Schneier on Security
A blog covering security and security technology.
« Thinking About Suicide Bombers |
| How to Not Fix the ID Problem »
July 19, 2005
Turning Cell Phones off in Tunnels
In response to the London bombings, officials turned off cell phones in tunnels around New York City, in an attempt to thwart bombers who might use cell phones as remote triggering devices. (Phone service has been restored in two of the four tunnels. As far as I know, it is still not available in th other two.)
This is as idiotic as it gets. It's a perfect example of what I call "movie plot security": imagining a particular scenario rather than focusing on the broad threats. It's completely useless if a terrorist uses something other than a cell phone: a kitchen timer, for example. Even worse, it harms security in the general case. Have people forgotten how cell phones saved lives on 9/11? Communications benefits the defenders far more than it benefits the attackers.
Posted on July 19, 2005 at 7:52 AM
• 42 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Isn't the current belief that the cell phones used in the London bombings were triggered by their internal alarm clocks, rather than actually CALLING the phone anyway?
If my security were in the hands of the people who came up with this "solution", I'd have good reason to be frightened. Didn't they think of a bomb that goes off when it loses handy communication to an attacker, like a dead man trap? It makes it even easier for attackers to make sure a bomb goes off in a tunnel, since they now can get the information whether there is one.
Hey John Smith. Please get back in your box. Thank you.
I was thinking about this very subject this past Friday -- when spouse and I visited the International Spy Museum in Washington, DC. Specifically -- their "Terror in America: 1776-Present" exhibit.
Apologies if I don't have the specifics, but they were talking about seven explosions created by anarchists in the late 1910s which were detonated almost simultaneously in different parts of the country, targeting specific individuals in powerful positions.
Simultaneous explosions. Around 1917 or so. I highly doubt that this could be attributed to cellular/digital phone detonation. Rather, it was probably orchestrated by people with timers and clocks.
Can you imagine what would have happened if someone instituted a ban on clocks in public places for that very reason?
"Isn't the current belief that the cell phones used in the London bombings were triggered by their internal alarm clocks, rather than actually CALLING the phone anyway?"
Madrid bombings, but yes. Not that it matters. When you do movie-plot security, the scenario you have in your head is the important one.
To add to JS3's comments: The use of cell phones are prohibited on commercial flights (at least for now). But on 9/11, they most certainly were used in a crisis situation -- one which ended tragically but may have averted more serious repurcussions.
Turning off cell phone service in tunnels is not a smart move. But alerting the general public -- including potential criminals -- that cell service will be turned off? That just leads to more opportunity for crime without an easy way to report or avert it. It's easily exploitable.
Josh O.: Maybe you have an excuse to be rude. But I just don't care.
1) The attacks on London last week were suicide attacks. The method of co-ordination is apparently not thought to be anything more sophisticated than a ristwatch.
2) The emergency services in the UK have the capability to deny access to the mobile phone system as far as the public is concerned. This system was not used on 07/07. There was some initial confusion but this is thought to be purely due to overload caused by 10-20,000 people immeditaely calling people to explain that they were safe & well.
As to the wisdom of deploying such a system in this context, that is debatable. I personally believe that it is intended for other scenarios. In this scenario it's much better for everyone to be able to talk. However, as the London underground system dates back to Victorian days, the mobile phone infrastructure simply does not exist as far as the tube is concerned. To put this in place using the existing system of tunnels would, I imagine, be prohibitively expensive.
So its a measure to prevent something that didn't even happen -- in a totally different country. Maybe 2 + 2 really does equal 5.
Smith makes a good point, I'd heard of a similar technique (loss of handy communication) being used for IEDs in the middle east... come to think of it, chances are I read about it on this blog. This kind of thing could in fact do more damage than it prevents.
@ Josh O.
You may want to check out slashdot.org instead if you need to vent that kind of angst.
I don't like to play the devil's advocate but....
If there were coordinated bombings on the NYC subways triggered by mobile phones soon after the London attacks, and this measure wasn't taken, people would be asking why not?
In fact the media would have a field day.
Unfortunately, to keep themselves popular, public officials are obeying the laws of "movie security".
What bugs me about this whole thing (other than the "movie security"--it was an Arnold Schwarzenegger movie that used cell phone calls as detonation devices IIRC) is that nobody seems to be talking at all about something which seems wholly obvious to me--that the "terror cells" (as we've taken to calling them) would have bombed whatever city won the Olympic bid (maybe I'm just a nutcase, but I doubt it). Think about it--the Olympics represent some of the core values of Western Society as a whole, and because of this fact they make an execellent target for extreemists. Some would chide me for ignoring the G8 summit, but--quite frankly--how many people actually pay attention--World Wide--to the G8 as compared to the Olympics? Ready-Made media coverage--just add water.
RvnPhnx: a bombing attack like this does not organize itself in a day. Explosives have to be made, bombs built, people recruited, plans organized. This takes a great deal of time. In order to be able to bomb whatever city was chosen to host the olympics, the terrorists would have had to have had five groups ready with five bombing plans, and then to have called off four of them and gone ahead with the fifth, which simply makes no sense. Given the amount of advanced planning these things require, it seems pretty obvious that the "link" with the olympics was mere coincidence.
The issue that keeps coming to mind when I hear about threats to restrict or disable cell service as a precaution against attacks is:
Why would a person who has gone to the trouble of engineering, constructing, and setting into motion a plot to activate a device restrict him or herself to approved frequency ranges for communication? A 2-way or dentonator could just as easily be configured to operate on any portion of the spectrum.
People please don't be so harsh on John O. After all I think he's just been cinical. In the sense of OK stop thinking independently and go back to your box. After all that is essentially what everyone is saying when they talk about "movie plot" security. It is meant to work just for those that stay in the box.
"If there were coordinated bombings on the NYC subways triggered by mobile phones soon after the London attacks, and this measure wasn't taken, people would be asking why not?"
And someone would write a longish editorial about how we failed to prevent the NYC subway bombing because of a failure of imagination.
"2) The emergency services in the UK have the capability to deny access to the mobile phone system as far as the public is concerned. This system was not used on 07/07. There was some initial confusion but this is thought to be purely due to overload caused by 10-20,000 people immeditaely calling people to explain that they were safe & well."
The UK cell phone system has emergency access arrangements. There is a 'magic' list of phones that get priority once priority has been enabled. It is not necessary to close the system to non-priority calls for this to be enabled. Additionally the number of non-priority logins (these are different from active calls) on a cell can be limited.
On the occasion of the recent london bombings both facilities were requested by the authorities and were put in place on the relevent cells. [Source - a colleague who was on the conference call of telcos on the day]. There was initially overload as well but also once login limiting was in place a lot of people would have got "no service" appear on their phones even though there was service and some (non-priority) phones would have received service.
Amazingly the UK authorities learnt a lesson from 9/11 where many people were getting their news not from the media, but from Internet based news sources. As a consequence some of the people on the priority cell phone list are humble network engineers so that in the event of a disaster the Internet can be kept working.
Precisely the problem. Unless you have intelligence suggesting a particular way of setting off the bombs then turning public communication networks off is like fumbling around in the dark.
Trouble is, I can't see any public official saying on cable news saying they hadn't done *anything* because these types of attacks, i.e. the London bombs, are hard to prevent once the bombers are on their way.
I would really like to meet the security people that are coming up with these brilliant ideas. It seems that DHS (Department of Homeland Silliness) and many of these municipalities' working groups, organizations etc, have no "reality check" when they implement or develop countermeasures.
Were these people having an "off" day when they made these decisions, or is this the status quo? If this behavior is normal, they should be fired. Period. Knee-jerk reactions get people killed in situations such as these.
Unfortunately, I suspect that the brilliant decision, which is the topic of our conversation, was not made by anyone who knows anything about security but probably some bureaucrat that is too arrogant or stupid to know what he doesn't know. Then it becomes a leadership and communications issue. Leadership must hire and trust competent and knowledgeable people then trust them. Those people must also talk to one another. This sound simple, it's because it is.
Ultimately though, it is our responsibility in the security community, and citizens of our respective countries to hold our representatives and security agencies accountable. We must speak out at the poor decisions, and educate the rest of our citizens.
"The only thing necessary for the triumph of evil is for good men to do nothing." Edward George Earle Lytton Bulwer-Lytton
If you think about it, setting a bomb to go off after a phone call is a pretty stupid tactic. It means that the bomber (presumably not a suicide bomber - they don't need remote detonation) could get killed by someone dialling a wrong number.
Such a plot could be foiled by an insider calling the number early. So the bomber would want to have a high level of trust in their conspirators - or be sure that nobody else knew the numbers.
Or the plot could be foiled by an informant persuading the police to have that number disabled.
I guess this cell phones thing is just a knee-jerk reaction rather than well thought move.
Officials needed to show quickly to the public audience that they are actually doing some work: "Hello people, we are here, we are taking care of your security, coming up constantly with new ideas".
Morons! I'm pretty sure they themselves don't use subway.
"If there were coordinated bombings on the NYC subways triggered by mobile phones soon after the London attacks, and this measure wasn't taken, people would be asking why not?"
No matter what steps are taken, hindsight will always be 20-20, and people will criticize. When we let fear of that criticism drive our security decisions, we will spread ourselvs so thin to try covering every conceivable contingency. As a result, everyting will be 'covered" and nothing will be secured.
For what its worth, I read Josh O's comment as an ironic voice of authority, telling John to stop thinking outside the box and resume the proper role of a docile, unquestioning drone.
Tom, cell phones do not currently work in NYC subways. They haven't ever. There is no signal underground.
Where cell phones have been working, but were turned off (as the articles discuss), is the car tunnels under the Hudson and East rivers.
It is unlikely a cell-phone triggered bomb would be used for attacking the tunnels. Traffic backs up, is erratic. Without an observer, it would be hard to say when the bomb was in the tunnel. The easyist way an attacker would know when the bomb was in place would be to have someone in the vehicle, and at that point, why do you need a remote trigger?
"If you think about it, setting a bomb to go off after a phone call is a pretty stupid tactic. It means that the bomber (presumably not a suicide bomber - they don't need remote detonation) could get killed by someone dialling a wrong number."
I think the worry is also that the phone can triangulate its position based on the carrier signal. But as trains run on regular schedules, this sort of sophistication is hardly needed.
"Can you imagine what would have happened if someone instituted a ban on clocks in public places for that very reason?"
Good point. That pretty much sums it all up. What is stopping this obvious decline in American reason?
Perhaps next a US city will vote to make time itself illegal?
Even the most basic ecomomics shows that attacks today are dangerous to liberty and freedom because they tend to be very *resourceful*. In an extreme sense, what is the point of draining the oxygen to kill an attacker if we also die in the process?
So, since it does not make sense to violate everyone's freedom, we instead need to achieve highly effective detection and "investigation" (to use the FBI version of the term).
Unfortunately, that does not seem possible yet due to the seriously naive and self-defeating antics of the current US Administration:
To start we have someone outing a CIA operative (compromising all related contacts)
And that seems consistent with what was widely described as "politically motivated incompetance" last year
"A 'knowledgeable British source' says Bush administration officials 'compromised an ongoing surveillance operation that ultimately could have uncovered more about al Qaeda operations around the world' by raising the terror threat last week and publicly revealing new intelligence they had found."
And then there are just things that make you go huh? Who was awarded that contract for "secret" communications and why?
"For more than six months, live pictures from U.S. aerial spy missions have been broadcast in real time to viewers throughout Europe and the Balkans. The broadcasts are not encrypted, meaning that anyone in the region with a normal satellite TV receiver can spy on U.S. surveillance operations as they happen. [...] Terrorist groups, criminal organizations and elements hostile to the NATO Stabilization Force in Bosnia (SFOR) are known to be active in the region and to use electronic monitoring to counter and defeat U.S. and NATO operations. Al Qaeda members and cells planning terrorist attacks on the United States also have been active in Bosnia."
Yeah, I think disabling cell-phones is yet another sign of people stuck in dark-age tactics who wish to symbolically ward off evil rather than really resolve conflict and re-enable progress.
I was in London last week and it was striking how the measures put in place to prevent bombings in public places did absolutely nothing to prevent the suicide attacks. London has a long history of bomb attacks by the IRA and there are two noticeable security measures that were enforced: Firstly, there are no rubbish bins in any underground station and secondly, there is a constant message on the PA system to warn passengers not to leave any luggage unattended. These measures might have worked during the IRA bombing campaign - but do absolutely nothing to stop suicide bombers who keep their luggage with them when they detonate it.
It's a shame, but posturing tough is worth more than posturing smart in politics.
Reasoned debate has left the building, and we have popularity-driving media events in which the amount of sweat on the brow or the tone of a yell matter more than the content.
Is anyone really surprised? Is this any weirder than people buying Microsoft anti-virus and anti-spyware software when they have created the very system that allows these to be so easily exploited?
The U.S. government policies may in fact be driving terrorism against the U.S. So would you really expect that the U.S. government would then have the solution to the problems they are creating?
How about we just BAN cell phones from use in public? Why not? It's second hand NOISE! Noise pollution is very overlooked yet it is a serious problem in our modern world.
It should start with forcing the cell phone users to huddle in a little designated corner to talk on their cell phones at work, much like smokers are forced to before the right to smoke in the work place is revoked altogether.
It should continue with forcing the cell phone users to squat in closed mini rooms within eating places with sound proofed walls so people outside don't have to hear them babble or their phones's squealing electronic tones. Smoking? Non? Cell Phone? Non? There you have it.
When someone near me in public is going on and on about something stupid on their cell phone, I start talking out loud to my imaginary friend on my imaginary phone until they shut the fsck up. If they don't like it, that's tough, if they can talk on their phone, I can talk on my pretend one.
Ban cell phones in public!
On a some-what un-related note ... I've wondered, do mobile phones work in the Tube in London?
We've seen the pictures taken with mobile phones while people were stuck in the Tube after the explosions.
I'm wondering, did they then phone/email the pictures to the press/friends, etc. while they were in the Tube? That doesn't seem possible if the signal doesn't get out (and or the 'lines' are jammed with people calling home to say they are alright).
Or, were these pictures given to the press later? Seems I saw phonecam pictures on the news almost as soon as the story broke.
Clint - it's possible that the voice lines could be jammed but data okay. I'd be interested in knowing how text messaging fared. Cell to land calls have to transition somewhere and those trunks could be saturated but data doesn't operate the same way - it doesn't ever have to transition to a POTS trunk.
Who comes up with all these ideas anyway? Why isn't there any discussion about wether these people are actually incompetent and should be fired?
BTW, I seem to recall hearing that insurgents in Iraq were using mobile phones in road-side IEDs, detonated with a phone call once the target (typically a US patrol) was in range.
However, that scenario has virtually nothing in common with an attack on an underground transit system; in the Iraq scenario, a remote bomber can *see* when it's time to trigger the device, because they have line of sight to the device (presumably). Unless al Qaeda have discovered how to see through rock, that doesn't apply underground...
I wrote about this "idiotic" reaction in my blog and outlined at least four ways that it actually would make matters worse, not better. It actually can help the terrorist's cause.
I personally thought exactly the same thing when I posted this last week: that it was utterly ridiculous and reminded me of a movie. One of my commenters pointed out that this tactic is being used in the Gaza Strip to detonate bombs.
These measures might have worked during the IRA bombing campaign - but do absolutely nothing to stop suicide bombers who keep their luggage with them when they detonate it.
Unfortunately there are not many measures that work against suicide bombing. History shows that assassins who are prepared to die to ensure the success of their mission have almost always succeeded. About the only tactic that does work against the suicide bomber is early identification quickly followed by a high-velocity hollow point applied to the brain stem.
Thanks for the clarification. I wasn’t really aware of how the system works, just that it does & can be useful in certain circumstances…
Haven't read you book. Shame on me! But when you're discussing effective security measures (unlike the cellphone switch-off), do you allow for the fact that such decisions are always made in a political context? As you say elsewhere, real security improvements aren't very glamorous or headline catching. Doesn't that mean, in our hyperpolitical world, that anyone pursuing only "good" policies is going to be vulnerable to politicos who will say why aren't you taking X, Y, or Z "obvious" (but ineffective) actions.
The cynic here suggests that a successful security administrator has to have a number of showcase (dumb) activities along with the unglamorous (effective) work. Presently alas, we seem to have near 100% of the former.
Service in the remaining two tunnels was turned back on last night without explanation.
BTW, I seem to recall hearing that insurgents in Iraq were using mobile phones in road-side IEDs, detonated with a phone call once the target (typically a US patrol) was in range. -- Posted by: Justin at July 19, 2005 01:33 PM
Didn't they think of a bomb that goes off when it loses handy communication to an attacker, like a dead man trap? -- Posted by: John Smith III. at July 19, 2005 08:21 AM
Two excellent points. The rebels in Iraq first employed timed IED; graduated on to wired-remotes, then wireless-remotes (cellular, or raw RF); each time the US militiary adapted, and to the latter tactic the US deployed RF jammers; the most recent move by the rebels has been to employ just such a dead-man switch mentioned above (with a timer combination to compensate for the jammers' range).
As Bruce has generally alluded to, tactically this is a game: move and countermove, neither side really able to make the decisive play. In this specific case, each (successful) move usually involves a bomb blowing up or not blowing up. While I am intellectualy interested to see what the next move is going to be, I know that it is just one in a plodding series, and that this needs addressed elsewhere stragegically to gain a clear advantage.
"...do you allow for the fact that such decisions are always made in a political context?"
Yes. In fact, the political context is often more important than the security considerations. I spent a lot of time in my book on this point, because I think it's a critical one that most people overlook.
"Service in the remaining two tunnels was turned back on last night without explanation."
Thanks for the update.
Civilised approaches of any kind do not work against suicide bombers. We need to imprison the closest living relative(s?) of each (dead) bomber convicted in their place.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.