Schneier on Security
A blog covering security and security technology.
« Bad Quote |
| Wi-Fi Shielding Paint »
December 29, 2004
Canadian Airport Security Loses Uniforms
From CBC News:
1,127 uniform items belonging to Canadian airport screeners were lost or stolen in a nine-month period.
I'm not sure if this is an interesting story or not. We know that a uniform isn't necessarily a reliable authentication tool, yet we use them anyway.
Losing 1,127 uniforms is bad, because they can be used to impersonate officials. But even if the 1,127 uniforms are found, they can be faked. Can you tell the difference between a legitimate uniform and a decent fake? I can't.
The real story is the informal nature of most of our real-world authentication systems, and how they can be exploited.
I wrote about this in Beyond Fear (page 199):
Many authentication systems are even more informal. When someone knocks on your door wearing an electric company uniform, you assume she’s there to read the meter. Similarly with deliverymen, service workers, and parking lot attendants. When I return my rental car, I don’t think twice about giving the keys to someone wearing the correct color uniform. And how often do people inspect a police officer’s badge? The potential for intimidation makes this security system even less effective.
Uniforms are easy to fake. In the wee hours of the morning on 18 March 1990, two men entered the Isabella Stuart Gardner Museum in Boston disguised as policemen. They duped the guards, tied them up, and proceeded to steal a dozen paintings by Rembrandt, Vermeer, Manet, and Degas, valued at $300 million. (Thirteen years later, the crime is still unsolved and the art is still missing.) During the Battle of the Bulge in World War II, groups of German commandos operated behind American lines. Dressed as American troops, they tried to deliver false orders to units in an effort to disrupt American plans. Hannibal used the same trick--to greater success--dressing up soldiers who were fluent in Latin in the uniforms of Roman officials and using them to open city gates.
Spies actually take advantage of this authentication problem when recruiting agents. They sometimes recruit a spy by pretending to be working for some third country. For example, a Russian agent working in the U.S. might not be able to convince an American to spy for Russia, but he can pretend to be working for France and might be able to convince the person to spy for that country. This is called "false flag recruitment." How’s the recruit going to authenticate the nationality of the person he's spying for?
There's some fascinating psychology involved in this story. We all authenticate using visual cues, and official uniforms are a big part of that. (When a policeman, or an employee from the local electric company, comes to your door and asks to come in, how to you authenticate him? His uniform and his badge or ID.)
Posted on December 29, 2004 at 8:37 AM
• 17 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I'm not disagreeing, but 1127 uniform "items" doesn't strike me as being the same as 1127 uniforms. An item could be as simple as a belt or a pair of socks.
I had once encountered a search situation involving Federal Agents, who being with warrant had threatened to break down the door. When we asked to see their ID, they said they would show us after we let them in. Being that it was early in the morning, that we had just woken up to the sound of the pounding on the front door, and that we did not want our front door knocked down, we did not know what to do. So we let them in. It could have been anybody. Even when we looked at the ID we realized we had no way of knowing their authenticity.
After the fact, I have thought about that incident many times and I really wish that there was a phone number we could have called to verify the warrant, etc., because no ordinary citizen could really have known the authenticity of the warrant (do you know your local/state/federal judges by name?). A phone number, like 911, which is publicly known and even taught to children at schools would probably be a good public service tool to prevent someone from impersonating an official and robbing you blind.
Reminds me of a scene I saw in Ft. Lauderdale airport a year ago. I was waiting for a friend's arrival. There is a corridor where recent arrivals exit from. There are no doors or gates of any kind. Just a sign on the top saying "Exit only" and a couple of employees sitting on stools on either side of the wide corridor to check that nobody comes in. While I'm waiting I see this policeman in uniform, with a gun mind you, coming in through there and just waving hello to the attendants.
Was he a policeman? Or just somebody in a stolen uniform? This happenned well after 9/11. Apparently we still have a lot to learn.
Just a thought...
Most 'uniforms' (aside from police army etc) are sold by commerical stores who will sell them to anyone (least in NY where I live) Its the badges they need to fake.. (sort of) but its fairly easy to gate in behind someone with a bit of tact.
Human beings are quite fallible and are the weakest elements of security. Even if these uniforms weren't stolen or won't be used for any illicit purposes, there would still be many of ways to get people and objects through security. Uniforms of any kind would make this a lot easier. Someone could probably tailgate into luggage or maintenance areas and easily change back into a "passenger" disguise, or anything else. They could probably enter offices without much trouble. For that matter, it wouldn't have to be in Canada, either. A "Canadian airport screener" would probably have an easier time dealing with any security in any area at any airport. Having a lot of stolen uniforms would also work well for organized groups.
Purchasing Police and Army Uniforms isn't THAT hard.
I'm currently wearing a 5.11 Tactical shirt. It's essentially a police shirt. It has handy "concealed" pockets, it came with epaulettes and instructions to attach them. It even came with a badge holder tab (for those police forces that use that kind of badge I guess)... I'm not a police officer, I just saw a review of the shirt, found a local stockist and bought one.
The stockist also supplies some but not all of the local police forces. They sell a variety of Police badges and the like. They said that you need to show official ID in order to buy those, but the majority of police type items that they sold didn't require such rigourous checks. If I want a police baton, or body armour then I know where to buy it now. They also sell handcuffs, handcuff keys and so on.
As for Army uniforms, it seems that the local thrift stores usually have some form of Army uniforms in them. I don't know enough to know which particular uniforms these are, but they are definitely military uniforms. No ID checks no nothing. The local Army surplus stores also seem to sell both parts of Army uniforms and badges.
You don't even need a uniform, a boiler suite some technical language and a clipboard will get you in most places. As long as you don't try the front entrance. Just look like you are suposed to be there and people will ignore you.
What you might be touching on here is an anthropological view of appearances and culture. There are at least two variations on reasons I often hear for uniformed clothing:
- to clearly distinguish an individual or group for special treatment
- to make it difficult for an individual or group to avoid detection
But, as you've pointed out before, there are still people trained and able to detect a nervous walk, laugh, smile etc. and who can reveal an imposter regardless of uniform. I'm surprised you did not raise that point here. You and I might not be able to detect the false uniforms, because we are not familiar/gifted enough, but there still seem to be reliable and common methods to detect anomalies.
Last year sometime I looked out the window to see a guy walking around in my yard. Being a suspicious person, I grabbed the closest thing to me (the chair I was sitting on) and went for a closer look.
I felt rather foolish when it turned out he was just there to read the meter. However it struck me as strange that he was _not_ wearing a distinctive uniform.
Just buy a blank badge and get someone else to inscribe some official looking text on it. At a store here that supplies police as well as the security community, you can buy nice looking ones with the Oklahoma state seal on them, no questions asked.
Sometimes looking like you belong is very easy... I worked for a year in a building on an Army base that until then had only govt employees (civilian and military), no contractors. The govt employees all had at least secret clearance. Apparently they were used to being so secret that no one wore any identifying badges at all.
When they wanted to bring in us contractors, they made up some simple badges and all the contractors had to wear one. You see the irony don't you? In effect, anyone not wearing a badge belonged at this facility.
Like Jeb said above, coveralls / jeans and a plaid shirt, a tool belt, a small stepladder, and a clipboard will get you into a surprising number of places. Many people will let someone into places like the wiring closet and then ask the building management later if at all.
"I'm not disagreeing, but 1127 uniform "items" doesn't strike me as being the same as 1127 uniforms. An item could be as simple as a belt or a pair of socks."
Good point. I missed that.
For one glaring example of how far the right language and behaviour can get a talented imposter, check the case of the German Gert Postel: http://www.gert-postel.de/english.htm
Although a mailman without any medical training, Postel managed to pose as a senior psychiatrist in a Saxon hospital for more than two years.
Vaguely related: there are companies which offer secure uniform destruction. Of course it isn't all that hard to tear up a shirt on your own premises but woven cloth badges are fairly tough, and also harder to fake.
On another note, in my country the postal service has saved money by tendering out some delivery routes. Many businesses trust the postman to wander around the office at will since (s)he is a public servant looking forward to a good pension. But word has gotten around the prisons that mail delivery contracts are a good job that don't require references! Well, good luck to them in getting their lives back together, but most businesses still don't realise that nowdays the guy in the Post Office uniform is often a convict on a 6 month contract, and trying to live off a rock-bottom contract tender!
Just think about how well this will work! Terrorists will only stay with terrorists and write all that information down. Non-terrorists will stay with non-terrorists. Soon you'll have two XOR'd sets, can take action, and then reduce the size of government by closing DHS.
Sorry to follow-up myself, but I just remembered seeing a fancy sewing machine which will accept an appropriately formatted data file, then sit there and embroider pretty well anything. It could use fine metal wire as well as thread. The lady who owned it said that such machines are pretty common nowdays (a really top line one is about four thousand US, but many are cheaper), and enthusiasts exchange pattern files over the net.
This conjures an amusing image: gangsters trafficking in (security) embroidery patterns! Maybe seamstresses will have their file collections raided, looking for forbidden stitches 8^)
Another good example of uniform fraud:
76 years ago a couple of guys walked into a garage wearing Chicago police uniforms. The 7 men inside did not react adversely to seeing these two officers.
It turned out they were setting up a job for two plain-clothed associates, with the result being the St. Valentine's Day Massacre.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.