Re: I guess you could call this Not Good News

[David Farber <dave () farber net>]

________________________________________
From: Gene Spafford [spaf () cerias purdue edu]
Sent: Saturday, March 08, 2008 1:51 PM
To: ip
Cc: David Farber
Subject: Re: [IP] Re:    I guess you could call this Not Good News

> From: Peter Wayner [pcw () flyzone com]
> Sent: Saturday, March 08, 2008 7:12 AM
> To: David Farber; ross () stapleton-gray com
> Cc: Kevin Poulsen
> Subject: Re: [IP] I guess you could call this Not Good News
>
> So let's say you're a network administrator confronted by someone
> with a badge that doesn't look real, some business cards that look
> like they came from a print shop and a piece of paper that says it's
> a warrant. Do you comply? Or do you just give them a fat pipe to
> their headquarters and let them sort it out?

Well, I have always counseled my students to be suspicious and use
good judgement.

If there are 5 people there with guns drawn claiming to be the FBI,
then don't challenge them, but try to stay calm and memorize as much
as possible of names, faces, and what they do.  Law enforcement
officers are trained to take command of an active scene.  As such,
challenges to their authority are not well tolerated.  Firm, polite
requests within your rights should be honored, however -- but don't
threaten.

Be sure to actually study and read any ID presented -- don't simply
let someone wave it in front of you and claim authority.

If there are one or two people at your door you've never seen before
and weren't expecting claiming to be from the local Secret Service
office and flashing badges, ask them to wait a few minutes.  Then call
the local Secret Service (or FBI or DEA or Postal Inspector or
whatever agency they claim to represent....) office with the phone
number in your phone book (NOT from the business card), and ask them
to describe the agents involved to your satisfaction.   In many cases
they will have a cell phone number and can call the waiting agent to
do a "handshake" to verify the identity if you are really suspicious.
(Of course, that doesn't rule out that they have intercepted your
outgoing phone calls... :-)

I once had someone in my office from the DC FBI office.  I couldn't
confirm him with the local office and wasn't expecting him.  I asked
to see his driver's license.  The name matched, and was issued in
Virginia.   He was bemused, but when I explained, he understood.  This
wasn't 100% proof, but more than enough for the ensuing conversation.
In general, someone with a fake badge/ID will not have a valid license/
passport/etc with the same name -- an impostor is generally going to
use a fake name and will depend on the fake badge as ID.

Keep in mind that real badges can be stolen or lost.   Many Federal
IDs coupled with badges don't have pictures, either.  So, asking for a
second form of ID is not a bad idea if you have doubts.   So, if the
dude with the cargo pants and ripped T-shirt shows an FBI badge, then
you might want a second ID.  :-)

If you have someone present whose credentials you doubt or who is
asking odd questions, call for local law enforcement -- let a
uniformed officer help make the call.   If for any reason you are
really uncomfortable, then listen to your instincts -- ask to resume
the talk later, or call for help.   At worst, you'll appear a little
paranoid.  At best, you could be saving resources (or lives!).

If you get a legal document and are unsure of its validity, call a
lawyer.

Do not allow someone into your home until you have verified his/her
bona fides.  If I wanted "in" I would show up during a bad rainstorm
at night, show a badge in dim light at the door, and ask to come in
out of the rain -- prey on the good will of the victim.  Don't be a
victim of social engineering!  Afterwards, you can apologize and offer
hot coffee and a towel to a valid agent if it happens to you.   Some
lawyers would claim that you should never allow law enforcement into
your premises without a warrant, but I don't subscribe to that school
of thought -- but your decision.

People in uniform (police, military, Coast Guard, utility companies,
PHS, etc) should also honor a request to show official ID beyond the
uniform.  Local PD may not have other ID, and may not be very
cooperative, either, so use your judgement -- especially if they are
armed.

An impostor can be deranged or criminally inclined, and if challenged
may be willing to injure or kill to accomplish goals, so be wary if
you have doubts.

CIA personnel (and some other Federal agencies) may not have easy call-
back methods of verification.   So, ask for a trusted third-party
introduction -- e.g., get a FBI agent you know to vouch for the person.

If you get a phone call from someone claiming to be in authority,
listen, but don't give out information.  Instead, get sufficient
information to verify the identity and home office, then call them
back at that location after checking to ensure that the number matches
what is in the phone directory and/or online.

All Federal agents (and most state) that I have spoken with on these
issues indicate that they get special emphasis on responding to
challenges to ID themselves -- they should not be angry or upset that
you double-check their credentials.  If they are, and they are real,
then report that to their superiors later on.   This is an area of
great importance, and almost everyone involved understands that.

Trust your instincts to some extent.  Don't let a badge or uniform or
someone's rushed demeanor overcome a sense of suspicion or unease.  So
long as you are polite about it, real sworn agents shouldn't hold it
against you (although they are human, and some have bad days).


If you've been dealing with phishing email and 419 scams online, none
of this should be surprising -- the real world can be surprisingly
like your on-line account. :-)

(As an aside, this whole thread should provide some insight into one
set of reasons why many people, including the USACM, are generally not
in favor of the REAL-ID act.  The average person will not challenge or
really seek to verify an ID flashed in front of them.)


-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com