The Silicon Jungle - David H. Rothman

Piggybacking and Impersonation

It’s bone cold outside, the stranger looks harmless, and you let him in as you unlock the doors of your apartment building one night. The next day all the old ladies in the lobby are talking about a burglary.

You fret. Rightly. You may have let a criminal succeed in piggybacking his way behind you into the building.

It’s happening, too, in computer rooms, which crooks use similar tricks to enter.

That’s physical piggybacking. The electronic kind, rare, can happen this way. You punch in a password or key on your terminal and hook up with the computer, unaware that the piggybacker has a hidden terminal connected to the same phone line. Perhaps you haven’t signed off properly. The computer keeps the connection going, and the piggybacker “rides” on.

Impersonation is what it sounds like, and it can be physical or electronic.

Leslie D. Ball, a Massachusetts consultant and college professor, once illustrated computers’ vulnerabilities to such tricks. “Why is it more difficult to rob a bank of $2,500 than to steal millions from its computer?” he asked, and quickly answered the question.[^[52]]

“During a security consulting project at an Atlantic City hotel,” Ball said, “I spent the evening with an associate in the casino. At about eleven p.m. we headed for our rooms, but the elevator stopped where the computer center was located, and we decided to look around. The door marked ‘Computer Center—No Admittance’ was locked but had a bell beside it. A computer operator opened the door when we rang, letting us in without a word. For the next ten minutes we wandered through the center without speaking to the operators on duty.” In effect, by acting as if they belonged in the room, Ball and the associate were impersonating authorized people. “Finally,” he recalled, “we said, ‘Thank you’ and left. They were lucky we were not disgruntled heavy losers!”

A real impersonator, an ex-college professor named Stanley Mark Rifkin, passed himself off as a bank branch manager to steal $10.2 million. He bought diamonds in Switzerland. The law caught up with him only because, like many bright, cocky computer crooks, he bragged. That wasn’t all. “While awaiting trial,” Ball says, “he attempted a fifty-million-dollar transaction from another bank. When apprehended, Rifkin told a reporter that he thought he finally had all the bugs worked out.”

Rifkin was just another example of an ordinary man using legally acquired skills to commit an illegal act.