{"id":21378,"date":"2023-07-17T17:39:50","date_gmt":"2023-07-17T13:39:50","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/les-vampires-1915-identity\/21378\/"},"modified":"2023-07-17T17:39:50","modified_gmt":"2023-07-17T13:39:50","slug":"les-vampires-1915-identity","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/les-vampires-1915-identity\/21378\/","title":{"rendered":"Identity theft \u2014 a century ago"},"content":{"rendered":"

Cyberthreat researchers have of late been sounding the alarm about the rising danger of deepfakes. In particular, they advise<\/a> to not trust your ears: in the digital age of artificial intelligence the voice at the other end of the line may not belong to whom you think. Speaking of which, any guesses what people were afraid of more than a hundred years ago? In that mechanical age of scientific discovery, they were wary of, yes \u2014 trusting their ears. After all, the voice at the other end of the line \u2014 was it really whom they thought? Don\u2019t believe it? Then just take a look at a case of identity theft using then-sophisticated technology to steal money from a bank account depicted in a film shot back in 1915! Welcome to the world of the French silent movie series Les Vampires<\/a>.<\/p>\n

Les Vampires<\/h2>\n

A quick spoiler: anyone looking for supernatural blood-sucking monsters will be disappointed. The main character, journalist Philippe Gu\u00e9rande, confronts a daring criminal gang that calls itself the Vampires. Despite its venerable age, the film has a lot to offer in terms of information security. Take just the first scene, which illustrates why outsider access to work documents is a no-no.<\/p>\n

The Vampires themselves are of interest for their use of what were then hi-tech methods. A large chunk of episode three (The Red Codebook<\/a>) is given over to cryptanalysis: Gu\u00e9rande looks for patterns in the villains\u2019 encrypted notes. And episode 7 (Satanas<\/a>) is built around an attempt to copy another\u2019s identity. But how does anyone pull off identity theft armed only with early 20th<\/sup>-century tech?<\/p>\n

Identity theft in 1915<\/h2>\n

In a nutshell, the criminal scheme goes as follows. The Vampires learn that US tycoon George Baldwin is on a trip to Paris, where they decide to relieve him of some of his money. To do so, they devise a multistage attack. First, they arrange for the millionaire to be interviewed by one of their own, Lily Flower, posing as a journalist for Modern Woman<\/em> magazine. She tells Baldwin that her magazine publishes a celebrity quote every month, and asks him to write a few words in a notebook, then date and sign them.<\/p>\n

Next, a saleswoman claiming to be from the Universal Phonograph Company visits the millionaire with a new piece of tech wizardry: an actual phonograph \u2014 the first device for recording and reproducing sound. She explains to Baldwin that it\u2019s her company\u2019s policy to record the voices of famous people visiting Paris. Falling for the ruse, he dictates the only phrase he can pronounce in French: \u201cParisian women are the most charming I\u2019ve ever seen,\u201d adding \u201cAll right!\u201d in English at the end.<\/p>\n

The full nature of the scam is then revealed to the viewer. The purpose of the first stage was, of course, to steal the tycoon\u2019s signature. Under the sheet on which Baldwin left his autograph was some sort of carbon paper, which duly captured the signature and date. Above this, the criminals write out a fake order obliging New American Bank to pay Lily (the journalist) the sum of US$100\u00a0000 (a princely sum today; imagine its value a century ago!).<\/p>\n

Next, they kidnap the telephone operator of Baldwin\u2019s hotel, and send another accomplice in her place with a note: \u201cI\u2019m sick, sending my cousin as a replacement.\u201d The hotel management swallows this primitive trick and puts the total stranger in charge of the phone.<\/p>\n

Meanwhile, Lily goes to the bank with the fake payment order. The cashier decides to check the legitimacy of the transaction and calls the hotel where Baldwin is staying. There, the bogus telephone operator plays the recording of the millionaire uttering his catchphrase, which convinces the cashier to pay out.<\/p>\n

How feasible is this scheme?<\/h2>\n

Most of it is utter twaddle, of course. How on earth would a Parisian cashier at a U.S. bank in 1915 know the signature, let alone the voice, of some American millionaire? Not to mention the fact that the phone lines back then would likely have distorted that voice beyond recognition. That said, the scheme itself is a classic implementation of a man-in-the-middle (MitM) attack \u2014 the cashier is sure the voice belonged to Baldwin, who in turn thinks that he, earlier, provided it to the \u201cphonograph company\u201d.<\/p>\n

What\u2019s more, the movie features a 2FA bypass: signature theft and fake voice confirmation. Sure, all this is now done using digital technologies, but the core attack scenario remains the same. As such, the main countermeasures could have been formulated over a century ago:<\/p>\n