Hacking Humans Goes to the Movies 11.25.21
Ep 2 | 11.25.21

Misdirection and layering with a con in the middle.


Dave Bittner: Hello, everyone. And welcome to another special edition of the "Hacking Humans" podcast. This is an occasional series we're calling Hacking Humans Goes to the Movies. I'm Dave Bittner from the CyberWire. And joining me is my "Hacking Humans" co-host, Joe Carrigan from the Johns Hopkins University Information Security Institute. Hello, Joe.

Joe Carrigan: Hi, Dave. 

Dave Bittner: On this show, Joe and I look at clips from some of our favorite movies and perhaps the occasional TV show, clips which demonstrate some of the scams and schemes we talk about on "Hacking Humans." And joining us once again this week is Rick Howard, the CyberWire's chief security officer and chief analyst. Hello, Rick. 

Rick Howard: Hey, guys. Glad to be here. 

Dave Bittner: We've got some fun clips to share, so stay tuned. We'll be right back after this message from our show sponsor. 

Dave Bittner: All right. We've got some fun clips to share this week. And, Joe, you're going to start things off for us. What do you have for us this week? 

Joe Carrigan: My clip actually comes from one of my favorite shows, "The Simpsons." 

Rick Howard: Oh, "The Simpsons." 

Joe Carrigan: Yeah. 

Rick Howard: I love it. 

Joe Carrigan: And this is from, I think, season 12. It's - which is while - when the show was still good. 

Dave Bittner: (Laughter). 

Joe Carrigan: Now the show has gone downhill considerably. 

Rick Howard: Now, now. Now, now. Calm those nerd tendencies, Joe. 

Joe Carrigan: Yeah. 


Joe Carrigan: Worst show ever. So... 

Rick Howard: (Laughter). 

Joe Carrigan: So in this episode, Bart has acquired an interest in magic. And what has happened at - he's going to go out and do a magic show and, you know, collect money with a hat. But that didn't go well. And Homer says, I'm leaving you here. And Bart, looking all sad and dejected, starts to get hand-outs, money from people, and eventually winds up getting enough money that he can take a cab home. He passes Homer in the cab. And then Homer and Bart realize, hey, this is where the money is. The money is in scamming people. 


Dave Bittner: Of course. 

Rick Howard: Sure. 

Joe Carrigan: So they go out... 

Rick Howard: If I only knew. 

Joe Carrigan: They go out, and they buy a book. And they're up in the treehouse. And that's where the clip starts. They're going through the book. And let's listen. 


Nancy Cartwright: (As Bart Simpson) This book has all the classic cons. There's the pigeon drop, the earwigger, the Brillstein grab. 

Dan Castellanata: (As Homer Simpson) They have any father and son grifts? 

Nancy Cartwright: (As Bart Simpson) Well, there's the Albany ham scam. 

Dan Castellanata: (As Homer Simpson) Interesting. 

Joe Carrigan: Picture two guys running away from a cop with pigs. 


Dan Castellanata: (As Homer Simpson, vocalizing). 

Joe Carrigan: And so now they're sitting there. And they're frosting an old throw pillow, and Marge walks in. 


Julie Kavner: (As Marge Simpson) Why are you frosting that old throw pillow? 

Dan Castellanata: (As Homer Simpson) I could ask you the very same question. 

Julie Kavner: (As Marge Simpson) Should I just back out of the room? 

Dan Castellanata: (As Homer Simpson) Would you? 

Joe Carrigan: Typical Homer and Marge here. 

Rick Howard: That's my go-to move in my house. 

Joe Carrigan: Right. 


Nancy Cartwright: (As Bart Simpson) OK, Dad. You ready for our first con? 

Joe Carrigan: So now they're at the pier. 


Dan Castellanata: (As Homer Simpson) Let's trim the mark. 

Nancy Cartwright: (As Bart Simpson) Nice use of the lingo, Homer. 

Dan Castellanata: (As Homer Simpson) 10-4, Kemosabe. 

Joe Carrigan: Bart has the cake or the pillow - the frosted pillow in a box. He puts on a pair of glasses and has a white cane, stands behind Kent Brockman, who's on the phone. Kent turns around and bumps into Bart, who now pretends to be blind. 


Nancy Cartwright: (As Bart Simpson) Where's my cake? It's all right, isn't it? 

Dan Castellanata: (As Homer Simpson) What have you done, you clumsy, little ox? 

Joe Carrigan: Homer approaches. 


Dan Castellanata: (As Homer Simpson) That cake was for your deaf sister. 

Harry Shearer: (As Kent Brockman) Sir, it was my fault. 

Joe Carrigan: And lays it on a little bit thicker. 


Dan Castellanata: (As Homer Simpson) No, no, don't protect him. You'll work off that cake in the acid mines. 

Harry Shearer: (As Ken Brockman) No, no, no. I'll pay for the cake. 

Rick Howard: I wish I'd had those for my kid. 


Dan Castellanata: (As Homer Simpson) Well, you're the mark - of integrity. 

Joe Carrigan: Right. So now Kent Brockman feels bad for... 


Nancy Cartwright: (As Bart Simpson) What should we buy first? 

Dan Castellanata: (As Homer Simpson) A singing rubber fish, of course. 

Julie Kavner: (As Marge Simpson) There you are. How was the magic act? 

Joe Carrigan: That's good enough. 


Dan Castellanata: (As Homer Simpson) What in the hell are you talking about? 

Dave Bittner: (Laughter) OK. 

Joe Carrigan: So now they come home, and they're - Marge and Lisa still believe they're doing the magic act, right? But what happened was Kent Brockman bumped into Bart. Homer yells at him and threatens him, you know, like, you'll work this off in the acid mines (laughter). And doesn't - he doesn't it say anything to Kent like, hey, you owe me money, right? He makes Kent feel bad about Bart. Oh, here's this guy with - this poor kid with his abusive father. Let me see if I could buy this kid out of a day in the acid mines - and hands him the money. And they make a lot of money doing this. And this is an old scam called the melon drop that comes - in Japan, melons were very expensive... 

Dave Bittner: Oh, interesting. 

Joe Carrigan: ...At one point in time. I think it was Japan. Maybe it was somewhere else. But anyway, someone would go out, and they'd buy a melon. They'd break up the melon, and they'd put it in a box - the broken-up box - or broken-up melon in a box. And then they'd let somebody bump into them very much in this fashion. And they go, oh, you broke my melon, because the melons were expensive. 

Dave Bittner: Oh. 

Joe Carrigan: And they demanded the person pay them for it. Now, this happens also with, like, things like a vase. They put a bunch of broken glass in the vase, and they say, I just paid $50 for that face. And then it's not a $50 vase. It's a bunch of broken stuff. So the best way to protect yourself when this happens is to say to the person that has just bumped into you, you know what? I'm very, very sorry. You know who should know about this - is the police. We should get the police involved to make sure that this goes off well. You know, I've committed a terrible crime here. Let's get the law enforcement involved. I'll turn myself in and throw myself in the tender mercies of the court. Usually when they hear the police are coming, they'll just go - they'll get frustrated and walk away. 

Dave Bittner: Yeah. What do you make of this, Rick? 

Rick Howard: I would just like to point out that, you know, Bart and Homer, you know, being the resident cybersecurity canon guy - right? - they went and got a book... 

Dave Bittner: Right. 

Rick Howard: ...To learn how to con people, all right? So... 

Dave Bittner: Yeah. Yeah. 

Rick Howard: If Bart can read a book, so can everybody else. That's what I'm going to say, right? 

Dave Bittner: Yeah. 

Joe Carrigan: Right. 

Dave Bittner: Well - and who knew such resources were available at your local library, right? 

Rick Howard: Exactly. 


Dave Bittner: Yeah. This is a good one. I like it. I like it a lot. And you know what? The other thing I like about this is it's always great to be able to learn things while you're laughing, right? 

Joe Carrigan: Yes, absolutely. 

Dave Bittner: (Laughter) All right. All right. Well, we will have a link to that segment in the show notes so you can check out the actual clip from the show there. Why don't we move on to you, Rick? You brought a clip for us today. Tell us what you got. 

Rick Howard: So my clip is from the 1973 movie "Paper Moon." Have you guys seen this movie? When's the last time you saw it? 

Dave Bittner: I have not. No, I haven't seen it - not familiar with it. 

Rick Howard: It's an oldie but goodie - all right? - directed by Peter Bogdanovich, probably most famous for directing the 1971 movie "The Last Picture Show." And it stars Ryan O'Neal, and he's probably most famous for the 1970 movie "Love Story," and - get this - his 10-year-old daughter, Tatum O'Neal, who won the Best Supporting Actress Academy Award for her performance for this picture and is still the youngest actor to have ever won that award. And, you know, we're doing this in October. So in the spirit of Halloween, she beat out Linda Blair that year, the child actress in "The Exorcist"... 

Dave Bittner: Wow. 

Rick Howard: ...Who was four years her senior. How about that? 

Dave Bittner: Yeah. 

Rick Howard: So in this scene, Ryan O'Neal is executing the five-10 cons in a little dime store somewhere in the Midwest. The clerk is played by Dorothy Price, and it's the only movie she ever made. But she is absolutely fabulous. I just love her. Let's run the clip. It's short. And I'll try to explain it. 

Dave Bittner: All right. 


Dorothy Price: (As Ribbon Saleslady) You look real nice in that ribbon. First off, I didn't know was she a boy or a girl. 

Tatum O'neal: (As Addie Loggins) I'm a girl. 

Dorothy Price: (As Ribbon Saleslady) Well, it makes all the difference. And she got a sweet little face somehow. 

Ryan O'neal: (As Moses Pray) Oh, see now; I just got paid today. We'll take a ribbon in each color. How much is that going to set me back? 

Dorothy Price: (As Ribbon Saleslady) Well, that'll be $0.15 - bought my grandchildren ribbons just like this last holiday time. 

Ryan O'neal: (As Moses Pray) Grandchildren? I don't believe you. You break a five? 

Dorothy Price: (As Ribbon Saleslady) Well, you can believe it, all right. I'm just as old as I look. Well now, here you be. That's one, two, three, four, five. 

Ryan O'neal: (As Moses Pray) You know, this old wallet of mine's about to bust its sides. I'll give you five ones back. You give me that $5 bill. How many grandchildren you got all together? 

Dorothy Price: (As Ribbon Saleslady) Well, I got two little granddaughters - 9-year-old, a 10-year-old - two grandsons near 16. And I got a grandson 35 years old. 

Ryan O'neal: (As Moses Pray) Come on. You're pulling my leg. Why don't you just give me a $10 bill? Here's the five and five ones there. That way, I won't be so quick to see it break apart. Six children, huh (ph)? 

Dorothy Price: (As Ribbon Saleslady) I've got a daughter - 51. 

Ryan O'neal: (As Moses Pray) Oh, now, I don't mean to be handing you no line, but that's just pretty hard to believe. You got a 51-year-old child. 

Dorothy Price: (As Ribbon Saleslady) You can believe it, all right. 

Ryan O'neal: (As Moses Pray) I'm afraid I'd have to see it to believe it. Much obliged. See you again. 

Dorothy Price: (As Ribbon Saleslady) Y'all come back. 

Rick Howard: Did you guys catch the con? 

Joe Carrigan: Did he give her a sixth one? 

Rick Howard: He did not... 

Joe Carrigan: OK. 

Rick Howard: ...Although I did think that when I first saw it the first 10 times - all right? - so good guess. 

Dave Bittner: So to help set the scene here if folks aren't familiar with it, this is taking place inside of a little shop, like, a little, you know... 

Rick Howard: Right. 

Dave Bittner: ...Store - small-town store - right... 

Rick Howard: Right. Yeah. 

Dave Bittner: ...Where you'd be able to buy all sorts of things. And the woman in this clip is the shopkeeper. So the business... 

Rick Howard: Yup. 

Dave Bittner: ...Part of this, as we heard, is her making change. And I have to say, I followed along, and I did not see the scam. It did not jump out at me. Of course, I knew there had to be a scam here because this is, you know, the point of the show here. 

Rick Howard: This is - right. 

Dave Bittner: But... 

Rick Howard: For the show. 

Dave Bittner: It's not obvious to me exactly what the mechanism was that was going on here. So... 

Rick Howard: Yeah. So... 

Dave Bittner: Rick, can you explain it? 

Rick Howard: Yeah. So I watched this thing 10 times, and I still didn't see what he did, right? I had to go to the Reddit conspiracy channels just to find somebody who could explain it. All right, so the trick here is twofold. Joe talks about this all the time in his - in your guys' show. It's misdirection, is one main thing, and then layering. The misdirection by distracting the clerk about her family, and layering by instigating multiple legitimate money exchanges, with the con in the middle - kind of like a con sandwich, right? So he pays 15 cents for the ribbons and gets $4.85 back. 

Joe Carrigan: Right. 

Rick Howard: So he's even. 

Joe Carrigan: Right. 

Rick Howard: He pockets the change. So now he has four bills. He uses one of his own bills to get her - to give her five ones in exchange for a $5 bill. He's even again, right? 

Joe Carrigan: Right. 

Rick Howard: She keeps the ones in her hand and never puts them back. So then he distracts her with questions and with the $5 bill that she just gave him says, how about give me a $10 bill? So he hands her his five. He's down $5 now. But as asked, she hands him the $10 bill. And now he's up $5. Genius, OK? Genius. And I'd look for that many times and did not see it. 

Joe Carrigan: Wait, wait, wait. Wait, wait, wait, wait. 

Rick Howard: (Laughter). 

Joe Carrigan: I still don't - I got to see it again. I'm going to have to watch this again, I think. 

Dave Bittner: (Laughter). 

Rick Howard: Now, even after that explanation, I looked. And I still didn't get it, all right? 

Joe Carrigan: So he... 

Rick Howard: So it's that clever. Yeah. 

Joe Carrigan: He gives her five ones. And she gives him a five. 

Rick Howard: Yes. 

Joe Carrigan: OK. So - oh, so he has the five. 

Rick Howard: And she has the ones in her hand now and never puts them in the cash register. 

Dave Bittner: Right. 

Joe Carrigan: Right. 

Dave Bittner: So he - while she's still holding onto those five ones, he hands her the five that she just handed him... 

Rick Howard: Yep. Yeah. 

Dave Bittner: ...And says, I'll tell you what. Let me hand you this five along - and along with the five you have in your hand, that makes 10. 

Rick Howard: Yes. 

Dave Bittner: So let's trade the five you have, plus the five I have. And you can just give me 10 in exchange for that. 

Rick Howard: Exactly. 

Dave Bittner: And because he's so smooth about it and so quick, she goes for it. And he makes $5. 

Rick Howard: Yeah. And the trick there is that they got to get out of Dodge very quickly because, you know, what you don't see in the clip is she starts to figure out that something's going on. 

Joe Carrigan: Right. 

Rick Howard: But they're already gone by the time they do, right? So... 

Joe Carrigan: Yeah. 

Rick Howard: Wonderful (laughter). 

Dave Bittner: Yeah. And this is a common scam. I mean, if you go on YouTube, you can see countless examples of security cameras, you know, people in convenience stores. And I think they refer to it as a making - or shortchange scam... 

Joe Carrigan: Yep. 

Dave Bittner: ...Is how it's referred to. 

Rick Howard: Quick change. 

Dave Bittner: Quick change. Shortchange. Yeah. So this one still works today. And you can see why. I mean... 

Joe Carrigan: (Laughter) Yeah. 

Dave Bittner: ...All of us - we knew that we were going to be seeing a scam. 

Joe Carrigan: Right. 

Dave Bittner: And it still didn't jump out to us as to what exactly the scam was. 

Rick Howard: That's why these cons are really like magic tricks, right? 

Joe Carrigan: Right. 

Rick Howard: Even though you know the magician onstage is doing magic, you're looking for it, you don't see it, right? So - yeah. 

Joe Carrigan: Yep. 

Dave Bittner: Yeah. And as this clip points out, as you say, Rick, you know, the scammers drive off. They get out of Dodge as fast as they can, drive off in their car. 

Rick Howard: Yeah. 

Dave Bittner: And then you see the woman at the cash register. And she's like, wait a minute. What just happened? 

Joe Carrigan: Right. 

Rick Howard: Wait a second. 


Dave Bittner: And by then, it's too late. How do you protect yourself against this? 

Rick Howard: Oh, that's a great question. All right. 

Joe Carrigan: I actually have an answer for that. 

Dave Bittner: Yeah. 

Joe Carrigan: Believe it or not. 

Rick Howard: All right, let's hear it. Yeah. 

Joe Carrigan: So this comes from a discussion I had years ago. And the key problem here is that when she is in the process of changing money, she still has money in her hands when he starts asking for the next thing. So when you work at a till, at a cash register, somebody says, hey, this is - about to break my wallet open. Say, you know, let me have five ones for - let me have a five for these five ones, OK? At that point in time, you shut down all the other input. You take the five ones. You count the five ones out. And let them go on about everything else. Don't talk. Don't engage them. Put the five ones into the cash register. Take a $5 bill out. Close the till. Hand the customer the $5 bill - right? - so one at a time. 

Dave Bittner: Right. 

Joe Carrigan: And I've heard stories. This is - I've heard anecdotes that this actually frustrates these people. And they just walk away. I don't know how effective it is. I don't know anything about it. But - and it seems like this would work to me. So that's my recommendation, is... 

Dave Bittner: Right. 

Joe Carrigan: Is one at a time. 

Dave Bittner: So take away their ability to layer these transactions on top of each other. 

Joe Carrigan: Exactly. 

Dave Bittner: And to distract you with their smooth conversation. 

Joe Carrigan: Yes, smooth-talking. 

Dave Bittner: Yeah. Yeah. Yeah. All right. Well, gentlemen, both fun clips today, good things to learn from. So thank you both for bringing those to us. We want to thank all of you for joining us. And, of course, we want to thank the Johns Hopkins University Information Security Institute for their participation. You can learn more at isi.jhu.edu. The "Hacking Humans" podcast and "Hacking Humans Goes to the Movies" is proudly produced in Maryland at the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technologies. Our senior producer is Jennifer Eiben. Our executive editor is Peter Kilpe. I'm Dave Bittner. 

Joe Carrigan: I'm Joe Carrigan. 

Rick Howard: And I'm Rick Howard. 

Dave Bittner: Thanks for listening.