In Clubs and Online, Hobbyists Embrace The Joys of Picking

["Richard M. Smith" <rms () computerbytesman com>]

http://online.wsj.com/article/SB116200169155406795.html?mod=todays_us_page_o
ne
 

In Clubs and Online, Hobbyists Embrace The Joys of Picking

Videos Help Amateurs 
Open Padlocks, Dead Bolts; 
Police Aren't Amused
By SARA SCHAEFER MUÑOZ
October 28, 2006; Page A1


NEWINGTON, Conn. -- On a recent evening in this quiet suburb, Matthew
Fiddler hunched over a door lock, jiggling it with a pick and poking it with
a wrench. In just a few moments, it popped open.

Mr. Fiddler wasn't locked out and he isn't a thief. Instead, the 36-year-old
father of four, clad in khakis and a blue button-down shirt, was seated
around a table with a handful of people who pick locks for fun. The group, a
chapter of Locksport International, gets together monthly to poke and prod
everything from padlocks to dead-bolt cylinders. They swap tips, hold
contests and eat pizza.

Most say they do it for the challenge. "It's like doing a Rubik's Cube in
the dark," says Josh Nekrep, a construction sales representative and
Locksport's administrative director. And for Mr. Nekrep and others, it
carries a broader mission: finding and exposing the vulnerabilities in
common locks so people can better protect themselves.

"The public has a right to know if some $30 lock they bought is not secure,"
says Mr. Fiddler, the Connecticut chapter president, who, like many in his
group, works in computer security.

That philosophy has riled lock manufacturers and law-enforcement officials,
who believe disseminating information about lock weaknesses can only
encourage illicit activity. It has also split the locksmith community,
putting them at odds about whether picking techniques should be disclosed.
Fueling their concern: the spread of Internet videos that show how to pick
many types of locks.

Pin tumbler locks, commonly used on doors, mailboxes or padlocks, are opened
with a key when their spring-loaded pins are pushed into the right
alignment. To open them without a key, hobbyists often use a slender pick to
maneuver the pins, while at the same time sticking a tension wrench in the
keyhole to apply turning pressure.

Another popular method is "bumping," which involves inserting a specially
filed key blank into a lock and hitting -- or "bumping" -- it. Key blanks,
made by lock manufacturers and used for making duplicate keys, are widely
available for most common locks online or in hardware stores. The force of
hitting the key makes the pins jump in such a way that for a split second
the lock can be opened.

Google Inc. co-founder Sergey Brin says he became interested in lock picking
as a graduate student and years ago picked the lock of Google's offices when
he didn't have a key. He told reporters attending a Google conference
earlier this month that he recently learned the "bumping" technique by
watching a video available through Google's site. "I was curious," he said.
"You want to see a person just do it."

Law-enforcement officials fear that any tactic that exposes lock-breaching
can put information into the wrong hands.

"They are exposing vulnerabilities to everybody, and everybody includes
criminals," says Jim Pasco, the executive director of the National Fraternal
Order of Police. "I am absolutely mystified at what they perceive to be
ethical about that."

Organized groups of lock-picking hobbyists have operated in Europe for
years, and have recently been increasing in North America. Locksport
International  started last year and has 100 members in six chapters in the
U.S. and Canada. The Netherlands-based Open Organisation of Lockpickers
formally launched a U.S. group in August and so far has 40 members. The
hobby is also becoming popular on college campuses: students at the
University of Texas, Austin, recently launched a picking group.

Even as the hobby's popularity has grown, members acknowledge it still faces
an image problem.

"Picking locks is so often viewed by the layperson as a nefarious act," says
a statement posted on Locksport's Web site. It says the group wants "to
promote the hobby/sport of lock-picking in an ethical manner." Members say
they take problems to manufacturers first and then go public if the
companies don't respond.

At the recent meeting in Newington, about 10 men, with ages in their 20s to
60s, sat around a brightly lit table, bending over different types of locks
and brandishing picks and wrenches. During breaks in the chatter, all that
could be heard was tapping and clicking.

"I'm interested in how locks work," says Jack Craib, a 63-year-old retired
bookbinder.

"When you are picking a lock and it clicks open, it seems like something
magical has happened," says Eric Schmiedl, a college student on the TOOOL
U.S. board of directors.

Police and lock manufacturers say they get worried when pickers swap tips on
the message boards of lockpicking101.com, a Web site for lock-picking
enthusiasts, and post how-to demonstration videos on the popular
video-sharing site YouTube.com.

After several videos circulated this summer showed how the "bumping" method
could be used to open locks, the Dallas-based Associated Locksmiths of
America, a trade group, fired off a statement calling the information "a
misguided attempt at consumer awareness" that could "stimulate the interest
of would-be burglars."

Paul Dickard, a spokesman for lock manufacturer Schlage, a unit of
Ingersoll-Rand Co., said the company would prefer if the hobbyists "acted
more like a magic society, where the trade secrets stay in the room."

Still, at least one lock maker says the hobbyists can help companies. Walt
Strader, vice president of research and development for Black & Decker
Corp., which makes Kwikset, Weiser and Baldwin locks, says the company
recently became aware of the "bumping" method from information disseminated
by the groups. While the company doesn't agree with the groups' publicity
tactics, he said it is "taking the issue seriously" by re-evaluating its
products and considering a warning on the packaging. The company is also
working with the industry to call for a ban on the Internet sale of bump
keys, he says.

Mr. Nekrep, Locksport's administrative director, says the group makes a
concerted effort to keep out anyone with shadowy motives. Mr. Nekrep says
all new members must be endorsed by two existing members and everyone must
abide by a code of ethics, which includes the promise to pick only locks
that they own or have been given express permission to pick.

Mr. Fiddler says he can spot undesirables right away. He has turned away
several people because they were asking "how to break into things, rather
than demonstrating a real interest in how things work."

--Kevin J. Delaney contributed to this article.

Write to Sara Schaefer Muñoz at sara.schaefer () wsj com



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.