Monday, July 31, 2017

Another Job the Robots Will Be Taking: Safecracker

Do we still have safecrackers? A quick check of the BLS' Standard Occupational Classification does not have a listing of either the broad category of 'criminal' or the narrower 'safecracker' occupation.

From Schneier on Security:

Robot Safecracking
Robots can crack safes faster than humans -- and differently:

So Seidle started looking for shortcuts. First he found that, like many safes, his SentrySafe had some tolerance for error. If the combination includes a 12, for instance, 11 or 13 would work, too. That simple convenience measure meant his bot could try every third number instead of every single number, immediately paring down the total test time to just over four days. Seidle also realized that the bot didn't actually need to return the dial to its original position before trying every combination. By making attempts in a certain careful order, it could keep two of the three rotors in place, while trying new numbers on just the last, vastly cutting the time to try new combinations to a maximum of four seconds per try. That reduced the maximum bruteforcing time to about one day and 16 hours, or under a day on average.

But Seidle found one more clever trick, this time taking advantage of a design quirk in the safe intended to prevent traditional safecracking. Because the safe has a rod that slips into slots in the three rotors when they're aligned to the combination's numbers, a human safecracker can apply light pressure to the safe's handle, turn its dial, and listen or feel for the moment when that rod slips into those slots. To block that technique, the third rotor of Seidle's SentrySafe is indented with twelve notches that catch the rod if someone turns the dial while pulling the handle....MORE 
Mr. Schneier also gets the hat tip for pointing us to McSweeny's from his 2012 post "Interview with a Safecracker":
Q: How did you learn to be a safecracker?
A: In 1978 I took a correspondence course to learn the basics of locksmithing. The ad in the Popular Mechanics classifieds said, “Be your own boss.”
The course consisted of about 70 lessons. I’d study each lesson and practice the particular skill required, like how to fit a key, lock disassembly, rekeying, etc.

Q: What does it mean to fit a key?
A: This is only one of a dozen basic locksmith skills. You insert a blank key, wiggle it while turning and the bumping action creates marks on the key blade. You file where the marks are until the key turns in the lock. It’s also known as “impressioning.”

Q: It seems like you could use this knowledge in bad ways if you wanted to.

A: Clients often ask, jokingly, whether we learn our trade in prison.
Technically, the biggest difference between what a burglar does and what I do is that the burglar wants to get in and out quickly and doesn’t care if the safe ever gets used again. I take my time because my objective is opening it with minimal damage so the owner can use it again.

A criminal safecracker also needs different knowledge and skills, beyond the technical, that I don’t have or need. I don’t need to know how to avoid leaving evidence, circumvent an alarm system, plan a get-away, or fence-stolen goods....