James Duncan Davidson describes his frightening experience with “A Postmodern Crime at TED2009“. Davidson, a professional photographer, was assaulted outside the conference by someone demanding his pass. I think it’s interesting to note that it was an “all-access pass to the show and to its attendees”.
I’ve put some thought over the last year or so into “personal threat modeling”, and have knocked around ideas for a presentation of some sort with friends.
What can we know about how very specific behavior exposes us to new threats? My context is as a technologist, and so the threat includes my personal technology, and the information/data I have spread between myself and my various toys.
Suppose that I wanted to steal information on Black & Decker’s latest electric screwdriver design. I might do my homework, and see when a B&D employee from their design group was giving a conference presentation, possibly easy task given that conference schedules are usually online. This might tell me useful things, like:
- Who my target is, often with a brief bio that may give me other useful intelligence.
- Where they will be at a specific time.
- Bonus: When they will have their laptop with them.
My challenge at this point, is to get into the conference and separate him from his laptop. Many opportunities exist in such high-distraction environments, and an all-access pass only makes this much, much easier. (For example, the “Speaker’s Lounge” is usually deliberately off in some quiet corner of the facility.)
Stealing such a laptop, with whatever email or other info I might find, is obviously just one sort of motive. I can imagine an attacker having a variety of goals that might make it well worth the time and risk of physically assaulting someone, particularly someone bearing a particularly privileged access pass. Industrial espionage is just the start of a long list of evil possibilities here.