Schneier on Security

Sounds more like a clever "Denial Of Service" attack.

Another Sweden-related security story takes place tomorrow, as Obama lands in Copenhagen, Denmark (to be there to promote Chicago Olympics).

The Danish Police has decided that the bridge connecting to Copenhagen from Sweden has to be closed as this happens, closing the bridge for motor AND train traffic an hour of the morning (7 until 8 AM). There are approximately 18000 people commuting over this bridge every day, so the impact is in thousands of workers inconvenienced.

This bridge meets land on the Danish side on the same peninsula holding Copenhagen Airport, of course.

Now, I guess americans are happy that the danish police cares for Obama (as am I), but sometimes it baffles how light some society concerns weigh, and why would you ever close the commuter trains, if a President is passing Airport to City on the motorway?

(Commuter numbers: http://www.norden.org/en/news-and-events/news/... )

You might ask why strangers are able to place packages marked "bomb" so near the hangar. After all, these robbers had real explosives too, and they could just as well use a real bomb and get a much larger delay by actually killing some aircrew.

Other WTFs include:
* why did it take over 6 hours to neutralise the bogus bomb?
* the local cops arrived on the scene well before the crooks made their getaway, but were ordered not to interfere with the crime in progress; for 10 minutes they just watched while the crooks went about their business.
* it took 14 minutes after the getaway -- 30 minutes after it was known that the crooks had a helicopter -- before the police even thought to ask the police helicopters to take off (and then found that they couldn't.) Even assuming the police helicopters could have taken off instantly, in that time the Jet Ranger could cover 53 km
* why did the special assault group take an hour and a half inside the building to determine that no-one was hurt?
* after discovering that there were still live bombs present in the cash depot, police immediately cordoned off the area -- but took another hour and 5 minutes to remove the staff from the danger area, a total of 3 hours since they had been secured by the assault group.

Roger: For the simple reason that police and everyone else is good at doing the things they do a lot, and when something unusual happen, it becomes a spectacular mess.

Nobody is really good at dealing with the unusual.

The police helecopters were stored in a tent in a rather remote location. The lack of proper security stems both from bugetary concerns and also because the helipad is at a temporary location. In fact it has been at a temporary location for years because of noby-ism. Wery swedish...

Btw, there were figther jets cruising nearby and they offered to follow the helcopter. Because of rivalry between the police and the airforce, the offer was turned down.

@Roger

So I guess now we have to spend extra resources on these Mickey Mouse events?

@ Bjorn,

"Btw, there were figther jets cruising nearby and they offered to follow the helcopter. Because of rivalry between the police and the airforce, the offer was turned down."

Hmm it sounds like the script to a rework of the Keystone Cops for Police Acadamy 501...

Seriously though the way the Police come across you would think the robbers where cops as well...

As my father once commented "there's no accounting for human behaviour at the best of times"

Another interesting aspect is that the plans for the cash depot were not classified but available for anyone who asked for them (those who run the cash depot had apparently not asked for the plans to be classified).

"Btw, there were figther jets cruising nearby and they offered to follow the helcopter. Because of rivalry between the police and the airforce, the offer was turned down."

Actually, use of military force in law enforcement matters in Sweden is illegal if it not cleared very well beforehand.

http://en.wikipedia.org/wiki/... - Ådalen 1931 is why.

Sorry, but concerning the police big distraction tactic, I think Bruce Willis (Die Hard with a Vengeance, 1995, though actually written by Jonathan Hensleigh) got there before Bruce Schneier (Beyond Fear, 2003).

Best regards

Actually it's not even a very new thing in Sweden (or Denmark for that matter).

As described in this article http://www.dn.se/nyheter/sverige/... robbers used 5 fake bombs (2 outside police stations) and burned cars etc to create massive distractions.

Ditto tactics in 2005 by presumably another crew (FFL then, Serbian ex commandos now according to the current news/speculation). Note that the police still don't seem to do a lot of physical securing of themselves whilst criminals happily share knowledge and improve, a bit frustrating.

Also the reason regular police waited outside is because it's generally thought a bad idea sending lightly armed police untrained in SWAT-tactics into an unknown building where heavily armed gunmen reside. Better let them get away than have a shootout amongst civilians? Sensible I'd say.

The JAS fighters could have followed the helicopter on radar; that was the assistance considered.

Hopefully the general principle that military radars can be used for tracking (as opposed to intervening) in ongoing crimes will become engrained in the minds of police commanders and such things will be sought rather than turned down next time.

It wouldn't even take a package with Acme bomb written on the side. A bomb threat called in could create as much havoc especially with air space.

In the mid 90s a bomb threat was called into a regional ATC on Long Island and shut down JFK, La Guardia and Newark airports.

additional:

Should threats be credible before we react?

Actually the robbers were former militaries from Montenegro and Serbia. They serviced in the JSO (Joint Special Operations) until they got disbanded when Milosevic lost power. After their break up some of the members formed a criminal organization instead which has caused massive problems in the Balkan region the past years, and now also in Sweden.

But there is another criminal group from the same region that has performed much more spectacular robberies, and several of them:

http://en.wikipedia.org/wiki/Pink_Panthers

from the article:

"their crimes being thought of as *artistry* even by criminologists"

"I wrote about this exact thing..."

...seems to happen a lot. Clearly they're all reading your columns :)

The real WTF is that the swedish police were even warned about the attack ahead of time by the Serbian police.

http://www.stockholmnews.com/more.aspx?NID=4044

There was a similar case in Seattle last year. A robber who was about to rob a money truck, placed a job ad in craigslist asking people to show up dressed in the same dress and wearing ski masks. He was also dressed in the same manner. He robbed the truck and escaped in an inner tube down the river. The police was confused when they arrived, and saw so many people wearing masks.

@feroze
"escaped in an inner tube down the river"

Best getaway ever.

While I think it sucks that someone got away with a bank robbery... the use of the package labeled 'bomb' was awesome.

@feroze

That was my all-time favorite robbery. The crooks in the current one were clever, but could have pushed this ploy further with a bit of clever psyops. Here's how I would have done it.

1) Find the local snitches. Usually easy. Spread word about a notorious criminal group moving in for a big heist. Misdirect with a false target (e.g. jewelry). A calling card or symbol should be used: "they were once jokingly called grapevine gang cuz they always left pictures of grapevines at the scene"

Optional: Commit obvious recon and heist-related planning on various jewelry stores. Pay one thug well to get caught and spill his beans. "they paid me to get info. dozens of us actually. i just receive a call, and do the drops and pickups then." he knows nothing traceable. this creats awareness and shores up defense in wrong places.

2) Cops stumble upon bomb making equipment or witness a test run. They are made to believe the group used bombs many times, and in the test bomb they find tamper-resistance and x-ray detector. Rumor has it production bombs are much more sophisticated.

3) Robbery occurs. Next to police helicopters, vans, and various entrances are metal suitcases w/ "bomb" and pics of grapevines on them. Wired to entrances and vehicles. Anonymous letter mentions tamper-resistance, but not details, and that wires act as motion sensors. Safe distance of 5 ft.

4) Denial of service attack will probably last well. The police will be VERY careful at defusing, as countermeasures may be in place. This could actually trap police cars, swat vans, etc. in a parking lot while keeping them out of a bank. A heist and escape would be so easy.

Note: I've left out some details so as not to cause any unnecessary harm. This is just a 2 min brainstorming session: it's not secondary education for crooks. ;)

Just wait until they start using talcum powder!

"... use of the package labeled 'bomb' was awesome."

Yep. Shame they didn't have a couple of wires hanging out of the package, and/or a visible LED counter counting down ... or up (since there's no obvious way to figure out when the trigger is ... although that's the same for counting dwn since it's only movie convention that has the BOOM occur when the counter gets to zero)

Bruce, where should we send your percentage of the proceeds?

Since we are telling war stories, here's my fave.

I used to live in the DC area and had to commute in, even a couple decades ago it could take half an hour to go 6 blocks in Arlington, even after they switched all the roads to one way in for the morning, and out at night.

An obviously clever robber went into the manhole that carried the phone line trunks with a chainsaw and cut them. The result was that all stoplights stopped working (single point of failure) and all the wired alarms everywhere reported failure at once.

Cops didn't know what to do, so tried valiantly to direct traffic, as they had no clue something real was going on.

The thief, dressed as a clown, then got on his bicycle, and robbed 4 banks in quick succession.
He (assumed male, but who knows?) then rode off and tossed all his goodies and bike across a tall fence, rode it down the hill to the unclogged GW parkway, and got away clean in a car he'd put there, cops watching the whole time -- they couldn't scale the fence, and 90% of them were stuck in the traffic anyway, and too fat to run.

True story I heard they didn't want repeated. This would still work in a lot of places. Perhaps the pervasive cel phone network would help the responders, but I wonder.

@Roger: are you thinking of "The Bank Job"? The old conspiracy-vs-incompetence comparison applies... although it would surely be possible to hide real conspiracy behind that too :)

I wonder if the robbers had written 'Acme' on the opposite side to 'Bomb'!

The two main reason the police didnt engage the robbers was that they dont have the firepower to engage people with automatic rifles and the helicopter was also in the air and could have crashlanded on the residential builings in the area if it where to be shot down.

I would have to point to the results (all perps apprehended, no one killed in the process) as proof of the fact that the technique they used (stand there and wave bye-bye then find them after they land) was successful.

But as an American, the real failure I see here is the police used existing tools and procedures to solve the event quickly. They should have used something that generated this much free publicity as an excuse to hire more staff, buy more machinery, curtail civil rights and increase their budgets.

After all - "Waste not, get your budget cut next year".

"Fucking-A right, it worked. That's what I'm saying. Knucklehead walks into a bank with a telephone! Not a pistol, not a shotgun, but a fucking phone. Cleans the place out, doesn't even lift a fucking finger."

The package with the word "Bomb" is a classic. I mean how stupid can you get? I don't think this can be topped.

@ Gweihir

It would be hard to top, but I think the Craigslist guy's scheme and intertube escape is still freakin hilarious. Just imagine how you would feel evading the law on an intertube. And how everyone you told would shake their head in disbelief. I'm having a hard time picking a favorite between the two.

Yeah, the craigslist powered heist was hilarious. Oh, and they did catch the thief. The only reason they caught him was that he was spending too much of the money too quickly and attracted attention. So, he wasnt as clever as the scheme he hatched up.

All it takes to follow a helicopter is a call to nearby Air Traffic Control facility.

They have radars, and it's kind of hard to hide a helicopter from a radar.

It's not "dealing with unusual" which got the police, it's plain old incompetence. Which is, pretty much, synonymous with "government".

@john campbell
When I submitted this to Bruce I used the subject line "Suspicious bag Denial of Helicopter Attack".

Nice followup, all.