Students at the University of Twente have stolen thirty laptops from various members of the university’s staff. They were not prosecuted for this, so they could just get on with their studies. Indeed, these students even received ECTS credits for these thefts. UT researcher Trajce Dimkov asked the students to steal the machines as part of a scientific experiment. Stealing these laptops turned out to be a pretty simple matter.
Trajce Dimkov will be awarded his PhD at the University of Twente on 23 February. His doctoral research dealt with organizations’ security policies. Under the pretext of conducting a user survey, Dimkov loaned laptops to thirty, randomly selected, university staff members. He then asked students to steal these laptops as part of a scientific experiment. The students made sixty attempts to steal these machines, thirty of which were successful. The study revealed that no matter how good an organization’s security is, its effectiveness (or otherwise) is largely determined by human behaviour. Dimkov notes that “For instance, some people forgot to lock their door. In other cases, the students were able to think up a cover story that was sufficiently convincing to get a cleaner or caretaker to open the door for them. Other students were able to obtain the laptops by posing as technicians. Some claimed to have left their laptop in their supervisor’s office, and that they needed it urgently, to complete an assignment. People tend to make an effort to be helpful, and a good cover story often does the trick.”
The members of staff who had loaned the laptops were asked to make sure that these machines were always chained to their desks. They were also asked to lock the door when leaving their room, and to secure the laptop with a password. The university’s security staff were informed in advance, to make sure that the students involved did not end up in jail.
To prevent such thefts in the future, Dimkov has developed a prototype model (a sort of navigation system) to identify ways in which laptops can be stolen.
via Stealing for science.