Schneier on Security
A blog covering security and security technology.
« Whitelisting vs. Blacklisting |
| Domodedovo Airport Bombing »
January 28, 2011
$100 to Put a Bomb on an Airplane
An undercover TSA agent successfully bribed JetBlue ticket agent to check a suitcase under a random passenger's name and put it on an airplane.
As with a lot of these tests, I'm not that worried because it's not a reliable enough tactic to build a plot around. But untrustworthy airline personnel -- or easily bribeable airline personal -- could be used in a smarter and less risky plot.
Posted on January 28, 2011 at 1:40 PM
• 35 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
@: "An undercover TSA agent successfully bribed JetBlue ticket agent to check a suitcase under a random passenger's name and put it on an airplane."
What I would like to know is how many times undercover TSA agents have failed at such attempts.
This is part of a more general issue - namely, the ability to bribe government officials. The argument has been made that because Mexican law enforcement officials are paid relatively poorly, it's easy for the drug lords to bribe them. The inferred solution is to raise the pay of law enforcement officials so that they are less susceptible to bribes. U.S. ticket agents are (presumably) paid more than Mexican police, so perhaps that solution won't work.
@from the linked article: "Currently, the TSA is not talking about how often they conduct these sorts of tests and how often they get a package through."
That's a shame, because it would put the risk in perspective. Had it been a terrorist, the odds are most likely overwhelming that they'd be in custody, it would have made news, and other airlines would have been aware.
Terrorists don't have the luxury of trying this sort of thing until they find an accompliss.
Since they're not screening airport personnel, it should be easier to bribe the baggage handlers.
I'm not sure how interesting I think this story is. While it's a good reminder that we're only as secure as our least trust-worthy security risk, all they did was put a suitcase onto a plane that would still go through all the standard security screenings.
This is another "the system worked" story in my opinion: that smuggled suitcase still went through inspection, demonstrating that a sleazy ticket agent doesn't create any additional risk for us that isn't there via other paths.
In other words, if the goal was to put a bomb on a flight this did nothing to improve the odds that the bomb wouldn't be detected. The only advantage conferred here was that a particular person wouldn't be tied to it, allowing them to avoid arrest upon detection or death upon successful detonation.
That ain't nothing, but the only way this works out to be a significantly increased risk is if a foe attempts to do it at a number of locations at the same time. The first time it works once we're at heightened alert and the odds of getting a clerk to take the bribe drops notably.
I don't think it's a coincidence that the TSA chose to test and publicize this link in the chain rather than, say, someone driving unscreened supplies to a restaurant inside the secured perimeter. The possibility of bribing one of those folks is what should really scare us.
No, what should really scare us is that outlandish fears, cable news networks, and investment bankers are being allowed to govern our policies, and strip away our human rights.
Doesn't scare me for crap this guy got a bag checked, or some idiot shipped a printer bomb. Being on one of the hijacked planes on Sept. 11th sure as hell would have, but had I been on one, I can guarantee you that I'd have either been dead before impact, or the terrorists would have.
The sooner people realize leaving their front door (hell, even staying in) poses orders of magnitude more of a risk than terrorist skyjacking or railbombing, the better. Wake up.
Tomorrow the guy sitting next to your cubicle might decide to shoot up the entire department, and there isn't a damn thing anyone can do to prevent it.
I'll take the terrorism risk over a pat-down any day. I'll also take the freedom to walk into my office without a strip search over the threat of being shot by my coworkers any day too.
The only humans who enjoy a risk-free existence are buried 6 feet underground. If you want a risk-free life, that's where you're gonna need to go.
refuse to be terrorized by the possibility of cheap bribes.
really though, why does every day seem like a step closer to the world of Starship Troopers (minus invading bugs and deep space travel, of course)
It would have been $100 cheaper for him to just say "Hi, I'm a TSA agent. I need you to put this luggage on that airplane as part of our security testing"
And, on the not entirely unfounded assumption that the baggage handler would comply without extensive scrutinization of identification, it's just as effective as a terrorist threat. Probably moreso, because on the one hand the handler believes himself to be acting virtuously as opposed to suspecting that he is an accomplice to something nefarious, and on the other hand because if he checks what's inside the bags and asks "Ummm, why is there a bomb in here?" you have the ready-made retort of "Well duh, how else do you think we're going to test our bomb-sniffing technologies?"
I think @lazlo has the plot reliable technique.
The villian wouldn't be much exposed and could repeat as often as necessary to get the infernal device on the conveyance.
I've never had an agent ask about the contents. and for "bomb" reply "simulated explosive device" just enough to send off the sensors we all know screen every bag on any airliner anywhere.
Slightly more risky would be to get it checked at the gate (as oversized) if they could get it past the checkpoint as carry on. Once it get's checked at the gate the passenger doesn't even have to take their seat. "I was in the Loo. Missed the final boarding call. Wasn't I lucky?"
Silly ticket agent. Take the $100 dollars, but don't put the package on the plane... Of course there's the issue of a possible bomb, and what to do with it. Perhaps just take on your break and leave it in the terminal. I'm sure the bomb squad would be along shortly to dispose of it.
@lazlo, BF Skinner
Even better: tell them your TSA Internal Affairs, and must make sure that the rest of the agents remain unaware of your (now shared) secret.
People love to be in the loop, haha.
@from the linked article: "Although JetBlue is partly to blame for training issues, this could have happened with almost any airline."
As a long-time auditor, the line above is the sort of thing i hear over and over again that frustrates me almost to incoherence.
Lack of training makes it partly the airline's fault??? Really??? Does anyone seriously believe the employee wasn't aware this was against the rules?????
To be fair, our politicians get away with accepting bribes as a matter of public policy.
I'm sure *someone* out their looks up to them....
@Shane: "To be fair, our politicians get away with accepting bribes as a matter of public policy."
LOL. Nice point.
According to (http://www.tsa.gov/what_we_do/layers/aircargo/index.shtm):
"50 percent of air cargo on passenger carrying aircraft is screened"
If FedEx or UPS puts an unaccompanied package on a passenger flight, it's called enhancing shareholder value.
If an individual does it and it's called a crime.
I wonder, why did the ticket agent pick a name at random instead of asking for the briber's name? Oh right, $100, how silly of me.
Still, I suppose it wouldn't be enough to ask for a name; it'd be trivial to get the name of an actual passenger. Maybe they should have asked the briber for his boarding pass?
Do you fly much?
"Gate Checked" luggage is supposed to be only checked _after_ you present your boarding pass and are past the "point of no return" in boarding. Your scenario is impossible with a regulation-following airline.
"It would have been $100 cheaper for him to just say 'Hi, I'm a TSA agent. I need you to put this luggage on that airplane as part of our security testing.'"
Minus the cost of the fake ID and badge.
Here's the obvious problem: Simply getting your people - or someone who isn't part of your terrorist group, but is sympathetic to it - hired as part of an airline or airport.
Look at the Wesley Snipes movie, "Passenger 57". The plot is a terrorist (brilliantly - and possibly psychopathically - played by Brit actor Bruce Payne) gets captured by the FBI who decides to transport him to his court appearance using a commercial airline (which is ridiculous, they would use the Federal Marshals and a DoJ plane as they do most prisoners - I know, I've been on those planes!)
Which of course leads to the airline CEO complaining bitterly once the plane is hijacked, "He's an airplane hijacker! Why didn't they put him on a bus or a train?"
The hijack is done by putting one of his men who works for the airline in the steward compartment where he handles the weapons which are smuggled in the food carts, and another as a stewardess, while others infiltrate as passengers. The steward sends up the weapons on signal, the stewardess kills the two FBI handlers, and the team takes over the plane.
Snipes, of course, who happens to be on the plane reporting to his new duties as airline security chief, messes up the plan.
That might be a tad over the top, but it would be easy - if a bit time consuming - for a terrorist group to groom sympathizers and put them into an airport - or numerous airports - or companies that SERVICE airports (food suppliers, maintenance, etc.). Even with a decent background check - which we know isn't done or done well - it wouldn't be hard to slip personnel into an airport.
But bribery? Sure, why not? There are all sorts of scenarios where you could bribe someone depending on how much money you want to blow on the mission and get a weapon aboard or a bomb.
Hell, bribe some clown to drive by the airport fence and throw weapons over the fence - which happens in prisons, except the weapons are usually cell phones for prisoners to use. What you do from there depends on your plan.
Once again, the bottom line: There is no security. Everything is "security theater".
By the way, how many times have airline personnel smuggled "drugs" for "drug dealers" as a result of a bribe?
How did they KNOW it was "drugs"?
"What I would like to know is how many times undercover TSA agents have failed at such attempts"
Simple answer is we don't know but some evidence suggest a very great deal.
There is a court case in progress in the UK of a man who went to the US on quite a few occasions and legitimatly purchased had guns there (about 80 in all) and then illegaly smuggled them into the UK.
I'd like to be able to find out exactly how (ie in hold luggage / hand luggage / on person or via some other method) but it's not been indicated in the reports I've seen but the implication of the reports is the guns came back with him on the flights somehow (so through one part of the TSA or another).
If true it begs the question of if the TSA spotted the hand guns in his lugage or not, it might be a simple case that the TSA ignore hand guns in say hold luggage but not carry on. However even if that is the case it opens up an interesting set of questions about what else they might ignore in hold luggage and why...
@Richard Steven Hack: indeed, even if the ticket agent wasn't naive enough to believe the shipment was innocuous, drugs would be a far more plausible explanation than bombs.
@HJohn: "Lack of training"
But that's precisely what it is. The ticket agent wasn't conditioned to think "bomb" (or "TSA entrapment", for that matter.)
In every large US airport I've been in, there's been occasional public address announcements to contact airport police, or security, or SOMEONE if you're asked by a stranger to carry a package with you.
Wouldn't a ticket agent hear that several times a day, every day at work?
"But that's precisely what it is. The ticket agent wasn't conditioned to think "bomb" (or "TSA entrapment", for that matter.)"
That, too, is incorrect. A major part of SIDA training is the culture of (badge) challenging.
One is far more likely to get disciplined for NOT challenging someone (be they displaying a badge or not) than for any other reason. Random tests are commonplace.
I currently have SIDA badges in eight major airports due to the nature of my work, and said culture of challenging is a major PITA since I'm an "unfamiliar face" at all of them.
Oh, as as far as throwing something over the fence, in most airports the public doesn't even have access to fences near the ramp areas (where there are lots of airline employees with access), and the number of personnel with driving privileges in the controlled movement areas (where the public would have fence access) is _very_ small.
@ Bruce, they could have saved the cost of a fake badge, but they would only get a suitcase on the plane if shanes solution was not used, however, with the badge, the ticket agent is now suseptible to being owned, the guy comes back and threatens arrest and then tells the agent hes now in trouble, etc, well you know how spies are recruited, give them money one time and hold them in fear and submission afterwards. tell the agent its just a drug cartel not a terror organisation so you get the plata o ploma arguement to reinforce the coersion. Now you own them just like the cia/fsb does to people everywhere.
I believe you can have unloaded guns in checked luggage (at least in the US). There might be some restrictions on how they have to be stored, but I'm pretty sure that its legal to do so.
If 70% of train commuters can be persuaded to divulge their passwords for nothing more than a chocolate bar (Infosec Europe 2004 London survey), chances are that at least a small percentage of airport personnel can be bribed or otherwise engineered into subverting security protocol. In a layered security approach, it shouldn't be possible for this to lead to a full breach. I think it would make sense for TSA to make a per airport analysis which roles can lead to this, then implement dual control for such by pairing operatives with a chain just long enough to allow them to take individual bathroom brakes.
As for the person who took the 100 bucks, in Russia he would now be well on his way to an isolated Siberian penitentiary to do forced labour in salt mines amidst serial killers and oil oligarchs fallen from grace.
> Oh, as as far as throwing something over the fence, in most airports the public doesn't even have access to fences near the ramp areas
Every airport I have been to has quite easy access to ramp areas. The several I am flying out of weekly now mostly have multi-tiered entryways that mean I could toss something over the fence to a cluttered area behind spare luggage carts, without straining myself, while waiting for a bus, etc. In one, I am above the fence, and like two feet away.
The smallish chance that security notices you do this on a dark, rainy night is appx nil. I won't do it to prove the point, but if willing to blow myself up, it would be an easy way to get illicit stuff to my comrades inside the security zone.
And, watching operations as a now-bored traveler, there are lots of individual ramp workers waiting and wandering around. Cargo holds are left open with no one around. Individuals do fueling and parts of cargo operations. It would not seem very difficult to, say, get your illicit items into a plane.
Luckily, the terrorists are dumb or unmotivated to do so.
"I'm not that worried because it's not a reliable enough tactic to build a plot around."
The first bribe might not be, but the second one ... well, the bad guys have already got something on the staff member they can use.
"The argument has been made that because Mexican law enforcement officials are paid relatively poorly, it's easy for the drug lords to bribe them."
A guy called Thomas Paine made a similar argument to George III about his excise officers - when he lived in my home town, Lewes. He was fired from his job as an excise officer, and emigrated to Philadelphia, where his writings sparked a revolution.
Late again to the party and there are some good, sensible remarks made here.
One thing I would like to add to, however, is the idea that this is a threat vector which is "not a reliable enough tactic to build a plot around."
Its not reliable for a lone terrorist (or small group) trying to mount an attack in a very short timeframe. But other than this small section of threats, it is reliable.
It is a reliable enough tactic that intelligence agencies, law enforcement and businesses the world over use it.
Although they are simple to describe, the steps can be time consuming in practice, but they are pretty effective.
First spend a bit of time looking at the pool of targets and find the vulnerable ones. Then get along side them and narrow down which is the most likely. Make contact / befriend the target. Compromise them and bingo.
It is not impossible, it is not even unreliable, but it does take time and significant amounts of organised effort - which may be why criminals do this more than terrorists.
At the moment, we are fortunate that terrorists seem to be globally disorganised and (rhetoric aside) lack a good enough level of direction to properly mount attacks. Given the nature of international terrorism, I doubt this is going to change any time soon (unless 24 is true).
The last two times I've flown I've been delayed because they had to remove baggage from the plane due to the passenger missing the boarding call.
It could have worked as a plot. Just get some guy to try and bribe a bag through and if the agent declines say it was a TSA test and they passed.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.