more on Felon released after receiving forged fax

[David Farber <dave () farber net>]

Begin forwarded message:

From: Bob Frankston <Bob2-0406 () bobf frankston com>
Date: November 11, 2004 2:25:09 PM EST
To: dave () farber net, 'Ip' <ip () v2 listbox com>
Subject: RE: [IP] Felon released after receiving forged fax

Nothing amazing except that it's surprisingly uncommon but this 
particular
scam is not new but it's also part of a far older tradition. Letters of
credit sent by telex were easy to forge.

For all the talk about digital security, the legal system seems to 
assume
treat faxes as security and pass around detached signature pages when it
would be trivial to add a digital signature that associates the page 
with a
specific instance of a document. The practice of creating multi hundred 
page
documents with no way to check against a base document or previous 
revision
is also common.

This is part of the gross and willful technical naiveté of the legal
"profession". In their defense being too careful comes at a price and 
it's
like over insuring -- fixing things up later is often far better even 
if we
get occasional slipups. The effective answer is somewhere between.

What makes phishing a particularly nasty form of these scams or, more 
to the
point, confidence games, is that it's reaching out to a wider audience 
that
lacks the means to do a reality check.  We haven't really developed such
means yet -- the best you can do is eyeball the URL in a browser to see 
if
you think it's right.

Certification and all are only relative to certifiers who trust and the
current approaches are stiflingly hierarchical.

Getting back to this particular case, we have the problem of open loop
signaling. At very least one can reduce these problems by having a 
policy of
doing what some of us call reality checking -- phoning the court house 
for
confirmation. Of course, it's far easier to call the number on the fax 
than
looking it up...


-----Original Message-----
From: owner-ip () v2 listbox com [mailto:owner-ip () v2 listbox com] On 
Behalf Of
David Farber
Sent: Thursday, November 11, 2004 11:16
To: Ip
Subject: [IP] Felon released after receiving forged fax



Begin forwarded message:

From: Srini RamaKrishnan <cheeni () cmu edu>
Date: November 11, 2004 11:11:28 AM EST
To: dave () farber net
Subject: [For IP] Felon released after receiving forged fax

Amazing case of social hacking.

Srini

http://www.theeveningtimes.com/articles/2004/11/04/news/news5.txt

[...]

In West Memphis District Court yesterday, Tristian Wilson was set to
appear on the docket for a bond hearing on the charges. When he did not
appear, Judge William "Pal" Rainey inquired about his release and found
that a jail staff member released Wilson by the authority of a fax sent
to the jail late Saturday night.

According to Assistant Chief Mike Allen, a fax was sent to the jail
which stated "Upon decision between Judge Rainey and the West Memphis
Police Department CID Division Tristian Wilson is to be released
immediately on this date of October 30, 2004 with a waiver of all
fines, bonds and settlements per Judge Rainey and Detective McDugle."

Jail Administrator Mickey Thornton said that these faxes are part of a
normal routine for the jail when it comes to releasing prisoners,
however, this fax was different.

According to Allen, this fax was a fake.

[...]



Also see,
http://www.schneier.com/blog/archives/2004/11/hacking_faxes.html

-------------------------------------
You are subscribed as BobIP () Bobf Frankston com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: 
http://www.interesting-people.org/archives/interesting-people/


-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/