Though the debt ceiling fiasco may be hogging the headlines today, there was one little story that may have been only an esoteric IT-related ditty, but it is worth retelling here.
If you have ever bought a Louis Vuitton knockoff on the street corner of a big city, or bought a fake Rolex on Craigslist, you usually know it to be the case in advance. Your expectations are muted. The quality of the product, and the cost of the item relative to a real article are always a concession you make for the low price of admission to faux-luxury.
Now, imagine you are in an Inception-like shopping scenario where the products you see for sale on the shelves and wall are indeed genuine, but nothing else around you is. In a little town in China, Kunming, there is apparently an Apple store just like the ones we have here in the U.S., complete with blue shirted staff members, high ceilings and IKEA-like pine woodwork throughout the place. The problem is, Apple has not opened a store in this city yet. What has occurred, actually, is that an entire Apple store, from floor to ceiling has literally been faked. Though the inventory of Apple products for sale in this store is ostensibly real; even the staff thought that they were really working for Apple! (Reselling Apple merchandise is not a crime, even in the U.S.).
What I find most interesting and relevant to security about this news item is that the level of sophistication of this fraud is, frankly, almost admirable. If you are an American and used to visiting Apple stores, even you may have been challenged to realize that this store is not what it appears. (One sign on the window that said “Apple Stoer” might have given it away for you English majors.) Only now, that this story has become worldwide news, has the Chinese authorities stepped in to shut down the phony establishment.
But say you had only a smattering of English understanding, only knew the Apple brand by the iconic white apple logo, or never really pay attention to detail, you would be hard-pressed in deciphering that this place was bogus. My point here is that if we can barely detect a full-blown store front with all the trappings as being fake, how can your average internet user be expected to know when to not click or an e-mail or go to an unfamiliar and dangerous website? If people can be easily deluded by a ruse such as the re-creation of an entire store, who among us can be sure that we’d never be so stupid as to input our credit card number or social security number in a elaborate and almost perfectly-crafted website that looks exactly like the bank website we’re used to seeing every time we bank online? Unless you know what you are looking for, you can’t.
We all know people who are afraid to bank online or engage in e-commerce for fear of being bamboozled by bogus phishing sites. Imagine some one in the Chinese town of Kunming saying something to the effect of “I’m afraid to buy a MacBook Air online, so I just go down to my local Apple store and buy it in person. That way I’ll be safe!”
Though the owner of the doppelganger Apple store may not have necessarily had deception as his primary motive as he was deceiving everyone from his landlord to his blue-shirted Genius bar staff members, the incident itself is telling on many levels. Chief among my points here is that fraud is occurring on such an increasingly sophisticated level, that it is almost incomprehensible to ponder how the good guys can begin to catch up, let alone wholesale stop it. If someone will go to such lengths and efforts to recreate the bricks and mortars of an entire store in almost every dimension in the real world, imagine what chicanery is already happening in the online world, and worse, what the future holds for us! If not for the second-rate sign painter who didn’t have spell check available when he was painting “Apple Stoer,” we would never have been talking about this. It reminds me of the greatest line in the movie ‘The Usual Suspects:’ The greatest trick the Devil ever pulled was convincing the world he didn't exist.