How Criminals Can Duplicate Your Keys (Without Ever Touching Them)
by John Cheese · January 25, 2018
Most of us at The Modern Rogue are fascinated by thieves. Not the actual criminals, mind you -- thieves deserve to be suplexed off the top of a mountain, into a pile of thumbtacks in the crude shape of a middle finger. It's the act we're interested in. Any doofus with a brick can smash out your window, steal your dog and run, giggling, into the sunset. But there's a sort of magic to the ones who pull it off with some subtlety, leaving victims and police thinking, "Wait, what the ... my dog ... the locks ... how?!"
That "how" part can get pretty insane. And we're not talking about criminals who know how to use a bump key or mastered the art of lock picking. This is how they can create a key to your front door without ever touching the original ... then quietly let themselves in and de-dog your living room.
Stealing the Entire Lock
In January of 1950, eleven true rogues broke into Brink's Armored Car Depot and politely reduced the physical weight of the business by however much $2.7 million weighs (for the curious, their haul was around 1000 pounds). They didn't leave so much as a lingering fart for evidence, and the FBI spent the next six years and $29 million to solve it. Those of you keen at math will notice that's more than ten times the amount stolen. Those not keen at math will just need to take our word for it. There's no shame in that; numbers are hard.
The details of the robbery are what you'd expect: they scoped out the place for a couple of years. They learned the floor layout and work patterns of the employees. They rehearsed the robbery like it was a Broadway production of Scumbags: The Musical. They even stole some hit and miss keys for easy access to specific rooms. None of that is surprising, though. What's interesting is how they acquired the keys that they couldn't outright steal.
They stole the locks.
This thing. Like ... the WHOLE thing.
Yep, dressed in various disguises (we prefer to think they were disguised as giant piles of money), they snuck into important rooms over the course of two years, stole the locks right out of the doors and used those to create duplicate keys. They then quietly replaced those locks and presumably congratulated each other on their various degrees of evil. On the day of the robbery, all they had to do was calmly walk through the building, unlock the money storage rooms and start filling bags with giant dollar signs on the side.
They way they were caught is the way most criminals are caught: idiocy. Four years after the heist, one of the thieves, Specs O'Keefe, started to get antsy for his share of the money. After quite a bit of nagging, the other guys were like, "OMG STFU LOL" and tried to assassinate him. Three times. Eventually, Specs was arrested for an unrelated crime, and in 1956, he spilled the beans. Which, honestly, we'd probably do after the first assassination attempt, let alone three. Looking back on it, we're pretty sure Specs was physically constructed out of patience and balls.
The VIN Scheme
In 2002, a ring of thieves were busted after stealing over half a million dollars worth of cars in several states. They didn't smash out the windows or Slim Jim the locks. They simply walked into the dealership and asked for a duplicate key ... then calmly drove away, presumably while Keyser Soze's reveal music played softly in the background.
Of course, it's a bit more complex than that. You can't just walk up and ask for a key ... you'd have better luck asking the dealership, "Hey, can I have that blue car on the corner? I don't have any money, but I really, really want it."
"Well, I AM pretty stupid, so ... here ya go!"
No, this is more about forgery and acting than making a key from scratch. The thieves in this ring happened to be really good at creating realistic looking titles and registration documents. So what they'd do is scope out the car they wanted and write down its VIN. Then create the official looking documents, using the VIN of that vehicle. After that, it really was as simple as asking for a new key without seeming suspicious or using the phrase, "I'm definitely going to steal that car."
This wasn't the only case of this happening. According to the Snopes article linked above, another ring was busted in 2009 for stealing "hundreds of cars over an 18-month period" in Chicago. But as they later point out, this isn't likely to happen to your 1998 Dodge Caravan with so many miles, the odometer displays them in scientific notation. These thieves targeted dealerships, and there's a reason for that.
Salesmen are the literal devil?
If your car was stolen right now, it's not going to take you long to notice, because ... well, it's your freakin' car. Believe it or not, it's actually pretty easy to lose track of one at a dealership. Often times, the owner will have more than one dealership, and regularly transfer vehicles between them in order to show customers. The salespeople will often drive the used inventory as "demo" cars -- meaning they take them home after the place closes. An empty parking space could mean that it's out on a test drive. Or it's been taken to the wash bays to be detailed. Or it's in the shop, getting repairs. There are dozens of reasons a car could be gone, and very rarely is that reason, "Someone stole it. They stole it right in our faces, and we helped them do it."
By the time someone realizes the car is stolen, it has likely already been through a chop shop.
Using Phone Apps
In 2014, CBS News published a story about how thieves could use their phones to get a copy of your keys without ever having to touch them. But they took it one step further and actually did it. Because the world is madness, and news crews sometimes get bored.
All they needed was a photograph of the key. Using "online locksmiths" like KeyMe and Keys Duplicated, journalists from KCTV5 were able to send the photograph through an app, and then just wait for the duplicate to be mailed back to them. And it worked.
"Wonder if it works for the zoo's monkey area?"
The founder of the locksmith company claims that it's way too risky for a criminal to obtain a key in that manner, and to be honest, he's probably right. The transaction is digital, so unless the thief is an outright hacker, it's going to be traced. You have to use a credit card to purchase it, and even if that card is stolen, you still have to worry about the cell signal or wireless connection being logged and tracked to a specific area. The key is mailed back to the recipient, so you have to physically retrieve it. There are lots and lots of forensic hurdles to jump.
Then again, a hacker probably isn't going to bother physically robbing someone's house in the first place. They're far more likely to rob your Steam account than your personal treasure room. Carrying all that real life gold takes a physical prowess that hackers aren't typically known for.
Regardless, the Kansas City news crew was able to obtain a working key to their boss's house simply by walking into her office and photographing the ones she had lying on her desk. We sincerely apologize for the nightmares that you'll definitely have tonight. And we preemptively apologize for what we're about to show you ...
Print Them Right at Home
If you read that CBS News article from the previous entry, you'll notice that they mentioned the possibility of using a 3D printer to bypass the apps and simply print them out, yourself. That was way back in the ancient times of 2014, and since then, 3D printers have done what all technology eventually does: it gets cheaper.
That means you no longer have to drop thousands of dollars on what seems like a novelty to the average person. Now, any Tom, Dick and Han Solo can walk into a Walmart with a few hundred bucks and walk out with potential nightmare fuel. Using a 3D printer to duplicate keys from photographs isn't just a theory. Bill Doran actually did it on an episode of The Modern Rogue:
With high enough resolution, you could even clone a key from a photo you found on Facebook, Twitter and ... pretty much anywhere except Google+. Nobody uses Google+. Except maybe the founder of Google+, Chad Google+.
Aside from the printer, you don't even need special equipment. 12 megapixels is pretty much the industry standard for phone cameras, which is plenty to work with. There are plenty of freeware or free-trial CAD programs that can be used to isolate the key from the background of the image. The 3D printing software, itself, comes with the printer. All you need is knowledge and a complete lack of basic human empathy to pull it off.
Of course if you don't have access to any of that technology, you could always just ...
Freaking Memorize Them
In 1995, three men escaped Parkhurst prison on the Isle of Wight, which is clearly a made-up name meant for a Game of Thrones episode. The details of the escape are pretty crazy. One of the men had an in-prison job as a sheet metal worker, and while unsupervised, he created a ladder out of stolen goal posts. That sentence sounds like a failed round of Mad Libs, but it's the least surprising part.
Meanwhile, the group had somehow acquired a gun and convinced visitors to smuggle ammunition and cash into the prison. The only thing left to do was tunnel through the wall, and- Oh, wait, no. They didn't have to tunnel anywhere because they had created a key to the gymnasium from sheer memory. With that, they simply let themselves into the gym, grabbed the homemade ladder, cut through the perimeter fence and climbed over the final wall.
They were recaptured four days later, but holy crap. That key. You might think that's a one-time sort of thing, but you'd be wrong. WRONG!
This is Mark DeFriest, a high functioning autistic savant, who many believe was wrongfully imprisoned for stealing his father's tools (which were actually left to him in his father's will) in 1979. The original sentence was four years, but due to "undiagnosed mental issues," he had a habit of doing lots of no-nos in jail. He racked up so much extra time, he would have never experienced life outside of prison walls again. As of 2016, he had attempted to escape thirteen times, and was successful in seven of them. That's because he has a damn near X-Men level ability to recreate keys from memory.
He doesn't need months of repetitive sight to pull it off, either. If a guard walks by with a key hanging off of his belt, he might as well just save some time and hand the key directly to Mark. At one point in Florida State Prison, he created a copy of the master key ... then just "let out fellow inmates to roam around."
The details of his life and imprisonment (which you can read in the last link) are pretty insane. They even made a documentary about him, called The Mind of Mark DeFriest which was so compelling, it aided in reducing his sentence by 70 years.
But we really think the takeaway lesson is: if you ever need to duplicate a key, just do it from memory.