Event Recording

How a Shoemaker Stole the City Treasury and Ended up as a Social Engineering Legend

Log in and watch the full video!

Cyber Security traditionally has been seen as the domain of Technology, with an expectation that the solution for cyber resilience has to be provided by IT – and we happily accepted this challenge and delivered numerous software and hardware solutions, design and development principles, policies and process controls.

However, as most successful cyber-attacks in recent time have started by targeting users with phishing emails or social engineering, raising awareness of their role in increasing cyber resilience is at least as important as providing “just a technical solution”.

This presentation will – based on example of a famous real robbery in Berlin – show how user awareness can become an important line of defence in cyber security.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
Thank you everyone for having the time to attend this session. So my session is as an example of social engineering based on a famous incident which actually happened nearby here in in Berlin, but a hundred years ago, more than a hundred years ago. Before we actually come to the typical speaker introduction, let me start with the prelude. So there may be times and places where it's a good idea to talk back to a military officer, but the time was not in Germany, especially not in 1906. So a corporal let's, let's call him Corporal Miller has been leading his quarter of four privates down in Berlin only to be challenged by a captain. This captain is about 50 F slim fellow with a large white mustache. Like any man in uniform, the captain actually looks taller and much smarter, especially with this white glove resting casually at the hi of his reia.
Where are you taking these men? Back to the barracks sir. Turn them around and follow me. I have an urgent mission from the all highest command, the all highest command. Everyone knows this can only mean orders from the Kaiser in Germany. So as the small group continues to us put as a train station, the captain sees another squad. The captain asked the second squad to also find fall behind him. The captain now commands a small army of 10 soldiers and they ride across the train to Berlin towards ick. Ick at that time was a charming little town, southeast of the capital, the captain ride, second class on the train and his commande man. Third class on arrival. The story continues. So let's do a quick introduction before we continue. My name is K Fuen. As I was introduced, after 10 years working with Ang, another 10 years with Deutsche Bank, I moved to Frankfurt office Numora, that's a Japanese investment bank with multiple entities in the European Union At Numora, I am the information security officer for the EU entities with some additional IT governance responsibilities across Europe. But more important, I love to collect comics and I also once saved Alexei Cooper's life. But that's a story for another time.
Let's continue our story. So the event I will be speaking may sound like comedy. So the comedy of captain of Kanick in German Halon Nik, the captain has a name which will become very famous. The name is Folk William Folk. After arriving with this group by train to ick, they walked down to the town hall of ick. Oh, let's quick animations finish. They march into the mayor's office in front of ick town hall. So the the mayor of ick is called Hans. They tell him you are under arrest. The kai has decreased that you are wanted man Hans the mayor in his mid thirties, he's mild looking fellow is very astonished and asked to see a warrant. My my warrant are the men that I command. Next, the captain finds the town treasurer and demands for him to open the safe. The cash reserve is to be compensated for safekeeping and shall be examined for fraud. You probably already know where this is going now.
So Kix municipal safe contains 3,557 rice mark and 45 fan, which adjusted for purchasing power would be around 24,000 euros. In today's currency, Captain Folk is very punctu cheerious about the count. Here is your receipt, stamp it and keep it safe. The captain commands one of his men to find for Hans. They mayor's wife and arrest her for interrogation later, but specifies this man to treat her with Cury. In the meantime, the captain searches the tone hall offices force something while these men keep the town officials under arrest, failing to find what he's looking for, decides to wrap up the mission. The officials are to be driven to a police station in Central Berlin. Not far, not far where the adventure actually began In the central police station, they're supposed to be interrogated. Meanwhile, Captain Fork himself walks to the ick railway station alone. He collects a package from the left luggage office and steps into a restroom. A few minutes later he steps out again and he's almost unrecognizable having changed into shabby civilian clothes. This anonymous fellow now boards the train back to Berlin with this uniform neatly folded under one arm and a bag of money under the other. He looks over his shoulder as he stops the train gazing over the train station, he smiles, then he disappears into the carriage and just like that, the captain of ick is gone.
So soon after corporate Miller presents his prisoners at the police station Berlin, the situation quickly becomes baffling to all concerned. Nobody has heard anything about the Kaiser demanding the interrogation of the mayor of ick nor his wife. After a phone call to the headquarters, the head of general staff himself al the younger arrives to resolve the situation. But nobody has received any orders from the highest. Nobody can see a reason to detain the mayor or his wife or his treasurer. And nobody can actually recall ever having met a Captain Fork Well, which is no wonder because Captain Fork never existed. They instead met have Wilhem forked an ex-con, an ex shoemaker and nobody who possessed nothing more. Just a confident manner and a very nice uniform. But he was a master of social engineering. Now this is where we come into social engineering. So what is social engineering? It is, you can encounter it in monthly ways or formats. So social engineer, social engineering, both offline, online is is to con unsuspecting persons into compromising the security, transferring money or giving away sensitive information so people suffer every day from criminals using the playbook of William Folk. The comment traits are the scammer will focus on your good nature. So basically he will exploit the human emotion. They will use a false title, a position of authority, for example, someone you would normally trust.
They will create an urgency as time sensitive situation. Situation because you normally don't think clearly when you are hungry or angry or afraid and after putting you under time pressure, they may request urgent information, a large money transfer or something similar. We would never do other of our otherwise if we had time to think it through. So at this point, when I do such a awareness training internally, I would then explain what fishing is. So fishing is a method of social engineering where people use emails to basically con other people. Fishing has been a band for every large company worldwide.
Actually even a bank highest of 1 billion started with a phishing email as at last years copy, a call ESC conference. In September I held a presentation how to rob a bank. So if you want to hear more how effective Phish could work, see that session anyway, as Phish is one of the most dangerous threat vectors, staff awareness for nemura is one of the key S. We want our staff to be really understand what the threat of fishing can be and therefore we do regular fishing tests and then where necessary at that with additional support and training.
So at numora our users ask us why we don't have Phish software filtering out the dangerous emails. Here's an overview of the onslaught of emails. Numora receives every quarter from from, from a average 150 million incoming emails, less than half make it into the inbox of our users. The IT security filtering reduces the number of threats considerably, but still we need user awareness. So some of the remaining 60 million emails every quarter delivered to numora staff may still contain new or well hidden threats like links to malicious sites, attachments containing malware or in some, in some cases even the best filtering software is unable to see the danger because it's a well hidden social engineering scheme like a spearfishing scheme, a business email compromise or a cos co attack where there's nothing dangerous itself. But the context of the mail is something where you have to be afraid of. Therefore we need support of every end user internally to detect and report it so that the IT security team can keep everyone safe in in the company. When someone reports a malicious email at numora, the IT team then analyzes this and when removes this, this email from all inboxes of all other users globally. So, which then helps improve detection and response for next time of course.
So speaking of fishing, there is one important thing you need to integrate if you don't already have this in your systems. An external email panel, this is a very simple systems, but of course there's, there are more sophisticated systems available, but, so it is very easy to just enable the external email tech and exchanger outlook 365 server. This will activate a built-in warning between the subject and the body of the email where the email can be clearly seen coming from outside of the organization. And this is something where where users can then detect, it claims to be something internal, but it has an external email banner. So it is probably not correct. Of course there are more sophisticated systems available, but this is something which Microsoft has built in. It just needs to be activated.
So a few other social engineering schemes like LinkedIn recently. So there was an article from brand preps from kre said security about fake profiles on LinkedIn. Many of them even claiming to be SISOs with a long work history and most of them were artificially created and not correct. So LinkedIn has been trying to remove them but as as often they can't be as quick as the problem actually starts. A few other schemes are the advanced fee scam, something also called 419 or Nigerian Prince game. So this scam has been used with facts or or written emails in the past, but it's still now prevalent in online communication. What you see here on the right side is actually facts received by the Frankfurt office of Numora. So the center in this case is claiming to be from a Canadian law firm, the facts in German address to a board member of our Japanese bank. And the idea is the facts claims to be from a dead relative of the board member promising a large sum of money in inheritance and then asking the recipient to split the difference with the lawyer. Of course, neither the law firm exist nor was there any inheritance or dead relative.
I mean you probably already know about all other social engineering scams like the tech, tech support scam or the grandparents scam. This is something where, which I myself regularly tell my parents because people could be calling them claiming to be that something happened to me and they need to pay out some, some bill money via Western digital or gift cards or something like that. So this is unfortunately something which often attacks older, older persons. So besides fishing, there's also voice, voice fishing or fishing, social engineering. I personally receive multiple phone calls from criminals claiming to be either from Interpol or B, asking for personal information, asking to confirm certain things. And of course there are the SMS scams where where multiple national security agencies have issued warnings about dangerous SMS containing malicious links and similar and finally of course also social media or messengers like WhatsApp, Telegram.
You wouldn't believe the number of people who actually fall for these fake information in WhatsApp or social media and then lose a large sum of money in fake investments. So, but coming back to our story, at first it looked at as though will folk would enjoyed the fruits of his acting skills in peace. But as he relaxed with this back full of money, a formula criminal accomplice recognized the name in in the newspapers and reported folk to the authorities. When four detectives but into William folk's apartment at six o'clock in the morning, they found him enjoying his breakfast allegedly. He said, I'm afraid the timing is a little bit inconvenient. I should like a moment to finish my meal. They watched folk as they, as he took another bite from his bri spread on a thick layer of butter and washed it down with his coffee.
You really can't help us admire his oddity. At the trial fork become folk actually became a for hero. The judge sympathized with the way folk has been treated by the system he gave him. He gave him an rather short sentence and then he took off the judge cap and stepped down to class folk by the hand. In wisdom, good health, even beyond apparently even the German Kaiser himself has said to have chuckled a escaper and may have influenced the authorities to pardon him. After a few months, folk had a number of statues erected. One of them is still standing directly in front of Icks Town Hall and and he had a VA figure put up in Madam in London and also ended up on postage stamps. He was paid to sign autographs to record a story so that people could listen to him on their gramophones at that time. And a wealthy video gave him a pension for live. So he really became famous after his stunt. So the tale I told you is unfortunately also did also affect me directly because in my school time I had to write a term paper about it because it also turned into a famous stage play and multiple movies. So
German audience members older than Gen Z may recognize names like he or Al playing the captain in the movies.
So what kind of man does this? So who was Willam folk and what expired was what he inspired his ait. Confidence trick folk was a crook, no doubt about it. His crimes included armed robbery, but ju system treated him harshly, stuffing legitimate appeal into filing cabinets. So after he had served his time, he was run out out of town after town by police who didn't want an ex-convict around. So he had no papers and without papers he couldn't get a job and without a job he couldn't get a flat and without a residence address he couldn't get papers and no papers, no job. You get the idea. So in the common version of the story fork is persecuted by cruel bureaucracy driven to ransacking the office of the mayor of ick looking not for money, but for the paperwork you need to get an idea.
The lesson here is, is not that Germans, especially in the early 20th century, would follow any orders of a man in uniform, but it's, it's actually a harder lesson faced with the right con, a good social engineering. We are all vulnerable. Any of us could have been the happiest corporate miller. The funny also worrying thing is the social engineering masses from that time still work. Just the medium would change or be updated. So thank you again for your time and since this events in Berlin, don't forget to go to the ick town hall and make a selfie with the statue. Have a great day. And of course stay safe.

Stay Connected

KuppingerCole on social media

Related Videos


Recap Cybersecurity Leadership Summit 2022


Key Findings on Malign Information, Misinformation, and Cyberattacks

Ksenia Iliuk, Head of Research at Detector Media, Ukraine tells us about some key findings of their research in the media landscape of Ukraine. Find out what she has to say about Telegram and what it has to do with #cybersecurity .

Analyst Chat

Analyst Chat #149: The Top 5 Cybersecurity Trends - Looking Back at CSLS 2022

Deep Fakes, AI as friend and foe, Business Resilience, Mis-, Dis- and Malinformation: The Cybersecurity Leadership Summit has taken place in Berlin and covered all of this and much more. Martin Kuppinger and Matthias look back on the event and identify their Top 5 Trends from CSLS2022 in…

Event Recording

Assessing your Cybersecurity Tools Portfolio: Optimize Cost, Increase Security

Most organizations don’t suffer from a lack of cybersecurity tools. They suffer from the cost and administrative burden of running too many of these. They suffer from the lack of integration. They suffer from the lack of skills in optimally configuring the tools and analyzing the…

Event Recording

Cyber Warfare - A Reality Check

Cyber Warfare and Disinformation have been heavily weaponized since Russia´s full-scale Invasion of Ukraine and even before, aiming at destabilizing the free part of the world. It is the "synergy of the evil" between cyber warfare and MDM (Misinformation, Disinformation,…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00