5 'Secure' Places That Are Shockingly Easy to Break Into
If movies are to be believed (and as a general rule they are), being a master criminal takes an insane amount of work and long planning sessions. That's why we're not master criminals -- who has that kind of time? Not you, you're too busy watching all those movies.
Fortunately for the burgeoning criminal, it turns out that some of the biggest and most daring crimes require surprisingly little effort. Just look at how easily people have done things like ...
Breaking into the Vatican
Security at the Vatican is tight. After all, it is home to one of the most powerful religious leaders in the world, and despite what you may think, people try to kill the pope all the time (John Paul II was attacked by assassins twice in the span of one year). So you wouldn't think that somebody would be able to just walk in because they were wearing a homemade bishop's costume. You'd be wrong.
This past March, when a bunch of cardinals from around the globe convened at the Vatican to pick the new pope, a German guy named Ralph Napierski managed to bluff his way inside just by wearing a bishop outfit he had clearly assembled from a dusty hope chest full of his mother's old clothing 10 minutes before leaving his house. Napierski's master deception consisted of a cassock that was too short for him, a purple women's scarf tied around his waist in place of the traditional bishop's vestment, and a fedora instead of one of those colored holy skullcaps that literally every member of the church's upper hierarchy would be wearing on such an occasion. This would be like showing up at the Pentagon wearing an extra-small Coast Guard uniform and a bowler hat.
Further proof that men in fedoras should be avoided at all costs.
He posed for photos in St. Peter's Square alongside tourists and other actual high-ranking clergymen before strolling through a heavily guarded checkpoint using nothing but his slapdash thrift store disguise and an alleged membership in the Italian Orthodox Church, which is a church that doesn't actually exist.
In the Vatican's defense, there were over a hundred other cardinals milling around. It's probably pretty tough to spot an impostor amid all that ordained finery. However, we hasten to point out that one of the aforementioned attempts on Pope John Paul II's life was made by a man who was dressed like a priest. This should be something that every Vatican guard specifically watches for, not some so-crazy-it-just-might-work idea that takes them completely by surprise.
"OK, guys, 'Let God sort them out' is not a valid vetting strategy."
Napierski was finally stopped just before making it inside the actual pope-voting chamber, and was escorted away by guards (which is a hell of a lot closer than you'd think a self-declared bishop in a slapped-together costume would get).
Hacking Government Computers
We assume that the computer systems at the top level of U.S. government agencies must have every security feature known to man. We're talking complicated webs of passwords and clearance protocols, as well as several anti-virus subscriptions and bulletproof outer casings at the very least. This is because government systems are constantly being attacked -- there is literally an entire unit in the Chinese army specifically dedicated to hacking into as many as they can on a daily basis. Even though the majority of those attacks are rebuffed, the sheer volume of them has gotten so bad that the U.S. recently made a public statement asking China to knock it off.
But it turns out China is just going about its cyberespionage the wrong way. A test by Homeland Security in 2011 proved that it is incredibly easy to get into a government computer, to the point of a near 100 percent success rate, with absolutely no advanced code-breaking knowledge of any kind. All you have to do is drop a bunch of malicious software on the ground outside a government building like a trollish Johnny Appleseed.
I'm gonna hack your PC today!"
We mean that literally -- Homeland Security agents littered the parking lots of several government buildings with random USB drives and computer disks. The disks themselves contained a harmless application, but most of them were unlabeled. Others were in cases with official-looking logos stamped on the front, but still gave no indication as to what was actually stored on the disks inside. Of the government employees who found the drives and disks lying on the ground, 60 percent of them walked right inside the building and stuck them into their office computers -- you know, those highly secure machines carrying sensitive government information.
Worse yet, a staggering 90 percent of the disks with an official logo on it were installed, because nothing with a logo on it could ever be dangerous. Evidently top-level government security training programs consist of teaching employees that any viruses and system-crippling malware will be clearly labeled as such, and that every international terrorist will look exactly like Boris Badenov. Consequently, it appears that all you need to infiltrate secure U.S. government systems is a box of rewritable media and a screen printing machine.
"Sorry, Edward Jizzerhands bootleg, but I've got a revolution to start."
Emptying Someone's Bank Account
Since basically every bank and credit card company uses PIN numbers to access your cash, they must be pretty effective. After all, a four-digit PIN has 10,000 possible combinations, so the chances of a pickpocket successfully guessing your PIN to use the debit card from your stolen wallet is pretty much zero ... is what we would say if everyone on the planet didn't use the same four numbers to unlock the entirety of their financial reserves.
Congratulations, we're a Mel Brooks joke.
Yes, due to humanity's utter lack of creativity and overabundance of laziness, a large percentage of us are walking around with the exact same codes to unlock every dollar we have to our names. And the codes are incredibly simple -- a whopping 11 percent of people use the PIN "1234," 6 percent use "1111," and 2 percent use "0000," because in this day and age, who has time to do more than just hammer one button repeatedly?
"Hurry up, I've got kids to neglect."
Even if you're feeling proud that your PIN hasn't been listed yet, don't get too cocky -- the top 20 most common four-digit passcodes account for almost 27 percent of PIN numbers, meaning about one-quarter of all PIN numbers in existence can be flat-out guessed in 20 tries or less by anyone who has that list. These include numbers like "7777," "1212," and "6969," because people do embarrassingly stupid things all the time, and protecting their financial information is no exception. Were you born in the 1900s? Good job, so was everyone else, which is why all combinations starting with "19" rank high on the list. And most thieves have the sense to start trying birth years to crack your PIN, which they can do within 61 tries 33 percent of the time.
For some reason, the least common PIN appears to be "8068," or at least it was until we ran this article. You're welcome, "8068"-ers. Maybe you should start keeping your money in a hollow mattress.
Stealing Zoo Animals
Generally speaking, zoos shouldn't need much more security beyond the moats, pits, and fences that keep the animals from escaping for a wacky animated adventure or the spirited mauling of a cab full of tourists. Anyone who climbs beyond all of those safety measures is asking to be eaten by a bear, and the world is a better place without them. Unless, of course, they are climbing in to steal the animals, which is apparently a thing that people do.
"Hey, Carl ... ditch the fish, looks like we're having Italian."
Because, it turns out, zoo animal theft is an incredibly popular pastime, with the number of animals stolen every year currently on the rise. In 2000, 16 lion cubs were stolen from a zoo in Indonesia. That same year, a couple of teenagers stole two koalas from the San Francisco Zoo by dropping in through an open skylight, Mission: Impossible-style. Five zoos in England lost more than 200 animals to thieves in 2006 alone, which was the year Big Momma's House 2 and Miami Vice came out, so the type of tense boredom that breeds daring zoo capers was understandably at an all-time high.
It was like the Planet of the Apes and Pearl Harbor crime sprees of '01 all over again.
Obviously, the animals that are most often targeted are small exotic birds, primates, and reptiles, because they can be tossed in a duffel bag and carried off with relative ease -- trying to Ocean's Eleven a full-grown rhinoceros using nothing but the cover of darkness and an old Chevrolet hatchback would be a substantially taller task. The stolen animals are then sold for ludicrous amounts of money to eccentric rich people looking to build private menageries and/or make a pair of boots out of every endangered species on the planet.
Occasionally break-ins are staged by people who aren't necessarily looking to steal any of the animals, but instead want to release them or simply open their cages in the hopes that the animals will run away and be free. Recently, a man broke into a zoo in Florida and cut the locks on virtually every cage they had in an attempt to liberate the imprisoned beasts. However, his rescue attempt was largely unsuccessful, since most of the animals had long since grown used to their artificial habitats, didn't realize their cages were unlocked, and had no particular desire to go anywhere else in Florida.
"It's Florida. I'm safer in here."
Unsurprisingly, some zoo thefts are perpetrated by crazy people for no real reason. A man in Montana broke into a petting zoo and stole one of their animals, a pygmy goat named Shirley. He then inexplicably brought Shirley with him to a bar, where somebody took note of the obvious crime that had taken place and notified the police. Animal Control came to pick Shirley up and take her back to the zoo, despite her insistence that she was totally OK to drive.
Acquiring Security Secrets of Businesses
Unsurprisingly, major corporations put an intense amount of effort into keeping their top-level information secure (their systems are also routinely attacked by the Chinese army). Billions of dollars and thousands of jobs depend on that information remaining vigilantly guarded at all times. Additionally, any employees privy to that information are tasked with keeping it totally secret. Unless, of course, a complete stranger calls them on the telephone, at which point they will happily divulge whatever sensitive information is asked. Because hey, manners.
"He said 'Pretty please.' What did you expect me to do?"
At the 2010 DEF CON event (an annual convention for hackers), attendees participated in a "game" wherein they would cold-call employees at several major corporations and attempt to get sensitive information out of them as quickly as possible using nothing but basic conversational skills. There wasn't a massive data-thieving plot behind the game -- it was done simply to see how much people would willingly reveal if they were asked. Incredibly, virtually every single company targeted by the DEF CON participants gave away some bit of sensitive information that could be used against them in a cyberattack.
"Our firewall password? Oh, we don't even have those."
And these were serious companies -- Apple, Microsoft, Pepsi, Coca-Cola, and BP all spilled the beans on things that they definitely shouldn't have. This is even more incredible when you consider that the sort of person who attends a DEF CON event is generally terrible at any kind of human interaction that isn't typed out on a screen.
In defense of the targets, the types of questions they were asked would probably seem innocuous to anyone without a good knowledge of the exhausting list of ways that a computer system can be hacked. The DEF CON players would ask things like "Where are your dumpsters located?" (dumpster diving is one of the best ways to collect passwords and other sensitive codes and numbers) and "What version of Adobe do you use?" (knowing the version of a trusted program can help hackers craft a convincing Trojan or similar virus). That being said, these questions would have to seem suspiciously random, if nothing else ("Who was that? Oh, just some guy asking about our dumpsters. Probably a very polite hobo.")
"An e-Trasho-line 6200?!? Papa's sleeping in style tonight!"
So ultimately, it doesn't matter how state-of-the-art your security measures are or how many hackers you employ to protect your mainframe -- the whole system will always be thwarted by the fact that people will tell strangers whatever they want to know as long as it gets them off the phone.
Kathy wrote a very funny book called Funerals to Die For, and you can buy it here and here. Or check out your other favorite Cracked writer M. Asher Cantrell's upcoming book on WORD records right here.