Those were my words when someone pointed me to the new and improved
website of multipick in Germany. Previously they offered a set of 10
or 12 bumpkeys. We tested these keys in our consumer reports test in
2006, and found they were of very poor quality.
However, multipick now seems to have invested seriously in their
bumpkey division.
You can now order individual keys online, and to make things
convenient they included the images of the profiles of the keyways.
Life for criminals have never been easier … Just examine the lock
you want to open (or make a picture), compare with the profile
sketches on their website and order the correct key online.
We have not tested any of multipick’s keys yet, but looking at how serious
they invested in their website I fear for the worst….
Dutch RTL just visited me to shoot some video for a TV item about this
new site and the consequences it has for security in general. It will be
aired on RTL4 around 18:15 today in a program called ‘editie NL‘.
(Video available now, WMV 10 Mb)
Barry, are you doing a ‘U’ turn on your thoughts then?
It seems only yesterday that you was showing the world how to bump locks and get as many people involved now it sounds like you dont want it as widespread.
It was afterall, in some part, your doing that its become so popular, i assumed you would be happy about this development on the multipick site rather than be dissapointed unless ive misunderstood your posting log entry.
Show innocent people how to break locks and there will always be the unwashed element that want to use the info to steal, you must know this when you do your talks and demos for the internet and hacking communities amoungst the others?
I dont see it as a big issue as Multipick are usually over priced and when the keys are so easy to make why buy them only to then wait for delivery.
As a locksmith i have recently been out to 2 break-in’s that involved bumping and in one case the person was caught and told the police that he learnt the technique off an internet site and made his own key.
But as long as the lock companies turn a blind eye nothings going to change.
Hi Barry,
I’m really confused about your position on bump keys in light of your most recent blog entry.
Firstly, you have been very active in demonstrating the bumping “exploit”. I learnt about it from you as I imagine many others have also. You have made or participated in videos that demonstrate the technique and the tools required.
Secondly, Multipick isn’t the only online store selling bump keys or promoting their purchase. There are equivalent sites in the UK and the US. There are also forums attached to some of these online stores that provide post-sales support for their bump keys.
Thirdly, bump keys can be readily made (as you are well aware). For this reason selling ready-made bump keys will most likely only make a marginal upward difference in their uptake by criminals (that is my conjecture).
Fourthly, the Multipick bump keys (like all Multipick items) are overpriced for anyone other than the professional locksmith (who for some reason can’t make his/her own set) or the professional criminal that makes capital investment in his “craft” (how many of these would there be?).
Can you please clarify your position?
Best regards
pe
pw: good point.
However, I feel my documents and demonstrations are there to educate
the people, and help them make the right choices when it comes to
physical security. It is not my meaning in life to educate criminals.
And keep in mind my research was done after it was aired prime time on
German television. Criminals learn fast and do not mind borders. If I
would not have written the articles and put the video’s online the
criminals would have had more time to exploit the vulnerability worldwide. Only
by exposing it, and telling as many people about it as you can, a problem like
this can gets solved.
The bump key story so far has proven most lock companies do not want
to improve their locks unless the there is pressure from the public.
And their attempts to downplay the bump key threat has only motivated
me to do more thorough research and publish about it. I still think
the ‘what the hack’ video is the best information available on
bumping. It covers it all. And still the industry tries to downplay by
saying ‘burglaries with bumpkeys do not happen often, there is no need
for you to change your locks’.
The first time I saw the new multipick website I honestly said ‘Oh
Shit’ because it dramatically lowers the amount of effort a criminal
has to put into planning a successful burglary. Not to mention the
fact the multipick people even got ahold of Kurt Shulke and are now
selling the original tomahawk hammers too. All these ingredients were
not really easy accessible to the public until now.
And I see it as my responsibility to warn people a crime wave could be
coming. Nothing more and nothing less…..
Please dont think i meant that you teach crinimals or intend your work to do so, i didnt mean that.
I see your points but dont think a criminal is going to order from an online locksmith store somthing that he can file up on his kitchen table, the fact multipick are now selling them isnt the start of the war its just one of the battles.
Some may say that having the info on how to make the keys and do the technique free for all to see online is much worse than a supplier selling them pre made.
I agree the more professional or thoughtful thief would probably know about bumping but im sure its nothing new to that group of people, the pro may look at useing the technique but the opertunist will still use brute force,
As you say it really is a case of the consumer’s demanding change before the lock makers think about altering designs and unfortunatley in order for that to happen the market needs to want or need change which will only happen with break-ins useing the technique becoming common place which of course isnt the case right now, as far as we know.
Nevertheless, bumping still requires some practice to perfect. It is much easier than picking but it isn’t an instant or no-skill method. I can’t imagine a junkie burglar (who are responsible for many residential B&Es) buying his set of bump keys, practice cylinder and “Tomahawk” from Multipick and sitting down to practice. Do we have any reports of residential burglars using commercial bump keys and tools?
What would motivate a switch of methods? Why would an opportunist burglar go to the trouble of learning bumping?
Table 9.6: Method of Entry to Building
Burglary Burglary Burglary
(Aggravated) (Residential) (Other) Total Percentage
Force / Broke Door 178 6835 5738 12751 26.8
Force / Broke Window 190 9838 5066 15094 31.7
Cut Hole 5 177 502 684 1.4
Cut / Broke Lock 17 835 1073 1925 4.0
Cut / Remove Flywire 57 1619 210 1886 4.0
Remove Louvre / Window 9 495 275 779 1.6
Remove Roof Tile / Iron 0 167 327 494 1.0
Unscrew Hinges 0 38 42 80 0.2
Unlocked / Open Window 108 1792 313 2213 4.6
Unlocked / Open Door 454 3680 1185 5319 11.2
Key Used 12 341 237 590 1.2
Lock Manipulated 18 473 394 885 1.9
Tape Used 0 5 11 16 0.0
Invited In 14 39 64 117 0.2
No Sign Forced Entry 149 2643 1334 4126 8.7
Other 25 250 378 653 1.4
TOTAL 1236 29227 17149 47612 100.0
Table 9.7: Type of Tools Used to Enter Building
Burglary Burglary Burglary
(Aggravated) (Residential) (Other) Total Percentage
Bolt / Tin Cutters 1 365 965 1331 9.1
Glass Cutters 1 34 21 56 0.4
Stillsons / Multi-Grips 1 68 27 96 0.7
Oxy / Explosives 0 2 33 35 0.2
Brick / Rock / Missile 11 591 1223 1825 12.5
Coat Hanger / Nylon Tape 0 12 14 26 0.2
Key Used 8 158 138 304 2.1
Jemmy / Lever / Screwdriver 133 6539 3994 10666 73.3
Vehicle 0 31 105 136 0.9
Ladder 3 40 34 77 0.5
TOTAL 158 7840 6554 14552 100.0
(Source: Victoria Police Crime Statistics 2004/05)
PS:- Will there be a manufacturing run of the TOOOL/HOPE pick set this year? Will it be available to TOOOL and Barry Wels fans around the world?
Is dumb to think that all criminals are junkies who would not take advantage of this information, are you trying to say that people like professional car thieves don’t take the time to learn how to steal a car, they just break the window with a stone and drive away?
What about the kidnappers from third world countries, if they have the money to buy assault weapons, safe houses, buy fake police uniforms etc i’m sure they can buy these keys to make things easier, what is more dangerous? to surround a car with ak-47’s in the street to kidnap a person or to sneak into a house in the middle of the night and catch all the family off guard, the same goes for thieves.
Of course Barry would suggest those third worlders to buy a 200 dollar lock, specially since that’s what the mayority of that people earn in a month.
PS, i know that bump keys don’t work in cars, i’m just trying to show that not all criminals are dumb or lazy.
Well, replacement locks don’t need to be $200. Cheap china disc locks are bump proof and can be had for much less. I don’t know if they make knockoff disc lock door hardware yet, but you can secure a door with a padlock.
Security is a luxury. You get as much as you choose to pay for. Some people can’t afford to choose very much. People who can’t, have my deepest sympathies, but their interests in this situation are less significant than their interests in other situations where their interests are ignored. No decision decision leaves everyone a winner.
It figures that these arguments that advocate the interests of the disadvantaged, tend to be inspired surrounding the decisions that have monetary intersts involved.
Bumping is beyond damage control. There isn’t an internet savy criminal that doesn’t know about it. It’s not in our hands anymore. Criminal knowledge starts with insiders and goes word of mouth from there. Locksmiths need to stock CHEAP bump proof locks in addition to the more expensive brands and offer them to the people who they can’t sell the medeco to, and their own conscience can decide who to stress the cheaper models to in the first place.
I’m not really concerned about multipick because their prices are notoriously outrageous. They won’t be the first stop of junkies. I can’t really imagine them being the first stop of ANY criminal for that matter. Ebay has such a lower profile.
With the hype around bumbkeys being as it is, potential profits are very persuasive so I think we might as well fully expect responsiblity and caution are going to get thrown to the wind till this dies down. The focus is MUCH better placed on the locksmiths who don’t offer cheap bump proof locks, both as an example of poor business practices, and as an example of the locksmithing community failing at it’s supposed purpose. Providing real security to the public. False security is supposed to be the domain of home improvement stores.
pe: what can I say …
I said it many times before: I think the bump-key exploit is serious
risk. The training required is minimal compared to the damage you can
do with it. And people eager to learn can master it in half a day…
I think it is a good thing the technique gets some attention once in a
while to keep the public aware and the lock industry motivated to fix
the problem.
And to keep pressure on insurance companies to pay when use of a bump
key is suspected. We forced the Dutch organization of insurance
companies to publicly say they will pay when people fall victim to
bumpkeys (or when there is a suspicion a bumpkey is used). And that is
my motivation to bring out the information.
Personally I do not care if burglars use the technique or not (on a
wide scale). The fact it is so easy to open locks without leaving a
trace (*), using the most simple tools, is something that needs
fixing. Or at least give people a fair chance to make their own
decision. In the consumer report of 2006 we tested many locks, the
cheapest bump proof lock was a DOM rn-2 of only 22 euro. So upgrading
your security does not have to be expensive at all. And we also did
mention in the report that the most used ‘real world’ technique here
is ‘pulling out’ or ‘breaking out’ the lock. It is not that bumping is
the end of the world, but in some occasions it is just a little too
convenient (like in recently constructed neighborhoods where all
houses have the same keyway).
The problem I have with your statistics is that it does not even
mentions a bump key. Let alone the fact people might cause damage
themselves to get the insurance to pay when their house is emptied and
there are no traces of burglary.
And the Toool picksets are currently sold out. I am still in doubt if
it is worth the investment to have new sets made….
And one more thing (PE, PW and the others): Thanks for your comments.
It is nice to see people are paying attention and keeping an eye on
what is going on and expressing their opinion about it.
As I just see, they stopped selling bumpkeys.
The site says:
Dear customers!
Internet forums inciting media to lead their reports to the criminal possibilities of bump key utilisation and to instruct these dubious circles with sound and images, how to commit criminal offence, we see ourselves, as a serious company, under the obligation to withdraw our bumpkeys from sales to the large public. Authorities and other authorised companies may contact our hotline for any information about bumpkeys.
Thank you for your comprehension,
Your Multipick-Service Team
André
I think your an ass and Hypocrite.
Supposedly “warning” people for bumpkeys just to get his ass on Television and get his 2 minutes of fame.
Let me ask you this:
What kind of person will take lockpicking-courses or is eager to learn
about locks anyway?
For the mechanical part of it? There are so many other types of
fine mechanical hobbies that do not invlove locks.
Thats why I think you’re a hypocrite who just want shis 2 muinutes of
fame on telvision.
Machiel: Interesting phrased opinion. I have said it before and will
do so again: I just think it is a good thing to keep the industry on
their toes. Having the Dutch insurance companies acknowledged on
public television they will pay victims of bumping, even when there
are no clear signs of burglary is something I think is a good thing
too.
And believe it or not, but most locksport enthusiasts I know are just
curious people who are fascinated by mechanical locks, and solving the
mechanical puzzle. Maybe you should visit one of our meetings and find
out for yourself “what kind of people” we are? I dare to say visiting us
would change your mind. And, who knows, you might even enjoy it and get
caught by the lockpick virus too …
And it is a pity you do not know how many press inquiries from we
turn down. I guess we only accept one out of five invitations orso.
If it was my goal in life to be on television you would see me much
more often. Fortunately for you it is not, so you can relax.
Thanks for your comments and maybe see you on one of the toool
meetings? The first drink would be on me ….
Love, peace and happiness,
Barry
It seems that Mr Wells is happy to spread information when it suits him and happier to restric it when…it suits him. Nice
Flippant use of ‘junkies’ is annoying. I was in the criminal world for years and no-one uses locksmith tools for entry, there’s really no need. You lot are so obsessed with pickinglocks you forget other, easier and more reliable ways of getting onto a property. In the UK, you wouldn;t want to get caught ‘going prepared’ which you would if you were carrying locksmith tools (inc bump keys) as opposed to a screwdriver, a peice of card and some BACKGROUND work on ‘the job’
I think you flatter yourselves to think theives use bump-keys, they’re not even interested.