An unknown male, described as skinny, entered a house through an unlocked front door and then exited through the garage door. He was seen leaving without anything from the home.
Assumptions are a very powerful thing. Many times we mistake assumptions for intuition, the idea that we have a feeling about something. In the end many times that “feeling” comes from us making assumptions based on previous knowledge of similar situations. What I found interesting about this police report was the ending remarks of “seen leaving without anything from the home.” The assumptions is made that this trespasser went into the home with the intention of taking something out. Even if this assumption is accurate, it also assumes that anything of value to be taken can also be seen.
Playing on the assumption the suspect wanted to remove something of value, what could he have taken that is unseen. A major issue todaay is identity theft and all this person had to do was to find documents in the home with enough information to allow him to steal the home owners identity. If not completely steal it, he could have left with enough information that it would be easy enough to socially engineer the remaining information from someone with access to what he needed. Is that all he could have removed from the home without it being seen, in short no.
Lets assume the suspect wanted large items of value in the house, perhaps he could have left with a key, security code, or another method of regaining entry at a less obvious time. Walking out of a house in broad daylight with a TV, computer, safe, or other valuables would possible draw enough attention to immediately alert police. Having access to the home may mean this criminal now knows the families vacation schedule and could return, easily gain access, and leave without notice for an extended period of time.
Lets run another assumption out. Lets assume the intent of gaining access wasn’t to remove something but to place something in the home. Perhaps the residence of the home have some knowledge that is of more value than the contents of the home or the persons identity. We don’t know if this person had proprietary corporate information, or was an influential political figure. Maybe this person is in the middle of a nasty divorce or has a joint business venture that is falling apart. Whatever the reasons, something placed in the home to gain intelligence of the resident may be far more valuable than the contents. Sure we could say if that was the intent the person would likely have ransacked the house to make it look like a robbery and not an information gathering mission. This of course would be making assumptions about the criminal based on patterns of others.
As I said at the begging, assumption can be very powerful and also effective. In information security we have built a large industry around protecting digital assets through “fingerprinting” or “signature” based security. This segment of infosec is important, but it is not the only defense we should have or rely on. It is important we look at all possibilities when it comes to attempted or successful intrusions into our systems. We may think we know why people are attacking our systems and trying to gain access, but if we just go with our assumption there is a good chance we will miss a critical detail. It shouldn’t come as a surprise that digital trespassers and criminals are turning to more complex, multifaceted method of attacking our systems. Once inside our systems they also may go for less obvious targets that could ultimately yield significant gains for them, and losses for our organizations.
We can let the automated systems catch what they are designed to catch, everything else should be left to us as security professionals to follow through and check out. Don’t let assumptions about what has happened jade what is or could happen. In the end it is not just our organizations reputations at risk, it is ours as well.