Schneier on Security

I'm not disagreeing, but 1127 uniform "items" doesn't strike me as being the same as 1127 uniforms. An item could be as simple as a belt or a pair of socks.

I had once encountered a search situation involving Federal Agents, who being with warrant had threatened to break down the door. When we asked to see their ID, they said they would show us after we let them in. Being that it was early in the morning, that we had just woken up to the sound of the pounding on the front door, and that we did not want our front door knocked down, we did not know what to do. So we let them in. It could have been anybody. Even when we looked at the ID we realized we had no way of knowing their authenticity.

After the fact, I have thought about that incident many times and I really wish that there was a phone number we could have called to verify the warrant, etc., because no ordinary citizen could really have known the authenticity of the warrant (do you know your local/state/federal judges by name?). A phone number, like 911, which is publicly known and even taught to children at schools would probably be a good public service tool to prevent someone from impersonating an official and robbing you blind.

Reminds me of a scene I saw in Ft. Lauderdale airport a year ago. I was waiting for a friend's arrival. There is a corridor where recent arrivals exit from. There are no doors or gates of any kind. Just a sign on the top saying "Exit only" and a couple of employees sitting on stools on either side of the wide corridor to check that nobody comes in. While I'm waiting I see this policeman in uniform, with a gun mind you, coming in through there and just waving hello to the attendants.

Was he a policeman? Or just somebody in a stolen uniform? This happenned well after 9/11. Apparently we still have a lot to learn.

Just a thought...

Most 'uniforms' (aside from police army etc) are sold by commerical stores who will sell them to anyone (least in NY where I live) Its the badges they need to fake.. (sort of) but its fairly easy to gate in behind someone with a bit of tact.

Human beings are quite fallible and are the weakest elements of security. Even if these uniforms weren't stolen or won't be used for any illicit purposes, there would still be many of ways to get people and objects through security. Uniforms of any kind would make this a lot easier. Someone could probably tailgate into luggage or maintenance areas and easily change back into a "passenger" disguise, or anything else. They could probably enter offices without much trouble. For that matter, it wouldn't have to be in Canada, either. A "Canadian airport screener" would probably have an easier time dealing with any security in any area at any airport. Having a lot of stolen uniforms would also work well for organized groups.

Purchasing Police and Army Uniforms isn't THAT hard.

I'm currently wearing a 5.11 Tactical shirt. It's essentially a police shirt. It has handy "concealed" pockets, it came with epaulettes and instructions to attach them. It even came with a badge holder tab (for those police forces that use that kind of badge I guess)... I'm not a police officer, I just saw a review of the shirt, found a local stockist and bought one.

The stockist also supplies some but not all of the local police forces. They sell a variety of Police badges and the like. They said that you need to show official ID in order to buy those, but the majority of police type items that they sold didn't require such rigourous checks. If I want a police baton, or body armour then I know where to buy it now. They also sell handcuffs, handcuff keys and so on.

As for Army uniforms, it seems that the local thrift stores usually have some form of Army uniforms in them. I don't know enough to know which particular uniforms these are, but they are definitely military uniforms. No ID checks no nothing. The local Army surplus stores also seem to sell both parts of Army uniforms and badges.

Z.

You don't even need a uniform, a boiler suite some technical language and a clipboard will get you in most places. As long as you don't try the front entrance. Just look like you are suposed to be there and people will ignore you.

What you might be touching on here is an anthropological view of appearances and culture. There are at least two variations on reasons I often hear for uniformed clothing:
- to clearly distinguish an individual or group for special treatment
- to make it difficult for an individual or group to avoid detection
But, as you've pointed out before, there are still people trained and able to detect a nervous walk, laugh, smile etc. and who can reveal an imposter regardless of uniform. I'm surprised you did not raise that point here. You and I might not be able to detect the false uniforms, because we are not familiar/gifted enough, but there still seem to be reliable and common methods to detect anomalies.

Last year sometime I looked out the window to see a guy walking around in my yard. Being a suspicious person, I grabbed the closest thing to me (the chair I was sitting on) and went for a closer look.
I felt rather foolish when it turned out he was just there to read the meter. However it struck me as strange that he was _not_ wearing a distinctive uniform.

Just buy a blank badge and get someone else to inscribe some official looking text on it. At a store here that supplies police as well as the security community, you can buy nice looking ones with the Oklahoma state seal on them, no questions asked.

Sometimes looking like you belong is very easy... I worked for a year in a building on an Army base that until then had only govt employees (civilian and military), no contractors. The govt employees all had at least secret clearance. Apparently they were used to being so secret that no one wore any identifying badges at all.

When they wanted to bring in us contractors, they made up some simple badges and all the contractors had to wear one. You see the irony don't you? In effect, anyone not wearing a badge belonged at this facility.

Like Jeb said above, coveralls / jeans and a plaid shirt, a tool belt, a small stepladder, and a clipboard will get you into a surprising number of places. Many people will let someone into places like the wiring closet and then ask the building management later if at all.

"I'm not disagreeing, but 1127 uniform "items" doesn't strike me as being the same as 1127 uniforms. An item could be as simple as a belt or a pair of socks."

Good point. I missed that.

For one glaring example of how far the right language and behaviour can get a talented imposter, check the case of the German Gert Postel: http://www.gert-postel.de/english.htm

Although a mailman without any medical training, Postel managed to pose as a senior psychiatrist in a Saxon hospital for more than two years.

Vaguely related: there are companies which offer secure uniform destruction. Of course it isn't all that hard to tear up a shirt on your own premises but woven cloth badges are fairly tough, and also harder to fake.

On another note, in my country the postal service has saved money by tendering out some delivery routes. Many businesses trust the postman to wander around the office at will since (s)he is a public servant looking forward to a good pension. But word has gotten around the prisons that mail delivery contracts are a good job that don't require references! Well, good luck to them in getting their lives back together, but most businesses still don't realise that nowdays the guy in the Post Office uniform is often a convict on a 6 month contract, and trying to live off a rock-bottom contract tender!

Just think about how well this will work! Terrorists will only stay with terrorists and write all that information down. Non-terrorists will stay with non-terrorists. Soon you'll have two XOR'd sets, can take action, and then reduce the size of government by closing DHS.

Sorry to follow-up myself, but I just remembered seeing a fancy sewing machine which will accept an appropriately formatted data file, then sit there and embroider pretty well anything. It could use fine metal wire as well as thread. The lady who owned it said that such machines are pretty common nowdays (a really top line one is about four thousand US, but many are cheaper), and enthusiasts exchange pattern files over the net.

This conjures an amusing image: gangsters trafficking in (security) embroidery patterns! Maybe seamstresses will have their file collections raided, looking for forbidden stitches 8^)

Another good example of uniform fraud:

76 years ago a couple of guys walked into a garage wearing Chicago police uniforms. The 7 men inside did not react adversely to seeing these two officers.

It turned out they were setting up a job for two plain-clothed associates, with the result being the St. Valentine's Day Massacre.