In the middle of the night, in a Hamilton suburb, a young man walks up a driveway, turns a key in the door of a parked Acura and quietly gets into the driver's seat.
He doesn't start the car, instead reaching into his bag to pull out something that looks a bit like an oversized vintage Nintendo controller, 13-by-30 centimetres with a bright blue rubber border.
With a USB cable, he plugs it into the car's diagnostic system and punches some buttons. Then, trying the key, he hears the engine come to life. He backs out and drives away. Before the sun rises, he does the same with four more cars – and in that way, in less than a year, 500 cars in and around the GTA worth $30-million are silently taken.
"They never think they're going to get caught, because this isn't a violent crime," said Toronto police Staff Inspector Mike Earl, who helped bust the car-theft ring in the GTA last year – a more sophisticated scheme than police had seen before. "They're flying under the radar because they're doing these things at three, four o'clock in the morning." The cars, he said, are "already maybe in a shipping container before they're even reported stolen."
Forget hot-wiring: It's a new day for the old crime of stealing cars.
Today's thieves exploit the vulnerabilities of modern automotive technology, bypassing security systems in a matter of seconds.
And the cars' hapless owners aren't the only victims: Black-market proceeds from North American car-theft rings, such as the one Staff Insp. Earl helped dismantle – in which most of the vehicles were shipped to Ghana and Nigeria and sold for half their original price – are often used to fund organized crime or even terrorism overseas.
It's more than a billion-dollar-a-year business in Canada alone, experts say. In some cases, the cars in the Toronto caper had been promised to black-market buyers long before they even reached the city, Staff Insp. Earl said. "This information is being obtained before it's even sold to a person," he said. "Before it's even delivered to the dealership."
The crime ring relied on a network of insiders. Three of the accused men worked at shipping yards – one in Concord, the other in east-end Toronto – where they had a few moments alone in brand-new cars that were on their way to dealers, police said. While driving a luxury vehicle off a rail container and parking it, the employees just needed to snap a photo of its key fob and make sure to copy the vehicle identification number (VIN) as well as the key code.
With all the information they need to cut a new key for the car, it was simply a question of waiting until someone took it home. A fourth member of the racket – allegedly a woman who worked at Service Ontario in Pickering – would notify them when someone registered a car with one of the stolen VINs. A conspiring locksmith would cut a new key. Then, with the hand-held electronic device that would allow them to program the key, the thieves would pick up the car at its new address.
Police believe there were at least 24 members of the ring. Eighteen were arrested, including the four insiders, with six still wanted. "It was like a company, almost," Staff Insp. Earl said. "You have your thieves, you have your brokers, you have your information-gatherers."
While still before the courts, the case has laid bare vulnerabilities across the system. Service Ontario takes breaches of customer privacy seriously and "recently implemented increased security practices and procedures," said spokeswoman Anne-Marie Flanagan. A spokesman for CN Rail, which owns one of the offloading facilities where the vehicle information was stolen, said the company co-operated fully with police but would not say whether it had changed its security measures after the bust.
Although they had special access, none of the people involved was a tech whiz. The key programmer they used, made by a Chinese company and able to reprogram keys for almost all makes of cars, is for sale on Amazon for $700 (U.S.)
The bigger issue is that, as cars have become more electronic than mechanical, their manufacturers fail to build strong accompanying safeguards, said Paul Kleinschnitz, general manager of cybersecurity in North America for engineering company UL LLC. "The unfortunate truth is the vulnerabilities and the means to expose them are pretty simple."
Craig Smith, a Seattle-based "reverse engineer" who wrote a book called The Car Hacker's Handbook, said it ought to be easy for car manufacturers to build in technology that would at least alert owners to illegal key duplication, if not prevent it.
But car companies aren't used to thinking from the perspective of hackers, he said. "They're not used to the constant hammering that, say, a Web server would have," he said. "Right now, they're transitioning to considering themselves a software company. They're going to be attacked in a very similar manner."
Investigators at the Insurance Bureau of Canada are following the changes closely. For years, car thefts in Canada had been decreasing, dropping 62 per cent from 2003 to 2013. But the number of thefts suddenly went up 1 per cent from 2013 to 2014, said Richard Dubin of the insurance bureau. That increase came along with something else Canadian border officials had noticed for years – that more luxury cars were being stolen.
"Fewer vehicles were being stolen, but what we were seeing at the port is that they were going after the higher-end type vehicles – more expensive," said Mr. Dubin. "So in the end, the dollar amount could have been just as high or higher." Canadians pay for the problem in insurance premium hikes, he said.
There are also implications for international security. Vehicle theft in Canada has long been a moneymaker for organized crime – but the criminals and their sophistication have changed. In 2006, Statistics Canada said the main groups responsible were Eastern European, "aboriginal-based" and street gangs.
In the 2015 ring, investigators say there is a clear link with the Black Axe, a crime organization that originated in Nigeria and which Toronto Police revealed last year had put down roots in Canada. The group has been linked with fraud in Canada and with violent crime elsewhere.
The destination for the cars has often been West Africa in recent years, Mr. Dubin said. A lot of the stolen vehicles were SUVs, especially ones with four-wheel drive, he said, and experts believe that's appealing partly because it's suitable for West African terrain, assuming the region is a distribution point.
"We're talking probably well over $1-billion a year in Canada" in stolen cars, he said. "Our concern is the money is so large, it's not only funding organized crime, that it could very well be funding terrorism in other countries."
In a study from 2014, Interpol found that stolen cars were used in terrorist operations, even as car bombs, and also as a means of funding them. The thefts were also "often linked" to human trafficking and the illicit drug and weapons trades.
In the Toronto ring, police checking for some of the stolen luxury cars found the name of a man who had already been linked with the Black Axe on a Canadian fraud case, Staff Insp. Earl said. The ring was responsible for 10 per cent of car thefts in the GTA last year, he said. But its efficiency also made it a target for police.
"We knew that these cars were being stolen at an alarming rate, so they weren't just being joy-rided, and they weren't being recovered, so we knew they were going somewhere," he said. "It was a matter of following the cars, following the money, and it leads to the bigger organization at the end of the day."