Schneier on Security
A blog covering security and security technology.
« NSA Helps Microsoft with Windows Vista |
| Surveillance Cameras Catch a Cold-Blooded Killer »
January 10, 2007
MI5 Terror Alerts by E-mail
Sounds like security theater to me:
But he added that one of the difficult questions was what people should do about the information when they receive it: "There's not necessarily that much information on the website about how you should act and how you should respond other than being vigilant and calling a hotline if you see anything suspicious."
The first, called Threat Level Only, will inform the recipient if the nationwide terror threat level changes. The condition is currently listed as severe.
The second more inclusive service is called What's New, and will be a digest of the latest information from MI5, including speeches made by the director general and links to relevant websites.
I've written about terror threat alerts in the UK before.
EDITED TO ADD (1/15): System is in shambles and being overhauled:
Digital detective work by campaigners revealed that the alerting system did little to protect the identities of anyone signing up.
They found that data gathered was being stored in the US leading to questions about who would have access to the list of names and e-mail addresses.
Posted on January 10, 2007 at 6:31 AM
• 28 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I wonder how long it will be before someone sends a spoofed email claiming that the country is at the highest level of alert... Panic buying would commence. I wonder if a leading supermarket chain would create such an email to clear their shelves.
I did a trial subscription usnig pookmail. Want to see what happens first. The subscription confirmation came from yoho-common.wc09.net which is owned by:
OrgName: Level 3 Communications, Inc.
Address: 1025 Eldorado Blvd.
because they're using www.whatcounts.com to manage their mailing list.
Just how many ways is this a bad idea?
So when all the terrorists will be subscribing to these terrorist alert emails ... will they strike then the terrorist threat is at high or at low? Somehow I think there will be the green ever "go out and enjoy your life".
Off topic but hopefully helpful.
Just for those who have not discovered a good way to post long urls in post here is TinyUrl
I do not work for TinyUrl, just think it helps post look neater and organized.
@ben: The current level is "Severe" meaning "an attack is highly likely". The next (and also the highest) level is "Critical" meaning "an attack is expected imminently". If it gets that far, you might want to avoid crowded places like supermarkets.
So if you want to fill up your stock in a panic, the right moment would be now...
Bac, tinyurl is not for the paranoid. It is not readily apparent where you'll end up when clicking the link and the target may not be 'work safe'. That said I use it quite a bit and they have a preview feature on thier site.
so use http://preview.tinyurl.com/ , or add the 'preview.' before any tinyurls you come across. At the least, you can preview the actual link. Your NSFW comment applies to *any* link - do you trust the word of someone random on a public message board about whether their long link is SFW?
Maybe they should use color codes instead. :)
Anyone who actually believes in the MI5 threat level probably deserves whatever they get in terms of spoof email alerts.
The Home Secretary, John Reid, stated in December that an attempted terrorist attack in the UK over Christmas was "highly likely": http://www.google.com/search?...
Since there wasn't one, I think Bayes' Theorem tells us that it is "highly likely" that Reid, and hence also MI5, either don't know what they're talking about, or else were lying.
All those terror alert levels etc. remind me of a mother trying to get her child to bed/school/etc.
"Johnny, I will count to 3 now, and then you'll do it !
One...... Two .... Two and a half .... 2,75 .... "
Basically everyone wants to raise the alert level so when something happens they could say "I told you", but since raising it to maximum too often is not a good idea, it kind of fluctuates somewhere near the top.
I wonder when new levels are invented .... like "Very Critical", "Extremely Critical", "Critical, and I do mean it ! "....
Do they increase the terror alert level before the director makes a speech?
I can see how that might be useful.
Everything else, bleh.
surely a vista machine running nsa code can stop an mi5-spoof email. coming soon to your box: spy versus spy!
If I get an email, what should I do?
Pointless wolf crying.
There's got to be some sort of math formula here...
It would have to include something about stupidity approaching infinity and multiplied by FUD equals waste times hysteria, so that hysteria becomes infinite given a limit on waste. I need to spend some time working this out - the proof alone could be great.
Many office workers in NYC were hysterical about the stink the other day. People are no longer just afraid of being blown up - they're now afraid of being "stunk to death." This is how far it's come: a sad state of affairs indeed.
Presumably, when the 'Terrist' color code went to red, the system would flood the internet with identical messages bound for all IP address in the UK.
Hopefully, antispam software would intercept all of these and scram the spam.
Still, it would cause a general DoS, would it not?
Why on earth *email*? What's wrong with RSS, apart from the fact it's already been done by someone else?
"...not necessarily that much information on the website about how you should act and how you should respond..."
Therein lies the real issue. MI5 should be trying to answer the "difficult question" of what to do with information about threats, and resist the easy path of spreading FUD.
While this may well be security theatre from the perspective of "being seen to be doing something", it does give MI5 a database of the email addresses of the folk who are most paranoid about terror alerts. I have no idea how useful such a thing might be, but..
If I was a terrorist, I'd subscribe to that list.
MI5 e-mail alert signup shambles - all email subscription web forms sent to the USA, without encryption
"Astonishingly, MI5, the Security Service, part of whose remit is supposed to be giving protection advice against electronic attacks over the internet, is sending all our personal details (forename, surname and email address) unencrypted to commercial third party e-mail marketing and tracking companies which are physically and legally in the jurisdiction of the United States of America, and is even not bothering to make use of the SSL / TLS encrypted web forms and processing scripts which are already available to them."
MY NAME IS SARAH , I EXPORT TRUCKS ALL OVER THE WORLD,, i do get alot of those check from nigeria you all now that scam, i just throw them away
but today, i got a large check ,, and
it came from london the directions said to wire this money to a forien group in san fransisco, which is not typcle, money
scam, makes me wonder if this foriegn group in san fransisco is planing something, i'm going to turn the info to FBI WHAT DO YOU THINK,, I THINK SOMETHINGS UPP
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.