The ATR-42 is a small turbo-prop plane.

It stores baggage next to the lavatory as you can see in the far right portion of these three cabin layouts.

The Daily Mail claims that a security guard put nearly $2 million on board an ATR-42 in three bags.

They say a passenger then created a story about being ill in order to avoid suspicion for the time he spent in the lavatory working around the panels to access the bags; by the end of the flight be managed to pocket $238K. Illness was also used as a distraction for his escape. His travel companion asked for an ambulance to be called to the runway. When it arrived the thief declined and walked away from the commotion.

This story illustrates how a classic social engineering method — reverse-good Samaritan — will help an attacker deflate suspicion.

Although it has believable elements, I find several parts surprising. The passenger knew the bags held cash, knew how to access them in a private space away from the guard, and that bags of nearly $2 million were not booby-trapped (e.g. exploding ink) or tamper-proof. The incident was detected, for example, by the cleaning crew who found a bag of money left behind in the lavatory.

Those parts together, assuming this story is true, suggest an inside job involving Brinks staff, like one from last year.

Comerica says it did not discover the shortfall until several weeks later. When it did, it says, both Brink’s and Garda investigated and found that the “cash bag showed signs of tampering” and that the “Brink’s teller who processed the cash bag noticed that [it] was compromised but did not report that fact.”

[…]

When the bag got to Brink’s, it contained only $117,000 and was missing “a general ledger entry from Comerica’s banking center,” according to the complaint. The bank adds that instead of reporting the shortage, a Brink’s employee altered the paperwork.

Note the blog post and the warning by a student at Tufts:

The purpose of this blog post is not to help repressive regimes use Facebook better, but rather to warn activists about the risks they face when using Facebook. Granted, many activists already know about these risks, but those I’ve been in touch with over the past few weeks simply had no idea. So what follows is a brief account of how repressive regimes in North Africa have recently used Facebook to further their own ends. I also include some specific steps that activists might take to be safer” that said, I’m no expert and would very much welcome feedback so I can pass this on to colleagues.

He could have called it “how to keep your information private”…ah, but then again we’re talking about Facebook. Even if you are an expert in information security Facebook is a royal PITA if you want any kind of privacy.

As I mentioned in my RSA presentation, nobody wants to put their assets in a bank and then have to test it every day to see if it is still safe. That’s why I suggest the #4 recommendation to activists (quit Facebook and use more privacy-aware platforms) should be moved to #1.

Something about #3 bothers me but I can’t quite put my finger on it.

Create a new Facebook account with a false name, email address and no picture and minimize incriminating content. Yes, I realize this may get you shut down by Facebook but is that as bad as getting tortured?

Hey, it’s your choice; impersonate someone else or be tortured? Sounds like a false choice to me. You can be arrested even with a false name or for impersonation.

A Bulawayo man has become Zimbabwe’s first “Facebook arrest” over an innocent comment he posted on the social networking site on the 13th February. Vikas Mavhudzi of Old Magwegwe, is being charged with “subverting a constitutional government” after he posted a message on a Facebook page allegedly belonging to Prime Minister Morgan Tsvangirai.

Other recommendations would be to switch to encrypted P2P communication and to make use of encoded language. Maybe try predictable stealth also…