Porch pirates know what's coming via FedEx: AT&T iPhones

Originally published at: Porch pirates know what's coming via FedEx: AT&T iPhones - Boing Boing

…

Not a hack, but someone is probably making $10-20 a tracking number, maybe with discounts for multiples.

I’m not saying we need to take AT&T’s statement at face value, but isn’t it possible that the tracking numbers are being hacked on FedEx’s side?

Actually, this seems more likely than my theory. Stealing in a more old-fashioned way.

I think it’s the simplest option, insider access means knowing where that info is, and just requires staying under the radar, and not getting greedy.

I know as fact that AT&T scrapes then reads text messages sent over it’s network. I assume a machine does that. But it doesn’t matter. The point is simple… AT&T is the breach.

We really need to come up with a new catchy-yet-less-cool-sounding term for package thieves.

I’m normally against knowing too much about how the sausage is made when it comes to label generation; because label printers talking to brittle ERP systems are basically the most hateful flavor of printer going; but it would be interesting to know if it’s just someone in shipping snagging the data from individual packages because you can’t really avoid exposing the shipping label at some point; or if there are any design choices that allow for more powerful inferential attacks(the article makes it sound like the thefts are targeting iphones, in some cases specific models, is AT&T’s system processing orders such that nontrivial blocks of contiguous tracking numbers get assigned to identical SKUs, rather than being deliberately randomized or just handled in the order they are received? Are they a large enough volume shipper of relatively dense goods that Fedex doesn’t just go with the “eh, give us the size and weight to nearest pound” and you can actually distinguish a 16 pro from a 16 pro plus because the shipping weights differ by 29 grams?)

There’s probably not tons they can do if it’s just risk-insensitive insiders snagging label data one box at a time; at least on a budget that is dictated by the scale of the losses rather than a righteous crusade against the shipping department; but there might be some design oversights or seemingly-harmless optimizations that allow some amount of insider information to be used to infer more; or allow a wider pool of insiders to provide actually useful information(eg. if shipping weights are vague someone who just has the tracking number and address might not be able to distinguish between the nastiest samsung cheapie and something worth stealing at a glance; if they are exact they might be able to get you anything but color even out at the loading dock).

Delivery disruptors
Package pilferers
Box burglars

“Disruptors” sounds too much like some clever techbro that’s found some hack to change an outdated business model. Still bad, but in a way that some segment of the population seems to admire and wouldn’t mind being associated with.

Getting closer. But the word “pilfer” just sounds too trivial in some way. Some of these package thefts can have important consequences, especially when medications are taken.

I think that being exposed to too many McDonald’s commercials as a kid has made me associate the term “burglar” with a cartoony, semi-harmless scamp.

I’m taking this moment to suggest that recipients of high-value items create a FedEx or UPS account and divert (if possible) delivery to a nearby FedEx/UPS store or Walgreen’s.

Yeah, using the same letter at the beginning really limits the options though, otherwise it isn’t going to be that catchy… maybe some other way of making it memetic?

I’ve lived at this house for 6 years and get packages delivered several times a week. The only time I’ve ever had a package stolen off of my front porch, it was… new phones delivered from AT&T.

I was working from home that day and I saw the delivery email maybe 10 minutes after the phones were dropped off. By the time I made it to the front door to pick them up, they were gone. It felt at the time like someone had to have inside info… so it’s interesting to see that potentially validated.

This is kind of why getting phones mailed to me make me nervous. I typically prefer to go into the store and pick it up there, though i have had a couple shipped to me before but thankfully i haven’t had to deal with mail theft.

Veranda Vermin .

… or porn.

I don’t know that insider knowledge is even necessary - local porch pirates simply follow the delivery vehicles around and grab any packages that look good as they’re delivered. The AT&T phone packages might be distinctive enough to be recognizable, making it easier to target them.

From the descriptions, the plunderers are already in motion before the driver gets it out of the truck. It seems like they already know what it is.

Assholes?

Not too cool sounding, but accurate-thieves.