicroTool. He must get an, um, filtered selection.

What we call “confiscated items,” TSA refers to as “voluntary abandoned property.” [sic] If I were a TSO, I’d protest the extra work involved in providing envelopes to passengers. I’d say it’s a bad idea. It would mean I’d have to hand over an envelope, wait for the passenger to address it, then collect a fat fee and provide a receipt. All that work! No more perks!

What would you do if you opened the safe behind the hotel manager’s desk and found your passports gone? One woman took creative action.

Mary from Michigan and her two adult children just quit their jobs and sold or stored everything. They’re taking a year to travel the world. Oh, what a plan!

After seeing our show, Mary told us about her recent visit to Laos. She and her son and daughter stored their stuff in Bangkok and took a boat down the Mekong to Laos. There, Mary put her few valuables into the hotel lobby safe: the family’s three passports bundled with $2,000 folded into an envelope, and some very large camera lenses.

When she went to retrieve her things, only the lenses remained. Mary quickly discovered that one key opened all twenty safe deposit boxes, and her interrogation of the hotel manager led her to suspect an employee (rather than a guest).

Mary channeled her fear and anger and made a plan. She and her kids fanned out among the alleys surrounding the hotel and shouted into the darkness with volume and authority. “I’ll pay $200 for the stolen passports!” Within half an hour, Mary was lightly tapped on her shoulder, the passports, still bundled, proffered.

And Mary paid up. She told me that people think she was crazy to pay, but she’d promised. The thieves hadn’t discovered the $2,000.

Also read: Purse stolen off lap

A reader of this blog recently wrote to me and described a suspicious encounter:

In Dublin, I noticed a tall young man in a green sweater keeping pace behind us, regardless of our window shopping. I turned down a busy side street, and he turned with us. We turned back to our original route, and the fellow with the green sweater appeared to be gone. Then I noticed that the same man was again following us, with the sweater rolled up and behind is back. I suddenly turned and said, “Good morning. How’s your day going so far?” The fellow said “Fine,” and then turned and walked off.

—Vern (and Pattie) Leming

I like the way Vern confronted his green sweater suspect. What he did is actually what many police and security officers do. It’s called aggressive hospitality: a friendly encounter meant to indicate “I see you, I’m watching.”

At a street festival, for example, police want to prevent incidents. When they spot a known suspect lurking, or an unknown person exhibiting suspicious behavior, they may confront the person with a friendly question: “Enjoying the festival?” or “Don’t I know you from somewhere?” A security guard at a theme park or in a mall will do the same. “Have you lost someone?”

Walmart practices the same principle to stem shoplifting. Called the “10-foot rule” there, store employees greet every customer who comes near them. If employees suspect shoplifting in progress, they offer to help the customer with his shopping.

Hotels and resorts also engage in aggressive hospitality. While guests notice a friendly staff greeting them at every turn, thieves, rogues, and transgressors lose their anonymity and feel watched.

Richard Buske, Security Manager of Nordic Hotels, takes this philosophy a step further. All staff members at his hotels are trained in security matters. All are taught to be observant and are praised for alerting management to suspicious behavior. Security is considered a team effort to be conducted in a friendly, positive manner.

A former mortgage broker put 40 boxes of customers’ personal information into a Las Vegas dumpster. It was December 2006, but we all knew enough about identity theft already to know better. The Fair and Accurate Credit Transactions Act of 2003, effective in 2005, requires the proper disposal of consumer report information and records, as does state law.

The boxes were found and put into safekeeping, probably before any documents were stolen from them. The Las Vegas Sun reported that the boxes contained “tax returns, mortgage applications, bank statements, photocopies of credit cards and drivers’ licenses, at least 230 consumer reports, and other documents containing sensitive consumer information.” Only now is the Federal Trade Commission charging former mortgage broker Gregory Navone with violating the Act.

Five gone-bust mortgage brokers dumped documents at around the same time—five that we know of. We can assume that many others dumped docs too, or deserted their premises complete with documents, which were left for the bad guys to find. No wonder Las Vegas is at the forefront of fraud and identity theft.

Bob and I recently spent many hours with a tweeker (meth-addict) during one of her clean and coherent spells. I’ll call her Kristin, because I can’t use her beautiful, real name. The time was just between her release from jail and her next bust. She had a job, her family had taken her back in and were supportive, and she was poring over a university catalog. She was full of hope and determination.

But the boyfriend…. Still in prison, a meth-cooker and ID thief, due out soon, demanding daily phone calls to keep his girl tied to the old life…

Right. He got out and Kristin disappeared. Back into the cycle of drugs and ID theft. We could have cried for her, this pretty 21-year-old. She was smart, but not strong enough to resist the lure of meth and easy money.

When she was high, she told us, she knew she’d never be caught; she was too clever. She knew she was going to get caught; she was always looking over her shoulder. Confident and paranoid.

In those hours we spent with Kristin, she told us how she used to “get profiles.” A profile is information about a person. It doesn’t have to be much because with a little goes a long way. With a little, you can find the rest.

Her favorite way to get profiles was out of dumpsters located behind businesses. She’d also get quick-credit apps from insiders in casino booths, who’d allow her to take a few off the top on the way to the shredder. Car registrations were good, too, easily found in glove compartments.

With the profiles, she created IDs. First simple ones, just good enough to allow her to purchase the special inks and papers needed to print government IDs. She had the precious printer, but supplies for it are regulated. For Kristin, easy to get around with a simple fake ID, a sweet smile.

With her newly minted IDs and profiles (for herself and her pals), Kristin and her team leased cars. Cadillac SUVs, to be specific, whatever they’re called. They always drove the latest models. They had an endless source of identities, cash, and credit.

They lived in motels, where they set up their mobile meth labs. Kristin, just the clean-up girl in the operation, got too close to the fumes once and got chemical burns on her face, neck, chest, hands, and arms. She was scabbed over for a year. She pointed out the scars, and the thick makeup she wore on her face to minimize them.

In a moment of desperation, Kristin once grabbed the profile of a wealthy family friend from her father’s home office. Tears trickled down her cheeks as she told us how she destroyed the man’s credit—and her father. Because he knew. She was ashamed of herself; mortified. Now she recognized that she was out of jail on an incredibly lucky break. She was going to study to become an architect. She was going to return to ballet.

Kristin’s back at it again, getting profiles, getting cash and credit on other people’s good histories, wreaking havoc. She and how many others?

Many people tell us they’re afraid to shop and bank online. But these activities are not a big factor in identity theft. The real threat is out of our hands. It’s how others keep our information. Big businesses with databases. Small businesses with manila folders. Mom & pops with a property to rent and an old box of rental apps (as I recently found in my garage—and shredded).

One man’s garbage is another’s fortune. Kristin and her friends are ready to exploit that old, forgotten information.

But there’s worse. Much worse. I’ll write about that soon.