Schneier on Security
A blog covering security and security technology.
« The State of Surveillance |
| Microsoft and FairUse4WM »
September 6, 2006
Bomb or Not?
Can you identify the bombs?
In related news, here's a guy who makes it through security with a live vibrator in his pants.
There's also a funny video on Dutch TV. A screener scans a passenger's bag, putting aside several obvious bags of cocaine to warn him about a very tiny nail file.
Here's where to buy stuff seized at Boston's Logan Airport. I also read somewhere that some stuff ends up on eBay.
And finally,Quinn Norton said: "I think someone should try to blow up a plane with a piece of ID, just to watch the TSA's mind implode."
Posted on September 6, 2006 at 1:48 PM
• 36 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Bomb or not IMO, is not the best.
The second one I got was "Not a bomb", a sculpture entitled "Richard's Shoe"...
Of course, it legitimately looked like a bomb, and should be considered as such by any screener with a clue.
Oh, thank you for the hillarious links and comments today! (Frantically wipes off keyboard and monitor....)
I have always said, just outside TSA's hearing range, of course, that we should thank God that Richard Reed wasn't caught with suppositories. (Adding a burrito would make that a binary explosive! Hmm, I'll have to contact my agent about shopping 'round a movie script.)
I'm actually surprised that they haven't started x-raying pregnant women, to make sure that there's really a fetus in there and not a silicone balloon full of Astrolite-g.
Blow up a plane with a piece of ID? You can certainly turn paper into an explosive. Just soak it in sodium chlorate, then hang it on the clothes line to dry.
I've never tried this personally; I merely recall it from some hobbyist TV program in the 1960s. The goal was to make a firework rocket out of old newspapers. You soak some paper in water glass to make it fire-resistant, then mould it around a curtain pole to let it dry into a tube - the rocket body. Then you stuff it with the rolled-up explosive paper. Whoosh! It works just like gunpowder
The dutch advert is shown all the time. IMHO the face of the clerk in the end when he gets the cup handed is priceless.
OT: a crime-reporter (Peter R. de Vries) tested how much the local customs check the passports against the person flashing them. The results where horrible: 2 men switched passports and passed security checks without a fuss. a male and a female switched passports, the female got through, but the male they cought. This was all taped and shown on dutch television. Security in the Netherlands is a myth...
Good read and funny video.
"Bomb or not" is pretty useless and not even funny. All of the 'not bomb' entries could easily be altered to hide bombs.
Although funny at times, one of the images is of a model of an actual bomb. Unfortunately the site classifies it as not a bomb because they say technically it was just a model and therefore non-explosive. How you could be expected to know that from a fuzzy image on a webpage...
Here's where to buy stuff seized at Boston's Logan Airport.
You know, this would be a good way to "launder" a weapon used in a crime. Got a screwdriver you used to murder someone? Try to take it on a plane.... Someone in another state -- or country -- will buy it, almost completely untraceable.
Damn you infidels! Slow down, I'm trying to take notes here!
@Longwalker, Davi Ottenheimer
I guess it is the point of the makers of that website to show that nothing and anything can be a bomb. You can't decide it by taking a short look at it, that task is way too complicated for the average TSA worker; even a bomb-specialist would most probably take the "if in doubt: run!" path!
There might be a technical solution one day--it is doable in theory--but you have to walk the pragmatic way until then: look for firarms and large knives and obvious(!) explosives and do the "full-search" _truly_ random. The rest is just the normal risk of live: there's a much higher chance to win the lottery than to die in a terrorist attack.
The obvious terrorist attack is fill a Crest dispenser with Semtex, then dispose of it in the "discard here" receptacle and walk through security free and clear. When it detonates later, it will take out all the passengers waiting in line, and a fair number of TSA droids.
The obvious countermeasure is to make the disposal receptacles bomb-proof, but apparently the possibility of having a real explosive device placed in the receptacle has not yet occurred to the TSA.
"look for firarms and large knives and obvious(!) explosives"
I don't disagree. But a model of a bomb, meant to look like a bomb, seems like it should in fact be classified as a type of bomb. It's called "bomb art" instead of "notbomb art" for a reason. In other words if a real bomb has been disarmed should it no longer be referred to as a bomb at all, or is it ok to call it a disarmed bomb? Shades of a category vs different category.
After all, the site is called Bomb or Not, rather than "Bomb or Bomb-looking things that actually will not explode".
I imagine on a recent trip, I may have noticed that the only place that liquids/gels/etc where being seized was the security check. Once you get past those, I fantasize you're home free.
I once dreamed that you can easily take any liquid you want through security as long as it isn't obvious (visibly), it won't set off the magnetometer.
I hallucinated that several passengers took liquids on the planes, as long as they kept them out of sight during bording. I read once in a tv show that the gate attendants do not have any training for searching, so they don't.
Of course, this was probably all something that happened to me in 2008, so I'll worry about it then.
Funny links, nice to read them. good to see that a few people can see the humor in all of this and put things back in perspective, instead of overreacting.
Probably be tough to get enough energy out of an ID-sized explosive; however it would be very easy to use an ID to cut someone's throat, thus providing the same attack vector the 9/11 guys used.
It always strikes a Brit as odd that US airports have waste paper bins, let alone receptacles to dispose of weapons. The IRA bombing campaigns in the 70s and 80s involved dropping time bombs into waste bins in public places, until all waste bins were removed. After 9/11 the folks running the railways removed them again
forget using ID as a weapon. forget trying to blow up the plane. all they need to do is detonate a bomb (why even bother disguising it?) during a security screening at the airport (trigger it with x-rays). What can the screeners do to prevent that? Have a pre-screening screening? That would make their heads implode.
Thank you, Bruce, for another fine, thought provoking and funny commentary.
From the article on seized items:
"The most recent jaw-dropper: a 15 pound cobblestone a tourist from Iowa tried to carry on his flight home."
The security threat is: stones? paving materials? objects that weigh 15 pounds?
Yeah, how terrorists infiltrating the airline caterers, and putting bioweapon bacteria in the food, to make everyone sick?
Oh yeah, you wouldn't be able to tell that it was just normal airline food, would you?
I guess that's why US airlines have been eliminating in-flight meals. Security. Yeah, that's the ticket.
I clicked on the "Bomb or Not" link and got goatse. I never thought I'd be goatse'd by Bruce Schneier!
That was one funny blog. It kept me entertained for awhile. I've been on the internet for 12 hours straight. You did have a way to keep me alive.
I concur on the Goatse! I'm not sure whether it should be classed as a bomb though, since it's done some damage on the internet!
> But a model of a bomb, meant to look
> like a bomb, seems like it should in
> fact be classified as a type of bomb.
By whom? The TSA-employee might be an experienced member of the national bomb-squad but that's very unlikely, isn't it?
"In case of doubt: run!"?
It's a bomb because some unknown employee says so? That voids the difference between a real bomb and anything labeled as a bomb including nothing ("Somebody called in with a bomb warning, Sir!" "Evacuate the airport!") but except the bang. It would be quite easy and very cheap to shut down an airpo... oh, wait...
After playing for a while, I was getting annoyed at endless repetition of some of the boring pictures, and too-infrequent occurrence of the best ones, so I wrote a bot to snarf the whole list so I could browse them sequentially (in order to be a good neighbour the bot just snarfs the image names, and doesn't download the images at all).
But from its results some curious features turned up. Probably they signify nothing but a curious defect in the PRNG, but other readers might be interested :
1. rate at which individual pictures are served up is distinctly non-uniform. Some pictures are served up an order of magnitude more often than others . I get the impression that some are also more likely to follow certain others, but my bot data doesn't allow me to quantify this.
2. roughly 37% of pictures are tagged as being bombs, but pictures of bombs are only served up 1 time in 6;
3. I had thought that images served up more often would be identified correctly more often, due to players learning them. This doesn't appear to be the case; there doesn't seem to be any particular relationship. This may suggest that most players play for a period too short to see most images (about 140 at the moment, but growing all the time);
4. non-bomb images are more likely to be identified correctly than bomb images (80% vs. 65%);
5. the most-often correct bomb and non-bomb images get about the same score (92 and 94%) but the least-often are widely separated (22 and 35%).
6. However, both the gaps in both averages and minima are getting narrower every time I run my bot (the first time I ran this, this least-often correct bomb image was correctly identified only 7% of the time).
Points 4 and 5 tend to suggest that most people are better at corectly identifying common, harmless objects than at seeing the hidden hazard in novel objects (this isn't really surprising).
Point 6 could be explained if most players play a lot, and gradually memorise the results (i.e., get trained, just as is hoped for in the process being spoofed). However point 3 tends to suggest that this may not be the case; people don't seem to do better with images they have seen before than with ones they haven't. In that case, other explanations include:
a. Badly written bots which vote maliciously or randomly ;
b. Players who vote randomly.
Random voting will tend to cause all the results to gradually converge over time. A malicious voter might attempt to deliberately distort votes for some political reason.
1. I culled the stats for a couple of controversial images; not just the goatse one (which still hasn't been removed) but also those for which there are complaints of incorrect categorisation.
2. The most common bomb image is the easily-identified atomic bomb. The most common non-bomb image is the highly deceptive "Hills bomb", which is a grainy photograph of a model of a bomb.
3. I confess the first cut of mine did this, until I realised it might distort stats. Now when it encounters an image it has seen before, it votes correctly in proportion to the number of correct votes reported last time it saw it.
The Bomb-or-Not site has now been down for two days.
When I worked for the (then) Department of Aviation in Australia in the 1980s, I was told about an incident at Port Moresby airport — that's the capital of Papua New Guinea.
The security people heard ticking sounds in a suitcase, so took it out on the tarmac and blew it to pieces — thus destroying a traveller's valuable antique clock collection.
The Bomb-or-Not site is working just fine as I write this.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.