Dutch « Blackbag, Barry’s weblog

Archive for the ‘Dutch’ Category

Assasination and hotel door security

Monday, February 22nd, 2010

I am reading up on the assassination of Hamas leader Mahmoud al-Mabhouh with red cones. Never ever have so many operational details come out about missions like this. Twenty years ago this would have gone on file as a ‘highly suspicious death’, but in this day and age of CCTV camera’s it did not go unnoticed. What is special this time is that a (must see) video just was released by Dubai police, and it looks like a hollywood production. The link to this blog? … since the murder took place in a hotel, I was immediately interested to read details on how they gained entry. And there still are some things unclear about it, even though this article speaks about “They entered the room using copies of keys they had somehow acquired.”

This could point to the fact a lot of electronic hotel door locks have a mechanical override. Most of the time there is a mechanical lock mounted under the handle of the door that can be opened with a master key. In some cases the lock is even hidden under a sticker or label, but in most hotels I visited there is a lock present in case the electronic lock fails (in some countries it is not legal to rely only on the electronics). I know that in some hotel locks a mechanical opening is still recorded by the electronics in the lock and will end up in the log files. To get hold of the masterkey, one could rent a room in the same hotel and simply (for an intelligence agency that is) take the mechanical lock out the door, take it apart and make the master key based on the now known pin lenght. (Or if you believe the myth, ‘they’ already have done all the fieldwork and collected the mechanical master keys to all important hotels in advance anyway …)

Another way to open some hotel doors would be to simply go under the door and grab the handle from the inside using a special tool. As you can see in this video, it is not so difficult. And the tool used to go under the door is even available in a ‘government only’ version. This version can easily been taken apart into small segments but is only sold to government agents.

And I suggest a slightly modified tool like the one on the video was used for the finishing touch of the murder. To make it look like a natural death, they locked the chain on the inside of the door …

It is all a funny coincidence as the video of the tool was just shot a couple of weeks ago when Han Fey and I did a presentation at the famous IT-Defense security congress Germany. It is a congress where we always meet lots of interesting people and always get a lot of invitations to give more presentations and/or workshops. We were originally invited to just do some hands on workshops and teach people the basic locksport/lockpicking skills, as well as a few simple opening techniques like shimming doors etc. But when some of the conference speakers missed their plane, we were asked to give an ‘emergency presentation’ to fill the gap. And as we do not like to give the same presentation twice, we shot some video (using a mobile phone) on the spot late at night about the door opening tool (and how to protect yourself against it) and inserted it into a compilation of existing presentations. Originally I did not intend to release the video as it shows me opening a door, but in this case I make an exception …

And for those of you who want to know more on the inner working of hotel locks, I have blogged about it before (including a video of ‘how it is made’)….

Tags: assassination, hotel locks
Posted in Dutch, English, Uncategorized, bumping, news, picktools | 28 Comments »

Lockcon Turkey canceled ….

Monday, February 8th, 2010

no lockcon in Turkey ...

We feared for it some time, but just received a mail that confirmed it. Officially the reason is ‘the crisis’ and that there is not enough budget …

Will report soon about the implications if I have more information …

* update: We are making an inventory of people who already booked an airplane ticket to Turkey. Please send me a mail and let me know (and how much you paid for the ticket).

* update 09/02: We are looking into some options. Latest May 1st we will come out with a statement/program about lockcon and the championships …

Posted in Dutch, news | 20 Comments »

Printing police handcuff keys …

Monday, September 14th, 2009

German SSDeV member Ray is known all around the world for his impressive collection of handcuffs and his fun ways of opening most of them. On top of that he gives great presentations and always manages to add a lot of humor into them!

At HAR he pulled another stunt: He used a 3D printer to print handcuff keys. And not just any ordinary handcuff key … no, it’s the official handcuff key from the Dutch police! At first the police officers at HAR were a little reluctant to event try out the plastic key he printed. But he found another way to verify the key he printed was the correct one. I guess these officers never thought about wearing keys concealed, especially when talking with Mr. Handcuff himself. Given the megapixel camera’s on the market today it was not so difficult to verify the key he printed was the correct one.

At the end of the day he talked the officers into trying the key on their handcuffs and … it did work! At least the Dutch Police now knows there is a plastic key on the market that will open their handcuffs. A plastic key undetectable by metal detectors….

And Ray made it easy for you. For those of you wanting to print your own Dutch police handcuff key … the STL file is available online at http://ke.y.nu/

The New York Times just came out with an article on European lockpickers, quoting a Dutch Police officer who was not too negative about the lockpick scene. Lets hope they still feel this way after this post …

*Warning* Before you print out your keys please check your local law! Reading the article below (pdf mirror) should be a fair warning! In some places it is not quite healthy to run around wearing police handcuffs ….

Homeless man could get 5 years for wearing handcuff keys

Wed, Sep. 09, 2009
BY DAVID OVALLE

For wearing handcuff keys on a necklace draped around his neck, a homeless Miami Beach man could face years in prison.

Prosecutors on Tuesday formally charged Michael Gonzalez, 22, with disorderly intoxication, marijuana possession and two counts of possession of a concealed handcuff key — a third-degree felony punishable by up to five years in prison.

“It’s an actual felony,” prosecutor Barbara Teresa Govea explained to Miami-Dade Circuit Judge John Thornton, who questioned the charge.

“There’s got to be some kind of constitutional violation in there somewhere,” Assistant Public Defender Michelle Prescott grumbled to the court.

Actually, the Florida Legislature passed the law after the 1998 murders of two Tampa deputies and a state trooper. Hank Earl Carr shot and killed them after he escaped his cuffs using a universal handcuff key hidden on a necklace.

Gonzalez was arrested Aug. 16 after Miami Beach police said he was harassing women on the South Beach sand. In a report, Officer Errol Vidal wrote that he found a small amount of marijuana in the man’s pocket and “two handcuff keys concealed under his shirt on a necklace.”

Also under Gonzalez’s shirt: a tattoo on his right shoulder, with the word “anarchy” and shooting flames.

Tags: 3d printer, handboeien, handcuff, handcuff key, handcuffs, HAR2009, lips handcuffs, LockCon, police, police handcuffs, politie handboeien, ray, SSDeV
Posted in Dutch, news | 18 Comments »

Dutch podcast: Win a credit card lockpick set

Wednesday, June 24th, 2009

Han and I were guests in the Dutch podcast of ‘de beveiligingsupdate‘ (the security update). To sponsor this podcast a little we are giving away five credit card lockpick sets. Five winners will be selected from people who mail them, so even if you do not speak dutch just mail redactie@debeveiligingsupdate.nl and who knows … you might win one of these cool gadgets …

http://security.nl/artikel/29925/1/Win_een_creditcard_sloten-pick_set_%28Podcast%29.html

*Update: no more chance to win … the lottery is closed.

Posted in Dutch, news | No Comments »

Viola … sweet activist!

Monday, May 11th, 2009

All over Amsterdam billboards are popping up saying: “from now on, all that deserve PUNISHMENT will get PUNISHED”. It is a ridiculous poster by the Dutch VVD political party. And good old Viola did not like to see the threatening words ‘punishment’ and ‘punished’ all over the place and decided to fix the problem. She made prints with the words ‘something sweet’ and put them over the billboards. So now it says: “From now on, all that deserve SOMETHING SWEET will get SOMETHING SWEET”.

Isn’t she sweet?

(Dutch video about Viola below, and she also made the Dutch newspapers)

Posted in Dutch, Uncategorized, news | 5 Comments »

Video and report on mifare attack

Thursday, March 13th, 2008

As promised, Radboud university came out with a video and a report (ENG PDF) on the Mifare hack.

I wonder how long it will take before the software is out on the market .. I know I want a copy ;)

Click the image to see how one billion (!) cards can be hacked/cloned.

Tags: Mifare classic 4k broken hack hacked RFID copy copied c
Posted in Dutch, English, Uncategorized, news | 6 Comments »

Mifare now fully broken

Wednesday, March 12th, 2008

Breaking news from the Dutch Ministry of internal affairs website:

Radboud university fully broke myfair classic.

“With little effort abuse is possible and cards can be cracked and copied easily.”

Below is my rough translation of their letter to inform our parliament.

Between the lines I read panic ….

March 12

Radboud University in Nijmegen (the Netherlands) had recently notified me their research group ‘Digital Security’ developed a method to easily crack and duplicate a large number of chipcards.

This concerns all (access control)cards containing the so called ‘mifare classic-chip’, used in applications that do not rely on additional security measures (like our nation wide transport card).

We guess around two million access control cards are in use in the Netherlands, worldwide we assume one billion.

In various Governmental and private sector this chiptechnoligy is in use.

Our national intelligence agency (AIVD) has, on my request, checked the method at the Radboud University, and confirmed their claim is correct and works.

I have ordered AIVD to follow up and conduct more research.

It must be taken into account as soon as details of the university research become public, the possibilities of abuse are going to be so easy that additional measures are necessary to maintain ‘the level of security’.

The new ‘governmental ID card’ (using a different technology) was supposed to be rolled out the fourth quarter of 2008. I am looking into if this can be speeded up.
I have requested AIVD to advise on security measures of the gevernmental ID card.

In the meantime government wide additional security measures will be taken.

I have requested my colleague ministers to inform the (public) sectors they are responsible for, so additional measures can be taken.

The Minister of internal affairs.
—

At 16:00 Radboud Univeristy will issue a press conference. By that time a report and video will be available on http://www.www.ru.nl/veiligheid-toegangspassen

Tags: cloning, hacked, Mifare, rfid
Posted in Dutch, English, Uncategorized, news | 2 Comments »

‘Ik op TV’

Wednesday, February 20th, 2008

Laura Balver of the Dutch program ‘Ik op TV’ visited Toool Amsterdam. Click to see Dutch clip….

Posted in Dutch, Uncategorized, news | 5 Comments »

how it’s made: cutting the profile in the lock core

Monday, February 4th, 2008

I must admit I have been so busy last week that making the sunday evening deadline was not easy.
But hey, a promise is a promise … so here goes another posting …

I was planning on writing something about Marc Tobias his hack on alarm systems. The weak spot are the wireless sensors (operating on 433.92 Mhz). Maybe I will get back to that later.

Today I want to talk about some of the fun things at Toool: factory visits!

Dutch lock company Anker invited us last year for a factory visit. Even while most of the well respected brands on the market have lots of their parts made in China, Dutch lock company Anker is an exception. They still do most of the work in their own factory, and are very proud of that. At least in the Netherlands they are unique in that respect.

The following video will show you how the key profile is cut into a lock core. Anker is known by us lockpickers by their nasty to pick profiles: very narrow, lot of zig-zag’s and six pins. Not completely impossible, but by no means easy.

In this video you will learn how the profile is cut in the lock core (quicktime or youtube).

Posted in Dutch, English, Uncategorized, news | 2 Comments »

Toool’s field test on AXA locks

Monday, December 17th, 2007

An image can say more then a thousand words ….

I guess by now quite some people are comparing their key to the above image, hoping their key has the same profile as the AX1RP blank (on the right)…..

Why?!?

In cooperation with Kassa TV and one other organisation we performed a little test. In and around Amsterdam we tried to open over 150 bicycles. We got help from random bicyclists, bike shops, and even received assistance from local law-enforcement. Result: we managed to open around 50% of them….

By far the most interesting and intriguing thing we found is that almost all locks we could open used the so called ‘standard key profile’ (blank AX1P). Locks using the ‘mirror image profile’ (AX1RP) seemed almost impossible to open. And we are still investigating why. And we do warn people the flaw might be exploitable in the mirror image profile someday soon … many people are now looking into it, and it could be a matter of time. But for now it seems ok …

One other interesting fact: we managed to open almost all 583 models (over 90%), as well as a high percentage of SL7 and SL9 locks…. if they used a ‘standard key profile’ that is. And a lot of SL9 locks were equipped with a mirror image profile.

Axa by now admits more locks are vulnerable as they expected before, and they will come out with a report themselves any day now. Curious if they found the same things we did (in our relatively small test).

More about this test and the findings (in Dutch) on Kassa TV or http://www.toool.nl

Posted in Dutch, English, news | 6 Comments »

Abus did the right thing … but did AXA do the wrong thing?!?

Saturday, December 15th, 2007

Today ABUS announced (trough an ad in the newspapers) they will send a free lock to everybody that has a lock vulnerable to the ‘blank key’ method. It concerns some of the 48 and 4800 series ABUS bicycle ring-locks.
Rumor has we are talking over 100.000 pieces. And they will all be replaced by ABUS … for free.

I read a lot of comments on various Dutch webpages AXA should follow ABUS and do the same. People say it is not fair they ‘only’ receive 50% discount on an additional extra lock.

Now, I disagree with that, not completely, but still … I disagree.

People do not seem to realize all ABUS locks were manufactured after 2005, while AXA produced defective locks between 1998 and 2005. So while a defective ABUS lock is at most two years old (or should I say young?), an AXA lock on average is five years old, and in some cases even nine years! As far as I am concerned this is old enough not to be entitled for a full refund. I think it is fair to give people a full refund if the lock is under four years old, but after that … you should be happy with your discount.

Over the last few days I visited many bicycle shops. A lot of them had stories of customers who did the right thing: they upgraded to an AXA Defender lock and simply paid twenty euro. These people took the warnings in the media serious and did not want to wait to have their bike stolen. Most of them did not even blame AXA. After all, it is a freak accident. A rare mechanical defect discovered by the wrong people, probably by accident. And years after a serious test institute certified the locks. AXA did what it could when these locks were made.

Now, I realize not everybody can easily pay twenty euro for a new lock. And not all bicycle shops will change the lock for free, although most feel it is a service to their customers to do so in this specific case. But still, if you have the money, just find a shop that will replace the lock for twenty euro and get it over with.

Having said that, it would be a good thing if AXA gave a 50% discount on the Defender (or Solid) ringlock, as that is what would make most of their customers happy…. and brush off the negative image they are creating by not making this offer …

Posted in Dutch, English, news | 6 Comments »

Axa bike locks in the media

Tuesday, December 11th, 2007

Some Dutch media picked up on my last posting on AXA bike locks, including one of the most popular consumer television programs ‘Kassa’. Saturday prime-time, 1.4 million people watched Dirk Bolderman, head of AXA bicycle locks, answer the question how many locks might have this flaw. His answer: “Between 1998 and 2005 we produced four million locks. We assume 100.000 to 200.000 might have this vulnerability. And the locks can not be identified by their serial number”….
(video available as 33 MB quicktime or on YouTube)

Some people have serious doubts about Mr. Boldermans claims ….

The good thing is he did promise AXA will offer 50% discount on new additional bike locks soon.

I received mostly positive feedback for pointing out the ‘interesting’ AXA/Abus advertisement campaign. One exception is the Dutch association of bicycle enthusiasts (fietserbond). Normally I sympathize with them, as they are really doing good work for us bicyclists (yes, I ride a bike too). But they are now asking Dutch justice department to take ‘legal action’ against ‘these instructional video’s on internet’. They claim these video’s are criminal because they encourage criminal behavior. Sigh….

Now, there are lots of ways I can defend myself against these ridiculous claims. And I have no concerns on the legal part of it. We have a long list of lawyers that owe us a favor, mainly because of our technical assistance in difficult court-cases (mostly fraud cases were insurance companies don’t want to pay). And legally they do not have a point. Maybe morally, but I think the awareness created by the clip had much more impact then the silly AXA advertisement in the papers.

And I decided to look at their website, trying to learn some more about them. Interestingly their site is filled with information that can help thieves. Take for instance their excellent study (PDF) on bike lock security. Assisted by the Technical University in Delft, they studied a more destructive way of opening locks: using special pliers used to cut concrete reinforcement elements (dutch: betonschaar). Potential thieves are advised what locks to avoid (including images of locks), and how to use the cutting tool properly (Use 65 Rockwell blades and let one of the cutters arms rest on the ground to increase impact). Maybe it is time to arrest the people from technical university Delft now …

Anyway, good luck to them trying to sue Kassa for warning the public on prime time television ….

Update: Volkskrant reporter Michiel Haighton went to Amsterdam Central station to try his luck (video) …. and guess who he met there ?!?

To be continued for sure …

Posted in Dutch, English, news, picktools | 4 Comments »

AXA: A new phase in security

Friday, December 7th, 2007

According to an article on the front page of the biggest newspaper in the Netherlands, some Dutch bicycle locks are not worth a dime.

And they are right. There is a trick to open some of these locks in seconds, causing no damage to the lock. In the article, Dutch police advises to always use two locks to secure your bike (and better lock your bike to solid objects too).

Yesterday I learned manufacturers of these locks were going to warn the public using nation wide advertisement in newspapers. Curiously I looked in the newspaper today, and had to look twice. But I found the add on page 26 (of the digital telegraaf edition). I expected the add to say something like: Warning, possible product failure. Instead it said: A new phase in security. First thing the add does is … advertise the new AXA Defender RL as a secure lock. Second it mentions ‘the police discovering a new method of manipulating locks’. This ‘by the police discovered method’ happens to work on ‘some older models SL7, SL9 and 583′. Needless to say police did not discover this method. If they did it would (still) be a big secret. Instead of the police, the guild of bicycle thiefs discovered it. And police found out about it that way. I am real curious if other brands are affected by this too.

The AXA website covers the problem the same way as the ‘ad’ in the newspaper. Instead of making a serious effort to warn their customers they just mention on the side of the page: AXA advertisment, a new phase in security. Not something a concerned customer will click on straight away.

I am curious were this is heading to, as this story shows great resemblance to problems Kryptonite had in the US. Someone found out these locks could be opened in seconds, without any damage, using just a bic pen. That story started with some denial, but ended with Kryptonite publicly making a lock exchange offer. I am curious if AXA thinks it is going to get away with this, or if they are going to make the same offer to their customers as Kryptnite did….

I have know for at least a week there was a problem with the AXA locks, without knowing the details. My locksmith friends were swamped by kiddo’s asking them for SL7 blanks (really, for a science project at school sir). And when I visited the bicycle shop around the corner they told me quite some people had their bikes stolen….

The bicycle shop gave me two locks from their garbage bin for me to experiment on. It only took me a couple of minutes to figure it out and open them both. And since every bicycle thief in the Netherlands already knows how to open these locks, I do not mind sharing the trick with you (18 MB quicktime movie or youtube). And please do not complain about me teaching malicious people how to open locks. Complain to the manufacturer of the lock that makes locks ‘that are not worth a dime’ ….

Update 08-12: Abus does not only seem to have the same problem as AXA, it looks as if they also share the same marketing people. The head of the ad in the newspapers today says: New generation Abus bike locks. And it does mention some ABUS Protecta 48 and 4600 can be opened using an ‘illegal method’. Who’s next?

Posted in Dutch, English, news | 28 Comments »

Mastermate bouwtechniek dagen, picking in the snow …

Tuesday, November 13th, 2007

Next week we will be picking in the snow…

The ‘Mastermate bouwtechniek dagen’ will be held in Snowworld Zoetermeer this year, and we will be present to teach the audience the noble art of lockpicking. There will be a big table with some qualified Toool instructors and plenty of locks and tools to get you started. So if you live in the Den Haag/Zoetermeer area come visit us Tuesday or Wednesday November 21/22 (from 13:00 to 21:00).

Some of the Toool members will be trying to improve their best scores in the ongoing 2007 competition, or will use the time to practise for the Dutch Open lockpick and impressioning championships in Sneek November 23/24/25….

Posted in Dutch, news | 4 Comments »

E-voting machines can be used for verifiable elections after all …

Friday, October 5th, 2007

a cartoon by Tom Janssen (Trouw magazine)

Tom Janssen outdid himself on a cartoon about the Dutch e-voting soap in Trouw magazine.

Maybe it will inspire some municipalities to actually use the good old Nedap e-voting machines this way …

* ‘verbeterde stemcomputer’ means ‘improved e-voting computer’

Posted in Dutch, against e-voting | 1 Comment »

LockCon 2010 “the winner takes it all”
- Jaakko Fagerlund:
  One crazy Finn, coming up! :D Haven’t received an answer from registration@lockcon.com though,...
The frozen lock advice …
- Mike:
  Sometimes you can not find boil water. So the easiest way to heat the lock is to piss on it
Help … we are dying … (WTF?!?)
- Elphreaker:
  @philoT What he means is that any phone that has coverage is connected simultaneously to a few nearby...
- Till:
  Give me the adress i go there. I have some of days at the moment. greetz Till
- philoT:
  @NKT Are you saying I can text a number from a non-gps enabled phone and they will test my coords back to me?
- Elphreaker:
  Mmm, I have had similar messages, but from people asking for specific bumpkeys or directions to open a...
- NKT:
  Might I suggest telling them to try shimming the padlock with a bit of a coke can? If they email and say...
- WolfDog:
  If they have access to the internet, then can’t they just Google how to open the lock?
- Travis:
  Wow, that is very creepy. For being in a hostage situation locked in a metal container, they still seem to...
Michael Huebler’s masterlock article on Toool.nl
- mh:
  You are right, the statistics table in my paper is not correct – good find! For this state, in a space...