Tobias is laughing. And laughing. The effect is disconcerting. It's a bwa-ha-ha kind of evil mastermind laugh—appropriate if you've just sacked Constantinople, checkmated Deep Blue, or handed Superman a Dixie cup of kryptonite Kool-Aid, but downright scary in a midtown Manhattan restaurant during the early-bird special. This article has been reproduced in a new format and may be missing content or contain faulty links. Contact wiredlabs@wired.com to report an issue. Our fellow diners begin to stare. Tobias doesn't notice and wouldn't care anyway. He's as rumpled and wild as a nerdy grizzly bear. His place mat is covered in diagrams and sketched floor plans and scribbled arrows. His laugh fits him like a tinfoil hat. It goes on for a solid 20 seconds. But Tobias isn't crazy. Far from it. He's a professional lock breaker, a man obsessively—perhaps compulsively—dedicated to cracking physical security systems. He doesn't play games, he rarely sees movies, he doesn't attend to plants or pets or, currently, a girlfriend. Tobias hacks locks. Then he teaches the public how to hack them, too. Like many exceedingly bright people, Tobias has the exhausted air of a know-it-all. Over dozens of dinners, he has walked me through how to pick simple locks ("Uh, is there something wrong with your hands?") and bypass combination dials ("A brain-damaged monkey could do it faster"). He has described how to outwit security technologies like motion detectors ("Duh"), face-recognition software ("It's stupid, even if you think about it!"), fingerprint scans ("What child came up with that?"), and heat sensors ("You can get this one—maybe"). 3 cylinder lock. For more, visit wired.com/video Marc Tobias and Tobias Bluzmanis attempt to bump the high-security Medecocylinder lock. We've covered key card hotel locks over seafood, in-room credit card safes over sandwiches. While we ate a decent steak dinner, Tobias used the house crayons to diagram one of the largest jewel robberies in history; over dessert, he showed me how a person less honest than himself would pull the heist again. Thinking like a criminal is Tobias' idea of fun. It makes him laugh. It has also made him money and earned him a reputation as something of the Rain Man of lock-breaking. Even if you've never heard of Tobias, you may know his work: He's the guy who figured out how to steal your bike, unlock your front door, crack your gun lock, blow up your airplane, and hijack your mail. Marc Weber Tobias has a name for the headache he inflicts on his targets: the Marc Weber Tobias problem. Lock-breaking is equal parts art and science. So is the ability to royally piss people off. Tobias is a veritable da Vinci at both endeavors. His Web site's streaming video of prepubescent kids gleefully opening gun locks has won him no points with mothers or locksmiths, and his ideas about how to smuggle liquid explosive reagents onto commercial airlines spookily presaged the Transportation Security Administration's prohibitions against carry-on liquids. Over the past 20 years, Tobias has been threatened by casinos, banned from hotel chains, and bullied by legions of corporate lawyers. And enjoyed every minute of it. For more, visit wired.com/video Tobias discusses full disclosure, his obsession, and his favorite pranks. But to Tobias, pissing off The Man isn't the point, not entirely. Nor is it, entirely, to make himself famous or rich—not that he's allergic to either outcome. The point, he says, is to "make shit better." Tobias thinks of himself as a humble public servant. When he attacks the Kryptonite bike lock or the Club (or those in-room safes at Holiday Inn or Caesars Palace), he's not a bad guy—he's just Ralph Nader with a slim jim, protecting consumers by exposing locks, safes, and security systems that aren't actually locked, safe, or secure. At least, not from people like him. The problem, if you're a safe company or a lock maker, is that Tobias makes it all public through hacker confabs, posts on his Security.org site, and tech blogs like Engadget. He views this glasnost as a public service. Others see a hacker how-to that makes The Anarchist Cookbook read like Betty Crocker. And where Tobias sees a splendid expression of First Amendment rights, locksmiths and security companies see a criminal finishing school. Tobias isn't just exposing problems, they say. He is the problem. But forget bike locks and hotel room safes: These days, Tobias is attacking the lock famous for protecting places like military installations and the homes of American presidents and British royals. Between stabs at his salad, Tobias hands me his latest idea of fun: nearly 300 pages of self-published hacker-porn detailing his attack on the allegedly uncrackable Medeco high-security lock. "Trust me, this will cause a goddamned riot!" he says, dabbing at tears of joy with a paper napkin. "Oh yeah, this is way, way bigger than the liquid explosives thing!" And he's right, it is bigger—and with way, way bigger consequences. Some Marc Weber Tobias problems rattle companies. Others end as consulting contracts or dropped lawsuits or forcibly improved design. But all Tobias problems, like all hacker stories, start with a nerdy kid in a basement workshop, taking things apart.

Tobias is Ralph Nader with a slim jim. Photo: Phillip Toledano Tobias' basement was in the Denver suburbs of the 1950s, back when the global data carrier wasn't the Internet but Ma Bell. The Bell System said you had to use its equipment and protocols and pay a dime to access its network; Tobias figured out how to do it with a penny. At the time, the saying was "Ma Bell has you by the calls." Young Tobias saw the company as a Goliath, "a big corporate monopoly intent on ripping everyone off." It was the perfect target for an aspiring pain in the ass. With practice, the inscrutable pay phone boxes began giving up their secrets. Tobias was fascinated, then disappointed; once you saw how the machine worked, it was obvious, stupid even. All you had to do was hit the coin return thingy at the right moment, launch a penny into the nickel slot, and the circuit connected. Stupid. And the stupidest thing of all was that the phone company counted on customers being more stupid than their stupid machine. To a 15-year-old troublemaker, this was either an insult or a challenge. Tobias decided it was both and decided to take it personally. Cheap phone calls weren't the point. Beating the machine, hacking the lock: These were acts of vindication, proof that you were right and others wrong, proof that you were better than the suckers. Now Tobias started turning up at school dances—not to show off his Hand Jive, of course, but to showcase his new phone trick. It was a nerdy cool: David outgeeking Goliath. He felt a ripple of electricity whenever he teased a dial tone out of a machine, and at collection time the company men found pennies where nickels should have been. But penny games were greasy kids' stuff. Soon Tobias started phone phreaking—building devices known as blue boxes that mimic phone tones to speak directly to the switching machines. Like his other Ma Bell trick, the point of this hack wasn't just to get free long-distance calls; it was to solve the most interesting puzzle possible. He had a lot of fun. Recounting these triumphs delights Tobias, and soon his rant becomes a waggle dance of pure geek glee. His eyelids flutter as his eyeballs scan and rescan space like a stuttering robot. Tobias can present a closed and curmudgeonly attitude to strangers, but this subject opens him up like a tickled child. "All lock breakers talk about the intellectual challenge being like chess," he says. "But really, it's much better, because you're pitted against smart guys and millions of dollars of engineering designed to keep you out!" Through the late '60s and early '70s, as his university campus exploded in drugs and protest, Tobias was monkishly working his way through the dorm's pin-tumbler master key system. For a solitary kid with fierce concentration and odd social skills, locks provided rewards the outside world never could. "Basically, I've given up women for locks," Tobias laughs. "They're dependable, and their problems are understandable—if you focus long enough, you can actually figure them out!" On weekends he did file-drawer wafer locks, combination dials from lockers, and, eventually, simple safes. The technical permutations filled notebooks, then a filing cabinet. By senior year, Tobias was methodically chronicling his discoveries in what became a hacker's encyclopedia. Over the next few decades, this would evolve into a book and multimedia CD-ROM called Locks, Safes, and Security: An International Police Reference (1,411 pages; $220). In the trade, it's usually just called the bible. Since Tobias had his sights set on being a professional pain in the ass, law school was a natural choice. So was a private investigator's license. And a polygraph license. And invitations to help sheriff's department investigations. Soon Tobias was trapping racketeers through wiretaps and rigging hidden cameras in hospitals and churches to catch junkie night nurses and pedophile Catholic priests. ("That was really fun," Tobias says. "Especially as a Jew.") And if in the course of an investigation a locked door needed opening or a security system needed circumventing—well, he had some methods for that, too. By the 1980s, Tobias had settled into a career working the edges of law enforcement. His gigs had paired him with the South Dakota attorney general's office, the state highway patrol, and more than half a dozen police and sheriff's departments. He had been a PI. He had worked with informants in two states' penitentiaries and as a wired-up undercover operative buying dope, a prosecutor, and a consultant. He was a personal friend of the governor. By all conventional measures, Tobias was a successful adult. But somewhere deep inside, that 15-year-old tinkerer was still looking for trouble. He found it by doing street theater to disgrace a parking-meter manufacturer in Sioux Falls, by planning a mock press conference in Minneapolis (resulting in a panicked attempt to ban him from the Marriott hotel chain), and by threatening to take his in-room safecracking show to the Vegas Strip. ("Caesars' security really didn't find it funny," Tobias says. "So I flew to a hotel near Disney World and did it there instead.") When the 50th anniversary of the bombing of Pearl Harbor came and went without an apology from the Japanese government, Tobias decided to sneak-attack a Japanese company by decoding the magnetic key cards for its hotel door locks.

"Do I like to make trouble? Of course, I'm a lawyer!" Tobias says. "Ask yourself, why does a lawyer pick locks? The answer is liability. A lot of companies are arrogant and greedy and stupid bullies who put people at risk. They deserve to have a Marc Weber Tobias problem!" And year after year, Tobias delighted in creating them, hitting Elsafe and the Club, Targus combination and Master locks, iPod leashes and laptop cables. He did the Kryptonite with a Bic pen, post office boxes with a filed key, and electronic home security systems with a UHF walkie-talkie. He was having fun. And in response, the lock companies were forced to address his hacks by upgrading their technology. True to his code, Tobias' meddling was "making shit better." It was all going swimmingly. Then, in the early 2000s, he became increasingly fascinated with the crack cocaine of lock-picking: a technique called bumping. It would lead him to a lock breaker almost as obsessed as he was—and to the biggest security drama of his career. Bumping is simple: Insert a filed-down key into a lock, then knock it with a hammer to momentarily pop the lock's pins into an open position. Like the Bic pen technique for defeating the Kryptonite lock, it's perfect for opportunistic bad guys; any idiot with a few tools and minimal skill can use it to open most cheap front-door locks worldwide. Though well-known in Europe, bumping was still relatively obscure in the US—until Tobias began introducing it at hacker conferences in 2004. Not surprisingly, news of the imminent bumping epidemic was media catnip. Tobias was interviewed dozens of times for the kind of scare pieces that local newscasts wedge between weather and sports. It didn't take much to imagine all the paranoid scenarios: Kids study Tobias' online video, crack the lock off Dad's Glock, and put holes in things that shouldn't have them. Enterprising junkies embark on habit-feeding crime waves. Hotel rooms, no longer secure, become magnets for burglary and rape. High school truants walk the halls shimming combination locks off rows of lockers. Crime gangs use Tobias' case study to copycat the 2003 Antwerp diamond heist, while tech terrorists simply co-opt the master list of Marc Weber Tobias problems to outwit America's Keystone Kop-homeland security and generally blow stuff up. The world is unzipped. And our innocence—not to mention a good deal of our cash, jewelry, and portable electronics—is lost. Tobias shrugged off such concerns, along with the hate mail. Scaring citizens to attention is part of his educational program. "Do you really think ignorance will keep you safe?" he asks. "Is it even an option?" But what did worry him was the growing anger among members of the Associated Locksmiths of America, the largest lock-industry trade group in the country. An ALOA member filed a formal grievance for violation of the association's code of ethics after Tobias spoke at the 2004 HOPE (Hackers on Planet Earth) conference in New York City. After Tobias appeared at the 2007 Defcon meeting in Las Vegas, ALOA threatened to kick him out of the organization for presenting security weaknesses to hackers and continuing to associate with enterprises of "questionable character." Since much of Tobias' income comes as a consultant to lock companies that rely on ALOA, for once he'd met a threat he couldn't afford to shrug off. Tobias understands why some ALOA members despise him, and he's sympathetic, to a point. "They're pissed because I keep telling them that it's not a guild and that there are no secrets," he says. "It's called the Internet—duh!" But Tobias' information-age philosophy belies a practical problem: Locks are not software, and you can't download a patch for your front door. Until someone pays to swap out that hardware, it's vulnerable. And so are you. But where most locksmiths saw menace, a manufacturer called Medeco High Security Locks sensed a marketing opportunity. For four decades, Medeco systems have defined high security (a technical designation indicating resistance against covert-entry attack for 10 to 15 minutes, depending on which of two laboratory standards is used). While Medeco locks are obviously not the only barrier between an evildoer and, say, US nuclear codes, they are some of the best locks ever made—and over the years, they have secured most everything worth protecting: storefronts and corporate offices, even the Department of Defense, courthouses, UN buildings, and military and munitions facilities worldwide. And the company's newest line of locks, Medeco3, was essentially a promise in brass and steel. Medeco trumpeted the fact that the lock protected the residences of the British royals and the US president. A press release emphasized that while cheaper locks might be susceptible to bumping, "not all locks can be bumped." And consumers should "know the differences." Soon Clyde Roberson, Medeco's director of technical services, also began appearing on those local news scare pieces, raising the alarm about the bump menace while touting a lock that, the news reports said, "can't be bumped." And Medeco didn't deny the "bump-proof" claims. (As this article went to press, the company Web site continued to link to the reports.) In August 2006, Medeco even filed paperwork to trademark the term bump-proof.

Bumping was a PR boon for Medeco's $100-plus high-security locks, and Tobias was the technique's American prophet. But even as Medeco's Roberson thanked Tobias for the publicity, the lock cracker had begun to preach a new message: Medeco's hardware was good, but not good for everyone—and certainly nowhere as good as company executives claimed. "I told them the whole 'bump-proof' thing was a terrible idea," Tobias says. One reason: a young Latin American locksmith named, coincidentally, Tobias. Like Marc Tobias, Tobias Bluzmanis had started his lock-hacking career by taking things apart down in his parents' basement (in this case, in Caracas, Venezuela). After moving to Miami, Bluzmanis spent nearly two years moonlighting in his workshop, obsessed with inventing a gizmo to determine pin position in Medeco locks. His lawyer wrote to Medeco, describing the device. The company evinced little interest, replying with a form letter. When Bluzmanis turned to Tobias for advice, the older man spotted something special. It wasn't the invention—several lock engineers had designed similar decoders decades earlier, to no effect. The impressive thing was that Bluzmanis had done it without formal engineering training or knowledge of the previous efforts. Essentially, Bluzmanis had been clever enough to reinvent the wheel. Tobias saw potential in Bluzmanis—and a possible partner. By July 2006, the two were meeting regularly in the back of a Miami locksmith shop, hunting for the Medeco's vulnerabilities. Bluzmanis and Tobias are a classic odd couple: Bluzmanis is a tall, soft-spoken Venezuelan with a new family and a taste for red wine. Tobias is an outspoken, midsize, middle-aged, middle-American bachelor and lifelong teetotaler. But crouching geek-to-geek at a workbench, squinting into a puzzling keyhole, the differences didn't matter. The lock-cracking quest took on the intensity of a recurring fever dream as night after night they employed paper clips, needle-nose pliers, a plane sander, safe-deposit key blanks, plastic sheets, lock-picking tools, tension wrenches, and lots and lots of paper. They divided the Medeco3 mechanism into a series of problems, then devised theories to attack each in order. By December 2006, Bluzmanis and Tobias had discovered a method for opening the Medeco3 in about a minute. Tobias called Roberson immediately. "We figured he'd be as interested as we were," Bluzmanis says. "But he said, 'No, it's impossible; the locks must have been defective.'" So a few weeks later, Tobias sent Roberson the breached hardware along with a video of them opening a couple of Medeco locks. "I even posted the clip on my Web site," Tobias says. The password for access: Roberson's initials and phone extension. Then Tobias and Bluzmanis sat back and waited. What did they expect? Perhaps a press conference, at least some attaboys for cracking the lock equivalent of Fermat's last theorem. They had just slain Goliath on digital video. But Goliath didn't appear to care. In fact, according to Tobias, Goliath was no longer returning phone calls. Tobias says that even after five weeks he had heard nothing substantial from Roberson: "He said nobody had looked at the video or examined the locks; they were too busy. I mean, give me a break!" (Roberson says he can't remember the specifics but has "always appropriately responded to any reasonable inquiry" that Tobias made.) But internally, Medeco was making adjustments. Online, the company changed its claim to "virtually bump-proof" and stopped pursuing its application to trademark bump-proof. Yet Medeco still wouldn't comment on Tobias' discovery. Nothing could piss off Tobias more. And so what had started as an intellectual pursuit now became a crusade. Tobias needed proof, a confession. But Medeco would no longer engage in any substantial conversation with him. So he started using surrogates and taping the calls. "Customer service was still saying they couldn't be picked or bumped," Tobias fumes. "At the conferences, my colleagues were being told, 'Hey, Marc Tobias is just a crank and a liar trying to extort hush money from the company!'" Sitting across from Tobias at dinner, protecting my food from flying spittle, I don't really need to ask if he's pissed off. But I do anyway. "What?" he shrieks, alarming the waiter. "Of course I'm pissed off! Everybody should be pissed off!"

"It's not about me. It's about what these locks protect," Tobias says. "Medeco locks are the best in the world—that's why they're used by the Pentagon, the embassies. These agencies believe that the locks can't be picked in under 15 minutes, that they can't be bumped, that you can't trace keys onto plastic. It's the definition of high security—and it's wrong! We proved it." "Look," he says, taking it down a few notches. "If we can do it, so can the bad guys. Medeco needs to acknowledge it and let the locksmiths know it—and the DOD, FBI, CIA, Secret Service, and all their clients." Tobias blinks frantically, trying to clear this appalling reality from his view-screen. "You know, they could have just admitted the problem. Just said, 'Marc, you're right and we're wrong and we need to admit this publicly and fix it.' But did they do that?" Tobias waggles an emphatic no. "Instead, they called me an extortionist and trashed the Marc Tobias reputation. And they're going to pay for that," he says, stabbing the defenseless tablecloth for emphasis. "Oh yeah, arrogance does have its price." Cheated of intellectual laurels and shut out by one of the most revered lock companies in the world, his only option now was to go Rambo. He would take this Marc Weber Tobias problem directly to the public. First, Tobias wrote another encyclopedic manual, called Open in Thirty Seconds, and in 261 excruciatingly detailed pages, he and Bluzmanis explained exactly how they exploited the Medeco vulnerabilities—and exactly how you could exploit them, too. They spelled out not only picking and bumping attacks but other Medeco3 hacks as well and crowned the work with a cheeky introduction "thanking" Clyde Roberson of Medeco for "making this possible." (Their DIY method for duplicating keys using a photocopier, an X-Acto knife, and some old credit cards will be included in the next edition.) Then Tobias had 3,000 copies printed (it's available on Amazon.com and his Web site), packed up his locks, socks, and underwear, and hit the road. Maybe this meeting was in Myrtle Beach or Dallas or Dubai. Or Kuala Lumpur or Amsterdam or San Francisco—it doesn't matter, since nobody was officially here anyway. Call them spooks, black-bag operators, whitehats, covert-entry men. You can't call them anything else, because the people who run security for federal agencies don't wear uniforms or name tags. They don't introduce themselves, and they never, ever speak on the record. When they meet, it's by personal invitation in rented rooms stocked with Styrofoam cups and nondairy creamer. Theirs is a universe of complete secrecy and total deniability, of national secrets and nuclear footballs, clothed in the anonymity of Dockers and Ecco walkers. But even in this shadow world, these men had faith in certain fundamental truths, like the reliability of Medeco locks. These were the locks that defined high security. They couldn't be hacked, not quickly and quietly, not covertly, not with picks or jiggle keys, and definitely not with blanks cut from credit cards. These men had known this for sure, and for decades. And yet they gathered last summer to sit in rented chairs and experience the latest Marc Weber Tobias problem. Laid out on a rented table were new Medeco locks, picking kits, bump hammers, jiggle keys, a paper clip, and a vise. Tobias clicked through his PowerPoint slides, then hit the lights. He stood aside while the spooks tried the technique themselves, one after another. "Well, I'll be damned," said the man from the European military security organization. "Good golly," said the man with desert cargo pants and a jarhead cut. "Hmm," said the security guy for a US government acronym. Tobias swallowed a smirk. "I'm sure you know what these protect…" "Uh-huh," the American spook said. The lock was open. It wasn't supposed to be. He held it between his fingers like a radioactive turd. "This," he said, "is a problem." Suddenly, it was all too easy to imagine real-life Tobias attacks: A mole in Defense or Treasury borrows a key for five minutes. He photocopies it and emails the scan, distributing a master key that can access a whole floor. And all those security protocols based on 10-minute response times? Now an expert covert team might take seconds, not hours or minutes, to open a target's door. Not every lock, not every door—but still, the impossible was now clearly possible. And how long had the Tobias attack been out there? Did the Chinese have it yet? You could see part of the room thinking, "Holy crap, if the terrorists are half as smart as the hackers, they've already won," and the other part thinking, "Holy crap, how can we use this trick to screw everyone else?" Suddenly, there was a new menu of spy-world options, from embassy break-ins and bug placement to military, diplomatic, and industrial espionage.