iGeneration

Charlie Osborne
Home / News & Blogs / iGeneration

Steal laptops for class credit?

By | February 20, 2012, 1:05am PST

Summary: 30 laptops are stolen on campus - do you punish or reward the thieves?

Students at the University of Twente stole 30 laptops from university staff across campus. Were they prosecuted? No — instead, they received extra credit.

As part of a scientific research project, UT researcher Trajce Dimkov requested that the students attempt to steal the devices from campus — and it seems to have been a very simple task to ask of them.

The researcher’s PhD thesis, entitled “Alignment of Organizational Security Policies, Theory and Practice” explored the ways in which security practices can be thwarted by human behaviour and habits, such as forgetting to lock a door or not completing tasks due to the effort involved.

Under the guise of conducting a user survey, Dimkov loaned out the laptops to university staff members that were selected randomly. These members of staff were asked to make sure that the machines were chained to their desks, to secure them with a password, and to lock the door when they left their office.

In anticipation of the student thefts, university security were informed so that the research participants wouldn’t find themselves in jail for taking part in the experiment.

The students were then asked to steal the laptops.

In total, sixty documented attempts were made, half of which were successful. Dimkov concluded that no matter how watertight a security system appears to be, its effectiveness is determined by human behaviour. The researcher said:

“Some people forgot to lock their door. In other cases, the students were able to think up a cover story that was sufficiently convincing to get a cleaner or caretaker to open the door for them. Other students were able to obtain the laptops by posing as technicians.
Some claimed to have left their laptop in their supervisor’s office, and that they needed it urgently, to complete an assignment. People tend to make an effort to be helpful, and a good cover story often does the trick.”

In an attempt to thwart such ‘thefts’, Dimkov has developed a prototype navigation system which identifies the ways in which such devices can be stolen. Once data is submitted into the system, including data concerning location, rules, security locks and codes, the prototype uses algorithms to generate a number of sequences in order to find any weak spots in security protocol.

Image credit: University of Twente

Related:

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “iGeneration”

Topics

Class, Laptop Computer, Notebooks, Hardware, Notebooks & Tablets, Charlie Osborne

London-based medical anthropologist Charlie Osborne is a journalist, graphic designer and former teacher.

Disclosure

Charlie Osborne

I have no current affiliations or relationships that are worth noting.

Biography

Charlie Osborne

Charlie Osborne, Medical Anthropologist who studied at the University of Kent, UK, is a journalist, graphic designer and former teacher.

After studying Anthropology at university, she spent several years travelling and working across Europe and the Middle East, living for periods of time in Italy and Spain. She has been involved in the running of several businesses ranging from University media and events to b2b sales, and works currently as a freelance website designer and mobile development specialist.

She has particular interests in social media, intellectual property law, data protection and online hacker organisations.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
30
Comments
Add Your Opinion

Join the conversation!

Just In

Homeland Security?
slahr 1st Mar
They are not prepared for anything other than their next coffee break.
View in thread
-1 Votes
+ -
If "ethics" are to be valued, it is abhorrent to congratulate them,
HypnoToad72 20th Feb
or to give extra credit to them.

Do we want thieves and other unethical sorts running our society?

Given that this was a class assignment, the usual talk of ethics can't be strictly applied, but...

* put in a new HDD and you've got a free expensive toy
* if the BIOS/EFI is locked, if there is a way to unlock it them it will be found

etc

And the solution is regardless - have ID badges, wear them at all times, and be prepared to show them. There's nothing intimidating about living in such a secure paradigm, yes? Nothing that might wear people down over time, no?
0 Votes
+ -
RE: Steal laptops for class credit?
windozefreak Updated - 21st Feb
@HypnoToad72
Best ask the Google worshipers. They think Google can take anything it wants, and should not suffer any consequencies. That's their ethics!!
0 Votes
+ -
In plain sight opportunity for data theft is a bigger problem vs. viruses
Zurk_Orkin 21st Feb
@HypnoToad72

" This is a suitable example as to why having a soft briefcase to carry your laptop with you at all times is the only way to go. All it takes to walk off with an expensive computer and make it your own is a $100 o.e.m. copy of Windows7 from an online retailer and removing the hard drive for a delete and reformat using any desktop computer."
0 Votes
+ -
RE: Steal laptops for class credit?
Natanael_L 21st Feb
@HypnoToad72: Who should be allowed to check those ID:s and when? Especially in public places.

Most verification systems that depends on humans will fail in the end if people don't feel that they are important.
-1 Votes
+ -
RE: Steal laptops for class credit?
pupkin_z 20th Feb
so.... iGeneration is ok with stealing stuff to get credit for school assignment... This so called PhD researcher should end up in jail.
0 Votes
+ -
RE: Steal laptops for class credit?
intman 20th Feb
@pupkin_z

It was an experiment on the flaws of security systems. Presumably, the students have to give the laptops back.
0 Votes
+ -
I'm wondering if these two read the entire article.
ye 20th Feb
@intman: Seemed pretty obvious to me.
0 Votes
+ -
RE: Steal laptops for class credit?
pupkin_z 20th Feb
@intman you do not get it, don't you. HOw is stealing stuff is ok even if you have to return it?
-1 Votes
+ -
RE: Steal laptops for class credit?
pupkin_z 20th Feb
@intman if the person cannot design an experiment that is is not criminal this person should not do science. End of story.
0 Votes
+ -
RE: Steal laptops for class credit?
bradavon 20th Feb
@ye: I was wondering the same thing. They've clearly not read it. How are you else supposed to show how security is easy to bypass? The UT researcher clearly never once said stealing is acceptable and to say he should be in jail is rather strong.
0 Votes
+ -
RE: Steal laptops for class credit?
Natanael_L 21st Feb
@pupkin_z:

It is not illegal if you have permission. And that the key here - the students were *given the assignment* to get one of the computers *by the owners*. The computers were stored in secure places, and the affected people were notified about the assignement given to the students in advance.

So no laws has been broken.

Also, how the **** can you properly understand security if you never try to break it yourself? These guys are supposed to learn how security works and should work, and if you never have learned to spot weaknesses, you can never create a secure system.
0 Votes
+ -
RE: Steal laptops for class credit?
nemesis-t-warlock 21st Feb
@pupkin_z too many people ignore security issues until they are hurt by their lack of security. I work in It security from the OS and application configuration perspective and have lost count of the times I've been faced with senior directors deciding to ignore the problems because they've never been hurt by it before. There are also those that will throw huge amount of money to close the hole after they've been stung.

This exercise sounds like it was carefully planned and controlled will have succeeded in proving to the students how they cannot assume that standard human behaviour is secure enough and should have highlighted very well to the campus staff how lax they are in their practices.

Sure, it's a bit unorthodox, but I bet the lesson was learned well and the memory will last.
0 Votes
+ -
RE: Steal laptops for class credit?
Ginevra Updated - 21st Feb
@pupkin_z The researcher owned (or at least had responsibility for) the laptops he directed the students to 'steal.' He'd loaned them out specifically for this purpose. It's not unethical to take something if the owner asks you to do it, with the understanding that it's to be returned to him at the end of the exercise!

That said, I hope he did make a point of telling the students it's never okay to actually take something for gain without the owner's permission. (I also hope all the laptops were accounted for by the end of the experiment.)
1 Vote
+ -
RE: Steal laptops for class credit?
adamman Updated - 20th Feb
As @intman said... read the article. No laptops were stolen. The laptops belong to the PhD student. That student lent them to people and gave them specific instructions to protect these laptops. Then the class went into the field to test how many of these instructions were followed.

It is no different than asking my children to lock the door. Then, I ask a friend to come and 'check' if the door is locked. Is that friend breaking and entering into my house? I asked that friend to enter my house and, therefore, no law was broken. Or even ethically challenged!

But thanks to Charlie Osborne for using such a catchy title. Good Journalism! At least you people were drawn here to read the title. Too bad you wasted your time commenting rather than reading.
0 Votes
+ -
RE: Steal laptops for class credit?
thetwonkey 21st Feb
@adamman Pupkin's reading comprehension is just sufficient enough for him to start a pointless rant. I would imagine he has never been employed in any field more mentally challenging than mattress testing.
0 Votes
+ -
RE: Steal laptops for class credit?
Natanael_L 21st Feb
@thetwonkey: "mattress testing" - Uhm... That would still require objective comparisons.
-1 Votes
+ -
RE: Steal laptops for class credit?
kitkimes41@... 21st Feb
Why is this question even being ask? It sounds like the class could have been held at the Joliet Correctional Facility (a prison here in Illinois).
0 Votes
+ -
RE: Steal laptops for class credit?
Natanael_L 21st Feb
@kitkimes41: I'm not sure if you understood the purpose of the assignment, but it was to train the students to spot security holes so that they later can learn how to fix them.

You can't fix what you don't know is wrong.
0 Votes
+ -
RE: Steal laptops for class credit?
Silent Observer 21st Feb
They should have a mandatory follow up class where half the students must now safeguard the laptops while not in their control, and the other half try to retrieve them (i.e. steal). That might give them a better idea of what businesses must do to control resources from theft. Social engineering is usually the weak point in any security system.

The university should also have a follow up with their own security and cleaning crews to review procedure. I am hoping that it isn't standard practice to open someone's door for a student without permission. It might be a better learning experience for the University staff than for the "students".
0 Votes
+ -
Some people here don't get it
mark16_15@... 21st Feb
This experiment had nothing to do with stealing laptops. It dealt with exposing the vulnerabilities of the security system in place to protect the computers. These laptops weren't stolen. The owner of the computers in essence said to get his computers back from the careless people he lent them to. This was similar to white hat hacking.
0 Votes
+ -
adamman is right on!
Loosegoose 21st Feb
How do you naysayers think security systems are tested? How can you tell if something is secure unless you try to break through the security? How do you think security software is tested? How do you think Homeland Security prepares? Come on guys, this was a test and a lesson for ALL parties involved. If a computer loaned to you disappeared because you didn't follow clearly issued protocols and you had to pay to replace it or it had sensitive material on it how would you feel? Most doofuses (I looked it up) have to have their noses rubbed in it once in a while before they get the point, unfortunately I have qualified for that at times.
0 Votes
+ -
Homeland Security?
slahr 1st Mar
They are not prepared for anything other than their next coffee break.
0 Votes
+ -
RE: Steal laptops for class credit?
trybble1 21st Feb
Seriously people? The students were not sent to BestBuy or Wal-Mart and told to steal a laptop. They were specifically told who had the laptops that were to be "stolen", and they informed campus security in advance. No one should be going to jail unless they used this exercise as a ruse to cover other illegal activities.
0 Votes
+ -
RE: Steal laptops for class credit?
harrim47 21st Feb
Obviously this article could be used as a test for reading comprehension and for jumping to conclusions.
Come on people! Open your eyes and your minds before leaping to conclusions!!
-1 Votes
+ -
Step one fire the instructor....
mikifinaz1@... Updated - 21st Feb
Step two explain to the students, why the instructor was fired.

You get extra credit for listing all the reasons this bonehead should be fired. This test will be timed.
0 Votes
+ -
RE: Steal laptops for class credit?
IceQ 22nd Feb
@mikifinaz1@... did you read AND understand the article? How would YOU test (or show others) to test security of whatever?

The title of this article is really misleading, yet is also perfect. It created the preconception that an actual crime was committed, just like people (users) always assume that they are not responsible for the security of their equipment. Yet when their device(s) are stolen they are surprised.

This controlled experiment proves that security is only as good as the people make it; "you are the weakest link".

All you people crying "he should be fired/locked up", consider;
- protesting against fire drills, because there is no fire.
- stopping car manufacturers crashing cars intentionally as it is not a good way to test a design.

P.S. If you where to punish these students it would be like punishing a child that actually did his/her homework. happy
-1 Votes
+ -
this looks like a trojan gag
walkerjian@... 21st Feb
where a 'student' could use the 'project' as a red herring if caught, when what they were really about is insinuating something into the office... or onto the laptop... or something else not thought about. Beware the hack lurking under the guise of propriety! US corporations are feasting on the carcass of the free world and democracy using this ploy as I type.
0 Votes
+ -
RE: Steal laptops for class credit?
kanehi 21st Feb
It was an experiment and those laptops where 'loaned' to the faculty to actually be stolen. There's no crime committed here.
-1 Votes
+ -
Think TWICE BEFORE you do...
j_schutts@... 21st Feb
My cousin is the head of the DC Police Dept. that targets thieves who steal iPod's, iPhones, and other "i" anything equipment. They routinely go to "BAD" areas and make a show of displaying "i" equipment that can be stolen and WHEN they do steal it they are nabbed and charged with Burglary. So think twice...
-1 Votes
+ -
RE: Steal laptops for class credit?
tom@... 22nd Feb
There is a misleading title as usual: There was no theft involved in any of it. How yellow can this place get anyway?

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix