Schneier on Security

A blog covering security and security technology.

Decertifying "Terrorist" Pilots

This article reads like something written by the company's PR team.

When it comes to sleuthing these days, knowing your way within a database is as valued a skill as the classic, Sherlock Holmes-styled powers of detection.

Safe Banking Systems Software proved this very point in a demonstration of its algorithm acumen -- one that resulted in a disclosure that convicted terrorists actually maintained working licenses with the U.S. Federal Aviation Administration.

The algorithm seems to be little more than matching up names and other basic info:

It used its algorithm-detection software to sift out uncommon names such as Abdelbaset Ali Elmegrahi, aka the Lockerbie bomber. It found that a number of licensed airmen all had the same P.O. box as their listed address -- one that happened to be in Tripoli, Libya. These men all had working FAA certificates. And while the FAA database information investigated didn't contain date-of-birth information, Safe Banking was able to use content on the FAA Website to determine these key details as well, to further gain a positive and clear identification of the men in question.

In any case, they found these three people with pilot's licenses:

Elmegrahi, who had been posted on the FBI Most Wanted list for a decade and was convicted of blowing up Pan Am Flight 103, killing 259 people in 1988 over Lockerbie, Scotland. Elmegrahi was an FAA-certified aircraft dispatcher.

Re Tabib, a California resident who was convicted in 2007 for illegally exporting U.S. military aircraft parts -- specifically export maintenance kits for F-14 fighter jets -- to Iran. Tabib received three FAA licenses after his conviction, qualifying to be a flight instructor, ground instructor and transport pilot.

Myron Tereshchuk, who pleaded guilty to possession of a biological weapon after the FBI caught him with a brew of ricin, explosive powder and other essentials in Maryland in 2004. Tereshchuk was a licensed mechanic and student pilot.

And the article concludes with:

Suffice to say, after the FAA was made aware of these criminal histories, all three men have since been decertified.

Although I'm all for annoying international arms dealers, does anyone know the procedures for FAA decertification? Did the FAA have the legal right to do this, after being "made aware" of some information by a third party?

Of course, they don't talk about all the false positives their system also found. How many innocents were also decertified? And they don't mention the fact that, in the 9/11 attacks, FAA certification wasn't really an issue. "Excuse me, young man. You can't hijack and fly this aircraft. It says right here that the FAA decertified you."

Posted on November 23, 2009 at 2:36 PM • 14 Comments • View Blog Reactions

Al Qaeda Secret Code Broken

I would sure like to know more about this:

Top code-breakers at the Government Communications Headquarters in the United Kingdom have succeeded in breaking the secret language that has allowed imprisoned leaders of al-Qaida to keep in touch with other extremists in U.K. jails as well as 10,000 "sleeper agents" across the islands....

[...]

For six months, the code-breakers worked around the clock deciphering the code the three terrorists created.

Between them, the code-breakers speak all the dialects that form the basis for the code. Several of them have high-value skills in computer technology. The team worked closely with the U.S. National Security Agency and its station at Menwith Hill in the north of England. The identity of the code-breakers is so secret that not even their gender can be revealed.

"Like all good codes, the one they broke depended on substituting words, numbers or symbols for plain text. A single symbol could represent an idea or an entire message," said an intelligence source.

The code the terrorists devised consists of words chosen from no fewer than 20 dialects from Afghanistan, Iran, Pakistan, Yemen and Sudan.

Inserted with the words ­ either before or after them ­ is local slang. The completed message is then buried in Islamic religious tracts.

EDITED TO ADD: Here's a link to the story that still works. I didn't realize this came from WorldNetDaily, so take it with an appropriate amount of salt.

Posted on November 23, 2009 at 7:24 AM • 46 Comments • View Blog Reactions

Friday Squid Blogging: New Squid Discovered

An expedition to study seamounts in the Indian Ocean has discovered some new species, including some squid.

Posted on November 20, 2009 at 4:57 PM • 4 Comments • View Blog Reactions

Interview with Me

Yet another interview with me. This one is audio, and was conducted in Rotterdam in October.

Posted on November 20, 2009 at 1:21 PM • 3 Comments • View Blog Reactions

FailBlog on Security

Funny: career fair fail.

EDITED TO ADD: See the caption on the original photo for the real story.

Posted on November 20, 2009 at 11:11 AM • 15 Comments • View Blog Reactions

Denial-of-Service Attack Against CALEA

Interesting:

The researchers say they've found a vulnerability in U.S. law enforcement wiretaps, if only theoretical, that would allow a surveillance target to thwart the authorities by launching what amounts to a denial-of-service (DoS) attack against the connection between the phone company switches and law enforcement.

[...]

The University of Pennsylvania researchers found the flaw after examining the telecommunication industry standard ANSI Standard J-STD-025, which addresses the transmission of wiretapped data from telecom switches to authorities, according to IDG News Service. Under the 1994 Communications Assistance for Law Enforcement Act, or Calea, telecoms are required to design their network architecture to make it easy for authorities to tap calls transmitted over digitally switched phone networks.

But the researchers, who describe their findings in a paper, found that the standard allows for very little bandwidth for the transmission of data about phone calls, which can be overwhelmed in a DoS attack. When a wiretap is enabled, the phone company's switch establishes a 64-Kbps Call Data Channel to send data about the call to law enforcement. That paltry channel can be flooded if a target of the wiretap sends dozens of simultaneous SMS messages or makes numerous VOIP phone calls "without significant degradation of service to the targets' actual traffic."

As a result, the researchers say, law enforcement could lose records of whom a target called and when. The attack could also prevent the content of calls from being accurately monitored or recorded.

The paper. Comments by Matt Blaze, one of the paper's authors.

Posted on November 20, 2009 at 6:11 AM • 19 Comments • View Blog Reactions

A Taxonomy of Social Networking Data

At the Internet Governance Forum in Sharm El Sheikh this week, there was a conversation on social networking data. Someone made the point that there are several different types of data, and it would be useful to separate them. This is my taxonomy of social networking data.

1. Service data. Service data is the data you need to give to a social networking site in order to use it. It might include your legal name, your age, and your credit card number.

2. Disclosed data. This is what you post on your own pages: blog entries, photographs, messages, comments, and so on.

3. Entrusted data. This is what you post on other people's pages. It's basically the same stuff as disclosed data, but the difference is that you don't have control over the data -- someone else does.

4. Incidental data. Incidental data is data the other people post about you. Again, it's basically same same stuff as disclosed data, but the difference is that 1) you don't have control over it, and 2) you didn't create it in the first place.

5. Behavioral data. This is data that the site collects about your habits by recording what you do and who you do it with.

Different social networking sites give users different rights for each data type. Some are always private, some can be made private, and some are always public. Some can be edited or deleted -- I know one site that allows entrusted data to be edited or deleted within a 24-hour period -- and some cannot. Some can be viewed and some cannot.

And people should have different rights with respect to each data type. It's clear that people should be allowed to change and delete their disclosed data. It's less clear what rights they have for their entrusted data. And far less clear for their incidental data. If you post pictures of a party with me in them, can I demand you remove those pictures -- or at least blur out my face? And what about behavioral data? It's often a critical part of a social networking site's business model. We often don't mind if they use it to target advertisements, but are probably less sanguine about them selling it to third parties.

As we continue our conversations about what sorts of fundamental rights people have with respect to their data, this taxonomy will be useful.

Posted on November 19, 2009 at 12:51 PM • 39 Comments • View Blog Reactions

Stabbing People with Stuff You Can Get Through Airport Security

"Use of a pig model to demonstrate vulnerability of major neck vessels to inflicted trauma from common household items," from the American Journal of Forensic Medical Pathology.

Abstract. Commonly available items including a ball point pen, a plastic knife, a broken wine bottle, and a broken wine glass were used to inflict stab and incised wounds to the necks of 3 previously euthanized Large White pigs. With relative ease, these items could be inserted into the necks of the pigs next to the jugular veins and carotid arteries. Despite precautions against the carrying of metal objects such as knives and nail files on board domestic and international flights, objects are still available within aircraft cabins that could be used to inflict serious and potentially life-threatening injuries. If airport and aircraft security measures are to be consistently applied, then consideration should be given to removing items such as glass bottles and glass drinking vessels. However, given the results of a relatively uncomplicated modification of a plastic knife, it may not be possible to remove all dangerous objects from aircraft. Security systems may therefore need to focus on measures such as increased surveillance of passenger behavior, rather than on attempting to eliminate every object that may serve as a potential weapon.

Posted on November 19, 2009 at 7:10 AM • 89 Comments • View Blog Reactions

How Smart are Islamic Terrorists?

Organizational Learning and Islamic Militancy (May 2009) was written by Michael Kenney for the U.S. Department of Justice. It's long: 146 pages. From the executive summary:

Organizational Learning and Islamic Militancy contains significant findings for counter-terrorism research and policy. Unlike existing studies, this report suggests that the relevant distinction in knowledge learned by terrorists is not between tacit and explicit knowledge, but metis and techne. Focusing on the latter sheds new insight into how terrorists acquire the experiential "know how" they need to perform their activities as opposed to abstract "know what" contained in technical bomb-making preparations. Drawing on interviews with bomb-making experts and government intelligence officials, the PI illustrates the critical difference between learning terrorism skills such as bomb-making and weapons firing by abstraction rather than by doing. Only the latter provides militants with the experiential, intuitive knowledge, in other words the metis, they need to actually build bombs, fire weapons, survey potential targets, and perform other terrorism-related activities. In making this case, the PI debunks current misconceptions regarding the Internet's perceived role as a source of terrorism knowledge.

Another major research finding of this study is that while some Islamic militants learn, they do not learn particularly well. Much terrorism learning involves fairly routine adaptations in communications practices and targeting tactics, what organization theorists call single-loop learning or adaptation. Less common among militants are consequential changes in beliefs and values that underlie collection action or even changes in organizational goals and strategies. Even when it comes to single-loop learning, Islamic militants face significant impediments. Many terrorist conspiracies are compartmented, which makes learning difficult by impeding the free flow of information between different parts of the enterprise. Other, non-compartmented conspiracies are hindered from learning because the same people that survey targets and build bombs also carry out the attacks. Still other operations, including relatively successful ones like the Madrid bombings in 2004, are characterized by such sloppy tradecraft that investigators piece together the conspiracy quickly, preventing additional attacks and limiting militants' ability to learn from experience.

Indeed, one of the most significant findings to emerge from this research regards the poor tradecraft and operational mistakes repeatedly committed by Islamic terrorists. Even the most "successful" operations in recent years -- 9/11, 3/11, and 7/7 -- contained basic errors in tradecraft and execution. The perpetrators that carried out these attacks were determined, adaptable (if only in a limited, tactical sense) -- and surprisingly careless. The PI extracts insights from his informants that help account for terrorists' poor tradecraft: metis in guerrilla warfare that does not translate well to urban terrorism, the difficulty of acquiring mission-critical experience when the attack or counter-terrorism response kills the perpetrators, a hostile counter-terrorism environment that makes it hard to plan and coordinate attacks or develop adequate training facilities, and perpetrators' conviction that they don't need to be too careful when carrying out attacks because their fate has been predetermined by Allah. The PI concludes this report by discussing some of the policy implications of these findings, suggesting that the real threat from Islamic militancy comes less from hyper-sophisticated "super terrorists" than from steadfast militants whose own dedication to the cause may undermine the cunning intelligence and fluid adaptability they need to survive.

Posted on November 18, 2009 at 1:45 PM • 38 Comments • View Blog Reactions

Quantum Ghost Imaging

This is cool:

Ghost imaging is a technique that allows a high-resolution camera to produce an image of an object that the camera itself cannot see. It uses two sensors: one that looks at a light source and another that looks at the object. These sensors point in different directions. For example, the camera can face the sun and the light meter can face an object.

That object might be a soldier, a tank or an airplane, Ron Meyers, a laboratory quantum physicist explained during an Oct. 28 interview on the Pentagon Channel podcast "Armed with Science: Research and Applications for the Modern Military."

Once this is done, a computer program compares and combines the patterns received from the object and the light. This creates a "ghost image," a black-and-white or color picture of the object being photographed. The earliest ghost images were silhouettes, but current ones depict the objects more realistically.

[...]

Using virtually any light source -- from a fluorescent bulb, lasers, or even the sun -- quantum ghost imaging gives a clearer picture of objects by eliminating conditions such as clouds, fog and smoke beyond the ability of conventional imaging.

Posted on November 18, 2009 at 6:22 AM • 30 Comments • View Blog Reactions

Secret Knock Lock

Door lock that opens if you tap a particular rhythm.

EDITED TO ADD (11/20): Another knock lock.

Posted on November 17, 2009 at 2:00 PM • 38 Comments • View Blog Reactions

A Useful Side-Effect of Misplaced Fear

A study in the British Journal of Criminology makes the point that drink-spiking date-raping is basically an urban legend:

Abstract. There is a stark contrast between heightened perceptions of risk associated with drug-facilitated sexual assault (DFSA) and a lack of evidence that this is a widespread threat. Through surveys and interviews with university students in the United Kingdom and United States, we explore knowledge and beliefs about drink-spiking and the linked threat of sexual assault. University students in both locations are not only widely sensitized to the issue, but substantial segments claim first- or second-hand experience of particular incidents. We explore students' understanding of the DFSA threat in relationship to their attitudes concerning alcohol, binge-drinking, and responsibility for personal safety. We suggest that the drink-spiking narrative has a functional appeal in relation to the contemporary experience of young women's public drinking.

In an article on the study in The Telegraph, the authors said:

Among young people, drink spiking stories have attractive features that could "help explain" their disproportionate loss of control after drinking alcohol, the study found.

Dr Burgess said: "Our findings suggest guarding against drink spiking has also become a way for women to negotiate how to watch out for each other in an environment where they might well lose control from alcohol consumption."

[...]

"As Dr Burgess observes, it is not scientific evidence which keeps the drug rape myth alive but the fact that it serves so many useful functions."

Basically, the hypothesis is that perpetuating the fear of drug-rape allows parents and friends to warn young women off excessive drinking without criticizing their personal choices. The fake bogeyman lets people avoid talking about the real issues.

Posted on November 17, 2009 at 5:58 AM • 57 Comments • View Blog Reactions

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.