interesting-people message

Subject: [IP] more on Felon released after receiving forged fax

From: David Farber <dave@farber.net>
To: Ip <ip@v2.listbox.com>
Date: Thu, 11 Nov 2004 20:05:09 -0500

Begin forwarded message:

From: Bob Frankston <Bob2-0406@bobf.frankston.com>
Date: November 11, 2004 2:25:09 PM EST
To: dave@farber.net, 'Ip' <ip@v2.listbox.com>
Subject: RE: [IP] Felon released after receiving forged fax

Nothing amazing except that it's surprisingly uncommon but this particular scam is not new but it's also part of a far older tradition. Letters of credit sent by telex were easy to forge.

For all the talk about digital security, the legal system seems to assume treat faxes as security and pass around detached signature pages when it would be trivial to add a digital signature that associates the page with a specific instance of a document. The practice of creating multi hundred page documents with no way to check against a base document or previous revision is also common.

This is part of the gross and willful technical naiveté of the legal "profession". In their defense being too careful comes at a price and it's like over insuring -- fixing things up later is often far better even if we get occasional slipups. The effective answer is somewhere between.

What makes phishing a particularly nasty form of these scams or, more to the point, confidence games, is that it's reaching out to a wider audience that lacks the means to do a reality check. We haven't really developed such means yet -- the best you can do is eyeball the URL in a browser to see if you think it's right.

Certification and all are only relative to certifiers who trust and the
current approaches are stiflingly hierarchical.

Getting back to this particular case, we have the problem of open loop signaling. At very least one can reduce these problems by having a policy of doing what some of us call reality checking -- phoning the court house for confirmation. Of course, it's far easier to call the number on the fax than looking it up...

-----Original Message----- From: owner-ip@v2.listbox.com [mailto:owner-ip@v2.listbox.com] On Behalf Of David Farber Sent: Thursday, November 11, 2004 11:16 To: Ip Subject: [IP] Felon released after receiving forged fax

Begin forwarded message:

From: Srini RamaKrishnan <cheeni@cmu.edu>
Date: November 11, 2004 11:11:28 AM EST
To: dave@farber.net
Subject: [For IP] Felon released after receiving forged fax

Amazing case of social hacking.

Srini

http://www.theeveningtimes.com/articles/2004/11/04/news/news5.txt

[...]

In West Memphis District Court yesterday, Tristian Wilson was set to
appear on the docket for a bond hearing on the charges. When he did not
appear, Judge William "Pal" Rainey inquired about his release and found
that a jail staff member released Wilson by the authority of a fax sent
to the jail late Saturday night.

According to Assistant Chief Mike Allen, a fax was sent to the jail
which stated "Upon decision between Judge Rainey and the West Memphis
Police Department CID Division Tristian Wilson is to be released
immediately on this date of October 30, 2004 with a waiver of all
fines, bonds and settlements per Judge Rainey and Detective McDugle."

Jail Administrator Mickey Thornton said that these faxes are part of a
normal routine for the jail when it comes to releasing prisoners,
however, this fax was different.

According to Allen, this fax was a fake.

[...]

Also see,
http://www.schneier.com/blog/archives/2004/11/hacking_faxes.html

-------------------------------------
You are subscribed as BobIP@Bobf.Frankston.com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/


-------------------------------------
You are subscribed as interesting-people@lists.elistx.com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Search: Match: Sort by:
Words: | Help

</form>