Low Tech Hacking: Street Smarts for Security Professionals - Softcover

Top 10 List of Just a Few Things to Consider About the Locks that We Use at Home and at Work to Hopefully Make Physical Security Really Secure
By Jack Wiles, AKA “Low Tech Jack,” Lead Author, Low Tech Hacking

Jack Wiles

1. Learn More About Locks. Modern pin tumbler locks have been around, and virtually unchanged, since the mid 1800s. They have remained a mystery to most people until the Internet made the world a much smaller place. It's encouraging to see more people take an interest in learning how locks work, and how vulnerable some of them are to being bypassed using some very low-tech methods.

2. Check Your Locks. Locks are obviously mechanical devices and subject to mechanical malfunction. In every inside penetration test that I took part in, we found as least one lock that was not functioning because of lack of preventative maintenance or improper installation.

3. Buy Good Locks. When I'm in the hardware section of a store that sells locks, I like to watch people as they go about the process of selecting a lock for their home or school locker. Since most locks look pretty much the same on the outside, most people select the least expensive lock that they can find. These locks might work just fine, but from a security standpoint, as is usually the case, we get what we pay for. Invest just a little more and buy good locks.

4. Who Has The Keys To Your World At Work? Key control is absolutely critical in the business world. Many buildings have Master, Grand Master, and even Great Grand Master key coding systems. Many of these key systems have remained unchanged for years. It's important to know where these master keys (or any building keys for that matter) are, and who has copies of them. This is certainly the case if the keys use a key blank that is somewhat common and easily duplicated. I've been amazed to see the number of different key blanks that small key cutting vendors have on hand at local flea markets where keys can be duplicated for about $1, no questions asked.

5. Audit Your Locks. I've been preaching about the need to audit locks for many years now. I'm talking about a close functionality audit to insure that the locks are working properly, are installed properly, and that they show no signs of being tampered with, to include picking attempts. This audit could also be good Risk Management Due Diligence on an audit report.

6. Check Out YouTube. "If it's on YouTube, you had better know about it." While we were writing Low Tech Hacking, I found myself making that statement several times. YouTube is a great place to learn for the Good Guys, as well as any Bad Guys who want to see how things are done. If a picture is worth a thousand words, just how much is a 10- to 20-minute detailed video worth? If a lock picking or bypass method that describes the kind of locks that you have or use is described anywhere on the Internet, it's a good idea for you to know about it. The Bad Guys probably do!

7. Start a Lock Sport Enthusiast Group. When I started to learn about locksmithing back in the early 1970s, there were no lock sport enthusiast groups anywhere that I am aware of. Locksmithing and lock picking were more of a secretive art, and not something that the average person knew anything about. Two groups that I am aware of that encourage enthusiasts to make lock picking a sport, FALE Association of Lock Picking Enthusiasts and TOOOL The Open Organisation of Lockpickers, have websites where you can learn a lot about these interesting semi-ancient puzzles.

8. Don't Forget About Your Locks At Home. You just purchased a new (or new to you) home. Who has the keys to your new world? Unless your new home has very high security locks installed, you have no way of knowing who has a copy of the keys. For a home, I always suggest having the locks re-keyed, or installing new locks that you know won't work with whatever old keys are out there. That won't stop other methods of entry past those locks, but it will stop the lowest tech entry method of simply opening the door by using a copy of the original key. Key control and lock bypass methods in buildings is another story, and just as critical. That subject is addressed in our new Low Tech Hacking book in more detail than I can cover here.

9. Train Your Staff. Security Awareness Training is the most effective and overall least expensive security countermeasure that you can employ. Throughout the past 20 years, I have personally trained over 10,000 people in some form of awareness training, so I know how effective it can be. Employees want to help with security, and they will become an additional set of eyes and ears for a company when they are taught how important they are as a part of the security team. I don't provide awareness training anymore, so I'm not trying to sell training by this statement. It is important enough of a subject to me that I did have Mr. Sean Lowther write a complete chapter on the subject in our Low Tech Hacking book.

10. Purchase Deviant's Book--Practical Lock Picking. I really like Practical Lock Picking by Deviant Ollam (Syngress 2010). Our Low Tech Hacking book covers a number of other lock bypass methods, and we recommend Deviant's book to everyone interested in learning more about the art (and possible new hobby) of lock picking.