Really, I think highly of you. And Han and I are just curious if people know the relationship between these two locks shown below, and how long it will take before the correct answer is given in the comments. After Christmas I will come back with the answer here anyway.
Han and I get more and more work as expert witnesses in court cases and in lock-forensics these days. It is one of the reasons we invest a lot in Macro Photography.
It seems more criminals are using clever opening techniques to break into places, and in the Netherlands not many people have the expertise to be able to show what happened. News about this kind of ‘burglaries without a trace’ cases even make it to the front page of Dutch newspapers.
The article was about the ‘Twente case’. Dutch Police in Twente (.NL) arrested a twenty-five year old male on November 4th. A witness gave the police a description of a person who most likely broke a window at a shop at the Heutinkstraat in Enschede. Police noticed a person on a bicycle who matched the description, but the man tried to escape when they approached him. After a short chase the man was arrested, and the first official report (mirror) about this incident mentioned the man possessed ‘burglary tools’.
A later report (mirror) stated the man was taken into custody and his house was searched. At his house a lot of stolen goods were discovered, as well as a ‘large amount of cash’. Police soon discovered the man used manual lockpicking to break into houses. His territory was a range of houses of elderly people at the Marthastraat and C.F. Klaarstraat in Enschede. So far he confessed thirteen burglaries committed over an 18 months period. He mostly went out at night and used a lockpick set to gain entry. As police stated, the man ‘worked very clean’, and in some of the cases the owners of the house never even realized they had been burglarized! He managed to take away expensive goods, silver and cash without leaving a trace. To make things worse, he even used the burglarized houses for mail order fraud. He successfully mail ordered gold and expensive goods without the owners of the houses knowing.
According to police spokeswoman Chantal Westerhoff, the burglar had ‘very sensitive fingers’. She said “Lockpicking is a special trade, and not a lot of people can do what this guy did”.
After his confession, and showing lots of remorse, the man was released from custody. He will soon have to account for his behavior in court. I hope I can find out what day the court case is, and I will try to follow up on the story. Any information on the case is welcome, so feel free to mail me if you know more about it.
* Note December 2: I received additional information about the case. The trial will be held in February 2011 (no date set yet). And it is going to generate a lot of media attention as there are some very interesting angles to the story.
Just a few weeks I felt like a kid in the candy-store at the small exhibition about the history of our Dutch intelligence service AIVD. And even though the exhibition was relatively small, there was a lot to see. The great thing is they showed items that were in real use at the service before. I will cover some subjects that interest me (and hopefully you) a lot.
Take for instance hidden transmitters (bugs). I remember reading about the famous 1977 train-hijack in the Netherlands in a book about counter terrorism. The hijackers requested at one moment of time a crate full of soda and a band-aid box. In the book they mentioned it took the intelligence services great difficulties to find a soda crate that could be prepared with an audio-transmitter. For that purpose they traveled all trough the country trying to find an older type wooden ‘coca cola’ crate . The actual crate they used was at the exhibition, and showed the transmitter and hidden compartment in detail. The transmitter in the soda case makes sense to me, but the at the band-aid box I am not sure if they only show the batteries, or that I do not understand the structure of the transmitter(s).
One other thing that interests me is encryption. At the exhibition was a Hagelin C 446 A encryption device, (build in 1945). I am always very interested to see what kind of lock is installed on devices like that, because it reflects the state of the art in locks at that time. The Hagelin is equipped with an Ikon ‘cross beard’ lock. Often at these kind of devices you see the serial number is stamped into the key. Besides the lock on the Hagelin machine there was only one other display that covered keys. It showed a hollow key used to smuggle messages.
But they had more crypto stuff. It is widely known that “one-time pad encryption (OTP)” is a type of encryption that has been proven impossible to crack if used correctly. For the fine details check out wikipedia. In an OTP system the sender and receiver make use of a small ‘code book’ or ‘code table’ that is only used once. Agents that were sent out sometimes had to smuggle this code material with them, and at the exhibition they showed how that was done. They used hollow batteries, a travel “comb and mirror kit” and even the good old ‘hollow heel shoe trick’ to hide the thin sheets containing the codes. It seems from the material at the show they only used numbers on their code sheets.
Other methods of transferring messages that are on display are ‘dead letterboxes’ and a ‘burst transmitter’. The dead letterbox they showed was nothing more then a piece of cement with some messages inside. This ‘rock’ would be dropped at a known location by one agent, and later picked up by another. This way the agents should not have to meet face to face, and if one of them was under surveillance the surveillance had to be pretty strict to see the agent throw or pick up a rock from the ground. The burst transmitter is another way of communication. The message was prepared by the agent, and then transmitted at high speed (in a burst) via a special shortwave transmitter. Because the length of the transmission was short, there was little chance of detection, let alone allow for radio location measurements.
It is worth visiting the exhibition in Zoetermeer, especially if you have kids. There is a real mission for them, and they have to complete a puzzle search to get a small prize. It is open for the public until February 27 2011.
Seems like some interesting assignments are coming up. And if whether or not the assignments will materialize, one can always make good use of the kind of repro-stand I just purchased.
I was also persuaded to buy some special ‘daylight’ lamps that came it and came from the same manufacturer, so for the moment I have a nice ‘basic’ setup. There still is a chance light from just two sources will not quite do it, but for the moment I am happy and can at least make some small series of images. I made some test shoths with my crappy old camera, and am not too unhappy with the result. Just to show a few, here is some images of IKON DLC, IVANA NECOLOCK, Federal, LIPS and some other locks. Now waiting for Christmas to see if Santa will bring me a nice(er) camera and maybe a couple of lenses …
I am just wasting time on an airport in Malaysia and read some bizarre news on some Dutch website. It seems thieves in the Netherlands are currently very fond of build in navigation systems. The latest way of opening the vehicles is far from subtle … They ‘simply’ cut a hole in the side of the door, cut a cable that runs trough the door and is hooked up to the alarm system and open the door. According to the website ‘Over Eindhoven’ the thieves cut holes in at least 62 verhicles!
More shocking images can be found at OverEindhoven….
Just a short post: Jos Weyers won the impression games … again. Life is good 🙂 Time for yet another beer …
You know the drill: Barry is busy. Sad but true. Then again, don’t be sad as I would not want it any other way.
Just to give you an idea about my next few days: tonight there is a Toool gathering in Amsterdam, and it is going to be nice as a lot of our friends from abroad will be visiting it. Then tomorrow morning we will drive to Essen for the security show, and on Friday we will all go to Sneek for LockCon. On Monday Han and I fly to Malaysia for Hack in the Box, and after that things will settle down a bit.
During the last weeks I have been quite active in lock research, to prepare my presentations for both LockCon and Hack in the Box. Han and I always try to focus on the locks they use in countries we visit, and in the case of Malaysia it is ‘disk style locks’. Han Fey being ‘Mr Abloy’ knows a lot about disk locks, although there is a small difference in quality from the kind of locks they use there. As far the organizers of Hack in the Box have told me, the ‘solex brand’ is the lock to beat. And when the lock sells for just a 10 or 15 dollar, there seems to be a lot of counterfeiting going on. It is hard to understand a $10 or $15 dollar lock is counterfeited, and it is even harder to understand they are using high security holographic seals to fight this.
After doing a little study on some sample locks we got, we decided to do a hand-on class on picking these locks. People can register for the class, and pay a small fee to get a pick and disk lock and try to open it at our two hour course/class (and later at the lockpick village).
Got to continue working … time is running out!
Sometimes I get bizarre requests. And people can come up with the weirdest excuses for me to tell them how to open certain locks. But the mails below are the most bizarre scam mails so far. Or at least I hope it’s a scam …
Begin forwarded message:
From: johnhXXXX@hotmail.com
To: barry.wells@toool.nl
Subject: FW: Help!
Date: Tue, 17 Aug 2010 13:00:24 +0300
Hello there.
We are forwarding this e-mail from XXX XXXXX. We requested a help to get out from the Rebelions leader close camp in the border to XXXXXX. The guys are comming and kill people everyday claiming to show where the goverment soldiers has gone. No one knows. but they have already killed 27 peoples up to this morning.
We can’t escape our death as the camp is made of steel shipping containers and the steel doors are all locked with Mul-T-Locks. We need the help on instruction to open this locks so we can run our death. Please Help us… We are dying….
John.
From: John HXXXX [mailto:johnhXXXX@hotmail.com]
Sent: 14 August 2010 11:13 AM
To: XXX XXXXXX
Subject: Help!
Dear XXX,
We are 124 XXX (country BW) citizen kidnaped by rebels near the border to XXX (country BW). They come and shot dead one person in front of us everyday! We was 132 up to now remained 124 only and they still come to kill us..
The building doors are all made of steel. But all the padlocks are MUL-T-LOCKS.
One of us has managed to hide her mobile phone connected to internet. We now use this phone to seek for you help to unlock these 3 locks and run away from our death.
Can you please tell us what to do with this locks to resque our life please…..
John.
This year’s LockCon theme is: the winner takes it all.
That is right, after experimenting with knock-out systems in the games last year at the HAR conference, we will now expand this and let the knock-out system play an important role in the competitions at LockCon. We are real curious to see how this will work out in the lockpick competition.
So what’s the exact schedule? Please keep in mind that LockCon is a very dynamic and last minute changes can always be made. And we kept Friday evening open for last minute presentations and/or time to socialize. This is the schedule we have in mind :
Friday, October 8 2010
People are requested to arrive between 11:30 and 12:30 at the hostel. Toool representatives will be present at the hostel from 11:00 AM on to greet the guests and assign them a room. It is important to be on time as the first presentations begins at 13:30!
Friday 13:30 -15:30 Lock forensics: the more advanced stuff. By datagram
Datagram is a well known expert in the field of forensic locksmithing. His site http://www.lockpickingforensics.com/ is a one of a kind source on this topic. And we are very honored to have Datagram open lockcon with his presentation on advanced forensic locksmithing.
At this two hour presentation, Datagram will quickly go from the basics in forensic locksmithing to the more advanced stuff. He will go into detail on what traces are left in high-security locks when opening attempts are made with special decoder and picktools. And on Sunday Datagram will talk about the vulnerability in a lock many people thought to be ‘pick proof’.
16:00 – 17:00 “Wanna bet”?!? (Wetten Dass … 1986!). By Han Fey
Han makes friends all over the globe, and one of these friends is Mr. Frank Peter Wiersma. Back in 1986, when there were only a handful of television stations, Mr. Wiersma became a small celebrity in the locksmith community. He appeared on the popular show ‘wanna bet ?!?’, and accepted the challenge to try and file a working key to a lock in under three minutes (without trying the key in the lock!). His only tools: some files, one blank key, and just the ‘code number’ of a randomly chosen lock. In this presentation Han will give answers to questions like: did Mr. Wiersma succeed? What was his plan of attack? And just in case Han does not have the answers to all the questions … Mr. Wiersma is a guest of honor at lockcon and will be present too.
17:15 – 18:00 Medeco advanced and ARX pins. by Barry Wels
Medeco lately introduced special pins in the commercial product line to make their locks more resistant against picking and decoding attacks. And rumor has there are even more advanced pins in locks that are used in locations ‘that really matter’. These later pins are supposedly called “ARX” (stands for: Attack Resistance Xtended). What do we know about them? Do we know what these pins look like? How many different types are there? And do they really offer extra resistance against sophisticated attacks? This presentation does not have all the answers, but hopefully will give you some new insights. And a note to the public: If you have any information on ARX pins (pinning kit, individual pins, images, suggestions) please mail arx@blackbag.toool.nl.
18:00-19:00 dinner
19:00 and later: time to socialize, give a ‘last minute’ presentation or compete in the combination lock manipulation competition.
Saturday, October 9 2010
08:00 – 09:30 Breakfast.
Saturday 10:00 – 15:00 The return of the lock Pathologist. By Peter Field
(Lunch 12:00-13:00)
As many LockCon attendees know, Peter Field has an extraordinary way of looking at locks. Like a pathologist, he cuts locks in many thin slices and captures the result with high quality photography. This unique methods of creating a cutaway view is world renowned. His lectures have been attended by locksmiths, security personnel, lock company engineers and Patent Office Examiners from many countries. And this will be the third time Mr. Field will give a presentation at LockCon. Peter Field’s presentations on locks is one of these things in life one can never get enough of.
He will yet again give a four hour(!) presentation about many of the different elements of high security cylinder lock design. Combining his unique cut-away imagery with illustrations from old patents, he will explain how engineers classify the cylinder elements, modify them, develop new ones, and re-combine them all to invent new products for the constantly evolving security market. You will leave this presentation with an outline and a clear understanding of the design constraints and functions of most of the various elements you may find in any lock cylinder.
About Peter Field: he started locksmithing in 1960, and in 1978 was asked to join Medeco Security Locks, where he is now Director of Research. He has over 15 US Patents pertaining to high security locks, with several more patents pending. Being a employee of Medeco one thing is clear: Mr. Field will not discuss any opening techniques. As he told us in previous years: “I am here to talk about locks. How to open them is up to you ….”.
15:30 – 16:30 Just a handful of keys. By Julian Hardt
Julian Hardt found a vulnerability in a number of certified (and non-certified) safe locks. Due to this vulnerability, the amount of possible keys one normally should have to try (the so called ‘key space’) can be greatly reduced. In some cases the key-space goes down from 280.000 keys to a number small enough that it might be possible to just cut the few remaining keys (or build a set-up key) and open the safe with just a handful of keys. In our community it is common to report these kind of vulnerabilities to the manufacturer(s). And that is exactly what Julian did. Thing is: they just have not responded yet …. maybe this announcement helps.
16:30 – 17:30 The Cromer Novum alarm lock decoder. By Till
This year, Till will present an old but very nice opening-tool. It is a tool to open Cromer Novum alarmlocks. And even though these kind of locks are not very common anymore, it is definitely worth showing the tool. The nice thing about this tool is that it makes use of pin and cam technology to decode the lock. Once the levers in the lock are identified, a set up key can be build to actually open the lock. Old but fascinating technology to open what was once a high security lever lock (and probably still is high security if you do not have the proper tool to bypass it). If you ask nicely, Till might let you try the decoder yourself.
18:00-19:00 dinner
20:00 – 23:00 Impressioning championships.
Impressioning is the fine art of opening a lock by filing a key from a blank. It is an ancient technique that still works on an amazing number of (high security) locks. Besides an old-school locksmith skill it is a technique still in use today by intelligence agencies worldwide for their blackbag operational needs. The championships speak for themselves: who will be the fastest filing a working key to a lock his year? The impressioning championships will be played by new rules too (very close to German rules). More about that soon, but we can already say that only “standard Abus five pin locks” will be used.
Sunday October 10
08:00 – 09:30 Breakfast.
10:00 – 11:00 Beating the BiLock. By Datagram
In this presentation Datagram will tackle a lock many people in our community thought was ‘pick proof’. BiLock products are well known for their double sidebar locks and two rows of ‘hard to pick’ pins. In the industry they are considered one of the most high security locks. In this presentation you will hear all the details on how the lock works, how the attack was discovered, what tools were made and how the company responded when they were informed ‘there might be a small problem’.
11:15 – 12:00 Mult-Lock MT5+ layer attack. By Jord Knaap and/or Han Fey
The latest Mul-T-Lock product range is the MT5-line. The MT5 is a high security cylinder that makes use of two security layers: an interactive element (the so called Alpha spring) and pin-in-pin technology. The top of the line product currently is however the MT5+. At the “+” series, an extra layer is added to the lock: a clever mechanism that uses sliders and a sidebar. In this attack we will focus on this new slider mechanism. Jord Knaap found a gap that in some cases can be used to bypass the slider mechanism and did the right thing: he informed Mul-T-Lock about it. And now, after they have been given time to fix the problem, you will hear about it at LockCon.
12:00 – 13:00 Lunch
13:30 – 15:30 Dutch Open lockpick championships.
We are going to play one-on-one, and ‘winner takes all’. In these games two people will be playing against each other, and the one with the most locks opened, or the fastest time if the same amount of locks are opened, will go trough to the next round. If the two contestants do not manage to open any of the locks they are both out of the game. In case we have an odd number of contestants, there will be three people competing against each other and the fastest two go trough. The last man standing wins!
There always is question about the selection of locks that will be used in the game. The brands will be kept secret, but we will try to arrange just two types of locks and make sure one of these locks is ‘relatively simple’ to open by an experienced picker. The locks used will be ‘standard’ five or six pin locks (so no dimple locks or special high security locks in the finals).
16:00 honoring the LockCon champs
17:00 Early dinner for those who need to travel
More information on how to register for LockCon2010 can be found here.
It has been a little slow with my weblog. Maybe it’s because I now use twitter to burst short messages instead of blogging, but the silence here does not mean nothing is happening. On the contrary, a lot is happening….
First there was the safe opening weekend. I am sorry to be repetitive, but the weekend was a great success. Julian picked open four safes, amongst them yet another couple of real monsters , and lots and lots of other safes were opened in more destructive ways. I really was eager to try to open a safe by manipulating a combination lock, but failed as the only lock around was a four wheel lips lock. I am by now reasonably experienced in opening three wheel ‘group two’ locks, but this four wheel lips lock was just a little too much for me. We ended up drilling a hole in the safe and using a scope to read the combination.
I like a challenge and am using the vacation I am in now to study the four wheel lock(s). Jord Knaap was kind enough to let me use one of his cut-away demo locks for this research/test. The lock is neatly mounted on a stand, and as Jord had an eye for details, he even included the anti-drill ‘hard plate’ on the stand (it’s the yellow layer between the dial and the house of the lock). The interesting part is that these locks have false cuts in their wheels, and the position of the false cuts seems to be different on some wheels. Maybe there is a pattern, but it is too early to say … It’s just the first day of my holiday today 😉
Behind the scenes we are busy preparing lockcon (October 8-9-10). It’s gonna be good as more and more people from all over the globe are attracted to it, and the presentations will be high quality as always. And I will use this two week vacation to reply to some mails people have send me. I am running a little behind but will be back on track before the holiday is over …
