The Marc Weber Tobias Interview

Marc Weber Tobias is an internationally know security expert. If you're interested in picking locks and you don't know Marc's work, you'll do well to have a look. I caught up with Marc and fired off a few questions...

UKBumpKeys 

Hello Marc, firstly thank you for agreeing to talk with me. I’ve been following your work for years, and it’s continually provided me wonder and knowledge I doubt I, or any of us would have otherwise had. Your engagement and reporting of the Kaba Simplex story was fantastic, and a cracking example of your work. If anyone hasn’t yet read it you can read it here if you want to get an understanding of Marc’s work and knowledge of the field.

You’re ‘Lock Picking Royalty’, with decades of experience with locks in your wake, you seem to know what there is to know about what there is to know about. Your book “open in 30 seconds” written with Tobias Bluzmanis and published in 2008 humiliated the Medeco Biaxial and other M3 security locks, it reminded me of a Derridian Deconstruction. The lock was left in a heap on the floor – figuratively speaking. It’s not simply a picking ‘how to’ manual, it seems to have many agendas. What were your aims when writing of the book?

MWT

First, to demonstrate that the research we had done was valid. And more than that, to show that high security locks are vulnerable to bumping, picking and other forms of attack. Medeco was and is the leader in the United States, and they learned a valuable lesson.

UKBumpKeys

You published 5 (I think?) previous books on security before ‘Open in 30 seconds’ including work that represents your other skill as an investigative attorney and a certified polygraph examiner. At first they seem quite distinct (although bracketed under ‘security’) but we’ve seen recently how penetration testing (hacking) has informed lock picking and vice versa. How connected are these fields in your life? I mean polygraphs are lie-detectors – in some way so is lock picking! And every lock is a new investigation. Do these fields inform each other?

MWT

You are exactly correct. Determining vulnerabilities in locks is another form of very detailed technical investigation, and that is my background.

UKBumpKeys

‘Do you really think ignorance will keep you safe?’ - Marc Tobias Weber

MWT

Not at all. Security by obscurity does not work, and with the Internet, there are no secrets.

UKBumpKeys

Some people consider the sort of thing we do as irresponsible. Yet I find a consistent strain of responsibility throughout your work, people use locks to protect their families and their possessions, and when they come up short, they need to be held accountable. Do you ever question the social morality of the dissemination of lock picking techniques and information? How do you draw the line between what you do make  – or more importantly – do not make,  public? It’s been said that you’re not exposing the problem, you ARE the problem!

MWT

Everyone is entitled to their opinion, but that does not change the fact if a product is not secure. Would you rather be ignorant and not know the problem, while the criminals do? Or would you like to have the information to make your own decision? We do not publish, as a rule, information on high security locks that are used in government or high security facilities where there is a national security interest. Nor do we publish information that is proprietary with regard to locks that we analyse for our clients.

UKBumpKeys

What is the most ridiculous security flaw you’ve encountered in a lock?

MWT

I don’t think there is one, although the latest article I wrote in Forbes on the Sentry safe design demonstrates incompetent security engineering. I imagine we will be filing a class action lawsuit with regard to this issue.

UKBumpKeys

I found the Kaba Simplex story fascinating and especially interesting was KABA’s response to the information being provided. How do lock companies respond to your investigations? Is anyone ever grateful? It would make sense to me for companies to come to people like us first, before mass-producing a lock, providing prototypes– has this ever happened?

MWT

Lock manufacturers employ experts like us quite frequently. The problem is liability. Most companies will do the right thing, but they also do not want to admit defective designs or they will be subject to damages. We have helped a lot of companies, and saved them a lot of money and bad PR. Yes, they are grateful.

UKBumpKeys

Moving away for people and back to locks (I’m sure that’s where we feel more comfortable) what is your preferred method of attacking standard pin cylinders? I say ‘preferred’ because it’s not always the easiest or fastest - for instance I love raking and am very good at it, but I’ll much prefer to try and impression a lock, it’s my ‘preferred’ puzzle, so to speak – what’s yours?

MWT

Probably rake picking and bumping first. Usually we do a detailed analysis to figure out vulnerabilities, so we are not so interested in traditional means, especially with high security cylinders.

UKBumpKeys

Tell me about your book Locks, Safes and Security – this seems something of a game-changer for you. In the trade it’s referred to as 'The Bible'.

MWT

It took about ten years to write the second edition, and almost that long for the LSS+ multimedia edition. I am now working on the next edition. I don’t think there was a book ever published quite as comprehensive, but other works just as good.

UKBumpKeys

I became obsessed with bumping. I took the shoulder right off – designed different patterns of cuts for different pins and as far as I know was the first person to use Dampeners (rubber washers) to improve the technique. What did you feel about the bumping explosion of the early 2000’s?

MWT

Barry Wels and Klaus Knock introduced bumping in 2004-2005 in Europe, and we alerted the public in 2006 to the dangers. It is a serious problem which has been dealt with by many manufacturers. Bumping was actually first patented in 1925 in the UK. I am not sure about the use of a rubber bumper and if you were the first, but it is clever.

UKBumpKeys

What is interesting you in the non-destructive entry world at the moment?

MWT

The use of electronics and sophisticated techniques that we utilize to open locks.

UKBumpKeys

What direction do you think physical security is going?

MWT

Towards electronics, especially with 3D printer threats.

UKBumpKeys

When I’m asked the best way to secure a house, I say with all sincerity to get a dog.  What advice would you give to the home and/or business owner regarding securing their family or property?

MWT

A good alarm system. There is no really secure house if it has glass.

UKBumpKeys

What advice would you give to someone who wants to start lock picking?

MWT

Be patient, do a lot of reading, and a lot of practicing. It is a great sport and requires a lot of talent, and the use of all senses.

UKBumpKeys

You have been banned from casinos and entire hotel chains, and had lawyers breathing down your neck for two decades. What keeps you doing it? And why are you frequently grinning?

MWT

Because I love what we do and we think we ae pretty good at it. When we find a serious security flaw, the more that people try to cover it up, the better for us, and the public. At the end of the day, people have a right to know. It is THEIR security that is at risk.

UKBumpKeys

Thanks for your time, Marc.

END