Schneier on Security
A blog covering security and security technology.
« Real ID and Identity Theft |
| Playmobil Security Checkpoint »
October 14, 2005
Chemical Trace Screening
New advances in technology:
"Mass spectrometry is one of the most sensitive methods for finding drugs, chemicals, pollutants and disease, but the problem is that you have to extract a sample and treat that sample before you can analyze it," said Evan Williams, a chemistry professor at UC Berkeley.
That process can take anywhere from two to 15 minutes for each sample. Multiply that by the number of people in line at airport security at JFK the day before Thanksgiving, and you've got a logistical nightmare on your hands.
The research from Purdue, led by analytical chemistry professor Graham Cooks, developed a technique called desorption electrospray ionization, or DESI, that eliminates a part of the mass spectrometry process, and thus speeds up the detection of substances to less than 10 seconds, said Williams.
To use it, law enforcement officials and security screeners will spray methanol or a water and salt mixture on the surface of an object, or a person's clothing or skin, and test immediately for microscopic traces of chemical compounds.
As this kind of technology gets better, the problems of false alarms becomes greater. We already know that a large percentage of U.S. currency bears traces of cocaine, but can a low-budget terrorist close down an airport by spraying trace chemicals randomly at passengers' luggage when they're not looking?
Posted on October 14, 2005 at 1:56 PM
• 24 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Watch yourself, though, Bruce -> shutting down an airport is a Denial of Service attack, not really terrorism (using your own metrics from Beyond Fear) :)
Shutting down an airport may merely be denial of service, but getting innocent people hauled off to jail, which seems to be a likely outcome given the state of law enforcement at the moment, would qualify as terrorism in my book.
"Watch yourself, though, Bruce -> shutting down an airport is a Denial of Service attack, not really terrorism."
Agreed; it's not terrorism. But it is a low-budget panic-inducing sort of thing a terrorist might contemplate doing.
Just because nobody is killed doesn't mean it's not terrorism . It will create terror for the people affected, after all (As I should know, having been stuck outside an airport building for 8 hours due to a false bomb threat).
A similar idea would be to leave suitcases filled with something suitably heavy all around a city (at metro stations, major crossroads etc). Even if the suitcases only contain a few old bricks, the police would be forced to block the area around each single one, effectively a DoS on a city.
Heck, you could probably do that today. ENOUGH bags go through the silly wipy-bit. You don't need to wait for tomorrow's technology.
Of course, in addition to the fact that an immobilized airport can be a pretty terrifying thing, its potential for misdirection is an effective tool for terrorism.
"As this kind of technology gets better, the problems of false alarms becomes greater."
I think that's necessarily pessimistic. Technology needs to be properly vetted for its gaps and inconveniences as well as its more clearly (loudly?) stated objectives.
If we're lucky, when put in operation this will give a false positive rate in double digits, which will so hamper normal flight operations that the airlines will need another one-time multi-billion bailout, and the ensuing lawsuits will overwhelm the justice system.
I've been wondering why lawyers don't see this 'security' nonsense as ripe for malpractice suits. If they'd get this angle going, the cost of malpractice insurance would correct a lot of imbalances.
Is this what has been cropping up at various airports? The little booths you walk into that spray ?air? onto you, presumably doing some sort of chemical test?
If its not, do you know anything about them?
Rather than spraying onto luggage, which might get noticed, getting it onto the floor where shoes and wheeled luggage will pick it up, or 'doping' soap dispensers in restrooms could work.
A few years back, my daughter's car seat set off an airport bomb detector twice. Luckily, the attendant was used to this effect by the time we got there: it was the nitrogen compounds in urine leaking from her diaper that were setting it off.
Sorry, Bruce, I'm about to describe a movie-plot threat. :-)
Has anyone seen Roberto Benigni's "The Monster" (Il Mostro)? His character, a con man and petty crook, shoplifts from stores by sneaking the anti-shoplifting tags into the pockets of dozens of shoplifters, so that every alarm in the store goes off. Of course the clerks assume that there's a malfunction and ignore the alarms, so our hero waltzes out of the store with about 20 kilos worth of goodies stuffed into his clothes.
If the bad guys can set off all of the alarms, security will then ignore the alarms, so anyone can bring anything through.
Good examples. I had a similar experience the other day, although not because of leaking nitrogen compounds. I was asked to repeatedly walk through the airport detection system and listen to its alarms until the guard said "ok, that's fine". Three false positives before I was let through. I left the area without delay but I noticed the person behind me was at three-false positives before I had my shoes back on. I say false-positives because I did nothing other than walk back and forth through the detector, setting off the alarm every time but once.
If the "suitcase full of bricks" is taken to its logical conclusion, it could make a very effective force multiplier, getting the security staff to provide considerable help to the terrorist.
Imagine, for a moment, that a terrorist decided on an attack using a chemical agent - say sarin, as used by the Aum cult on the Tokyo underground railway. Let's further suppose that this attack is going to be staged on the London Underground, because I'm British and know it, and because recent history suggests that it is an attractive target for our very own, home-grown, terrorists. Finally let's assume that our terrorists, unlike the Aum cult, are not expecting to survive the attack.
One of the factors that limited the casualties in Tokyo was that the cult members involved evidently didn't want to become victims themselves, and released the sarin, apparently contained within sealed plastic bags, by prodding a hole in the bag with an umberella and running.
Let's assume that our terrorists use a spray to create an aerosol, so dispersion will be much more efficient, and cover a much larger area.
Our terrorists decide to attack a major terminus with large underground chambers during the rush hour. Ideally our terrorists would choose a large, heavily-used, chamber with a convenient mezzanine or similar. To get the greatest effect, they ideally need the chamber to be as full as possible of stationary commuters, both to attack a lot of people, but also to overload the exits, ensuring that as many people as possible get a fatal dose.
How to arrange this? Just place a "suitcase full of bricks" at suitable locations one station along each track that the chosen chamber serves. The build up of commuters in the terminus is going to be quick and severe (choked solid within minutes, in my experience) before the station management can stop people coming in, and almost as soon as they realise they have any sort of problem, the attack takes place, not only causing many primary casualties, but also heavy secondary casualties as people get crushed and trampled as panic sets in. Finally, this type of attack would effectively deny access to the area in which it took place, hampering those trying to help said casualties.
Obviously, our authorities will have thought of this one, but how can they effectively prevent it? If you just run the trains straight through a station known to contain a suspect package, then you run the risk of delivering victims to the slaughter, as it were, and if you don't then you run the risk of making a major contribution to an attack elsewhere. The speed at which the authorities receive and must assess the various bits of information is going to make recognising the nature of the attack in time to take countermeasures almost impossible, and certainly prone to error, which could in itself aid the terrorists, as I've hypothesised.
By the way, my apologies for the movie-plot scenario - Some of the times I've been stuck in the London Underground for extended periods have been amongst the most psychologically undermining experiences of my life, and it probably shows...
Come to think of it, a salt water mixture is exactly what I would want to be sprayed on all of my electronic devices...
For a real DOS, mr. terrorist and a few dozen of his friends could spray the stuff in the air at, say, the top dozen busiest airports in the country. Then sit back and watch the TSA cripple commercial travel...
Dust one hundred one-dollar bills with a bit of fertilizer or black powder. Drop them randomly about an airport. Watch hilarity ensue. All for $100.
The Western Mail has a report about a Drug Testing machine being demonstrated to Members of the Welsh Assembly, and catching out the two main Assembly Member proponents of the £40,000 Ion Track narcotics detection machine with "false positives" for THC/cannabis.
"False Positives for Drugs in the Welsh Assembly"
Well, about the whole security thing i like to quote Douglas McArthur:
"There is no security on this earth, there is only opportunity"
And that's right. A high level of security can be obtained, but it has effect on other things that will decrease in security.
It is like the analogy: All cops in town are rushing to a bank, while the robbers are using that as bait while the other robbers are robbing a bigger bank on other side of town.
Nothing can be protected, it can only be focussed on a particulair piece. So there is always a way to get arround it.
Let's face it.
There is another problem with explosives checking.
A lot of ordinary products, can break down to produce trace compounds that show up as potential explosives.
In the UK many many years ago a group of Irish peolpe where jailed for supposedly running a bomb factory. It turns out that there where two problems with the only forensic evidence against them,
1, The Testing laboratory did not properly maintain it's equipment (so cross contamination was inevitable).
2, The coating on playing cards that they had used on a train being based on nitrated celulose, tested positive as an explosive.
As has been shown on a number of occasions, apparently harmless chemicals can interreact to produce other compounds that either appear to be dangerous substances, or the by products of reactions of dangerous substances.
Why do I not feel confident about any of these automated testing systems, when placed in the hands of the untrained and uncaring...
Last week I borrowed some books from the library, and later on went to the supermarket. As the book had a antenna sticker on it (to prevent burglary in the library itself), the alarm went on. I didn't even have to show the books, but I could and prove it was that which set on the alarm. Next time I need a Chivas Regal bottle, I know just where to go :-)
A positive view of this story is that the spinoff potential of technology developed for these homeland security initiatives seems to be good; faster mass spectrometry like this could increase the rate of innovation in pharmaceuticals, materials science, and chemical engineering.
One thing about wartime is that some of the bureaucracy that builds up in the defense procurement process gets tossed because the military is willing to try innovations because people are getting killed.
Sure it has some benefit, but with all elektronic devices they can be tampered with. (magnets for instance) nice story about a keymaking company with cardlocks was broken with a single magnet from germany (power magnet) cost: 20 bucks.
And the group: "toool" http://www.toool.nl/
dutch lockpickers have proven that the best locks can be broken with a simple "masterkey" which can be made at any store and a small rubber hamer, with this they can open almost any lock.
Last in my town there is some guy who wanted to show his skills about safecraking, he craked the biggest "dutch bank" safe under 20 minutes which is a record with only a stethoscope. He is acclaimed to be the only one in the world who has this skills, without using welding equipment.
So this makes me wonder to question security it its very roots.
My opinion is to organise society that we do not need that much security. So, dont fight wars over the back of real human people. Because: who is going to guard the guards?
That's the biggest fallacy we dont take in.
The Magnet story is unfortunatly very true, the company I worked for (UniQue) back in the 1980's made locks for the Hotel industry and the Underwriters Laboratory (UL) basically opend it in just a couple of seconds...
I have mentioned it befor on this blog, but it is worth repeating the details as
it's amazing how many (nearly all) electronic locks fall to this attack (forget your fake finger prints or other "high tec" attacks).
Basically all of these locks use a solenoid (magnetic actuator) which is very like a relay, the have a large amount of "soft iron" (or rare earth materials) as a core and a magnetic field of sufficient strength will cause the actuator arm to be pulled in, which usually engages the lock bolt to the door handle.
The problem is that for long battery life the solenoid is usually fairly sensitive, therefore an external magnetic field will cause it to work
Many people have tried to solve this problem using shielding and electronic detectors etc however none of those solutions work as eventually a biger magnet opens the door...
I found a simple and very cheep solution to the problem, but for some reason the lock industry does not appear to know it... (maybe trade secrets do work, even from the take over company ;)
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.