Page 1 of 2

2077: "Heist"

Posted: Mon Nov 26, 2018 5:09 pm UTC
by sotanaht
Image
Title text: But he has a hat AND a toolbox! Where could someone planning a heist get THOSE?

I guess more people should watch those movies because this is exactly what "hackers" actually do.

Re: 2077: "Heist"

Posted: Mon Nov 26, 2018 5:20 pm UTC
by SuperCow
But he made his diplomacy roll, so he's probably legit.

Re: 2077: "Heist"

Posted: Mon Nov 26, 2018 5:48 pm UTC
by Soupspoon
Key. To the server room. Now I know that guy isn't legit, but he also didn't do his homework. A key is either too simple or too complicated an access-granter, for a server-room door, in my experience. Which one it is depends entirely upon the sophistication of the heisters, and whether they want to just rip things out before anyone notices or place some gadget of theirs in there, themselves…

Re: 2077: "Heist"

Posted: Mon Nov 26, 2018 5:58 pm UTC
by Heimhenge
Shit, if he really was "from the building" he should have all the keys he needs. Maybe even a master key. I wouldn't trust him.

Re: 2077: "Heist"

Posted: Mon Nov 26, 2018 6:08 pm UTC
by CardcaptorRLH85
Best case, if you let him in, you just earned yourself a nice long conversation with IT/security and whatever penetration testing firm they hired to explain exactly what you did wrong. Worst case, your first thought was right and now your company is bankrupt and all its customer/employee data is in the wind. Always ask for ID and if you don't know who's supposed to have access to secure areas find someone who does.

Re: 2077: "Heist"

Posted: Mon Nov 26, 2018 6:23 pm UTC
by Soupspoon
Heimhenge wrote:Shit, if he really was "from the building" he should have all the keys he needs. Maybe even a master key. I wouldn't trust him.

All the keys, but not necessarily all the key-cards. Two-factor (actually, "double single-factor", given it's two 'things you possess', or simple single-factor but not including needing a key) has been default access requirements for the less paranoid server-rooms.

The door (with a key-lock, but not actually lock-locked most of the time) could also be kept closed by am electromagnetic card-controlled door-restraining decice plus a fully mechanical combination lock. Press in the code and swipe/present the chip-card to get in (click the sprung switch and twist the internal knob on the combo to get out.

If power goes down (or if they've hacked your Access Control server to straight unlock/grant unlock privileges for a 'janitor card' or similar aquisition), you're left with the purely mechanical combo lock. Which I'm sure nobody has ever taken a minute or two at a time to try to derive the combo*, then committed that to memory card n preparation for the building power being knocked offline to auto-release all the magnetic locks (or at least start to wear down their dedicated UPS time).


* Or dusted for prints. Given it's typically an order-independent mechanisms. You just need to have pressed exactly all the keys (0…9, X…Z) that are in the code (and none that aren't) since the last press of the C key. Which is why I (on these things and PIN pads, even though their codes are order-sensitive) always like to tap every item at least once, to defeat the "fingerprint dusting" people that I'm sure are about to try to pick up such a big clue.

Re: 2077: "Heist"

Posted: Mon Nov 26, 2018 7:18 pm UTC
by pkcommando
At least it's one of the nicer heists and they didn't just kill/incapacitate him outright to get his key(card).

Re: 2077: "Heist"

Posted: Mon Nov 26, 2018 7:20 pm UTC
by cellocgw
First shake his hand. That way, you can at least make sure...

that it isn't a heist by a geist.

Re: 2077: "Heist"

Posted: Mon Nov 26, 2018 7:24 pm UTC
by rmsgrey
sotanaht wrote:Title text: But he has a hat AND a toolbox! Where could someone planning a heist get THOSE?


They get them in a cut or as an unshown part of a planning/execution montage.

Re: 2077: "Heist"

Posted: Mon Nov 26, 2018 8:03 pm UTC
by Vroomfundel
OK, asking for the server room in particular is a bit fishy but generally getting into the office - no problem, in my experience no one ever confronts tailgating strangers about lack of a key card, even though that's featured in every security training ever. It's just that when no one else does it it makes you look like an asshole to what is 9 times out of 10 a colleague who's face you haven't remembered. But yeah, getting hacked 1 times out of 10 is still pretty bad :-)

Re: 2077: "Heist"

Posted: Mon Nov 26, 2018 10:44 pm UTC
by Steve the Pocket
Easy solution: Let him in, but then stay in there to make sure he's actually doing what he said he was there to do until he's done and leaves. Or grab one of the security guards and have them do it for you, if you have work you need to be getting back to.

Re: 2077: "Heist"

Posted: Tue Nov 27, 2018 12:27 am UTC
by jgh
Wow and LOL! My job is *literally* going to a customer support counter with a tool trolley and asking "hello, where's the staff entrance?", and being shown to it, and there asking "hello, where's the server room, I'm here to replace the routers" and being shown to it *and* *left* *there*. By people who usually say "oh, we didn't know anybody was coming". I could be anybody!

Re: 2077: "Heist"

Posted: Tue Nov 27, 2018 1:36 am UTC
by ruurdjan
jgh wrote:Wow and LOL! My job is *literally* going to a customer support counter with a tool trolley and asking "hello, where's the staff entrance?", and being shown to it, and there asking "hello, where's the server room, I'm here to replace the routers" and being shown to it *and* *left* *there*. By people who usually say "oh, we didn't know anybody was coming". I could be anybody!


So, you basically work for a company who trains people to ignore security? In your shoes, I'd simply tell my boss that unless there's someone who's expecting me, I won't do the job because there's no way of knowing you're doing the right thing.

Re: 2077: "Heist"

Posted: Tue Nov 27, 2018 1:53 am UTC
by madaco
ruurdjan wrote:
jgh wrote:Wow and LOL! My job is *literally* going to a customer support counter with a tool trolley and asking "hello, where's the staff entrance?", and being shown to it, and there asking "hello, where's the server room, I'm here to replace the routers" and being shown to it *and* *left* *there*. By people who usually say "oh, we didn't know anybody was coming". I could be anybody!


So, you basically work for a company who trains people to ignore security? In your shoes, I'd simply tell my boss that unless there's someone who's expecting me, I won't do the job because there's no way of knowing you're doing the right thing.


I think they are saying that that is what they do in their job as a pen tester?

Re: 2077: "Heist"

Posted: Tue Nov 27, 2018 2:18 am UTC
by qvxb
If he asks for your Social Security number, he's not legit.

Re: 2077: "Heist"

Posted: Tue Nov 27, 2018 5:41 am UTC
by teelo
Plot-twist: it actually was a heist.

Re: 2077: "Heist"

Posted: Tue Nov 27, 2018 6:09 am UTC
by jgh
ruurdjan wrote:
jgh wrote:Wow and LOL! My job is *literally* going to a customer support counter with a tool trolley and asking "hello, where's the staff entrance?", and being shown to it, and there asking "hello, where's the server room, I'm here to replace the routers" and being shown to it *and* *left* *there*. By people who usually say "oh, we didn't know anybody was coming". I could be anybody!


So, you basically work for a company who trains people to ignore security? In your shoes, I'd simply tell my boss that unless there's someone who's expecting me, I won't do the job because there's no way of knowing you're doing the right thing.


I work for an agency that hires me out as a contractor to IT service suppliers who supply IT services to organisations whose business is nothing to do with "such complicated stuff" as IT. Some days I can't remember who I'm supposed to introduce myself as at the front desk. The end businesses aren't in the business of doing IT stuff, they're in the business of selling groceries, or meals, or clothing*. The IT is just incomprehensible magic "the wiring" as much as the magic of indoor plumbing.

*or killing foreigners - admittedly, at those sites they wouldn't let me in if I wasn't expected, but from that point is was "you know where the catering block is, don't you?"

Re: 2077: "Heist"

Posted: Tue Nov 27, 2018 6:17 am UTC
by WriteBrainedJR
pkcommando wrote:At least it's one of the nicer heists and they didn't just kill/incapacitate him outright to get his key(card).

This isn't just a matter of being nice, it's the correct strategic decision. Getting anyone who isn't security to let you in drastically lengthens the amount of time it will take before you're discovered in most scenarios, while also saving you the time and inconvenience of hiding a body. Since nobody other than security typically thinks of "keeping people out of restricted areas" as a major part of their job, they're unlikely to mention this encounter to anyone until after a security breech is discovered.

Plus, if you do get caught, it's better for your legal defense. If you fraudulently claim authority to enter, that's just part of the burglary you're already committing. If you attack someone in the process of entering, that's an additional charge that the prosecutor can tack onto your case, likely lengthening any sentence you serve if convicted.

Re: 2077: "Heist"

Posted: Tue Nov 27, 2018 10:59 am UTC
by Sableagle
WriteBrainedJR wrote:Since nobody other than security typically thinks of "keeping people out of restricted areas" as a major part of their job, they're unlikely to mention this encounter to anyone until after a security breech is discovered ...
... four days later, by which time you're in Peru.

Re: 2077: "Heist"

Posted: Tue Nov 27, 2018 12:30 pm UTC
by herbstschweigen
As a non-native speaker, I'm one of today's lucky 10000 (hmmm... being non-American, probably way more) who heard (or rather, read) the word "heist" for the first time.

As a German, I wonder how you pronounce it, as we have a ton of words that would rhyme with it.

Re: 2077: "Heist"

Posted: Tue Nov 27, 2018 12:38 pm UTC
by YellowYeti
herbstschweigen wrote:As a non-native speaker, I'm one of today's lucky 10000 (hmmm... being non-American, probably way more) who heard (or rather, read) the word "heist" for the first time.

As a German, I wonder how you pronounce it, as we have a ton of words that would rhyme with it.


heist rhymes with zeitgeist

Re: 2077: "Heist"

Posted: Tue Nov 27, 2018 3:46 pm UTC
by hamjudo
Ask him "Who authorized the purchase order for the work, so I can get them to let you in?".

Re: 2077: "Heist"

Posted: Tue Nov 27, 2018 4:20 pm UTC
by Ranbot
herbstschweigen wrote:...heard (or rather, read) the word "heist" for the first time.

As a German, I wonder how you pronounce it, as we have a ton of words that would rhyme with it.

You can play audio of UK and US pronunciation of "heist" here: https://dictionary.cambridge.org/us/pro ... lish/heist

I would describe the pronunciation as a fast "h" + "iced" (1 syllable)... h-iced... heist

Regional dialects may vary.

Re: 2077: "Heist"

Posted: Tue Nov 27, 2018 4:25 pm UTC
by speising
Tatsächlich ist es eines der wenigen englischen wörter, die so ausgesprchen werden, wie man sie schreibt. :p

Re: 2077: "Heist"

Posted: Tue Nov 27, 2018 5:33 pm UTC
by Paulmichael
Well, guess we finally got the prequel to https://xkcd.com/705/

Re: 2077: "Heist"

Posted: Tue Nov 27, 2018 5:58 pm UTC
by Ranbot
Paulmichael wrote:Well, guess we finally got the prequel to https://xkcd.com/705/

and in time for Christmas!

Re: 2077: "Heist"

Posted: Tue Nov 27, 2018 6:12 pm UTC
by orthogon
speising wrote:Tatsächlich ist es eines der wenigen englischen wörter, die so ausgesprchen werden, wie man sie schreibt. :p

All our words are pronounced as they're written. It's just that the rules for pronunciation are highly complex. :P

It occurs to me that you could quantify the phoneticity of a language's writing system in terms of the the conditional entropy of the pronunciation given the spelling, or vice versa. One tells you how hard it is to pronounce a written word; the other to spell a spoken word. English is hard both ways, but probably harder to write than pronounce.

Re: 2077: "Heist"

Posted: Tue Nov 27, 2018 9:56 pm UTC
by Old Bruce
WriteBrainedJR wrote:
pkcommando wrote:At least it's one of the nicer heists and they didn't just kill/incapacitate him outright to get his key(card).

This isn't just a matter of being nice, it's the correct strategic decision. Getting anyone who isn't security to let you in drastically lengthens the amount of time it will take before you're discovered in most scenarios, while also saving you the time and inconvenience of hiding a body. Since nobody other than security typically thinks of "keeping people out of restricted areas" as a major part of their job, they're unlikely to mention this encounter to anyone until after a security breech is discovered.

Plus, if you do get caught, it's better for your legal defense. If you fraudulently claim authority to enter, that's just part of the burglary you're already committing. If you attack someone in the process of entering, that's an additional charge that the prosecutor can tack onto your case, likely lengthening any sentence you serve if convicted.

There is never any thought about being caught. Never comes up at any stage of planning a heist, or any other nefarious scheme. That is why a calm cool collected wheel man is so important and also why Uber will never truly succeed as a getaway service.

Re: 2077: "Heist"

Posted: Tue Nov 27, 2018 10:41 pm UTC
by orthogon
Old Bruce wrote:There is never any thought about being caught. Never comes up at any stage of planning a heist, or any other nefarious scheme. That is why a calm cool collected wheel man is so important and also why Uber will never truly succeed as a getaway service.

A self-driving Uber getaway car, on the other hand...

Re: 2077: "Heist"

Posted: Wed Nov 28, 2018 3:46 am UTC
by Old Bruce
orthogon wrote:
Old Bruce wrote:There is never any thought about being caught. Never comes up at any stage of planning a heist, or any other nefarious scheme. That is why a calm cool collected wheel man is so important and also why Uber will never truly succeed as a getaway service.

A self-driving Uber getaway car, on the other hand...

Me and my droogs would get in the wrong one...

Re: 2077: "Heist"

Posted: Wed Nov 28, 2018 12:22 pm UTC
by herbstschweigen
speising wrote:Tatsächlich ist es eines der wenigen englischen wörter, die so ausgesprchen werden, wie man sie schreibt. :p

Thanks for the explicit clarification! :wink: :D

Re: 2077: "Heist"

Posted: Wed Nov 28, 2018 12:24 pm UTC
by herbstschweigen
Ranbot wrote:
herbstschweigen wrote:...heard (or rather, read) the word "heist" for the first time.

As a German, I wonder how you pronounce it, as we have a ton of words that would rhyme with it.

You can play audio of UK and US pronunciation of "heist" here: https://dictionary.cambridge.org/us/pro ... lish/heist

I would describe the pronunciation as a fast "h" + "iced" (1 syllable)... h-iced... heist

Regional dialects may vary.

Big thanks for this answer. I would insert the skype (bow) emoji here if it was available.

Re: 2077: "Heist"

Posted: Wed Nov 28, 2018 3:02 pm UTC
by Soupspoon
Old Bruce wrote:There is never any thought about being caught. Never comes up at any stage of planning a heist, or any other nefarious scheme.
I beg to differ. The Impossible Missions Force used to not only account for the possibility but often rely on it… That's not including the ones where they'd be 'caught' by one of their own cops/guards/soldiers, or even a whole repertory company of them, fresh from building a plywood replica of a cell-block!

Re: 2077: "Heist"

Posted: Wed Nov 28, 2018 6:10 pm UTC
by Old Bruce
Soupspoon wrote:
Old Bruce wrote:There is never any thought about being caught. Never comes up at any stage of planning a heist, or any other nefarious scheme.
I beg to differ. The Impossible Missions Force used to not only account for the possibility but often rely on it… That's not including the ones where they'd be 'caught' by one of their own cops/guards/soldiers, or even a whole repertory company of them, fresh from building a plywood replica of a cell-block!

I guess the same could be said of the Hogan's Heros crew. I was thinking more of the 'one off and retire' type heist.

Re: 2077: "Heist"

Posted: Wed Nov 28, 2018 8:10 pm UTC
by Ranbot
herbstschweigen wrote:
Ranbot wrote:
herbstschweigen wrote:...heard (or rather, read) the word "heist" for the first time.

As a German, I wonder how you pronounce it, as we have a ton of words that would rhyme with it.

You can play audio of UK and US pronunciation of "heist" here: https://dictionary.cambridge.org/us/pro ... lish/heist

I would describe the pronunciation as a fast "h" + "iced" (1 syllable)... h-iced... heist

Regional dialects may vary.

Big thanks for this answer. I would insert the skype (bow) emoji here if it was available.

No problem... I consider it reparations I owe for my butchering of the German language when I visited your lovely country a few months ago. :)

Actually, if you want to repay the favor do you have an answer to the question I posed HERE? (Disclaimer: I meant to be sarcastic and humorous in that post. I hope the humor translates.)

Re: 2077: "Heist"

Posted: Wed Nov 28, 2018 8:24 pm UTC
by GlassHouses
jgh wrote:Wow and LOL! My job is *literally* going to a customer support counter with a tool trolley and asking "hello, where's the staff entrance?", and being shown to it, and there asking "hello, where's the server room, I'm here to replace the routers" and being shown to it *and* *left* *there*. By people who usually say "oh, we didn't know anybody was coming". I could be anybody!

Interesting. All the places I've worked have had either key card security, or they were so small that everybody knew everybody, and someone claiming to be a server technician would be taken to see one of the admins before being turned loose in the server room.

Re: 2077: "Heist"

Posted: Wed Nov 28, 2018 9:09 pm UTC
by rabidmuskrat
GlassHouses wrote:
jgh wrote:Wow and LOL! My job is *literally* going to a customer support counter with a tool trolley and asking "hello, where's the staff entrance?", and being shown to it, and there asking "hello, where's the server room, I'm here to replace the routers" and being shown to it *and* *left* *there*. By people who usually say "oh, we didn't know anybody was coming". I could be anybody!

Interesting. All the places I've worked have had either key card security, or they were so small that everybody knew everybody, and someone claiming to be a server technician would be taken to see one of the admins before being turned loose in the server room.

Hell, I don't even work for a big company and very few of the developers even have access to the server room.

Re: 2077: "Heist"

Posted: Wed Nov 28, 2018 11:11 pm UTC
by Soupspoon
My typical experience is similar. One example is probably no more than eight people at any one time had key-card rights to the room (and as few as six, depending on department size) in a site of 200. All but one of the people normally sitting directly outside the room (the exception being the department's admin person/PA) plus the building security guard (in case of emergencies). But it was also policy to never have just one person in the server room (if any, it not being an absolute minimum), including any 'guest', such that if the fire-suppression system were to become activated then no individual could find themselves incapacitated and unlocated and W.O.O.

Re: 2077: "Heist"

Posted: Thu Nov 29, 2018 12:52 am UTC
by Showsni
rabidmuskrat wrote:
GlassHouses wrote:
jgh wrote:Wow and LOL! My job is *literally* going to a customer support counter with a tool trolley and asking "hello, where's the staff entrance?", and being shown to it, and there asking "hello, where's the server room, I'm here to replace the routers" and being shown to it *and* *left* *there*. By people who usually say "oh, we didn't know anybody was coming". I could be anybody!

Interesting. All the places I've worked have had either key card security, or they were so small that everybody knew everybody, and someone claiming to be a server technician would be taken to see one of the admins before being turned loose in the server room.

Hell, I don't even work for a big company and very few of the developers even have access to the server room.


My company's server room is also the reception/office/break/almost everything else room. The server's under the desk, if you want to see it.

Re: 2077: "Heist"

Posted: Thu Nov 29, 2018 5:24 pm UTC
by gcgcgcgc
"I'm from the building" has to be ambiguous statement of the week.