Schneier on Security
A blog covering security and security technology.
« The Security Threat of Forged Law-Enforcement Credentials |
| Surviving a Terrorist's Nuclear Attack »
January 13, 2011
Stealing SIM Cards from Traffic Lights
Johannesburg installed hundreds of networked traffic lights on its streets. The lights use a cellular modem and a SIM card to communicate.
Those lights introduced a security risk I'll bet no one gave a moment's thought to: that criminals might steal the SIM cards from the traffic lights and use them to make free phone calls. But that's exactly what happened.
Aside from the theft of phone service, repairing those traffic lights is far more expensive than those components are worth.
I wrote about this general issue before:
These crimes are particularly expensive to society because the replacement cost is much higher than the thief's profit. A manhole is worth $5–$10 as scrap, but it costs $500 to replace, including labor. A thief may take $20 worth of copper from a construction site, but do $10,000 in damage in the process. And the increased threat means more money being spent on security to protect those commodities in the first place.
Security can be viewed as a tax on the honest, and these thefts demonstrate that our taxes are going up. And unlike many taxes, we don't benefit from their collection. The cost to society of retrofitting manhole covers with locks, or replacing them with less resalable alternatives, is high; but there is no benefit other than reducing theft.
These crimes are a harbinger of the future: evolutionary pressure on our society, if you will. Criminals are often referred to as social parasites, but they are an early warning system of societal changes. Unfettered by laws or moral restrictions, they can be the first to respond to changes that the rest of society will be slower to pick up on. In fact, currently there's a reprieve. Scrap metal prices are all down from last year -- copper is currently $1.62 per pound, and lead is half what Berge got -- and thefts are down too.
We've designed much of our infrastructure around the assumptions that commodities are cheap and theft is rare. We don't protect transmission lines, manhole covers, iron fences, or lead flashing on roofs. But if commodity prices really are headed for new higher stable points, society will eventually react and find alternatives for these items -- or find ways to protect them. Criminals were the first to point this out, and will continue to exploit the system until it restabilizes.
Posted on January 13, 2011 at 12:54 PM
• 55 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
"Security is a tax on the honest"
That's about as perfect of a description of it as I have ever read.
Just last month, fraudulent charges were made to my credit card for the first time ever. My company indicated they were physical swipes, even though I was no where near the area a never lost my card. They made five $75 gas purchases over two days in St. Paul, 500 miles from me. The rellevant point is even with a secure to the point of paranoid person such as myself, it can happen, and more importantly... as gas prices rise, I would expect things like that and to only get worse.
And the honest end up paying for it.
Interesting. It reminds me of "The Basic Laws of Human Stupidity". Search for it on Google.
The most common bandit-type causes more damage than he value of what he gains.
@Brandioch: "The most common bandit-type causes more damage than he value of what he gains."
Very true. The replacement cost is just the starting point, which often pales in comparison to the remaining cost of response (both valid and over-reaction).
The answer is not to raise the taxes on the honest, but to raise the costs for the criminals. The penalties for committing these crimes should be raised until the parasites no longer see the benefit in committing them. Up to killing them. That's purely evolutionary too: remove the genetic material that enables the parasite.
What gets over-used gets abused. A removeable SIM card in a traffic signal? Why didn't that SIM card call in that it was being stolen (that is, why wasn't the modem rigged to alert to being tampered with?) Maybe an inside job?
It sounds so easy, but again and again it has been shown that increasing penalties, including the killing (of copper thieves? seriously?) doesn't work. It's as simple as that.
There's a balance that has to be reached. The countries with the harshest prison sentences (or the most death penalties) are almost never the safest countries.
Not even North Korea is crime-free, which it should be, according to your logic. ;)
@Punisher (what a fitting name)
The problem is that punishment doesn't carry much of a threat for these sorts of crime. These crimes come from people acting on impulse, rather than taking the time to perform a proper cost-benefit analysis. Moreover, this impulsiveness is widespread enough amongst humanity that you'd have to kill off a significant fraction of people (if not the majority) to totally eliminate it.
One could argue in fact that "Tough on Crime" approaches fall quite firmly into the Stupid range of the Basic Laws.
They are making a large cost, (both to the person on the receiving end, and to society as a whole, given that prison is expensive and so are executions) and given that when dealing with these kinds of crimes heavy punishment doesn't tend to be very effective, it's not giving anything like a useful result for it.
At the least, it's a solid B2, but given the typical cost-benefit ratio, I'm leaning towards stupid.
(Yes, I am making a couple of big givens in the above statement, but prison does tend to be fairly expensive, and as pointed out by other people, harsh punishment doesn't work well to deter this kind of stuff, because the people doing it don't think it will happen to them)
Don't get me wrong, I feel _something_ should be done, however current tough on crime style approaches don't seem to work.
As a general thing, I think prisons are a stop-gap at best, however nobody has come up with a better idea. And the death penalty is not a better idea, for one thing if you screw up and put the wrong person in jail, you can at least let them back out when you find out, bringing people back from the dead is a bit more of a challenge.
The WTF moment is that they were generic SIM's, not configured for data only on a private APN (network id/routing).
Shame on both the street light provider and the SIM provider for that oversight.
Many "Smart Meter" companies also embed a SIM into the meter or data collector for GPRS communications, and it's amazing how often they are the same. It was a pain it get VodaPhone in S. Africa to get an APN (data cellular network), and the SIM cards (and accounts) properly configured for data only, but they do know how and did it well in at least one case.
The other problem is that some of the people that commit the crimes are doing a cost benefit analysis and because of their situation STILL consider it good risk. For example, I'm starving and cold and I'm going to die anyway, so even though I know that I could die for stealing this pile of copper and selling it, I'm going to die anyway so why not at least die warm and with food in my belly.
"Security is a tax on the honest"
That's about as perfect of a description of it as I have ever read. "
Me too. Very well-said. It applies in many many cases, unfortunately. But that's how group punishment (ahem, security!) works. Punish the many because of the faults of the few.
I trade copper, among other things. The price today is $4.36/lb, though you don't get that selling it as scrap...So I assume it was awhile back when you wrote that line.
How easy is it to break into a traffic light and get the SIM card out? I thought that the units would be water tight at least and some of the controllers that I see here in California have pad locks on them.
A padlock isn't much of a deterrent to a thief with a simple set of picks or, more likely, a pair of bolt cutters.
As has been noted in the case of SIM cards they should be just made useless for other purposes. For a reasonably large order (such as all traffic lights etc in a country) it is possible to manufacture SIM cards with a different shape and contact layout. That will stop the vast majority of potential criminals. Then you have the SIMs locked down such that they can only communicate with the designed targets and the telco can disable them entirely if they are used for anything else.
Merely locking the cards down isn't enough, if people think that they are usable because they are the right shape they will still get stolen which is expensive.
As for punishment, the thing to do is to punish sensible people who care about such things. Have a government scrap-metal dealer who takes manhole covers etc from government sources so any other scrap dealer who receives one knows that it's stolen. Do regular checks with undercover cops to and arrest any scrap dealer who buys stolen property (knowingly buying stolen goods is a crime).
The type of people who steal manhole covers can't be easily stopped and for each one you arrest you could spend a huge amount of money jailing them without stopping that many crimes. Stop a scrap dealer from buying stolen goods and you stop a lot of crime with a small amount of expense. The type of person who is psychologically capable of running a business tends not to be likely to commit petty crimes of impulse.
For first-world countries the best thing to do is to decriminalise drugs. If Heroin and Cocaine were cheaper then a lot of druggies would have less incentive to steal.
> How easy is it to break into a traffic light and get the SIM card out
I presume that's the damage they mean. They smashed their way in.
> generic SIM's, not configured for data only
The private network increases costs and so on, but Yeah. Really, really, really dumb they were provisioned with voice at all. Forget strongarm thieves, how about employees just 'loosing' a few? It's a forseeable risk.
@ Eric Hamilton,
"How easy is it to break into a traffic light and get the SIM card out?"
Don't know about the SIM's but in Northern Ireland the FM Radio Pirates used to steal the 10.5Ghz microwave doplar radar units off of traffic lights to use as microwave links.
Initialy they turned up looking like service personal and put up (stolen) barriers and notices about "tempory work" and neatly took them out.
Later teenagers would cycle up jump up with small bolt cutters and chop the whole unit off and be gone in a little less than 30seconds.
Later the teenagers used to steal the police survalence cameras that had microwave links in and use those instead...
The simple fact is everything is made to a price, usually the lowest possible to meet the functional requirments. Which means that unless "security" is a functional requirment it is not going to be designed in. It might later get bolted on but as we know bolting security on is very very expensive and thus tends to be token in nature... And at the end of the day even very very very expensive security locks unless built in properly succumb to a "14lb lump hammer" within a minute or two...
The problem is that we try to interconnect everything for convenience without considering the security impact. Today it is SIM cards, tomorrow it will be smart meters. Security is a tax on the honest, but who would want to live in a house without a lock on their door.
A textbook example of poor security design and probably an equally poorly written RFI/RFP.
If somebody needs to be punished/held accountable, it's the people that were responsible for those. Opportunity creates the thief.
@Brandioch - which means we need to shift our cost/insurance model.
Instead of thinking that a $20 manhole isn't worth protecting because it's only $20 we have to think of it as a $500 asset. You wouldn't leave a $500 laptop sitting in the gutter.
How about some classical conditioning ala Pavlov? This would work especially well for copper thieves out of a transmission box: Put an electric shock device in, that is difficult for a simple crook to disable. After trying to open one or two devices, they'll be conditioned to expect a shock when they open up the device. Better yet, conceal the device so they start recognizing that those warnings about opening up power transmission boxes are actually true.
Yes, I am just being facetious. I do wonder if there is a way to get our most stubborn of species to actually heed a legitimate safety warning. I.E. look how well that British PSA on texting worked.
Scrap metal prices seem high enough, and people desperate enough, that around here -- Melbourne, Austraila -- we have people stealing copper wire from both the train signals and sometimes from the high-voltage train power! Shuts down the train network for a few thousand commuters for hours so that a couple of bucks can be made on the scrap market.
The one good thing that seems to have come of it is a (possibly erroneous) belief that the old engine blocks and other scrap thats been dumped in parks gets scavenged up to be sold.
Manholes are worth 10$? Why didnt you say so! Gentlemen, to the laboratory!
And then there are catalytic converters that take just a few minutes for thieves to chop out of an SUV. At best a hundred bucks at the scrap yard and two to three thousand for your insurance company.
And up here in the frozen north (Canada) if you do get caught at best your court appointed attorney will defend you and you might get a few months paid vacation before you have to go back to "work".
@RSX "Manholes are worth 10$?"
Got 2 gimmie my 20 bucks!
People steal stuff that's valuable? That's a recent development... NOT
Move along people, nothing to see here.
"Criminals are often referred to as social parasites, but they are an early warning system of societal changes."
I don't agree with that, decent people don't turn to crime, period. Maybe beyond Thunderdome, but whatever.
"decent people don't turn to crime"
That's so not true, and at best a fallacy derived from your own mindset on the issue. You'd be surprised what even very decent and honest people are capable of when jobless, frustrated, hungry and cold. They will resort to low-hanging fruit, as this is all that is within their grasp. With which I am certainly not implying that organised crime isn't jumping on the bandwagon too. I don't condone such acts, but in the end it is opportunity that creates the thief.
In the case of the traffic lights, poor security design was to blame. In the case of the manholes, it's market prices making unattended and previously little worth stuff suddenly very appealing. A couple of weeks ago, where I live, there was frantic public outrage over a gang that had seen fit to raid a cemetery to harvest several hundreds of copper crucifixes from graves.
For another very fine example of how totally flawed security design recently caused a dramatic surge in bike theft all over my home town, see "How to steal a bike in Antwerp without any tools" at http://www.youtube.com/watch?v=xYLtxcqaLnU .
"Security can be viewed as a tax on the honest"
A good friend always use to say that laws are there so that they are "written down", so that those who break them when they are "unwritten" can be punished more easily.
@Dirk Praet "You'd be surprised what even very decent and honest people are capable of when jobless, frustrated, hungry and cold."
I'm willing to bet that a large number of the metal thieves are not trying to feed themselves or their starving children. The only thing they're feeding is their drug habit.
About a year or two ago in my area, a copper thief attempted to take wiring from an electrical box in a new residential development. The electric circuit was live, and killed the guy. There was evidence that he was not alone, but when the construction crew showed up the next morning, all they found was his dead body.
Makhubela said they cancelled all the sim cards and were working closely with the Johannesburg Metropolitan Police Department (JMPD) to combat the crime.
Instead of tracking them down, analyzing and wiretapping calls, whatever. Idiots.
"decent people don't turn to crime, period."
Yes, they can and they do.
To match hyperbole, when your options are to watch your wife and child starve or go steal some spools of wire from a construction site, which would you choose?
I can say that I'd never commit a crime while I sit at my desk in my home, warm from my heat, full from my breakfast. That's easy.
Take all of that away from me through job loss or long illness and who knows.
Commodity thefts are also an indicator of really unbalanced economic conditions. Stealing manhole covers and transporting them to a scrapyard is seriously hard work, earns no more than minimum wage, and if an area has even moderate law-enforcement resources it's fairly easy to catch the perps. Same thing with many/most other scrap materials.
"Security can be viewed as a tax on the honest"
That's one way of viewing it. Another is that it's the ongoing cost of maintaining extreme social inequality.
Your example of the thieves getting $20 worth of scrap copper and causing $10,000 damage to a construction project, which necessitates hiring security guards for the construction site - staff whose work does nothing productive, nothing to advance the construction project - is a good illustration of the symptom.
Your analysis of the disease is open to question, I think.
On a social level, fixing the extremes of poverty that drive the thieves to risk their safety pulling copper from a construction site for a lousy $20 would be much cheaper than hiring guards to stop them, police to catch them, prosecutors judges and bailiffs to send them to prison, and prison guards to keep them there - not to mention all the extra construction labour in fixing the damage the thieves caused until they were caught.
See, e.g., http://economistsview.typepad.com/economistsview/...
As always, I am late to the party so lots of good things have already been said. Still, like a good internets person I wont let that stop me expressing my own opinions :-)
"decent people don't turn to crime, period."
Erm, no. This is a fallacy. For a start, very, very few people have never committed a "crime" in their lives (speeding? taking a pen from the office?) so its really down to the level of harm the offence causes.
The fact is that people will do what they feel is necessary and when times are hard (be it due to drug habit, unemployment, homelessness etc) then their moral boundaries will shift. As Jason said, its easy for me as a very well paid contractor to say I wont commit a crime (meaning I wont rob a manhole cover, please never check my speedometer). Would things be the same if the economy had crushed my company and I couldn't afford to feed my family?
Does this mean I am not an honest person?
"The answer is not to raise the taxes on the honest, but to raise the costs for the criminals."
Sounds great in theory, but is nearly impossible in practice. Extracting the costs from the criminal increases the costs to society as a whole, remaining a tax on the innocent.
Even if you worked out how to do it, would it deter people? Do you think more than a tiny minority of criminals do a realistic cost:benefit assessment before they commit their crime? Do you think they have a proper risk assessment? If so, why would anyone commit a crime that could result in the death penalty? The fact is the perception of the risk of being caught is likely to be more effective than the nature of the punishment.
When something has a value, people will steal it. For example domestic oil prices in the UK are rising which leads to increases in the incidents of people breaking into home storage tanks and stealing the oil. Obviously this works because the thieves believe there is a low risk of getting caught and the prices of purchasing oil legitimately means that enough home owners will buy stolen oil to ensure the criminals have a market (if they even realise it is stolen in the first place). The incident of crime here is directly linked to the price of oil. If the price comes down it seems likely that the crime will reduce (and move to something else).
Alternatively we could spend more money tracking down the thieves and finding enough evidence to prosecute them; even going as far as prosecuting those who purchase the knock off fuel.
But this isnt free.
This is the tax on the honest.
"As always, I am late to the party..."
Better late than never, and as long as you bought a bottle or two to go around ;)
More seriously, yes even the most honest of people are dishonest. In the UK certainly it cannot be avoided due to the "tax code" it is so complicated and contradictory that everybody (including the unemployeed) are in breach of it somewhere. Then there is residual or legacy legislation that never gets of the statutes (It was only in Sept last year that owning a slave became illegal in the UK).
However there is one thing you have not considered which is "thresholds".
To steal heating oil needs a certain amount of equipment which requires either a risky theft or a significant capital outlay. Further to get best value from the Oil theft you need to remove one dye (indicating domestic heating oil) and add another dye (to indicate vehical fule oil), this requires other equipment.
Thus once you have made the investment in equipment you are not going to stop committing oil theft once the price or your circumstances improve above the point that got you into crime. Partly because of the investment but mainly because each theft has less deterant value than the one before. This is because if court the sentancing procedure in the UK significantly discounts other crimes "taken into consideration" at sentencing, often they are effectivly free. That is you do one crime you get say a one year sentance for it, take fifty other equivalent crimes into consideration and your sentance may go up by as little as 10% which you can get back by pleading guilty prior to trial...
For those that know how to work the system even going to jail can be avoided (ie no violence) as with 70,000 jail places we still have two criminals waiting for each and every place, and this is with a population of less than 70million...
Tenalirama robs the robberers' labor!
(Nice Story in context)
Lazy Tenalirama always used to get valuables/gifts as awards/rewards from the King. On one night, some thieves entered Tenalirama's house and were hiding in the backyard of his house. They were only waiting for the opportune time, to enter in and rob. Tenalirama, sensed that and hence collected all the money, jewels, silk clothes and other costly things. Then, he called his wife and said in a voice LOUD enough for the thieves to hear, "Of late, there are more incidence of robbery taking place in this city. Hence, we shall collect all our valuables and keep inside the well in our garden. We shall take it out again after the fear is over." Then he filled up a big box with some heavy unwanted trash. They dragged the box to the well in the garden and threw it into the well with a heavy splash. The thieves, who were carefully observing all this, heard the splashing sound also. So, they decided not to enter the house. Instead, they wanted to get into the well and take away the box. With very great eagerness, one of them got into the well, and found that the water was very deep.They realised that, the box can be easily taken out, only after drawing out the water. Accordingly, the thieves spent the entire night to draw water from the well. Since, all the water drawn from the well was poured into the garden, all the plants in the garden got irrigated. To their disappointment, the water level in the well never went down to the extent they expected. When the day was about to dawn, Tenalirama cried aloud, "The whole garden has been well irrigated and you may stop now, drawing further water. On hearing these words, the thieves ran away, Tenalirama's presence of mind and right action at right time saved his valuables being robbed off from his house and hence from his homeland.
> If somebody needs to be punished/held
> accountable, it's the people that were responsible
> for those.
That would be a corruption of good justice and morality, failing to discern who are the "bad" people.
Sure, security is necessary due to immorality of some of the population. It needs to be intelligently done, and perhaps encouraged by education, legislation and economic incentives. But *punishing* the designers? Surely not.
> Opportunity creates the thief.
Thieves aren't normal citizens who were turned bad by an opportunity. It should be "thieves seize the opportunity".
I suspect that a bogstandard GSM/GPRS board (about five quid) would be much less useful to a pirate radio station. It's still fairly easy to run up five pounds' worth of phone calls, though. As Mike says, why were they configured to allow voice calls or public Internet access? fail.
As to the guy who wanted to give everyone an electric shock, well, the simple solution would be to wear thick rubber gloves. Right? They might already do that to avoid leaving fingerprints...
Around here there have been a rash of AC units being salvaged for their scrap copper. A $4K unit is converted into $30 of scrap copper. They were from churches and homeless shelters.
Based on nothing but my introspection and observation, I believe that raising penalties past a certain point does no good. Certainly there are plenty of people who commit crimes which (in the U.S.) draw the ultimate sentence, suggesting the deterrence capability of capital punishment leaves something to be desired.
What _does_ deter people is the likelihood of apprehension. The price of a speeding ticket in my area is multiple hundreds of dollars. I'm still getting passed as if I were standing still. The police are very thin on the ground, so even people for whom such a fine would be a financial disaster (at least judging by the condition of their cars) feel free to speed.
If you're not going to supply the means to reliably detect miscreants, you almost might as well not make the behaviour a crime. Case in point: use of hand-held cell phones is now illegal hereabouts. Said use remains high. So far as I can tell, many such laws are passed only to make legislators and the public feel that ``something is being done''. In practice, many such crimes are only used to further punish someone caught violating a different law, such as citing someone who's had a collision for not wearing the seat belt.
"Security can be viewed as a tax on the honest"
I think the dishonest are taxed even more heavily, as they don't only have to put up with it, but circumvent it,
A burglar has to stand in the same TSA lines as the rest of us, and he has to not only lock his own home but break the locks on yours.
@ Craig McQueen
"Punished/held accountable": I thought it was rather obvious that I didn't mean that in the strictly legal sense, but as a recommended result of the "lessons learned" sessions evaluating the project and the thefts.
"Opportunity creates the thief": thieves are very normal people just like you and I. Take the following example: leave someone in an empty room with a 10 dollar bill on the table. Some people might take it because they're thieves. I wouldn't, because I'm not and I don't need it. Make that a suitcase with a million dollar and even I will become very tempted to make a run for it depending on the outcome of a brief risk analysis.
"Some people might take it because they're thieves. I wouldn't, because I'm not and I don't need it."
This implies that you _might_ take it if you needed it, and still consider yourself not to be a thief.
Anyone else who takes it _is_ a thief, however.
Looks like an interesting double standard, but I'm probably reading too much into this...
"but I'm probably reading too much into this..."
I think Germans call this "Hineininterpretierung" 8-) Perhaps I should have omitted the "and I don't need it"-part.
Game, Set and Match Dirk!
Basicly it's a tax on the upper end of a too much spread income range.
I disagree with the appropriateness of calling theft a tax. Taxes are what must be paid in order to have a civilized society. Using the phrase gets us on the slippery slope to calling all taxes thievery. Not good.
Every SIM can be locked to a closed group (or restricted to data usage only by the network) - thus shouldn't it be possible to remove the incentives to steal them by reducing their functionality to the subset just needed for the traffic light application? Proper design instead of fixing the flaws afterwards..
... "Makhubela said they were working with suppliers to see what other measures can be put in place to secure traffic lights." - they seem to be resistant to learning.
The concept should be reducing the value of the cards to thieves, not increasing the costs for the municipality - better & cheaper.
Another potential risk with putting SIM cards into traffic lights is that through a clever mix of hacking and phreaking, an attacker could theoretically gain control of the traffic lights. Of course, all this depends on how much access the computer in the traffic lights (the one with the SIM) has to the one controlling them...but it's still worth considering, though.
"Those lights introduced a security risk I'll bet no one gave a moment's thought to"
which is odd, since for years now the traffic lights in Johannesburg have been regularly disabled by copper thieves..
Whoever procured these simcards at JRA technical should be taken to task as to why they are accessible from a public Internet APN and why calls , data and sms are enabled. We own 2 private APN's with MTN and Vodacom which are used for data transmission services countywide , similar to the JRA project, and all sims have calls, sms and public internet disabled. It's standard practice. The cards are useless outside the private APN's. They can be shut down instantly from the Radius server if required and can also be traced. Apart from this , the service providers provide daily logs of the usage on the sims or it can be monitored live from the Radius server. Why did the persons responsible for the project not pick up the abnormal activity and shut the sims down instantly. Probably because it wasnt in their interests to do so. Sounds like someone from JRA who was involved with the procurement is involved.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.