You Can Learn A Lot About Social Engineering From A Repo Man

The most vulnerable part of any secure information system is the human at the controls. Secure passwords, strong encryption, and stringent protocols are all worthless if that human can be coerced to give away the keys to the kingdom. The techniques of attacking a system through the human are collectively known as social engineering. While most of us don’t use social engineering in our day-to-day jobs, anyone can fall victim to it, so it’s always good to see this stuff in action. Some of the best examples of social engineering come from unlikely places. One of those is [Matthew Pitman].

reponinja[Matt] is one of those people we all hope we never to meet in real life. He’s a repo man. For those not familiar with the term, [Matt] is the guy who comes to pick up your car, boat or other asset when you fall behind on your loan payments. Generally, these repossession agents are contractors, working for the bank or loan agency who holds the loan on the collateral. As you might expect, no one is happy to see them coming.

[Matt] uses plenty of high-tech gadgetry in his line of work, everything from GPS tracking devices to drones. He calls his tow truck the Repo Ninja, and the interior is decked out with an internet connection, laptop, and tons of cameras. Even so, his greatest asset is social engineering. His 26 years of experience have taught him how to work people to get what he needs: their cars.

About 5 years ago, [Matt] began taking videos of his repossession jobs. His motivation was not fame and fortune on the internet. The cameras came out as a way to protect him from frivolous claims. All too often a debtor will claim that damage was done to their vehicle during the repossession, or that the repossession agent did something illegal, like enter a closed garage. [Matt’s] cameras have kept these claims from escalating to court cases more times than he can count. As time went on, he started uploading some of the videos to his YouTube channel: RepoNut, which is how we found him.

Leveraging What’s (mostly) Public

Social networking services such as Facebook, Twitter, Instagram, Tinder, and Snapchat are one of the greatest boons for digging up personal data. [Matt] uses all of this to his advantage. It’s easy to see where a car is being stored when the owner posts pictures of it up on Facebook – even if it’s in the background on the kids first day of school. Many times a debtor’s Facebook security settings will be wide open. When they’re not, [Matt] has an arsenal of Facebook accounts to get onto that person’s friends list. Sex sells, and [Matt] knows it. Young single men are always happy to add a pretty local girl to their friends list. Little do they know that the person on the other end of the account is [Matt] himself.

Follow the Phone

Spearphishing is a technique where data is obtained from a specific target by sending them an innocent looking message. That target may be a high level executive, an engineer, or someone a few payments behind on their car. In this scene, from [Matt’s] appearance on ABC’s 20/20, [Matt] sends a text message to the ABC reporter. The message is actually from a spearphishing service. The payload [Matt] is phishing for is the reporter’s location. The SMS based trojan installs GPS tracking software on her phone. which leads [Matt] right to her.

Reading People

repo4A good social engineers is flexible, ready to change their techniques at a moments notice to achieve their goal. This flies in the face of the way most drivers handle repossessions. Many agents have one technique: “hook and book” – I.E. grab the car and go – assembly line style. However, this isn’t always the best way to do it. The goal of a repossession is not to snag a car. It’s to get the bank the money which it is owed. If a debtor can pay the money, great! If they can’t, the car is eventually sold at auction to repay the loan. [Matt] always analyzes the behavior and body language of the debtors he contacts. People’s attitudes change when they see their vehicle is hooked on a tow truck. Everyone says they’re going to pay – but only a few are sincere enough to warrant him spending extra time – time he could be using finish this repo and grab another. Here is a case where a debtor truly owned up to the missed payments and impressed [Matt]. He’s been doing this long enough to have seen just about every con in the book, and this person’s actions and body language came across as sincere. [Matt] actually lowered the car and followed the owner to a family member’s house. The family member called in a payment and everyone walked away with the best possible outcome. In a case like this, [Matt] is still payed his full fee, but he doesn’t have to worry about transporting, storing, and transferring personal items in the vehicle. Following the owner to a family member’s house also gave [Matt] some vital information: A new address which he could use to look for the vehicle should it come up for possession again.

Being Sneaky

repo2The best social engineers know the mindset of their target, and can quickly deduce what they need to do to achieve their goal. When a debtor stopped to pick up new tries for a vehicle with a repo order on it, [Matt’s] target changed. Rather than hook the car, which would have brought out the entire staff of the tire shop, he went for a more subtle technique. Every automotive service center works the same way: Customers come in and talk to a service writer. The service writer writes up the problem and takes the customer’s keys. Eventually there are a line of keys and papers on a counter top. When a mechanic is ready for a new job, he grabs the next set of keys. Most of the time the keys are under the sole surveillance of the service writer – whose job focus is servicing the next customer. This was [Matt’s] new target. Distract the writer with a customer, and you can get the keys. It’s a perfect demonstration of using social engineering to turn someone’s job against them. That’s exactly what [Matt] did in this clip. He asks the clerk about a set of Pirelli tires for his Mustang, while covering the keys with a pamphlet. After this sleight of hand, [Matt] walks away with the pamphlet and the keys beneath. He’s able to drive the repossessed car down the street to his waiting tow truck.

Treating People Like People

ninja1A theme that has replayed itself countless times in [Matt’s] videos is one of respect. Folks who have their cars repossessed aren’t automatically criminals. Many times they are regular people who have lost their jobs, or had some other hardship. [Matt] always approaches the situation with respect for the other parties. More than just verbal respect, [Matt] adjusts his tone and mannerisms to appear as a non-aggressor. This tends to calm the vehicle owner. In Social Engineering terms, this is Neuro-linguistic programming (NLP). You can see that in action in this scene, where a woman thanks [Matt] for his respectful approach. This also helps to calm down her husband, who says he would have “whooped some ass” if [Matt] had upset her. That video is also a great example of how [Matt] always tries to allow the vehicle owners to get anything they need from the car before it is towed. The repossession is for cars, not child car-seats, cell phones, or anything else.

The Confidence Game

Many of the social engineering exploits from well-known hackers like [Kevin Mitnick] involve getting privileged information by just asking for it. In fact, [Kevin] has said that he never used software based exploits to gain privileges on a computer system. It’s just a matter of calling the people with the target data and either sweet-talking or scaring that data out of them. Convince a low-level corporate drone that you’re a manager 3 or 4 levels up, and are in a time-sensitive do-or-die situation. We guarantee 9 out of 10 of them will sing like a canary. [Matt] proved he can play that game as well when he ran into a locked gate at an apartment complex. The gate was locked with a combination lock, and a vehicle he needed to tow was in the yard behind the gate. He simply called the property management company, and said he needed access to the area. Whoever was on the other end of the line took the official sounding voice as one of authority and read the combination over the phone. So much for privileged data!

Danger Exists

razorEven with all that experience, not every day is a good day for [Matt]. Here is one case where the owners just wanted to fight. Rather than escalate or involve the police, he simply left. Later the owner voluntarily surrendered the car – but not without some drama. They taped a razor blade on the inside door handle. [Matt] got a nasty cut while performing the repo. There is a new trick to be learned every day.

[Matt] performs repossessions in Utah for his company, Certified Asset Recovery Service. If you’re wondering what [Matt] is paid for a repossession, his average fee is $350 USD. That might be 5 minutes of work, or 5 months of research and tracking.

120 thoughts on “You Can Learn A Lot About Social Engineering From A Repo Man

      1. it’s not because you have jaywalked that you have abandoned every constitutional right. I don’t know in the US, but in many countries there is the principle of proportionality, and also the regalian principle, that says that if extreme measures have to be taken, only the State can take them (monopole of violence is one of them). To be fair, I’m not sure the US does adhere to those principles, it might be a European Court of Human rights enforced thing.

      2. Yes, installing malicious code on someone’s digital device without their knowledge of consent is very much CRIMINALLY illegal – in the U.S. any way (warrant hopefully, not going there). Not paying your car payment is a CIVIL matter, which is very different than a criminal matter such as hacking someone’s computer or phone. Its not like the guy is repo-ing “STOLEN” cars. These are cars that were purchased via a loan, which is sort of an investment by whoever is financing the loan, the payback on the investment being whatever interest is accrued over the life of the lone. So the bank or financier gets back whatever money they loaned you plus interest, which is the profit for them loaning you money. You not paying them back is not “illegal” in a criminal manner (could vary state to state), but they can take you to court to have the contract that you signed enforced, which will probably be forfeiture of whatever item is in question, house, boat, car, plane, etc. OR something of value equal to what they are owned and any damages and court costs OR garnishing your paycheck, meaning they will take their cut of it based on a “fair” payment plan. OR with certain items, such as movable ones like planes and cars and boats, they can avoid the hassle of court and just come take it back from you whenever they get the chance. BUT – in most places they must notify the police just beforehand to avoid wasting police resources on car theft call-outs, which does happen from time to time…. and the police are not always so friendly to the repo-man for neglecting the common courtesy of a pre-repo action phone call. But again this varies place to place. But no, the repo guy cannot legally hack your phone or install tracking software on it just to repo your car, 20/20 is full of shit.

        1. However in the state of Arizona if the debtor doesn’t pay after 90 days the loaner may report the vehicle stolen and then the debtor has a felony, cheaper than using a Repossession company because it uses the police and then they impound the vehicle.

      1. I’d guess not, would be a pain for the court having to do that all the time. I’d suppose his actions are covered by the relevant laws, which would take into account the need for creditors to reclaim stuff. Though of course they don’t give him the right to use violence or whatever. As far as trespass, dunno.

      2. Warrants don’t let you do something like this. A court order, possibly, but no judge would sign an order like this.

        I see so much here that sounds very illegal, and I’m shocked he’s getting away with it.

        1. the thing is, in most cases the vehicle belongs to the bank until it is paid off.

          Its like you loaning a car to someone. If they refuse to bring it back, you can legally do a lot to get your car back.

    1. Correct, it is NOT legal in the USA. And his state, Utah, has it listed as (most likely) a Felony. Title 76 Chapter 6 Part 7 Section 702-705. (see web link) It looks to be a second or third degree felony, but I seriously doubt this would be prosecuted on it’s own. (unless a young buck prosecutor is looking to make a name for themselves) Now if he _EVER_ grabs the wrong car (doubtful), I foresee huge fines and jail time in his future. He’s made a good career as a legal thief so hopefully he’s spoken with his own lawyer about use of these “services” and the Trojan installation.

      One could argue this was only a misdemeanor, but with every prosecutor I’ve ever met, it is SOO easy to throw the book at “computer crimes”, I have a difficult time imagining this being the case. Perhaps on a plea deal in Utah. Hit him with a nice hefty fine and a promise not to do this any more and be done with it.

      I am a lawyer, but not in Utah. I have handled computer crime cases. I am uninterested in representing you so don’t ask and the email addr is a throwaway.

      1. If someone discovered this, wouldn’t they be able to push for it as a criminal offense? As far as I was aware not paying your debts would be a civil offense, but this would be a criminal one, and bailiffs/repo men aren’t allowed to do this even in the course of their duty

      2. It’s not a SMS Trojan virus. He is simply sending a web link she voluntarily complied with by opening it. That’s tacit authorization. If she has location services enabled on her cell phone then she is again tacitly authorizing release of sensitive private data to others. The website LEGALLY pulls the GPS/Cell location data from the phone and either stores it at the website in a database file or SMS’s (or EMAILS) it back to the sender. Either way you would have tacitly approved of the release pf private data to others. Next time don’t open suspicious links and turn off your cell phone’s location services..

        1. I don’t know where you got that information from because the ABC news report is so dumbed down it makes my brain hurt, but it sounds plausible. More to the point, I don’t know where HaD got “The SMS based trojan installs GPS tracking software on her phone”, but use of creative license in a HaD writeup altering the facts isn’t unusual.

        2. I’m not sure that I agree with your dissection of the situation…

          …using your logic there would be nothing to fear if you wrote some malware that emptied a victims bank accounts because according to your version the victim provided you with their banking credentials when they clicked the link that installed the malware.

          At the very least it could be considered theft and use of the spearphishing service could be considered use of ‘burglary tools’ or the digital equivalent of posessing lockpicks in much the same way that having PopcornTime installed on your computer can be considered as a burglary tool for copyright infringement.

        3. It may grab your general location at the moment in time, but as far as running a hidden service in the background to update your location any more often than the one time your clicked on it is ILLEGAL any way you slice it. Tacit consent be damned. It’s no different than webpages inferring your location based on your IP, but they can’t legally install tracking software.

          But that said, it could be useful if they come up with a location such as a parking garage or store you may frequent, but a far ,far cry from real time geolocation tracking

    2. First thing I thought of as well. I also wonder if that service writer got in trouble? From the shop’s perspective, the service writer just let a car get stolen from the shop’s care.

      1. “stolen” implies the property did not belong to the person who took it.
        In this case, a representative of the creditor (who has a legitimate legal
        claim on the property, contractually), reclaimed the property…hardly
        what a court would consider theft….

    3. Yes, this is legal.

      As an example, my car has a service where I can have my car text a friend, and that friend can share his location with me, and that location gets downloaded to my car’s GPS. So not only is it legal, it is a feature.

      1. Using a feature to assist a repo that is native to your car, such as “OnStar” and the like is one thing, and I don’t even believe they will get involved in such a case. But uploading malware to your phone and running a hidden service on it to track your location without your consent or “spearpphishing” in any form or fashion is illegal, and even if repo is perfectly legal, they cannot break the law to take the vehicle back. There is court precedent all over the place that this would land “Matt” and whoever runs the “spearphishing service” in prison in a heartbeat if it were true.

    1. This reminds me of a proposal to take away students’ driver licenses if they play hooky instead of going to school. They wanted to get students to come to school by taking away their ability to get to school.

          1. Yes for a while I was one of them living in rural USA. My mom had to drive us in until dad lobbied for the township to include our little out of the way bus stop. There was no public transit either. But there was always a way to school, either mom or hoofing it. Sometimes I had to walk to school 5 miles UP HILL both ways! :-P

      1. Ever hear of this thing called a ‘bus’?

        Not as luxurious as driving yourself in your own vehicle, but obviously this is a luxury that they have already proven themselves not to be ready for.

        Action and consequence- the student wanted to play hooky and go joy-riding and as a consequence they have to ride a bus for 3 months to make up for one afternoon of irresponsibility.

        …and believe me- I skipped a lot of school (actually showed up to class one morning and the teacher addressed me as a new student. True story.) and still remember all the stupid shit that I got up to. Voice of experience talking.

    2. No Doubt. BAN ALL FINANCING! No cash, No car, No cash No house, No cash NO THINGS!.

      Because thats basically what youve said here.
      If you cannot afford to pay the bank for the use of THEIR car, then you likely cannot afford to properly maintain THEIR car, so they need to take THEIR car back before you deplete what little value remains in THEIR investment.

      If I come to your house and take your computer Ive STOLEN.
      If I come to your house and take MY COMPUTER that you have not paid for, I have REPOSSESSED.
      The word is important, look at it. You did not own the financed object, the financier did, which is why they REpossess, They are reestablishing their possession of THEIR money in the only way they can, claiming the agreed upon collateral.
      When you get a car through financing THE FINANCE COMPANY, not you, are buying a car. You dont own it until you give them their money and they release your title.

      Im 41 and Ive never financed a car. I dont believe in it. I rode a bike for a year, 1996, after buying a lemon because it took that long to scrape up $500 for the next crappy car. Every month I put aside a car payment, When my car breaks down I look at that account and decide, fix or replace. Cars very very very rarely appreciate, so they are a foolish place to invest. A new car is far more about vanity than transportation.

      A Prius is $24-28k new, ~$431/mo. for 50-55mpg
      A Geo Metro xfi $500-2000 used with a 1L 3 cyl gets 53-58mpg
      Want to make a real difference in the world?
      Dont buy a prius. Buy a geo every few months instead of making a car payment. If yours is still good, GIVE THE ONE YOU BOUGHT to a single parent, or a homeless person.

      But pity a deadbeat?
      Blame a finance company for holding up their end of a contract when the consumer does not?
      Thats just ignorant.

        1. No the just the hot air rushing from your gaping orifice.
          If youd like to make a constructive comment,
          If youve anything of merit to add,
          by all means…..

          But otherwise go back to reddit or 4chan.

          The topic at hand is car repossession. A result of car financing, and our debt culture. The comment, which was not yours, that I addressed vilifies the repossessor, while shifting responsibility from the indebted to our government. The reality is quite different.

          Now go find something to plug your exhaust port with, youer stinking the place up.

          1. Can you explain in detail what the point was exactly? Because you’re either suggesting to research people’s opinions on the book, or to read the book. Also, how exactly are you supposed to make money with a car that’s not even been paid for yet? Get a job as a taxi driver?

      1. Interesting point of view, every time I go to the US, companies are just trying to scam everybody into getting into some contract traps, and there are no consumer protection law there. I’m even afraid to get my non-credit card into an ATM and get some of the locals money there, in fear they would give a screen of legalize that would trap me into some bullshit contract they are so good at.

        Of course education is what you get to try to get smarter than the system, but too bad, we’re talking about the US, eduction is for the son of the banker and the repo man, not the general population there. There is lying advertisement everywhere, and no eduction to help people not go into the trap. So well, they do what they were destined to do: get a credit, buy a car, a gun and a TV and go to church on Sunday. And then trouble comes. They do what the normal uneducated people they were meant to be do: flee.

        In the mean time you’re completely forgetting that part of the capital could have been reimbursed and so the “property” of the car is not black or white, that a significant part of the credit is not paying the principal but the bank.

        Well, to be fair, I tend to agree with you that US citizens tend to be mostly retarded in respect to credit matters, and they take way too much, for non-productive goods, that a credit to a house could be understandable and a credit to the car if it’s the only way to go to work is the furthest they should go, but they are conditioned by credit companies and lack of education to think this way, they are not independent minds.

        1. Geos are all rebadged cars – the Prizm isn’t “basically” a Corolla, it *is* a Corolla, just like a Metro is a Suzuki Swift (a second-generation Suzuki Cultus), and the Tracker is a Suzuki Sidekick. The differences between them are only trim.

          Metros and Prizms are totally different cars, though – a Prizm is just a normal commuter car. Nothing special, just simple and basic. (It does tend to be one of the more cost-efficient used cars on the market at that age because most people don’t know they’re Toyotas). But the Metro is an ultramini with a 3-cylinder engine, and you don’t have equivalents for that. Yes, they suck to maintain, but the plus is that the least-reliable parts of the car are well known at this point.

          1. My Metro was a 4-cyl and can’t even imagine what the 3-cyl versions were like to drive.

            Mine had A/C with an on/off push button and I used to push the button off when I’d hit a hill and it was like having a stock nitrous oxide system. It was actually kinda fun now that I remember back… loved that car… I could park it or merge it into any gap I needed.

          2. Also: it was pretty great going to the parts yard with a list of 4 makes/models, each with a 5-7 year string that used the same parts. Sure beat now-a-days when I’m down to one make/model with a 4-year window.

        1. I was still driving my LSi 3 years ago and still see an average of 1 or 2 a week.

          They’re still out there. Maybe not as common, but certainly not rare yet. Hell, I’d still have mine if I wasnt as hard on transmissions as I am.

          1. what I mean is that most of the metros that are still in reasonable condition aren’t for sale because the owners know how efficient and simple to work on they are.

  1. I mentioned it before on HackADay.
    I donated an old pickup to a charity.
    The person who picked it up was a repo man.
    His tow truck looked like a regular pickup with a tonneau cover over the box.
    He stepped inside th cab, and pushed a button.
    The tonneau cover retracted, the tailgate lowered, a boom extended above and beyond the back of the truck,
    as the cables/attachments unfolded behind the tailgate.
    He said he could sneak into a neighborhood, push the button and drive off with the repo in about a minute.

    1. Actually, this repo guy used to have a truck that was even better then that. It was a standard pickup to look at it, with a cover, but in the back was just some tools a stuff he needed to do his job. The boom was mounted under the frame of the truck and practically invisible. If you have ever seen the large flatbed car haulers with a boom mounted under the flatbed, that is what I mean.

      He could drive up anywhere and even if they were watching for a repo guy they would not notice a random truck backing up to your car like it’s turning around until he had the wheels off the ground. And getting the wheels off the ground is all he needs to legally have possession of the car in the eyes of his state laws. Taking it back from him at that point is theft, so he has all the power then.

      Look up some of his older stuff and he has some great videos on it.

  2. The part about the SMS to the phone installing a tracker is raging made up BS. there are no GPS tracker trojans that will silently install from just receiving a SMS message. The user has to click on the link to open up a webpage or do other things to actually pull up a web page that asks for and get’s the users location, so they ALSO have to click on “yes” when it asks if that page can have their location data. In reality this only works on really dumb people that click yes to everything.

    The way it’s presented is 100% fiction and the way they presented it in the 20/20 clip is also made up fiction to hide the fact that it’s ineffective and requires a lot of user interaction to work.

      1. Adam Fabio – Stagefright is basically a non-issue. Especially if you’re running >= Android 4.0. ASLR offers the best defense and is already installed with your cell’s OS. No one is trying to exploit it yet. ASLR makes that problematic. Timgray1 is correct, you give tacit approval by opening the SMS web link and accepting all of the dialog box pop-ups.

        1. I don’t know what the attack used in the 20/20 piece entailed. It is quite possible that the service sent a link and just hoped the targets would mindlessly click through the warnings. If I do find out for sure that 20/20 was misleading in their piece I’ll update things here.
          On the stagefright front though – ASLR isn’t a guarantee of safety. Hackers are creative. When I first read about rowhammer I didn’t think it could be turned into a usable exploit. Then this happened: http://hackaday.com/2015/03/13/creative-dram-abuse-with-rowhammer/

    1. Not only the SMS is BS, the NLP is complete BS, NLP was discredited as soon as it came out. It’s nothing more than pseudoscience.
      The founding director of the Max Planck institute in Nijmegen, prof. Levelt, a professor of psychologists, wrote a nice article about it on (In Dutch) on skepsis (dot) nl (slash) nlp (dot) html.
      Basically the article explains that NLP has nothing to do with linguistics, and that it’s complete BS.

      1. I wouldn’t trust everything that article has to say about NLP, especially since it’s mostly that guy’s opinion and has very little substance. Sure, some parts of NLP are utter nonsense(like the eye accessing cues, for example) but the linguistic connection actually is there. Perhaps you ought to read up on Milton H. Erickson, or ask people who’ve had their phobias cured using the “5 minute phobia cure”. I’ve seen the phobia cure work with my own eyes. Anyway, I’m the first to call BS on anything in the NLP community but I’ve seen enough to know not all is BS.

      1. All you need to do is send a link to the target. They open the link, the link asks for use of their GPS, and you collect it (because either you control the server directly, or it’s a service you pay for). People are so trained to just saying “yes” when their phone asks if they can use GPS that there’s a pretty good chance they’ll agree.

    2. I don’t know if it can be used to install a GPS tracker, but SIM toolkit is used to receive messages silently and take actions without any user interaction. It’s used for control of prepaid phones, and other operator housekeeping.

  3. WTH when did social engineering become a term that one more where one has to decided the context of it’s use? No doubt the are are fashion terms that describe this, but I guess the problem with those is that they would be old fashioned. I suppose at times those insist on self ID as “hackers”, they have to employ this sort of social engineering to get hacker spaces in operation

    1. Try proof reading next time! “Social Engineering” (hacker) is a term-of-art and not to be confused with more traditional dictionary definitions. The term in the intelligence community (and private detectives) is “Pretext”. It’s basically allowing the victim to come to their own conclusions (albeit false) about you with a little help. A little like the the 1970’s ROCKFORD FILES American TV show?

      What is PRETEXTING: http://pursuitmag.com/pretexting-law-tips-for-detective-writers/

  4. These guys live endangered lives, time will give us all cars that THEY will control.
    Just disable and report location. Send police to assist in pickup if needed, with personal items etc.

      1. How long before license plates will have an RFID implanted in them, and nearly every intersection an RFID reader?
        Sure your old car may not have remote disable, but through RFID and traffic cameras they’ll be able to track you.
        In that future, disabling the RFID will be a felony.

        1. @Ren – Too late! Not only do the US cops use license plate readers nationwide which is far worse (I got caught once) but the new credit cards are coming out with them right now. Also Walmart uses RFIDs in merchandise to curtail shoplifting but soon they will use them for POS (point of sale). They will know every item in your cart (and under your coat) as you walk up to cash register.

          MOBIL gas stations used them for automatic POS billing as you pull up to the pump. People put them into their pets to track them. May soon put them into your kid’s wristwatch or under skin too. There is a new RFID String which has much longer range and can be hidden more covertly.

          Traffic cameras already do track you for quite a while now. All one would need is a powerful IR flasher on your car’s bumper and naked eye sees nothing but you stand out like a sore thumb on traffic cameras (and actual car tails). If you code the pulses they can differentiate you from another trackee. Traffic cams have no IR filters.

          1. Does it matter? They have to know every item in the cart to bill you. Sure, they’ll know it a few seconds earlier with RFID, but I don’t see that being a problem as long as they don’t track it.

          2. Michael Chen – to me it doesn’t matter as I am NOT a Luddite. I really enjoy technology. However, mostly ALL big retailers with membership card systems do indeed track your purchase history. They use personality profiling applications against that database. Guess who also sends “national security letters” to them to have access to those customer databases? So far they (retailers) haven’t tied credit card tracking to non-members nor facial recog tracking, but give them time they will. But the other “they” does via data-mining and private CCTV backdoor access.The US TV show PERSON OF INTEREST is not too far off into science fiction.

          3. Greenaum – Walmart is experimenting with new technology like a spy agency would. I guess so since their VP of Global Security is Kenneth Senser. Google him to see his background. The new RFID POS system is only in beta right now. It has too any kinks in it right now. The EAS (anti shoplifting tags) system is based on the same technology in where the tag is simple a parasitic-powered mini transmitter. RFID’s are basically the same thing but add a digital signal encoder modulator to the signal that sends out a digital ID code number used to track against a database.

            Checkout what Walmart is doing with focused audio hypersonic loudspeakers. Only the US Navy uses them in the field right now. If you were evil enuf’ you could make a schizo think he was talking to God or something even more insidious.

        2. At least 30 years. you expect a DMV to do this for banks? you also expect banks to install the scanners for free? The idiots running the banks cant even roll out chip in card properly.

      2. There’ll get to a point where you’ll end up driving no car at all. The idea of consumer choice and free democracy are bullshit. You get a small amount of choice between a few variations on a theme. For all sorts of reasons, but basically it’s established hegemonies.

        Car manufacturers don’t have to sell what you want, just what you’ll buy. In democracy, if it’s a choice between 2 parties offering more of the same with a few decorative differences, then that’s what you get.

        I’d outlaw political parties, given the chance, have every representative stand on their own merits and policies. Eliminate parties acting in the party’s best interest. Just the politician acting in his own, or hopefully his voters’, interest. And if we don’t like him, he can be replaced quickly and permanently.

        It’d also make media bias more difficult. I’d use the Internet to make more information available. Of course, as ever, the weak point is many people’s basic stupidness, pretty hard to engineer around.

        In the meantime, you get what you’re given. You may choose freely between liking it or lumping it.

        1. In the mean time what would you do about American LOBBYISTS? They are the main reason why we are so dysfunctional compared to other world democracies.Special Interest groups should be outlawed. However, how will our rich Congress people stay rich (i.e. wealthy)? The Internet could be refined it someone would startup a FACT CHECKER database not geared to politics but to Internet-based conspiracy theories and stuff of that genre.

          1. That too. Actually a register of lobbyists, who they work for, which politicians they take out to dinner, and what other gifts they give them, would be invaluable.

            And it’d probably get a few visitors too! Might be profitable. Or you could sell access to journalists and the like, like Lexis Nexis does.

            Yeah, grift, favours, and flat-out bribery seem to run the USA these days. In the UK it’s the Tories helping out their old school chums, who usually end up running the big corporations, especially banks. And then after a few terms of useful service, an MP ends up with a job on the board of the company they’ve been such a chum to. A very well-paid job with fantastic benefits and a very flexible attitude about actually turning up to work.

            Not saying the other parties don’t ever do that. But with the Tories it’s an inseparable part of their identity. Though all parties can get too friendly with big donors. No parties = no donors. No big expensive election campaigns. Just your local guy in the local paper, telling you what his policies are. Parties are self-serving behemoths. Of course an independent can still be self-serving, but that’s on a scale we can deal with.

        2. “In democracy, if it’s a choice between 2 parties offering more of the same with a few decorative differences, then that’s what you get. ”

          This so called “western democracy” has been created first by the British nobility just to immortalize their system – when they feared being beheaded like their peers in France … ; just select two apparent antagonists and create an illusion of choice to poor masses. It’s a bit like wrestling, the two fighters don’t do much harm each other, only the manager runs the show. It worked beyond all expectations in the UK. The Queen is still there, she owns almost half of London and the Lords still rule the empire, just behind the scene. This system has been polished to the perfection in the US with the “Republicans” and the “Democrats”. There are just cosmetic differences between the two. Every other alternative is demolished by the mainstream media, aka the presstitutes.

          Inside each party, the candidates hopeful are carefully chosen. No surprise please.

    1. If you watch his videos, he does mention that some of the high risk taking lenders will put a tracker in the car as part of the deal. You don’t pay and they disable the starter and give the repo man the address to pick it up. These are for people who have been problems before usually. He also sometimes adds a GPS tracker to the vehicles to track them in order to get them at a safe location or in case they get the car back but don’t make the next payment. I’ve seen him grab one car 3 times over a few months because the finance company kept giving it back to the driver. GPS made future finds easier.

  5. My B-I-L used to repossess semi-tractors, this was back before cell phones and internet.
    It was ALL social engineering.
    One of the tactics, find someone who has a beef on the delinquent. Offer them a reward to call when the tractor shows up at their home-20 or whereever.

    1. No kidding. This article is riddled inaccuracies and contradictions.

      “That video is also a great example of how [Matt] always tries to allow the vehicle owners to get anything they need from the car before it is towed. The repossession is for cars, not child car-seats, cell phones, or anything else.”

      He didn’t make any such effort with the woman at the tire shop, and it looked like she might have been living out of that car. I hope he checked that cooler in the backseat for food that might spoil and stink up the bank’s car. He could have driven back to the tire shop with the car in tow to explain what he did and allow her to get her things out of the car.

      Maybe he’s allowed to make off with the key and things inside the car, but what about the key ring and the other objects (keys, fobs, etc.) that were probably attached to it? Didn’t he just plain steal those items? And how did he know for sure he was making off with the correct set of keys? It looks to me like he’s tearing through a legal minefield with that truck.

      I’m sure the tire shop didn’t appreciate that little stunt either. They probably thought someone had just stolen a customer’s car, and then they had the angry customer to deal with. There’s no telling how much time they wasted dealing with that situation. This guy clearly just wants to collect his $350 and has little regard for anyone who gets in his way. Any apparent courtesy he exhibits is simply to calm the debtor down so his job is a little easier or to gain more information.

      The creditors this guy works for are certainly getting their money’s worth, but I wonder if he appreciates the level of risk he’s taking for a relatively small fee. I hope HaD publishes an update when this guy inevitably ends up in jail or gets hurt or killed by a psychotic debtor.

      I’m not saying deadbeat borrowers shouldn’t be subject to repossessions. I’m just saying this particular repo man is an inconsiderate lunatic.

      1. You’ve also got to realize that cars are repossessed only after months of letters from the lien holder and calls from collection agencies warning of impending repossession. A lot of these people play a months-long game of “hide the car” from the repo man, and when they finally screw up and leave the car somewhere accessible, they can’t possibly really think it was stolen. They know full well where the car went, even if they might not admit it to the service writer.

        And yeah, it’s a dangerous business. I did a few repos when I drove a tow truck back in the 80s and it’s not fun having a gun stuck in your face over a lousy car. We all find ways to make a living, though.

        Thanks for the article, Adam. It brought back some interesting memories.

  6. Years ago when GPS was still expensive, I designed a GPS location system for a well known buy here pay here franchise. The unit would track a car and when it wasn’t moving for a certain amount of time, an operator could disable it. If the person didn’t pay up, they could disable the unit. If the person found the GPS and removed it, when it was removed, the vehicle would “self destruct”. The ECU was disabled from a second piece of electronics. So removing the GPS also disabled the unit. If the person then removed the disability unit, a third installed device would fry the ECU and TCU (if it had one).

    Remove the battery before removing the devices? You had to wait 30 days or better as we had super caps on the units that would sit there and still provide enough juice to do what it was supposed to do. Long and short of it, at 22.5% interest and going into it, people knew that the car could be disabled, I to this day, do not know of one vehicle that wasn’t repo’d unless the person just smashed it into a nice little cube.

    On Semi trailers (not the cab) as cost came down, we installed 3 GPS monitors on a trailer. Doofuses would find one of them, remove it and say, “Done!” The other 2 functioned well. There is something to be said for redundancy. I can’t tell you how many of those trailers ended up over our southern border.

    Here is how not to do it…

    http://www.nytimes.com/1999/08/30/us/auto-dealer-has-an-offer-for-drivers-with-bad-credit-but-there-s-a-catch.html?pagewanted=all

    Later, we figured out how to install them into high end rent to own televisions. Being an engineer and being hired to foil crime is great. I have never been sued and neither has any of my clients.

    We are not quite to the point of the repo man movie, but we are getting there. When your heart misses a few beats…well, that would not be allowed, unless it was installed in a lawyer because we all know they don’t have one…lol.

    1. Have you seen “Repo: The Genetic Opera”? It’s a bit of a cult film. Set in the near future where an epidemic forced a lot of people to need artificial organs. Bought on credit. If you fall behind, they’re repossessed. By a guy with a lot of blades!

      It’s a sort-of metal-rock-goth opera, with some really good songs. Made on a tight budget but really good. And believe it or not, Paris Hilton’s in it, and she’s not terrible! I mean she’s not great. But she’s in scenes she can do, and not too many of them. Playing a spoiled, out of control, drug-addicted heiress. She manages.

      Ah wait, *slutty* heiress, I missed that. She manages the role.

    1. He also states that he creates fraudulent socail media accounts where he impersonates other people in order to carry out his trade. This is not only unethical, it’s also illegal in the USA.

      It’s commonly known that bounty hunters, repo men, and private investigators routinely break many serious laws in the practice of their business. They simply aren’t a very hated group in the USA, at least from law enforcement’s point of view.

      If I was this guy’s lawyer, I would crap my pants and demand that he took some of these videos down immediately before dropping him as a client.

        1. The American Pentagon (DoD) is using a AI sockpuppet generator to engage people on social media. Mission? To flush out possible DoD POI’s – persons of interest. I forget the name of the project. I really don’t get the purpose of it but essentially you could be conversing with a supercomputer and not even notice it. I think I read it in WIRED magazine or something. Said it had the ability to create sockpuppet accounts and use them with little to no human interaction. It was another DARPA cyber-project.

  7. *sigh*

    [quote] In a case like this, [Matt] is still [s]payed[/s][b]paid[/b] his full fee,…[/quote]

    [quote]When a debtor stopped to pick up new [s]tries[/s][b]tires[/b] for a vehicle with a repo order on it, [/quote]

      1. What where you gong for with the [s] tag? the bold tags should have worked but I think you hosed the format with the quote tags.Not sure Word Press supports that one. Next time use the italics tag to format a quote. The s tag must be the subscript tag. Also not supported here. Try just bolding it.

  8. I will point out that laser light does not show up unless something enters the beam to reflects it. In the video, the green laser (not the ‘production’ one) they have smoke/fog/similar to illuminate the laser. Yet in the ‘product’ video, there isn’t, yet it all shows up. They show the ‘laser’ like they do in movies… well illuminated and easy to see.

    I have also been perplexed at best, since before HAD first posted it (having seen it prior) how the laser allegedly did not burn off skin. There isn’t any easy, obvious, practical way to get standing hair *closely*and leave the skin alone.

  9. lol spearfishing….phishing? lol i’ve been doing recovery work in nyc for 15 years. i don’t know how things work in rural areas, but in the city, about 80% of the addresses the lenders provide are not current addresses for the debtor or are mail dumps ( a relatives or friends, etc, addresses used by the debtor for receiving mail, registering vehicles and using on loan applications among other things). an even larger percentage of the phone number provided by the lender are not current. most of the debtors use prepaid phones that need to be constantly replenished before their minutes run out, in order to retain the same phone number. most debtors pay their cell phone bill with the same promptness that they pay their car loans. so most of the time, if you do not get a nis prompt, the person on the other end of the phone is not the debtor. as of the last few month lenders forbid any phone calls to the debtor by repo agents period. so much for spearphilshing and other forms of social engineering. the method used to locate the reporter was obviously done for demonstration purposes only. tracking another persons cell phone without their permission is illegal in the united states, unless you are a parent tracking your minor child’s cell phone or the person gives you permission to locate them, which the reported obviously did. the best hope of finding the cars are by running lpr systems (license plate readers) on your trucks and spotter cars which will enable you to compile a large historical database of every license plate you have ever driven past that can then be matched to the plate numbers of vehicles you are assigned to locate. another sure fire method is using parking ticket databases which are public record. almost every delinquent debtor is also a scofflaw or has at least inadvertently received a few parking tickets. other than that, good luck in the big city. .

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.