A Security Lesson from Benjamin Franklin

Blog Post created by mjc on Sep 27, 2011

"Believe none of what you hear and half of what you see." is my favorite Benjamin Franklin quote. Being an information security practitioner for over half of my 36 years has taught me that this saying is true time and time again.


I dropped my wife and daughter off at a store this past weekend, while I stayed in the car trying to keep up with the football scores on a Sunday afternoon. I watched as a man walked out of the store and was interrupted by a male driver in a frantic state who was stopped in the middle of the street. The driver left his car and approached the pedestrian. As soon as I saw the driver, I recognized his face, but initially I couldn't place him. All of a sudden it hit me, so I rolled down my window to warn the pedestrian.


I said to the driver, "Let me guess, the rental company deducted the remaining money in your bank account and you urgently need money for gas to make it back to Temple, so you can get your sick, upset wife home."


The pedestrian was being told the same sob story that me, James "Egypt" Lee, David "Bannedit" Rude, and Joshua "JDuck" Drake were being told a couple of months ago when we left a restaurant in Austin. It was the same guy, same story… and a complete fraud. The pedestrian was about to give the guy money, and I saved him from getting conned. A few months ago I actually felt sorry for the driver and if I’d had cash on me at the time, I probably would have given him a few dollars. Fortunately for me, that time Egypt was wise to it and insisted it was a fraud.


The con artist was waving around an AVIS rental folder and pulling out his bank card: it was an Oscar-worthy performance. If we are talking social engineering, this dude was amazing! Obviously he wasn’t too pleased when I blew his act, but the pedestrian was grateful.


I’m sharing this story because I think it’s a great real-world example of the benefit of sharing information. At the UNITED Security Summit last week I hosted a panel with Dan Guido, Mike "rybolov" Smith, and John Sawyer, and during our discussion on incident response, we all agreed on the importance of sharing information. Honestly we've been talking about this for years.


In the case of the con man at the store, I had an option: to either warn the pedestrian of the threat, or simply let the criminal take advantage of him. It’s my belief that our industry needs to recognize it has the same choice to make.  We need to step up the game on sharing information on threats. I'm tired of seeing people falling for the same scam over and over again.


At the same time, take Benjamin Franklin's advice on what you see and what you hear. Even though Mr. Franklin is not with us today, I also thank him for that great nugget of guidance.