It Happened to Me

Breach of Security

Fool me once, shame on you. Fool me twice, shame on me.
Chief Engineer Montgomery “Scotty” Scott from Star Trek.

Three months ago: The con artist

Back in August, our house was visited by a con man, and we got rooked.

I was working at home that day, Dan was recently laid off by OpenCola, and our other housemate Paul hadn’t moved in yet. Someone buzzed the front door, and over the intercom he told us that he was our neighbour from a couple of doors down and needed our help.

I answered the door and met a guy named Sean. He looked like a U of T student — in his mid-twenties, black, dressed in sweatshirt and jeans, looking rather distressed.

He explained that his car broke down and he needed money to get it towed before the parking authority towed it away. Here in Toronto, the combination of parking fine and impound fee can set you back $300.

He told us that he’d just moved in from Aurora, where if he were there, he could easily get help since everyone knew their neighbours. Now that he was in stranger in the Big City, he didn’t want to impose on a neighbour he didn’t know, but he was in a bind. He said he’d return in a couple of hours to pay us back.

Dan and I each gave him forty bucks, and he gave us his phone number and even offered to let us hang onto his Mac laptop as a guarantee that he would come back and pay. I felt a little guilty about not getting to know all my neighbours and told him it would be all right — the phone number would be sufficient. After that, he was on his way.

It was only after he left that I got the sinking feeling that we’d been had.

Dan said that he got the feeling too, but he kept mum and watched for me to make my move — when he saw me lend him the money, he did the same.

Sean never came back. Upset that he, an infosec specialist who’s read numerous papers on social engineering, got taken by a street-level con artist, went on at length about how he’d “fucking kill” Sean if he ever dared to show his face in the neighbourhood again.

I know capoeira!” he exclaimed at brunch the next day, spitting out flecks of scrambled egg. “I. Will. End. Him.”

Today: The con artist returns

Today, while I was away at work, Sean showed up at the house again.

This time, Paul answered the door. Paul moved in a month and a half after Sean’s visit, well after the con job had ceased to be a topic of conversation. I’m not sure we’d ever told Paul about him.

Sean explained to Paul that he needed a lift to Bloor and Yonge — something about car trouble. Dan came upstairs to see what was going on, and saw Sean. He explained to Paul that we’d loaned this guy some money and he never paid us back.

The story should’ve ended then and there, but it didn’t.

Paul asked Sean about this, and Sean explained that while he didn’t come back that day, he paid me back a month later when I helped him assemble his waterbed. No such event ever took place, and hey, if I’d been paid back, why wouldn’t I have also gotten Dan’s money back as well?

Paul, having no reason to doubt Sean, accepted Sean’s story and proceeded to give him a lift. Dan, beginning to feel a twinge of doubt went downstairs to phone me. Dan explained the situation, and I was livid.

“Why aren’t you stopping him?” I yelled at my phone, helpless since I was miles away.

“I told Paul, Sean explained that you got the money back when you helped with the waterbed. I’m calling to double-check. Sean didn’t call you, did he? He said he called you and got no answer.”

I got no such call.

“Didn’t you explain to Paul that this man is a lying thief?!”

I asked Dan to run out to the garage and stop Paul from giving Sean a ride in his car. I spent a couple of anxious minutes waiting for Dan to return to the phone.

“Gone,” Dan said when he returned.

I had visions of Paul either getting ripped off or worse, being led to some secluded place Sean’s partners in crime were waiting for him to bring back someone to mug.

I chewed Dan out for a little bit for being so lackadaisical about the whole matter. I think I brought up some point about being a little more participatory in the affairs of running the household, and protecting it — you live here, act like it! Dan apologized over IRC, but I was just too pissed it off and logged out.

When Paul got back home, he called me and told me that he lent Sean 80 dollars.

“You’ll never see that again,” I said.

The two phone numbers Sean left were fakes, and the “house keys from his place two doors down” that he gave to Paul as a good-faith guarantee most decidedly did not open the door of the house two doors down.

When I later talked to Paul, he told me that Dan had given him the impression that Sean was a friend who’d just defaulted on paying back some money we’d lent him. Dan did not make it clear that he was a con man who’d ripped us off once before. After all, if he’d conned Dan out of some money, wouldn’t Dan have been a little more confrontational with Sean? Wouldn’t he have made it very clear that Paul should not be doing him any favours?

I’m generally slow to anger, but right now, I’m seeing red. The cavalier way in which Dan handled Sean’s return, plus his allowing Paul to get into a potentially dangerous situation by giving him a lift is just too much.

I am trying not to blow my stack at Dan. I’ve made more than a few boneheaded moves in my time and know that excessive carping just breeds resentment. But he should have known better. We’ve already been burned once. Dan’s supposed to be an infosec guru — Mr. “Security is not a product, it’s a process.

Yet here he was, dealing with the real-world equivalent of a “script kiddie” whom we’ve met before and whose modus operandi we know. And somehow, he casually let Paul go off and give this guy a ride in his car.

He never once confronted Sean and said “Get out of here before I call the cops,” or even “What happened to the money we gave you?”. He most certainly did not use capoeira and “end” him.

The end result: This house has twice been robbed by this petty thief, all because of inaction and stool-softeningly bad judgement.

What’s done cannot be undone. Hopefully, Dan will be a little more responsible in the future. Collectively, we’ve paid a 160-dollar tuition at the school of hard knocks. I will probably be considerably less angry tomorrow. Maybe it’s best to view this as a learning experience for Paul and a refresher course for Dan.

And somewhere, out there, there’s a guy who may or may not be named Sean having a really good laugh.

2 replies on “Breach of Security”

Leave a Reply

Your email address will not be published. Required fields are marked *