Highly trained police dog takes down the bad guy! GO LASSIE GO!

One of my favorite movies of all time is "The Thomas Crown Affair" starring Pierce Brosnan as Thomas Crown and Rene Russo as his love interest. (Yes, I know this is a remake, and no I haven't seen the original). In this movie, the character Thomas Crown uses an interesting technique to cover up his final crime. He employs a huge number of identically dressed lookalike people to infiltrate the museum and cover up his escape. It was quite brilliant.. in the movies.

Well, it appears as if someone has decided to attempt this little ruse in real life. Using Craigslist and the concept of flash mobs, 28 year old Anthony Curcio decided it would be a smart idea to mask a robbery of his own. In his ultimate wisdom, Anthony encouraged a group of folks on Craigslist to arrive at a specific time and place wearing a unique and identical set of clothing. He may have gotten away with it too (if it hadn't been for you meddling kids), if he hadn't been made earlier in the week setting up his own clothing stash behind a dumpster.

While this is a funny and interesting story on it's own, I do believe it has merit and meaning within the information security world. The concept he employed is very similar to attacking a target system while covering yourself with a high amount of similar attacks from other remote sources. The idea being that any attempt at discovering the real source of the attack would be obfuscated by the high quantity of chaff that surrounds the pertinent data.

So how do we go about counteracting the "Thomas Crown" threat scenario? As in the news article, we must implement defense in depth and look for ways outside of the normal methods to detect these attacks. We must utilize off system logging, identify behaviors outside of the norm (A flash mob is hardly normal), and view the data from multiple angles to be able to isolate the needle from the haystack. Quick response and a little bit of preparation go a long way to thwarting a wood be "Thomas Crown".