Schneier on Security
A blog covering security and security technology.
« 1941 Pencil-and-Paper Cipher |
| Friday Squid Blogging: Cooking a Humboldt Squid »
November 28, 2008
Terrorism Survival Bundle for Windows Mobile
Seems not to be a joke.
Posted on November 28, 2008 at 11:39 AM
• 42 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Of course, the only people who need to worry about Terrorism are Americans, hence the ample amount of Eagles, red stripes and solid blue in the graphics of the subject program.
It may have been intended not to be a joke... ;)
Of course, this program opens up all sorts of possibilities.
Suppose that I distribute a fake version of this program. People with Windows Mobile phones probably do not check checksums, so this should be rather simple. Then the next terrorist attack, I can pass "instructions" to all the people on scene.
"Attention citizens: an inside source has informed us that the terrorists who have perpetrated this act are pretending to be Americans. Shoot any American looking person on site!"
You can tell it's not a joke because it's clearly advertised as having a "full-color cover page."
No one would put that kind of effort into a joke.
No problem, it alerts users when there's a real threat with the Blue Screen of Death! :)
Available in the following countries / regions
Thailand, Lebanon, Lesotho, Ethiopia, Turkmenistan, Singapore, Armenia, Colombia, Cyprus, Nepal, Namibia, Russia, Korea, Kenya, Romania, Puerto Rico, Botswana, Belgium, Malta, Nigeria, Saudi Arabia, Yemen, Turkey, Bahrain, Morocco, Poland, Qatar, Azerbaijan, Slovak Republic, Egypt, Mexico, Czech Republic, Portugal, Georgia, Tunisia, Pakistan, India, Uruguay, Finland, Eritrea, Angola, Kazakhstan, Kyrgyzstan, Chile, Hungary, Indonesia, Latvia, Swaziland, United Arab Emirates, Bolivia, Hong Kong SAR, Brazil, Zambia, Malaysia, Germany, Syria, Sweden, Peru, Ireland, Seychelles, Israel, Estonia, Australia, Madagascar, Comoros, Mozambique, Spain, Tanzania, Reunion, Croatia, Malawi, United Kingdom, Paraguay, Zimbabwe, Switzerland, Rwanda, Somalia, China, Argentina, Italy, France, Greece, Uzbekistan, Taiwan, Netherlands, Jordan, Costa Rica, Lithuania, Denmark, Norway, Belarus, Mauritius, Luxembourg, Philippines, New Zealand, Ecuador, Japan, United States, Canada, Liechtenstein, Venezuela, Algeria, New Caledonia, Bangladesh, Iceland, Austria, South Africa, Kuwait, Ukraine, Oman, Slovenija
I wonder if anyone in Mumbai a/ had the program and b/ found it of any use?
Your are being shot at by somebody with an automatic weapon... do you a/ run or b/ die or c/ whip out you windows mobile for advice?
I think such an application could be really useful without the anti-terror stuff, but providing first aid instructions, checklists for common incidents (earthquake, fire, car accident, getting lost in the desert, ..) and "emergency" phone numbers (hospitals, locksmiths ...) and translations of "Hello", "Help", "I only speak English" in numerous languages.
"Available in the following countries / regions"
Listed according to the vendor's new, high-security, anti-terrorist, patent-pending "encrypt first, sort second" algorithm...
Bruce, having spent several months combing the best sources in the world at the time (2003) to compile it, I can assure you this was NO JOKE.
I need to have the company retailing it to pull it now because it was not worth it financially for me to maintain it.
However, I can assure you that a lot of respected authorities believed in it at the time and believed, as I still do, that DHS should have bought the program from me, maintained it and distributed it FREE to all smartphone users. Hopefully the Obama Administration will have a better understanding of the power of mobile smart devices!
@W David Stephenson
Well, you'd have done something far more useful writing a program giving people useful information if they get terminal cancer, or involved in a fatal road accident (perhaps not a lot of use there) or get mugged or shot or murdered by a street criminal or one of the many many far more likely ways their life might be adversely affected.
Writing a stupid application like this is fearmongering, plain and simple, and in my view you are as contemptible as the terrorists themselves by seeking to profit from their actions. Or perhaps even more contemptible, frankly. Pity it didn't bankrupt you.
But does it have "the words DON'T PANIC inscribed in large friendly letters on the cover"?
@W David Stephenson
I'm glad DHS didn't buy it from you. And not just because of what Nobby Nuts said (he is completely right though.) The entire DHS is a waste of time, space and money. Adding a fearmongering application like this would give them even more waste to spend money on.
While I share your opinion of the application, I think you're being unreasonably hard on Stephenson. Our society rewards those who spot new legal opportunities for making money. He saw an opportunity in all the nonsense surrounding Homeland Security. He responded to the incentive inherent in that opportunity.
Is he really any worse than somebody who spends his working life devising cigarette ads, for example?
I hope that the Obama Administration disappoints him, though.
In a sense, yes he is worse than the cigarette advertiser. Everyone knows (for some values of "everyone") that cigs are bad for you, but they are still legal products that society in general has decided are acceptable to sell. Having said that though, in many countries you can't advertise them. Cig ads don't try to tell you that cigs are healthy any more, either.
This program is just plain capitalising on peoples' fear. I can imaging the little muppet rubbing his hands together as the planes went into the towers thinking hmmm, here's a good opportunity to make some cash. It's disgusting.
What's more, the contents are useless anyway. What's the point of knowing where the state Red Cross head office is. If the disaster isn't that bad, you'll be able to find out through the normal channels. If it's so big the normal channels no longer exist, then they'll be so overwhelmed they'll not be able to help you anyway.
How would any of the information in the program have helped one single single victim *or* survivor of the 9/11 attacks? "Gee, a plane's gone into the tower below me, better ring my nearest DHS office." Yeah right.
Thankfully, society doesn't always reward those who spot new legal opportunities, or the pillock wouldn't be being forced to pull the software. Pity it didn't bankrupt him. And I too hope to hell your new president disappoints him too.
This is probably the most hilarious product of the categories "protect your family" and "take your cat everywhere" ( http://dbhs.wvusd.k12.ca.us/webdocs/Humor/... ) That I've seen in months.
But wait, after reading the suggestions we should all monitor twitter messages sent from everywhere in order to know when to hide under the table is maybe better.
http://stephensonstrategies.com/ -> the website seems to be an involuntary joke just like the software.
I'm reminded of the movie Demolition Man, where the police force is so untrained and dependent on automation, they need to consult an "automated assistant" in order to seek advice in arresting a violent suspect:
Officer (to automated assistant): "Maniac is imminent. Request advice."
Automated assistant: "With a firm voice, demand maniac lie down with hands behind back."
Officer (to Pheonix): "Simon Pheonix! Lie down with your hands behind your back!"
Pheonix: "What's this? Six of you. Such nice, tidy uniforms. Oh, I'm so scared. You guys don't have any sarcasm anymore?"
Officer (to automated assistant): "Maniac responded scornfully."
Automated assistant: "Approach and repeat ultimatum in an even firmer tone of voice. Add the words, 'or else.'"
Officer (to Phoenix): "Lie down on the ground... or else!"
ICE, or In Case of Emergency solution at http://ICEcare.net is worthy of more attention.
It helps you be prepared for all emergencies. Their approach is to help you protect yourself by retaining your valuable information on hand (on mobile) and they do an excellent job at it.
This ICE solution is *NOT* about adding an entry in your phone book. In an emergency, every second counts. It provides your provided critical details that can save your life, along with First Aid, Disaster Recovery and more!
Available for most mobile platforms, Windows Mobile included, and is free! They sell to those who sponsor their community, like corporates, but is free for all end-users. Now, there is no reason to not be prepared while retaining your cool technology with you.
Yes indeed, that's worthwhile so long as it has enough penetration that ambulance staff or whatever know to look for it.
Diametrically opposite to the original fearware, though.
However they're still selling it under a banner that shows a pic of what was I guess the collapsing WTC buildings. I can't see how it would have helped most of the victims there, and on that basis it's still being sold under the fear banner. It would have been better, at least morally, if the banner showed something that was far more likely to happen, and where the software would likely be more use, for example a car crash. Nothing sells better than the minuscule chance you're caught up in a terrorist plot, eh?
@ Charles Tipton
I just love the fear-mongering tagline for your "ICE" product (from the sign-up button): "Tomorrow may be too late!"
Your product _may_ have positive utility (but privacy concerns need to be investigated), however, your marketing tactics are terrible.
Seems to me the only thing the customers of this really need is Valium....
Seriously, if this skewing of perspective continues, we are all in real trouble. I find it quite fascinating how terrorism works, despite its mechanism being well-known and understood. Apparently, education is overrated and people revert to animal instinct whenever rationality would be really helpful...
You guys are absolute jerks. This is a serious program, which gives people the basic information that they need in a terrorist attack literally in the palm of their hand, and in an easily searcheable form (if you wanted to have the same level of information you would otherwise have to carry about 300 pages of brochures, etc., while this allows you to drill down from 6 top-level subject areas to very detailed information from the best sources in the world, including the UK and Israel) --- guess what: you may not have any access to communication if all carriers are down, and you'd be damned appreciative if you had it. Bruce, as when I locked horns with you over the "Adult Swim" incident in Boston, I think you should really grow up if you are serious about security. There is a lot that can be done to significantly reduce risk in a terror attack, and your snide attitude simply doesn't help at all. Believe me, I've got lots of gripes with DHS, but a total dismissal of reasonable preparation is about as dumb as the shortcomings you point out.
I want to temper the prior comment: I have great admiration for your cybersecurity work, Bruce. It's when you venture beyond that area that I think you should be a little less snide and open to the reality that not everything connected with domestic response to terror is cause for sarcasm.
Nobby Nuts- you're a freakshow and need to calm down. I don't see how this product is fearmongering or causes undue worry. The write up for it is a bit dramatic, but no less so than your standard tv ad for insurance. The information may not be as useful for an on the spot resource, but it's a nice compilation of resources and serves as a solid start for preparing yourself for unknown events.
@W. David Stephenson
"There is a lot that can be done to significantly reduce risk in a terror attack, "
How much lower than 'just about 0' can it go?
India has a road-toll of 100,000 per year ( http://www.abc.net.au/news/stories/2008/08/27/... ). The recent terror-attacks could be a daily event and still be less deadly.
Worrying about terrorism is dumb. The added stress is more likely to kill you.
@Charles Tipton. You shouldn't register an ICE number with any 3rd party. It's simply a matter of creating ICE numbers (you should actually do several family members/friends) yourself on your cell -- and, crucially, making sure 1st-responders in your community know to check your cell for ICE numbers. I talk about it in this video: http://tinyurl.com/32788j
"Apparently, education is overrated and people revert to animal instinct whenever rationality would be really helpful..."
No not realy, it's a lot more complicated than that.
Part of it is to do with physiology, part to do with personality types, experiance, training, education and quite a bit to do with the behaviour of adjacent others.
Then there is the type of incident and how fast it develops and how long it lasts for.
In the worst cases people supposedly just "die of shock". Although this tends to actualy be caused by the over reaction of the autonomic nervous system responses, an example being the effects of the Vagus (wandering) nerve.
One well known but fairly rare example (ie >.1% of people) is a heart attack from cold shock (usually in sudden immersion in cold water) which stimulates nerves in the skin that disrupt the heart rythum.
In other cases you get people being compleatly overwhelmed and freezing up or even fainting although this again is actually quite rare (and yes there is an animal analoge look up "fainting goats", "moon rats" and one or two other creatures),
Then you have the "I'll follow them" response in that somebody (any body) doing something will cause others to follow them.
Eventually you get around to "disaster shock" post an initial event such as a flood etc, where people are incapable of simple actions and need to be led by the hand.
Asside from the physiological it is the lack of experiance and "known knowledge" that can cause people to get themselves into worse trouble.
The solution has been, currently is and likley to remain so is trainning. It is like learning to drive or ride a push bike etc, which is why the armed forces have drills.
The important thing to remember is that "knowledge at your finger tips" is not "known knowledge" and is in most cases not a lot of use to people other than secondary responders.
That is if you are facing a sudden natural event such as the sea suddenly ebbing from a beach, a mud slide or flash flood do you have time to get out your PDA and look it up? No. You either know to head for high ground and the route to take or you don't.
How about when the ground starts to shake when you are in a building do you have time to look up on your PDA where the likley strong points are in a room etc? No, that's what earthquake training is for, likewise with fires etc.
How about if you are first on the scene of a motorbike accident do you have time to look up what to do about blood pumping out of the victims groin etc due to a ruptured, torn or severed major blood vessel? No, that's what a first aid course teaches you.
The collection of knowledge in a PDA is like any other, if the books are in a box in the garage and not open on your desk you are not learning from them.
To be of use you need to read through the information repeatedly (ie drill it in) untill it becomes "known knowledge".
Uneless people with the various PDA / Book / Guides take the time to pick them up and get the knowledge in their heads as "known knowledge" then they have bought a comfort not safety blanket.
And who in the modern rat race has time to read something they may never need (except out of interest)?
I am actually in the process of writing a half-serious "expatriate survival guide" for "westerners" (local slang: khwaja*) operating in Saudi Arabia. It will probably borrow its style from the Hitchhiker's Guide. "DON'T PANIC" will be on the cover page.
If you ask me, the best survival kit consists of situational awareness, planning, and a pistol. It is important that you practice regularly with your pistol of choice. If a pistol (1911 FTW!) is not available, a good folding knife from SOG, Kershaw, or Gerber will do. It can't hurt to have a little first aid kit with some quikclot and compression bandages, either.
(I usually have an SOG Trident clipped in my right pocket 'round these parts)
*Khwaja is a persian word for 'leader', the local arabs do not know this, though.
Thanks for the fresh air....
Fire drills would have helped in 9/11. Not PDAs.
Having been at the scene of several fatal motor accidents i can tell you first hand that a freaking pda is zero help. The movies simply don't convey nor prepare you for the shock when you see it for real.
I kept my head... but it required concentration and we could make precious little difference anyway (except securing the scene).
If people want to save lives, road toll is where its at. And don't tell me they are less violent etc that a terror attack.....
@W. David Stephenson
Sorry but your program is close to useless, just because you can't see that does change a thing.
@W. David Stephenson
"..that a lot of respected authorities believed in it.. "
Q. Spot the logical fallacy?
A. 'appeal to authority', often found in snake oil literature.
You might have heard of a guy called Rick Rescorla. He spent ten years making himself a pain in the ass by running quarterly fire drills and throwing everyone out the building from the chairman on down. You can imagine what his co-workers thought of him. Come 9/11, he evacuated almost three thousand people from Morgan Stanley's offices. Only six people died, he being one of them. I wonder what he had on his PDA.
"You might have heard of a guy called Rick Rescorla"
No I haven't, which is a shame.
I would not wish to call him a hero as the word has lost it's meaning these days, and would be almost insulting.
It sounds like he did an important job without fear or favour and because of that 3000 familes have a debt of gratitude that cannot be repaid.
I hope they all when next hearing some one complain "what a pain" a fire drill or first aid or health and safety lecture is, quietly take the complainer aside and tell them why they have cause to remember Mr Rescorla.
@Calum: Yes, I saw that in a 9/11 documentary once and tip my hat to him. I wish fire drills (actually evacuation drills) were mandatory in the US. At the very least, whenever there is a false alarm go ahead and exhibit whatever behavior you plan to during the real thing (ie get coat, car keys, walk to exit, meet at prearranged location). Because in an emergency you will automatically do what you trained to do. If you have not trained, you will probably waste a lot of time.
There are things which could be done that would substantially increase survivability of ANY incident without costing much at all. For example, when they rebuilt the pentagon after 9/11, they put little arrows on the baseboard moulding pointing in the direction of the nearest exit (reminiscent of the arrows on Autobahn 100m markers showing the direction of the closest emergency phone). That way, if you are crawling on the floor trying to avoid the choking black smoke above you, you don't waste what might be your last seconds crawling up a blind alley.
@W. David Stephenson
"and, crucially, making sure 1st-responders in your community know to check your cell for ICE numbers"
Just think about it for a minute - any plan that involves a line like this is bound to fail.
- Why not tell them to look at the text-file I saved on my desktop?
- Why not look into my wallet for a card with this information?
There are so many methods where and how people store this information that 1st-responders will never delay action to search all possible places, they will look for the obvious and otherwise start saving lifes.
Plans that include "it has to be universally adopted" are bound to fail. There even is a meme around that.
I can't pass judgment on the value of this guide, not having read it. But why people are trashing this concept is a mystery to me. It might work; it might not, but it sure seems like a reasonable idea in theory.
> I just love the fear-mongering tagline for your "ICE" product (from the sign-up button): "Tomorrow may be too late!"
'Fear mongering', eh? It always will be, until the day its not. May you always be one of the lucky ones.
I'm not familiar with the product but some of the critiques seem way over the top, starting with the comparison to terrorists, which is simply dumb. Once you compare a person to a terrorist, where do you go from there? I guess you can always depend on Hitler.
You can dislike the product but the hyperbole is a little...hyperbolous?
FIRST - I don't think Schneier is making fun of this encyclopedic PDA application, rather he might be absent mindedly noting useful stuff in light of events in Bombay/Mumbai
SECOND - the address book "In Case of Emergency" (ICE) concept seems to have government sanction ... http://www.ready.gov/america/npm07/... ... scroll down to "Nebraska 2007 National Preparedness Month Activities - Lincoln, NE"
THIRD - regardless of the disaster (ice storm, hurricane, earthquake, terror nuke) - a rule of thumb is that you are ON YOUR OWN FOR 72-HOURS - get ready now rather than later
"The recent terror-attacks could be a daily event and still be less deadly."
And...you would accept this? Would agree that at this point, such a tool might approach seriousness?
At the risk of dignifying you with a response, its net utility is >=0. Being that this at least is a free country where the cops don't make you do fire drills (employers are another story), and you can decide for yourself how to spend your money.
Granted I would never pay for the software - and anyway I use Palm - I would d/l such a thing to try it.
Meanwhile it is hard to see how anyone is harming you to the extent that your vitriol is justified. Stay on the Valium and keep the Topamax handy.
"Nobby Nuts" already got banned from commenting on this topic, after carrying it into another thread. No point in piling on further.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.