

Doctor 'used silicone fingers' to sign in for colleagues - RobAley
http://www.bbc.co.uk/news/world-latin-america-21756709

======
tokenadult
From the article: "A council spokesman has told BBC Brasil that among those
believed to be those "ghost employees" - as Brazilians call informally those
who receive regular wages without actually showing up for work - are public
workers in the areas of health, education and security."

Yes. Education especially. The fraud is not always so high-tech. In many
places in Brazil and elsewhere in Latin America, schoolteachers can be on the
taxpayer-subsidized payroll while regularly failing to show up for class on
school days. School pupils can't count on teachers being in the building when
they show up for school, so sometimes the pupils don't show up for school
either. A similar pattern of schoolteacher union takeover of the state
education system led to such widespread fraud in Mexico that the president of
the schoolteacher union was recently arrested

[http://www.latimes.com/news/world/worldnow/la-fg-wn-
mexican-...](http://www.latimes.com/news/world/worldnow/la-fg-wn-mexican-
teachers-union-chief-20130227,0,5980836.story)

[http://www.globalpost.com/dispatch/news/afp/130227/mexico-
te...](http://www.globalpost.com/dispatch/news/afp/130227/mexico-teachers-
union-boss-arrested-corruption)

as part of a corruption conspiracy investigation.

~~~
parsnips
Unions. Corruption. Surely you jest.

~~~
cobrausn
The post speaks for itself - the snark is not required here.

------
rcruzeiro
This kind of thing is extremely common here in Brazil. Another very common
example is the mandatory classes a citizen has to take in order to get his
driving permit, if you fail to show on a class you can easily bribe an
attendant of the licensed driving school to change the time on the clock of
the biometrics computer so you can register your fingerprint on the correct
time.

Unfortunately this kind of issue is a cultural problem here in Brazil. This is
what we call 'jeitinho brasileiro' (Brazilian way), the belief that one must
always take advantage of others or find ways to bend the rules.

~~~
phowat
True, I know a guy who just bought his driver license. He paid some cash ( If
I remember correctly something around 3000 BRL ), they took his picture and
information, made a similar silicone finger from the described in the article
and after some time he received the permit. No classes, no tests, no physical
and psychological exams, just like that.

------
netrus
I think the most interesting point about this story is the existence of "ghost
employees" per se. One has to think of remote Yahoo workers ;).

The fraud involved biometrics, but I think it is a non-issue. Of course you
can trick every system, and a finger-print system is arguably harder to trick
than punching card systems that might have been used before. You cannot expect
to log in with silicon fingers for a long time before someone will notice ...

~~~
jcampbell1
The term "ghost employee" is a standard English term used by auditors. Any
sufficiently large organization must periodically reconcile the payroll system
with managers and/or a timecard system. It is usually as simple as just
sending a email to managers asking them to certify that a list of employees
are working for them. There are often a bunch of edge case that must be worked
out, like the people that don't have managers in the HR system, or people on
leave where the paperwork didn't get processed correctly.

Unfortunately, audits aren't really designed to uncover fraud with collusion.
This is why any fraud that is found should be criminally prosecuted, which the
Brazilians are doing correctly here. They need to also prosecute the employees
that were receiving benefits without working as well.

~~~
ghshephard
The one edge case I typically run into with IT systems is when the chairman of
the board, who is not the CEO, wishes to have an office at the company. Where
do you put him on the Org Chart? Every other person I can assign a manager
that ultimately flows up to the CEO - but the politics of hierarchy between
the CEO (who answers to the board) - and the chairman (who most certainly does
_not_ answer to the CEO) are tricky.

------
aleyan
While having "ghost employees" is troubling and lowers work ethics for other
people, it could have been worse. The doctor could have been using the
"silicone fingers" to sign drugs out of the drug cabinet. If biometrics were
the only protection there, the patsy doctors would have very little recourse
to defend themselves.

------
slavak
Fooling fingerprint readers isn't really that hard. YouTube is full of videos
explaining how to do it with nothing more than a bottle cap, super glue, some
duct tape, and a regular laser printer.

------
gcr
It's quite easy to fool most high-end fingerprint scanners, at least older
ones. If you're persistent, you can do so with a bit of gelatin and a laser
printer.

[http://vast.uccs.edu/~tboult/tmp/fingerprint-boult-koaa-
medi...](http://vast.uccs.edu/~tboult/tmp/fingerprint-boult-koaa-medium.mpeg)

There are some scanners that try and look for eg. the motion of the blood
pulsing through the veins with infrared, but I'm not familiar with them.

This issue is called "spoofing / liveness detection," if you want to go learn
more. It's quite a popular topic at conferences like ICB, IJCB, and BTAS.

------
kstenerud
This is not very surprising. Brazilians have a very fluid concept of time,
such that being a few hours late or not showing at all is considered normal
behavior. However, you do not keep someone more important than you waiting.
That's just rude.

~~~
quadlock
yet, they still want to be paid for that time they don't care about.

~~~
kstenerud
Yes, because this new "checking in" system goes against their established
cultures and norms.

------
tantalor
The lesson here is that fingerprint biometrics are not generally reliable,
i.e., they assume the user will not volunteer their credentials to others. The
same is true of passwords.

Cost notwithstanding, would retina biometrics be more reliable? Is there a
cheap and reliable solution?

~~~
gcr
It should be possible to fool a retina scanner with a designer's contact lens,
but it's quite easy to simple break it (ie. force a nonmatch) with a regular
contact lens.

What will be really interesting is when someone commits a crime with a fake
fingerprint.

------
yogo
Haha, who said no-show jobs were only in construction?

------
laveur
This is very Gattica... Kind of find it amusing that we have finally caught up
with the movies...

~~~
sp332
That's GATTACA, it's made of the letters used to describe DNA bases: G, C, A,
T.

