Schneier on Security
A blog covering security and security technology.
« Popular Usernames and Passwords |
| Automatic Document Declassification »
September 16, 2010
DHS Still Worried About Terrorists Using Internet Surveillance
Profound analysis from the Department of Homeland Security:
Detailed video obtained through live Web-based camera feeds combined with street-level and direct overhead imagery views from Internet imagery sites allow terrorists to conduct remote surveillance of multiple potential targets without exposing themselves to detection.
Remember, anyone who searches for anything on the Internet may be a terrorist. Report him immediately.
Posted on September 16, 2010 at 6:34 AM
• 58 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Why stop with internet cameras? If we got rid of boats, planes, trains, cars, trucks and roads then the terrorists will not be able to use these for terrorism--they would have to walk or swim everywhere they wanted to go. Problem solved!
@Alan: Statistics bear out that the vast majority of terrorists carry out attacks outside of their own home. All travel must be banned.
You guys just aren't thinking boldly enough. We just deport everybody. If you are crazy enough to refuse being deported for you own safety then you asked for it.
Terrorists can walk down your "virtual street" and thus virtualy terrorise you..
But how do you know to be terrorised?
Step up to the plate DHS, ever ready to make you feel like a virtual target.
Yes, report him when he does searches on the internet.
Then the terrorists start to use women to do their web searches, and we all know they don't know enough about computers to search effectively, and DHS can claim a safe internet! (followed by a sexual discrimination lawsuit...)
I'm going to cut against the grain here and ask: what's so wrong about this?
Looking at the report, the DHS doesn't seem to be calling for any sort of restriction on Internet video, etc. They're just recommending that security personnel be aware of the issue and take actions to minimize the threat. That seems ... sensible.
The only annoying thing about the report is the use of the word "terrorists," which really should be "adversaries" or something.
I'm on your side against security theater, and I think the DHS is riddled with stupidity, but you hardly help our case when ridicule things that don't deserve it.
Well besides the fact that someone is leaking dhs fouo material regular to this site this advisory does give some guidance to local security people on physical asset protection.
— be aware of camera coverage and ensure that protective measures are not predictable.
— self-analysis local facilities and transportation routes from an adversary’s perspective by periodically reviewing Internet imagery sites to identify possible vulnerabilities visible to outside parties.
— Screen static security measures from line-of-sight or overhead view
— Place additional security measures outside of webcam or street-level view.
— Vary the schedule and placement of security personnel.
— Establish mobile checkpoints to supplement static sites.
Sensible precautions to my mind. But while saying it seems lame or a no-brainer to us?
The audience who's targeted by this advisory haven't even thought about it.
This does two things I think.
First it puts an official stamp on something facilities should be doing already.
I knew of a site where the pbx was kept in an unlocked room. Well unlocked cause there WAS NO lock. I kept after them because it was only 2.5 million dollars of equipment and was told lock tomorrow, lock the next day, never lock today. THEN they were getting an inspection from the IG and I told them that they'd find out about the unlockable door. "How?" Easy I said, I'd tell the IG. Since it was clearly stated in their physical security directive that phone closets were to be locked; they'd be written up, embarrassed, made to look inadequate.
Then, finally, the CSO said okay do it. 20 bucks for a lock, 15 minutes for the building engineer to install and done. But it would never had happened if it hadn't been an authoritative 'requirement'. My risk assessment wasn't good enough. Without a stated requirement they didn't see the need. And without a test by an independent authority they'd've gone on ignoring the requirement.
Second. By putting it in the context of an alert it allows LEOs (them that are still playing by the constitution) to use it as part of their warrant process. "terrorist are known to use Google Earth so we want to search and seize Google IP records, ISP records, and suspects computers".
You've all missed the point. It's very subtle but it's there.
US law enforcement agencies can (and perhaps are being encouraged to by this analysis) terrorize the citizenry, with constant monitoring as one of their tools.
DHS is teh terrists.
"Bearded suspect was seen in Internet cafe using Google Earth/streetview and county land records database. Overheard using the phrases 'Allah-T be pleased' and 'for closure'. Closer investigation clearly needed."
MORAL: Bruce better not order a latte and try to snap up some foreclosure properties in MY town!!
I searched the Internet for how to report someone searching the internet. That way I can at least pose as an informant. :)
Replace "terrorist" with "operative", and that might well be a "how-to" paragraph from the DHS field manual...
Actually organizations should be made aware that webcam or surveillance cameras that are accessible via a network can give information to those who would use it in an adversarial manner.
For example, I think it was in Jonny Long's book No Tech Hacking that he mentions a webcam that scanned a room and in its path was a computer monitor which had the userid and password on a postit note in plain view when the webcam scanned it.
I think too often an organization collects information or sets up a system to collect information and does not realize that others may have access to it or use it in unexpected ways.
The webcams are just one example of this.
Or course the "terrorists" label is hyperbole, but what else are we to expect from our fear-mongering bureaucracy.
Hey, Bruce, here's an idea--instead of being sarcastic about news blurb or piece of "profound analysis," maybe propose coherent and plausible solutions. What a thought!
I started reading this blog for cryto information, but eventually I saw an arrogant trend. Given that you seem to be anti-small government, either accept the limitations of bureaucracy (usually institutionalized incompetence), or propose solutions that actually can be implemented.
You've become less a security expert in my eyes, and more a whining critic. Wah!
"Thank God we don't get all the government we pay for." -- Will Rogers (and others)
"Sleep well. Your government is awake." -- unknown
Call me a cynical, whining critic because I'm unable to see one single, positive thing to come out of DHS. That's your right as an American.
And it's my right to call you a diabetic, mall-walking Teabagger.
RE: Diabetic, mall-walking Teabagger.
Credit for that belongs to Bill Maher -- I lifted it from tomorrow's program.
I searched the internet therefore I exist. If I exist I must be a terrorist (Descartes).
When the silive.com site dropped the BridgeCam (which I occasionally liked to look at so that I was reminded why I enjoyed NO LONGER LIVING on Staten Island) I realized that it had to have been driven by DHS and paranoia (a _lot_ of such webcams have gone away, at least in the USA).
All right, so we're trying to limit the availability of information suitable for after-action (or damage) assessments to adversaries (foreign or domestic) but this very effort to deny information also denies *us* the idea that we live in a "free" country.
Maybe we need to have a website named "cool-targets-on-cam.com"...
As a number of people have pointed out, the PURPOSE of this release is perfectly reasonable - it helps underline issues which those responsible for securing assets may not be taking into consideration. While this all may seem redundant to those of us who think about these issues regularly, my respect for the intuitive connection capabilities of those with other concerns is not terribly high. Anything which can help them to perform their job should not be disparaged.
Sarif: It's not his job. Bruce and many others are whining because it is the DHS's job to do something sensible and instead they spend millions of dollars on stupid stuff that has no bearing on security.
The problem is not the size of DHS or its bureaucracy. Here's why:
I was speaking once with a security expert who actually works in a similar department. After I mentioned this blog, he dismissed it, saying "well, it's easy to criticize when you're on the outside, but when your job is on the line if something happens, it's a different story".
Really ? Wow, is this like quantum mechanics, the risk changes because you observe it from a different perspective ?
The real problem is that this field has no comparable measure of risk and even less people who could understand the difference between probability and risk.
So, even if probabilities are low, risk can be perceived as high (especially if your job is on the line) independently of cost.
It has nothing to do with the size of DHS or the rules it follows. The same can be said of the FDA or your local fire department.
In Bruce's defense, he has suggested solutions. But sarcasm IS by far the best, as it highlights the inconsistencies in the system, and fosters critical thinking, which is exactly what is needed. To remain effective, a security system has to constantly evolve and adapt. His sarcasm is the mechanism by which bad ideas have some chance of being rejected when that change takes place.
All of what you said is true, but none of it applies to the current post. Here, Bruce is sarcastically criticizing something that is actually completely reasonable. Furthermore, he's doing so by taking a quote out of context and implying that it suggests something that it clearly does not. That's, quite frankly, intellectually dishonest.
I have a great deal of respect for Bruce in general, but this sort of thing does not add to his credibility.
And, actually, sarcasm really is not the best way to criticize something. Believe me, my love of sarcasm is second to none, but it hardly fosters critical thinking. As evidence, see the vast numbers of people here taking Bruce's sarcasm at face value without looking at the source document.
@Sarif: Bruce has posted blog entries and comments stating that rather than spend money on this crap we should be pushing it straight into proper Police legwork. If the entirety of the DHS budget went straight to improving local law enforcement it would both be more effective at preventing terrorism and, as a side benefit, prevent "regular" crime.
"So, even if probabilities are low, risk can be perceived as high (especially if your job is on the line) independently of cost."
That's one of the problems. Conflating the risk of the actual threat with the personal risk of the repercussions.
The primary risk has not changed but by taking that job you have assumed a new SECONDARY risk that you are not comfortable with and will seek to mitigate as much as possible.
More budget to local law enforcement usually means more people harassed and jailed for victimless crimes. I can't support that; maybe it is better for the DHS to waste this money?
@Brandioch Conner: That's one of the problems. Conflating the risk of the actual threat with the personal risk of the repercussions. The primary risk has not changed but by taking that job you have assumed a new SECONDARY risk that you are not comfortable with and will seek to mitigate as much as possible.
I think you said it really well.
It's also why DHS and the TSA often make boneheaded decisions. All it takes is just one of the 769 million TSA screenings per year to ruin one's career and make them a pariah in their industry for life, for example. Similar with DHS checks. It's also a nasty side effect of unreasonable expectations from (often incompetent) management, as well as the moods and whims of the general public based on whatever the headlines happen to be at a given time.
I don't think the government does a good job, but I also wouldn't want to be in their shoes either.
The thing that's wrong with DHS is the same thing that's wrong with the vast majority of human beings---a total inability to grasp this:
Your opinion does NOT matter. MY opinion does not matter. NOBODY's opinion matters. You can have all the opinions and beliefs you want, but the ONLY thing that DOES matter---with regard to ANYTHING---is *THE FACTS*.
FACT: A bunch of scumbags who don't like open societies have declared war on your open society. Your odds of winning by making your own society less open are zilch, zip, nada.
DHS: If you people ever decide to quit screwing around with these pseudo-religious scumbags, drop by for some coffee and I'll explain how you can kill them all for dirt cheap and with no blowback. Probably best to come by with a nice, friendly attitude, though, comprende?
I think most would agree that an oppressive society limits communications, movement, and information. One nice this about the US is that we can move about with relatively few restrictions and explore and read. Outside of a few aberrations, such as the attempt to ban Ulysses, destroy NPR, or the attack on CBS news for exposes the Yellow Cake coverup, we pretty much have access to information.
OTOH, the terrorist histeria is allowing some progress in the effort to limit the ability of ordinary Americans to learn new things. For instance, I wanted my high school class to explore some bridges. One would require a boat ride underneath, with us taking pictures. We could then do calculations from the pictures to learn about civil engineering design. It turns out this is illegal. Where do I live, Syria? As a kid I never remember being told knowing some things were too dangerous. I was never told that my chemistry set at 12 was too dangerous or watching mice be dissecting was gross. It was knowledge, pure and simple.
We can't innovate if we are scared of anything that we do not completely control
@Hugh Jorgen at September 16, 2010 11:01 AM
Not necessarily true. If people are ignorant of the facts, it is perception that drives actions and the problems that follow.
There are a number of issues bubling through here.
Firstly, the use of "terorist" as a "rubber stamp" tactic by the DHS.
Secondly, the question of Big-v-Little Government.
Thirdly, value for money Government.
All are legitimate but all kind of miss the point,
History has shown us almost beyond doubt that trying to hold "plain view" information secret does more damage to society than it helps societies enemies.
The real issue is recognising the differences between public and private information.
All technologies are atleast dual use many are more.
A CCTV camera covering an exit/entrance is generaly a good idea, however the same camera also covering the keypad of an electronic lock is not a good idea.
You have to solutions, remove the camera (bad idea) or put a screen around the keypad (good idea).
In general I get the fealing that the DHS (amongst others) wants to go for the bad option each and every time. Why I have no idea, perhaps they do not know any better or perhaps they are scared that giving people a choice means that the DHS will somehow be implicated should something go wrong / happen.
What the DHS and we the public need to get a grip on is that a "criminal" will always use what is available to them no matter what. However what may minimaly aid a criminal may have significant benfits to society. And we need to make a choice the value to the criminal that might harm a few versa the "greater good" to society in general.
As Bruce has pointed out on a number of occasions we as "ground living primates" still try and climb trees when threatend, it's built into our genetics. The result is that we sometimes make incorrect judgments out of "unreasoned" thinking / fear.
We need to get beyond this rather than falling into group psychosis that gives rise to paranoia and eventualy a shutdown of the mental faculties leading into the sort of malaise and torpor that is seen after major or earth shattering events which we call "disaster shock".
And before somebody says stop being critical be proactive, I would say I am. I'm pointing out the great big hole in the road ahead, I can also offer sugestions of how to avoid it (safety style training). However it is up to the individual to make the choice about what training etc they think is best afterall I'm not walking in their shoes, but my own.
I took a look at the blog this came from. Doesn't it seem ever so ironic that someone who publishes stolen government documents in the interest of reducing secrecy nevertheless hides his own identity? So much for transparency.
"Detailed video obtained through live Web-based camera feeds combined with street-level and direct overhead imagery views from Internet imagery sites allow terrorists to conduct remote surveillance of multiple potential targets without exposing themselves to detection."
If the FBI's confidential informants shared this with their local cells their interrupted terrorist conspiracies would look a little more credible.
@MarCon: Not really. Revealing his identity would just allow the government goons to go after him, and would not have any benefits for anybody else (for example, its of no use in evaluating whether the released materials are authentic or not).
@Sarif: Bruce has proposed solutions time and time and time again. If I were in his place, I'd be tired of repeating myself so often. Bruce regularly includes links to his previous material. This is the kind of post that is more of an "inside joke" (for lack of a better analogy) for those of us that read his blog all the time.
@moo: It's the principle of the thing. You don't see Julian Assange trying to remain anonymous. He is willing to stand up and be accountable for his actions. If one is going to insist on "outing" the government, one is morally responsible for being "out" also, and willing to risk the consequences. To do otherwise is merely cowardice.
Actualy, they explored statistics of Bruce site through squid and had'nt found some special like broken hosts.
@MarCon "insist on "outing" the government, one is morally responsible for being "out" also, and willing to risk the consequences."
Hmmmm. The very position that Daniel Ellsberg arrived at. He added to that calculation that others may come under suspicion or his company RAND would suffer for his, independent, action.
I just wonder. Could anybody and I mean anybody be taken off the street by the authorities for breaking some law?? I think so. Or now adays, just for suspicion of maybe breaking the law in the future. In PA they put protestors on the watch list. Right is wrong, peace is war, 1984. Someone could watch a camera, or could take a picture of a public place, or make a drawing. I draw for site visits, take away pens and paper in public places. OMG someone could print a google map sat picture, label it, scan, and send to I'manutjob in Iran. i believe we should and have a duty to mock our public officials. Ok I am now stepping away from my coffee..:)
Is there any country that isn't spying on its own? I've been wondering about emigration myself so I'd really like to go there if it isn't communist, totalitarian, or scary. I guess that leaves out the allied countries most of my ancestors emigrated from (Ireland, Belgium, etc) if they are still using the terror label on me. Any countries taking Patriot Act refugees? Its not like we can go to Canada, they are playing the domestic spying game too. The observer watching me awhile back said that the "team" can't come to an agreement about me.
"Detailed video obtained through live Web-based camera feeds combined with street-level and direct overhead imagery views from Internet imagery sites allow terrorists to conduct remote surveillance of multiple potential targets without exposing themselves to detection."
I think this statement would be considered obvious given the entire point of all the technologies involved is SURVEILLANCE.
The fact that an enemy can do remote surveillance using these technologies should also be obvious.
The fact that an enemy can do exactly the same surveillance in most cases in person on site WITHOUT being detected as well should also be obvious. The exceptions would be where the SAME technologies are being used by the surveilled to detect same enemy or those facilities where access is particularly difficult (i.e., a nuclear reactor).
All of which becomes an obvious observation paid for by your tax dollars.
One problem is that BY DEFINITION you CANNOT TELL when any of this is occurring nor can you distinguish between someone who is doing so in a hostile manner and someone who isn't.
So this is an obvious problem you can do very little about - which is an area of endeavor the DHS seems to be obsessed with to no useful purpose.
What the DHS should be telling people is the less obvious observation that THERE IS NO SECURITY. You can haz better security, you can haz worse security, but you can't HAZ security.
The best way to deal with threats is the ninja way: Live your life so you don't have any enemies. But if circumstances contrive to make someone your enemy, become his friend, then poison him.
In US terms, the first sentence means change US policies in the East so we aren't supporting corrupt monarchies and dictatorships and supplying weapons to Israel used to prop up a colonialist, imperialist enterprise. Done well, this would result in bin Laden sending roses to the US President and taking the US off the hit list. The need to protect every little in the US suddenly evaporates.
This could be done overnight with a few Congressional bills at little cost to the taxpayer (but a lot of cost to the military-industrial complex for whom the Prez is offering Saudi Arabia SIXTY BILLION dollars worth of arms. NOW do you know why "they hate us".)
The rest of the advice is exactly what Israel is doing to the US: pretend to be our friend, then use us to attack their enemies so they can expand their influence over the Middle East while simultaneously spying on us and stealing US nuclear materials for their nuclear weapons program (look it up).
At this point in the game I feel far more terrorized by DHS than I ever have by the 'terrorists'
Let's remember boys and girls to out tonight and turn all street signs pointing the opposite direction.
As always, this bears out that you can't ban technologies because some bad guy can use them. Maybe we should ban cars because of car bombings?
Makes you wonder if perhaps polities shouldn't spend more effort not pissing
people off who are capable of making concerted responses. (That may include arm chair spectators).
Next thing you know, you won't be able to buy maps.
Yeah, it's nice of US Citizens like Julian standing up to the US government /sarcasm
Offtopic: can anyone drop us some science on what the release of the HDCP master matrix really means? Here's a post about it: http://www.engadget.com/2010/09/16/...
Intel says, yes, you can use this to derive keys used to generate the HDCP cipher stream, but that it doesn't really matter because it's too expensive to create rogue HDCP decryption hardware. Is that true? How expensive would it be to decrypt HDCP live using an FPGA or something, or just to stream the bits to disk where software could decrypt (and recompress) them later and send them off to torrent-land? Also, does breaking HDCP this way matter? Is there a simpler way, like attacking Blu-Ray's DRM or tricking legit hardware into giving us the decrypted bitstream? What I'm really asking is, is this flavor of DRM hosed now or just hosed eventually? :)
FWIW, Julian Assange is an Australian citizen (and in fact has already been afoul of the law in Australia on computer crime related charges), and certainly has had no qualms about Wikileaks hosting the ACMA's "secret" blacklist. So he's stood up to his own government.
proff may be many unpleasant things, but he's not exactly playing favourites.
"One would require a boat ride underneath, with us taking pictures. We could then do calculations from the pictures to learn about civil engineering design. It turns out this is illegal. "
Did you actually see the relevant law, or did you rely on someone else saying "You can't do that, that's illegal!"?
So, we have have a service that allows one to survey an area remotely. Amazing! How did they come to that conclusion?
Instead of being worried that wrong people are using it, perhaps we should be discussing the merits and impact of having such a service. You know, like what they do to your reasonable expectation of privacy and is that something we should condone, etc. Having the technology hasn't been enough a reason to doing it before, you know.
"can anyone drop us some science on what the release of the HDCP master matrix really means?"
Have a look at the Crosby et al paper from 2001 they said HDCP master key was recoverable and it looks like it has been done (no I don't know if it was by their method or some other such as a person stealing it)
There are two implications to this key release,
1, Anybody can make a HDMI sink or source device.
2, Anybody can calculate the secret key from just observing the HDPC handshake over the HDMI cable.
The first point is the one addressed by the Intel spokes persons comment. Now although it is not arguable that "custom" hardware will be needed I'm not convinced it will require a "custom chip". Personaly I think not for a variety of reasons. That is you will be able to cobble together the hardware from exisiting available parts.
But the second point is the important part all it requires is a method by which the transactions can be recorded to hard disk etc then software running on a PC can unencrypt the content protection and then it's available to transcode into any other format etc via software. The recording of the transaction signals etc can be done by electronic instruments you can rent or buy with little difficulty.
HDCP is a dead duck as are all "off line" content protection systems with standard retail media. The only issue is the time required to break them or have the keys stolen etc.
There are only two ways this can go, Off line Content protection will continue to be broken, or content protection will move online in some form.
This little "reality of life" is not going to stop the "content appropriators" comming up with yet a new standard, and yes manufacturers will go along with it. The reason is the "time to break" as long as this is longer than a technology generation then there is no incentive to change.
Thus my bet is Off Line content protection will continue simply because the media organisations get about ten years out of each system and by then the technology has significantly moved on so it actually acts as a market stimulation driver.
So, something as innocuous as a web cam is now determined to be an aid to a potential terrorist?
What will be next? Are web cam operators going to be required to turn over their “visitor” logs so DHS can parse them to see who’s been looking?
DevilsAdvocate view: I hate to say it, but this kind of warning is probably put out to make terrorists attackers think that there is a vulnerability. They should have already prepared for this and have anything seen by the sky be a false lead. "Oh look, here's an open way in." Right.
@ peri, @ Randall,
Also go have a look at Ed Felten's "Fredom to tinker" website he has made a number of posts on HDCP in the past.
You got some wierd people commenting on your blog Does that ever bother you? It only took 3 or 4 comments to make me think that this was a 'truther' blog.
People have been detained and cameras confiscated for less. Whether or not it's per se illegal is a different matter. I recall discussion immediately after 9/11 that anything that was "infrastructure related," and surely a bridge's infrastructure qualifies, would have to be protected from being targeted--no photos, no trespassing, no fun. This got expanded in the minds of some until people couldn't take family photos in front of Penn Station or the White House.
And I say, if we just let people take pictures wherever they want, then the tourists have won.
So, who watches the watchers that watch the internet cameras that watch us? Most internet cameras are put there with government (taxpayer) funds. Those cameras watch the taxpayers. They are watched by government agencies, like homeland security and their ilk. The supposed statement about the cameras being used for terrorism says take down the cameras. That won't happen because we (taxpayers) are the supposed terrorists that are being watched.
More effective? what do you mean by that? How are we not currently effective?
and btw... all's it would take is one corrupt watcher and the system fails too.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.