Blue helmets and high turnstiles

 

Image from Pixabay

It was sunny, hot and Tuesday two o'clock. An elongated building vomited hundreds of men in blue helmets. Location: the port of the Italian city of Ancona. And the blue-helmeted men were dock workers, who had finished their shift. They hurried home on foot, on scooters, in vans and in cars – ignoring this tourist family, heading for Emperor Trajan's triumphal arch.

A few weeks later it was sunny, warm and Tuesday again. At last there was a business meeting elsewhere. It was wonderful to be somewhere else after such a long time, although I had to spend a two-hour journey by public transport for that. But luckily one can work reasonably well on the train. For example, you could write a blog there.

My host's office was surrounded by a sturdy fence. No wonder, because it was the type of organization where everyone understands that unauthorized persons should be kept out. I had been there before, so I knew that, as a pedestrian, I would be admitted to the site via a turnstile after reporting to the doorman. This time something strange happened: the large gate next to the pedestrian entrance remained open after a car had left the site. So I could have simply walked on. But you see, well brought up and all, I stood by that turnstile anyway. The doorman told me to proceed. Hower, the turnstile didn’t turn. Tried it a few times, really. Finally slipped through that inviting large gate. As far as I can tell, it hasn't had any ill effects on me so far.

Inside, at the reception I quickly received a badge, after all I was registered. I joined others belonging to the same meeting; we were not allowed to go through the gates on our own with our badges, we had to be picked up by our host. Someone in our party noticed that something remarkable happened when an employee presented his badge at the revolving door. His name appeared on a display: “Good afternoon, Martin Apple!” We talked for a while about whether that was a good idea. The owner of the pass usually knows his own name, but someone waiting in that room could read the name also. Then that person knows: Mr A has a badge for organization B.

So what, you might say. But let me take you into an exciting scenario, where someone (for example, a crook or a spy) really wants to get in somewhere. One doesn’t just enter such a bastion, he knows. It also doesn't help him much to simply steal a badge, because employees must, in addition to their badge, also present their fingerprint at the revolving door. And you can't steal that – oh way, not so fast. You can actually steal fingerprints. But there is something to it. Most of us really don't have to worry about someone collecting our fingerprints, making a print of them, and then using them to unlock our phone. No, if you have to take this kind of attack into account, you really are in the domain of organized crime and state actors (spies!) – two worlds that, in terms of capabilities, are getting closer and closer.

A lesser crook can try to collect all kinds of puzzle pieces. If he knows that a Martin Apple* works there, he can try to find out more about this person. It's not that hard – most of us are an open book on the internet and social media. That information can come in handy if you want to extort or threaten someone. When the criminal completes the puzzle, he can strike. For example, by inducing this Martin to grant them access to the building or to provide them with information. I am anything but cramped about my identity, but if my name appears on a screen unnecessarily, I am not amused. People who, given their position, more likely 'qualify' for 'special treatment', must adapt their behavior and their digital presence accordingly, in order to protect themselves and their environment. And that is certainly not easy.

Those dock workers also had to walk through turnstiles. In the building from which they emerged, many of those stood side by side. The port authorities likes to know who is present at the port site at all times, of course. Comes in handy in case of calamities and other irregularities. Thus, every employer has his own considerations about whether or not to implement certain security measures.

*) The name Martin Apple originated from my imagination.

 

And in the big bad world…

This section contains a selection of news articles I came across in the past week. Because the original version of this blog post is aimed at readers in the Netherlands, it contains some links to articles in Dutch. Where no language is indicated, the article is in English.

• fingerprints can indeed be stolen.  [DUTCH]
• the credential stuffing attack is why you shouldn't use the same password everywhere.
• the Dutch government is going to merge a number of cybersecurity organizations.  [DUTCH]
• Instagram has been fined for failing to protect children's data.
• the term white hat bounty is being becomes devalued.
• Corona led to many more people going online to play games, and criminals have noticed that too.
• TikTok has been hacked – or hasn’t it?
• this modern form of malware prevention is easy to get around.
• the new iPhone 14 could save your life (at least, in North America).
• BitLocker can be used against you.  [DUTCH]
• Even Facebook does not know where your data is stored.  [DUTCH]