Steak Knife Decryption
An interesting twist on rubber hose decryption in the case of the murder of Jonathan Levin, son of the top executive of media giant Time Warner. Police believe his ATM card was stolen, and he was then jabbed with a steak knife until he revealed the PIN. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $
Mike Duvos wrote:
An interesting twist on rubber hose decryption in the case of the murder of Jonathan Levin, son of the top executive of media giant Time Warner.
Police believe his ATM card was stolen, and he was then jabbed with a steak knife until he revealed the PIN.
This brings up a question. Did these robbers kill him right after they found out the answer, or they first tried to withdraw money to check if his number was right? This brings up a question on the strategy in this game. Suppose I am captured by ruthless robbers. They ask me for a number and torture me. They will torture me as long as necessary until I give out the correct number, and then they kill me. Assuming that I am rational and prefer torture to death, I should not tell them the right number and delay the process, with the hope that possibly the police will come and rescue me. Assuming that robbers are rational and know that I am rational, they certainly should not put me in such position: if they do, they are going to waste a lot of precious time and have no chance of getting the money. So, they should promise me that they would not kill me. But how would I believe them? A rational robber should kill the victim after she gets the money. I am not quite clear if rational people can get something out of torturing other rational people. Maybe, I am confused and wrong somewhere. Maybe, if the robber can convince the victim that she (robber) is irrational and would hold on to her promise not to kill him, she could get the money. But how to do that? - Igor.
ichudov@algebra.com (Igor Chudov @ home) writes:
Mike Duvos wrote:
An interesting twist on rubber hose decryption in the case of the murder of Jonathan Levin, son of the top executive of media giant Time Warner.
Police believe his ATM card was stolen, and he was then jabbed with a steak knife until he revealed the PIN.
This brings up a question. Did these robbers kill him right after they found out the answer, or they first tried to withdraw money to check if his number was right?
This brings up a question on the strategy in this game.
Suppose I am captured by ruthless robbers. They ask me for a number and torture me. They will torture me as long as necessary until I give out the correct number, and then they kill me.
Assuming that I am rational and prefer torture to death, I should not tell them the right number and delay the process, with the hope that possibly the police will come and rescue me.
Assuming that robbers are rational and know that I am rational, they certainly should not put me in such position: if they do, they are going to waste a lot of precious time and have no chance of getting the money.
So, they should promise me that they would not kill me.
But how would I believe them? A rational robber should kill the victim after she gets the money.
I am not quite clear if rational people can get something out of torturing other rational people. Maybe, I am confused and wrong somewhere.
Maybe, if the robber can convince the victim that she (robber) is irrational and would hold on to her promise not to kill him, she could get the money. But how to do that?
This is a kind of a Prisoner's Dilemma type game-theoretic problem. Each side desires to maximize their mathematical expectation, which is the sum of their expected return for each possible behavior of their opponent times the probability that behavior will occur. One may assume that one has an intelligent opponent who can also analyze the game. The robbers can either promise to let their victim live after the PIN has been extracted, or not. Once torture has produced a PIN, and it has been tested in the ATM, they can either kill their victim or not kill him. The victim can either give the PIN before major damage is done, or he can hold out until he either dies or rescue arrives. For the robbers, the money is a small return, and getting charged with murder should the police arrive right after the victim has been terminated is a big loss. Letting the victim live to identify the robbers is a medium sized loss, but killing the victim and getting away with it is no loss at all. For the victim, the loss of some money is a small loss, and the loss of ones life is a big loss. Now the only return for the robbers is the money, so anything that doesn't result in the money is worse than not committing the crime in the first place. There is no incentive for the robbers to say that they will kill you and not do it, so we can assume the robbers will not lie about this. A rational victim will postphone death as long as possible, so it is always in the best interests of the robbers to say that they will not kill the victim. This crime takes a very short amount of time to commit, so rescue is unlikely. Torture which results in either the PIN or mortal injury can be carried out in under a minute. If the PIN is not disclosed, death will therefore result. If the pin is disclosed, you have a chance of living equal to the chance the robbers will not kill you. So the optimum strategy if both players have analyzed the game is for the robbers to promise not to kill you, the victim to always immediately give up the PIN, and then for the robbers to either kill or not kill the victim, based on the relative penalty times the chance of getting caught for each alternative. There is nothing the victim can do to improve his chances, except to hope he lives in a community where the penalty for robbery is small compared to the penalty for murder, and that a disproportionate amount of law enforcement resources are devoted to solving murders, versus solving robberies. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $
Mike, Thanks for an interesting reply. What if, for example, the prisoner convinced the robbers that he was irrational and would swear to God that he would never give up his PIN. Assume that he made a very credible promise, ie, the victim is a known nut. Assume also that the victim is also able to convince the robbers that he would not tell anything to the police. The robbers would then face a choice: whether to kill the victim and face murder charges with punishment M and probability Pm, or not to kill the victim and face charges R (for Robbery) with probability Pr. Since the victim is not going to tell anybody, Pr is zero. So they now choose not to kill the victim. How can this victim make a credible promise not to tell the police? I think that Jim Bell's assassination bot would solve this problem. The victim would pledge $1,000,000 to the bot, with the instruction to give it to the robbers if they are ever arrested within the statute of limitations. After the statute expires, Jim Bell's bot would return the money back to the victim. The AP bot could generally be a great tool for creating various credible threats. igor Mike Duvos wrote:
ichudov@algebra.com (Igor Chudov @ home) writes:
Mike Duvos wrote:
An interesting twist on rubber hose decryption in the case of the murder of Jonathan Levin, son of the top executive of media giant Time Warner.
Police believe his ATM card was stolen, and he was then jabbed with a steak knife until he revealed the PIN.
This brings up a question. Did these robbers kill him right after they found out the answer, or they first tried to withdraw money to check if his number was right?
This brings up a question on the strategy in this game.
Suppose I am captured by ruthless robbers. They ask me for a number and torture me. They will torture me as long as necessary until I give out the correct number, and then they kill me.
Assuming that I am rational and prefer torture to death, I should not tell them the right number and delay the process, with the hope that possibly the police will come and rescue me.
Assuming that robbers are rational and know that I am rational, they certainly should not put me in such position: if they do, they are going to waste a lot of precious time and have no chance of getting the money.
So, they should promise me that they would not kill me.
But how would I believe them? A rational robber should kill the victim after she gets the money.
I am not quite clear if rational people can get something out of torturing other rational people. Maybe, I am confused and wrong somewhere.
Maybe, if the robber can convince the victim that she (robber) is irrational and would hold on to her promise not to kill him, she could get the money. But how to do that?
This is a kind of a Prisoner's Dilemma type game-theoretic problem. Each side desires to maximize their mathematical expectation, which is the sum of their expected return for each possible behavior of their opponent times the probability that behavior will occur. One may assume that one has an intelligent opponent who can also analyze the game.
The robbers can either promise to let their victim live after the PIN has been extracted, or not. Once torture has produced a PIN, and it has been tested in the ATM, they can either kill their victim or not kill him.
The victim can either give the PIN before major damage is done, or he can hold out until he either dies or rescue arrives.
For the robbers, the money is a small return, and getting charged with murder should the police arrive right after the victim has been terminated is a big loss. Letting the victim live to identify the robbers is a medium sized loss, but killing the victim and getting away with it is no loss at all. For the victim, the loss of some money is a small loss, and the loss of ones life is a big loss.
Now the only return for the robbers is the money, so anything that doesn't result in the money is worse than not committing the crime in the first place. There is no incentive for the robbers to say that they will kill you and not do it, so we can assume the robbers will not lie about this. A rational victim will postphone death as long as possible, so it is always in the best interests of the robbers to say that they will not kill the victim.
This crime takes a very short amount of time to commit, so rescue is unlikely. Torture which results in either the PIN or mortal injury can be carried out in under a minute. If the PIN is not disclosed, death will therefore result. If the pin is disclosed, you have a chance of living equal to the chance the robbers will not kill you.
So the optimum strategy if both players have analyzed the game is for the robbers to promise not to kill you, the victim to always immediately give up the PIN, and then for the robbers to either kill or not kill the victim, based on the relative penalty times the chance of getting caught for each alternative.
There is nothing the victim can do to improve his chances, except to hope he lives in a community where the penalty for robbery is small compared to the penalty for murder, and that a disproportionate amount of law enforcement resources are devoted to solving murders, versus solving robberies.
-- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $
- Igor.
On Sat, 7 Jun 1997 00:44:15 -0500 (CDT), you wrote:
Mike Duvos wrote:
An interesting twist on rubber hose decryption in the case of the murder of Jonathan Levin, son of the top executive of media giant Time Warner.
Police believe his ATM card was stolen, and he was then jabbed with a steak knife until he revealed the PIN.
This brings up a question. Did these robbers kill him right after they found out the answer, or they first tried to withdraw money to check if his number was right?
Yes, this is apparently how it happened. The robber tortured him for the PIN, used the card to get $800 from a machine and then returned to stab and shoot him. Apparently the murderer is one of his students (he was a teacher in NY I believe). This happened after Levin asked the class to write their biographies and revealed who his father was.
This brings up a question on the strategy in this game.
I don't think there is any strategy in being robbed, only survuval. Levin commited a grave mistake. Revealing his background to his class was a very stupid move. Brian ---------------------------------------------------------------------------------- Brian C. Lane http://www.eskimo.com/~nexus KC7TYU ------------------ 96B9 C123 5C90 BECC 6A1F 7DC6 4F2B A26E --------------------
nexus@eskimo.com (Brian Lane) writes:
On Sat, 7 Jun 1997 00:44:15 -0500 (CDT), you wrote:
Mike Duvos wrote:
An interesting twist on rubber hose decryption in the case of the murder of Jonathan Levin, son of the top executive of media giant Time Warner.
Police believe his ATM card was stolen, and he was then jabbed with a steak knife until he revealed the PIN.
This brings up a question. Did these robbers kill him right after they found out the answer, or they first tried to withdraw money to check if his number was right?
Yes, this is apparently how it happened. The robber tortured him for the PIN, used the card to get $800 from a machine and then returned to stab and shoot him. Apparently the murderer is one of his students (he was a teacher in NY I believe). This happened after Levin asked the class to write their biographies and revealed who his father was.
Off-topic rant follows: Levin Sr is a petty asshole. I used to work for a guy who used to be the president of Time Warner before. One of his retirement perks was a WATS line. When what's-his-name suddenly died and Levin assumed office was to turn off that WATS line. This tells me something. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
nexus@eskimo.com (Brian Lane) writes:
This brings up a question on the strategy in this game.
I don't think there is any strategy in being robbed, only survuval. Levin commited a grave mistake. Revealing his background to his class was a very stupid move.
Becoming a high school teacher in NYC was a stupid move. Someone I know went to teach; 2 weeks into the semester one of his students punched him in the nose causing extensive damage. This stopped making news long ago. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
At 7:22 AM -0700 6/7/97, Brian Lane wrote:
Yes, this is apparently how it happened. The robber tortured him for the PIN, used the card to get $800 from a machine and then returned to stab and shoot him. Apparently the murderer is one of his students (he was a teacher in NY I believe). This happened after Levin asked the class to write their biographies and revealed who his father was.
A good thing anonymity and pseudonymity are under attack! Soon we'll be able to have true "stalker's pages," with links to home addresss and zipcode data bases. (And when I find some young nymphette in one of the chat groups, I'll be able to click on her name and call up all the relevant information to allow me to go visit her! We'll have a grand time...or at least I will.) --Jack D. Ripper
Tim May <tcmay@got.net> writes:
Soon we'll be able to have true "stalker's pages," with links to home addresss and zipcode data bases.
(And when I find some young nymphette in one of the chat groups, I'll be able to click on her name and call up all the relevant information to allow me to go visit her! We'll have a grand time...or at least I will.)
An employee of "firefly.net" (a very invasive marketing organization that specializes in compiling huge databases of personal information about Internet users) recently got upset at me and posted various personal information about me to Usenet in an effort to harrass me. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
At 02:22 PM 6/7/97 GMT, Brian Lane wrote:
I don't think there is any strategy in being robbed, only survuval. Levin commited a grave mistake. Revealing his background to his class was a very stupid move.
Had the victim carried a firearm, his chances of survival would have improved dramatically. Gun control kills kids (and adults), --Lucky Green <shamrock@netcom.com> PGP encrypted mail preferred. Put a stake through the heart of DES! Join the quest at http://www.frii.com/~rcv/deschall.htm
On Fri, 6 Jun 1997, Mike Duvos wrote:
An interesting twist on rubber hose decryption in the case of the murder of Jonathan Levin, son of the top executive of media giant Time Warner.
Police believe his ATM card was stolen, and he was then jabbed with a steak knife until he revealed the PIN.
A "duress" PIN which cancels the account would be a good addition; similar to the "duress" code on home security systems that appear to disarm the alarm but send a silent alarm to the monitoring station. -r.w.
On Fri, 6 Jun 1997, Mike Duvos wrote:
An interesting twist on rubber hose decryption in the case of the murder of Jonathan Levin, son of the top executive of media giant Time Warner.
Police believe his ATM card was stolen, and he was then jabbed with a steak knife until he revealed the PIN.
A "duress" PIN which cancels the account would be a good addition; similar to the "duress" code on home security systems that appear to disarm the alarm but send a silent alarm to the monitoring station.
-r.w.
I would want my account to remain active but instruct the machine to dispense marked cash in case I'm outside in the trunk. ---- Survivalmonger
On Sat, 7 Jun 1997, Cyberdog wrote:
On Fri, 6 Jun 1997, Mike Duvos wrote:
An interesting twist on rubber hose decryption in the case of the murder of Jonathan Levin, son of the top executive of media giant Time Warner.
Police believe his ATM card was stolen, and he was then jabbed with a steak knife until he revealed the PIN.
A "duress" PIN which cancels the account would be a good addition; similar to the "duress" code on home security systems that appear to disarm the alarm but send a silent alarm to the monitoring station.
-r.w.
I would want my account to remain active but instruct the machine to dispense marked cash in case I'm outside in the trunk.
Excellent idea, but a lot harder to implement than simply having the system return a message that stated that your account is "overdrawn", and then notifying the security organization of your choice. "Dude. I told ya, I don't have more than $10 in that account ..., just paid my rent/ alimony/ child-support/ bookie / parking tickets ... " Since the criminal will no doubt be aware of this tactic, they'll be in the position of determining if the victim is lying about their lack of assets, or is using the security code. Will they be willing to risk murder against the possibility that the victim can be persuaded to give up the "real" number when other options are available? Possible, yes, but the average petty street criminal is looking for an easier mark. -r.w.
-----BEGIN PGP SIGNED MESSAGE----- On Sat, 7 Jun 1997 21:42:55 -0400, you wrote:
On Fri, 6 Jun 1997, Mike Duvos wrote:
An interesting twist on rubber hose decryption in the case of the murder of Jonathan Levin, son of the top executive of media giant Time Warner.
Police believe his ATM card was stolen, and he was then jabbed with a steak knife until he revealed the PIN.
A "duress" PIN which cancels the account would be a good addition; similar to the "duress" code on home security systems that appear to disarm the alarm but send a silent alarm to the monitoring station.
-r.w.
I would want my account to remain active but instruct the machine to dispense marked cash in case I'm outside in the trunk.
I definitely would not want an emergency PIN to fail to dispense cash, unless it dispensed some 00 buckshot. Now that's a thought. Enter the PIN number backwards and you get a shotgun blast to the chest. A Good Idea(tm) would be to have a reversed PIN number red flag the ATM and alert the police (as well as forward the videotape to the proper authorities). A gun would have been a good idea for Levin to own, but probably would not have helped him since it was a student that he knew and trusted. He probably didn't feel threatened until it was too late for him. Also, if the card was one of the Visa Debit cards (or even a real visa card for that matter) there are tons of places that it can be used without entering a PIN number or submitting to an ID check. Grocery stores and gas stations are two examples, although you cannot get cash from anywhere without using the PIN number (that I know of). Brian -----BEGIN PGP SIGNATURE----- Version: 5.0 beta Charset: noconv iQCVAwUBM5o6gqQxGtxXsXypAQEVBQP/TywTLzu93EScpUsvRuExNuVTSTCi4E5K 4Um3i4fqMN1hYdq0kBKLq5iVzbd4nWnGcglbSqVkMzaZc6Hlh8A4zupH8UXiQxR2 FHw0MrdxUC8ZCOvT+gFos6mGVFojDt6V8j0qGN4UZ18uHhnBo4M6XDYUrSG7PZoY 0VEuAd1mHJs= =RiK5 -----END PGP SIGNATURE----- ps. PGP 5.0 seems to have mangled my line ends in the process of signing this message. Anyone know a cure for this? ---------------------------------------------------------------------------------- Brian C. Lane http://www.eskimo.com/~nexus KC7TYU ------------------ 96B9 C123 5C90 BECC 6A1F 7DC6 4F2B A26E --------------------
Also, if the card was one of the Visa Debit cards (or even a real visa card for that matter) there are tons of places that it can be used without entering a PIN number or submitting to an ID check. Grocery stores and gas stations are two examples, although you cannot get cash from anywhere without using the PIN number (that I know of).
I don`t know about the USA but in the UK many large stores now have a system where when you make a transaction for shopping, you can ask for "cashback", so all you need is a signature to get cash from the card, however, I think the maximum amount per transaction is fairly low (something like $150) but there is nothing to stop someone going to a lot of different stores and repeating the process. Datacomms Technologies data security Paul Bradley, Paul@fatmans.demon.co.uk Paul@crypto.uk.eu.org, Paul@cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: FC76DA85 "Don`t forget to mount a scratch monkey"
participants (9)
-
Cyberdog -
dlv@bwalk.dm.com -
ichudov@Algebra.COM -
Lucky Green -
mpd@netcom.com -
nexus@eskimo.com -
Paul Bradley -
Rabid Wombat -
Tim May