Schneier on Security
A blog covering security and security technology.
« Online Hacker Forums |
| Airline Passenger Profiling for Profit »
October 24, 2006
Air Cargo Security
BBC is reporting a "major" hole in air cargo security. Basically, cargo is being flown on passenger planes without being screened. A would-be terrorist could therefore blow up a passenger plane by shipping a bomb via FedEx.
In general, cargo deserves much less security scrutiny than passengers. Here's the reasoning:
Cargo planes are much less of a terrorist risk than passenger planes, because terrorism is about innocents dying. Blowing up a planeload of FedEx packages is annoying, but not nearly as terrorizing as blowing up a planeload of tourists. Hence, the security around air cargo doesn't have to be as strict.
Given that, if most air cargo flies around on cargo planes, then it's okay for some small amount -- assuming it's random and assuming the shipper doesn't know which packages beforehand -- of cargo to fly as baggage on passenger planes. A would-be terrorist would be better off taking his bomb and blowing up a bus than shipping it and hoping it might possibly be put on a passenger plane.
At least, that's the theory. But theory and practice are different.
The British system involves "known shippers":
Under a system called "known shipper" or "known consignor" companies which have been security vetted by government appointed agents can send parcels by air, which do not have to be subjected to any further security checks.
Unless a package from a known shipper arouses suspicion or is subject to a random search it is taken on trust that its contents are safe.
Captain Gary Boettcher, president of the US Coalition Of Airline Pilots Associations, says the "known shipper" system "is probably the weakest part of the cargo security today".
"There are approx 1.5 million known shippers in the US. There are thousands of freight forwarders. Anywhere down the line packages can be intercepted at these organisations," he said.
"Even reliable respectable organisations, you really don't know who is in the warehouse, who is tampering with packages, putting parcels together."
This system has already been exploited by drug smugglers:
Mr Adeyemi brought pounds of cocaine into Britain unchecked by air cargo, transported from the US by the Federal Express courier company. He did not have to pay the postage.
This was made possible because he managed to illegally buy the confidential Fed Ex account numbers of reputable and security cleared companies from a former employee.
An accomplice in the US was able to put the account numbers on drugs parcels which, as they appeared to have been sent by known shippers, arrived unchecked at Stansted Airport.
When police later contacted the companies whose accounts and security clearance had been so abused they discovered they had suspected nothing.
And it's not clear that a terrorist can't figure out which shipments are likely to be put on passenger aircraft:
However several large companies such as FedEx and UPS offer clients the chance to follow the progress of their parcels online.
This is a facility that Chris Yates, an expert on airline security for Jane's Transport, says could be exploited by terrorists.
"From these you can get a fair indication when that package is in the air, if you are looking to get a package into New York from Heathrow at a given time of day.
And BBC reports that 70% of cargo is shipped on passenger planes. That seems like too high a number.
If we had infinite budget, of course we'd screen all air cargo. But we don't, and it's a reasonable trade-off to ignore cargo planes and concentrate on passenger planes. But there are some awfully big holes in this system.
Posted on October 24, 2006 at 6:11 AM
• 31 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
This reminds me of the "Hogwarts security" post.
«Blowing up a planeload of FedEx packages is annoying, but not nearly as terrorizing as blowing up a planeload of tourists» Perhaps we should ask the pilot if he finds it annoying also?
First big hole: They consider use of an account number "proof" that the package actually came from the vetted shipper. Even were the rest of the system completely (heh!) secure, this would be a major vulnerability.
It raises the same old problem in a new way, you need to consider two effectivly mutualy exclusive points,
1) From a security perspective every one / thing should be checked each and every time, without exception (fail safe mode).
2) From an economic point of view the cost involved of checking each and every time is prohibativly expensive so cannot realisticly be done (cross your fingers mode).
The result is often a compromise based on "Ceasers Wife is Above Suspicion". The clasic example is diplomatic bags being used for smuggling drugs etc.
Whenever there is the assumption that "previous good behaviour predicates future good behaviour" the system is open to abuse by either an insider or a third person impersonating an insider.
The question boils down to risk-v-cost and as always the results are subjective, and based on gut reactions.
The second problem is that what appears to be a sensible choice based on one set of circumstances (risk analysis) has a habit of being carried forward unquestioned when either the circumstances or threat model change.
Fedex very, very seldom flies packages on commercial airliners. They have their own fleet for that as do a couple of the other super-shippers.
Note that I'm not arguing with the thesis - it's spot-on. I'm only suggesting that Fedex per se is the least likely example of the problem, at least for passenger airliners.
Blowing up a cargo plane in midair would be a huge success for terrorists, as it would scare people who fly.
We all know that airliners also carry cargo. Knowing that a cargo plane was destroyed by a bomb (presumably) in a package would make people worry that this could easily be done to an airliner.
Fright would deter a lot of people from flying, at least for a while. And the government response would probably deter even more people.
70% is not so unreasonnable when you think about all the smaller destinations. How many cargo planes actually serve Berlington, VT?
Also, in some places such as the canadian north, most flights are dual purpose out of sheer necessity (few passengers and constant cargo needs).
If a plane fits, say, 8 standard cargo containers, why not use the hold to turn a profit when there's only a handful of passengers above? That's how the airlines must think anyway.
70 percent seems too high indeed.
Good thing it is the news, we now all are aware that the airplanes can explode even without the terrorists onboard and thus we can stop banning liquids.
"Cargo planes are much less of a terrorist risk than passenger planes, because terrorism is about innocents dying."
Well, the innocents can also be targeted on ground and not only on board, remember 9/11, most of victimes were in the towers.
"'Blowing up a planeload of FedEx packages is annoying, but not nearly as terrorizing as blowing up a planeload of tourists' Perhaps we should ask the pilot if he finds it annoying also?"
If you like. But I'm not sure the point of your comment. The pilot's life notwithstanding, blowing up a cargo plane is not nearly as terrorizing as blowing up a passenger plane.
"Well, the innocents can also be targeted on ground and not only on board, remember 9/11, most of victimes were in the towers."
Right. In the 9/11 attacks, terrorists posing as passengers turned the planes in to bombs. The tactic requires a passenger plane. (I suppose people could hide in freight, but I'm not sure there is a path from the cargo hold to the cockpit.)
I think the analysis of the threat is incomplete. While the threat to "passengers" is much less than a passenger plane (a mid-air explosion would likely "only" kill the crew), exploding a cargo plane can have significant impact on:
- people on the ground - imagine an explosion as the plane is about to land or has just taken off above a populated area.
- public perception to safety of travel - after all isn't that the point of "terror" ?
- economic impact through the transportation supply chain - added expenses to secure or insure all the elements of the chain would add to the economic pressures, leading to further hardships.
Hope this helps.
I have no idea of the accuracy of the details of this particular report but it scares me that people always fight the last war over and over again.
If I can get a bomb on a freight plane I can shut down an airport (and possibly all flights in an area)
just by exploding the bomb during takeoff. With luck I could bring down a fully fuelled aircraft on a densely populated area, such as London or New York.
Luck is important if you are a mad terrorist -- it's a great replacement for technical ability. Flying a plane into a skyscraper is going to be an event but I bet nobody who planned that expected the World Trade Center towers to collapse (catch fire yes.) The Empire State building didn't collapse when a bomber flew into it on a foggy day; the WTC tower didn't collapse when a van bomb was exploded in the underground carpark below the tower. Nobody was properly aware that the fire insulation had been badly applied to the support structures of the towers and would be unlikely to survive explosive impact.
The next major threat will be shipping containers. Twenty or thirty tons of high explosive shipped directly to a warehouse district will be an event. At least as much of an event as North Koreas toy nuclear bomb.
"Cargo planes are much less of a terrorist risk than passenger planes, because terrorism is about innocents dying."
I don't think so. Terrorism is about making people feel unstable, afraid, unsafe and paranoid. I agree that killing more the merrier for spreading terror but couple of blown up cargo planes would do the job as well since we know that airlines carry cargo and this could happen to the passenger airplane we're in.
I don't think the 70% number is wrong at all, nor are the security implications. The small company I work for is a known shipper for from UAL and SWA. It took a few weeks, they pulled our Dun and Bradstreet information, and now I can make a phone call and send cargo. SWA does not book specific flights, but UAL will. And, of course, those specific flights are passenger flights. They verify you are a real company with credit history, and then you can ship.
And, if you've ever visited the air cargo section of a major US airport you'll see it dominated by both cargo-specific airlines as well as major flag carriers. For example, the LAX UAL air cargo warehouse is absolutely enormous, occupying an entire city block. The cargo hold of a widebody jet is far larger than the amount of luggage travelling, and planes are really expensive. Air cargo is not as expensive as you'd think -- book cargo tonight from LA to NYC and it's going to be under a dollar a dimensional pound.
But does it bother me? Not really, since there are a lot of ways to blow up a plane, and it doesn't buy anyone much.
70% is more reasonable than it first seems if one considers units instead of mass. I suspect the bulk of cargo items (by envelope count) are short documents, even though the mass may be concentrated in the machinery, parts, and other bulk items. Further, although Fedex has its own fleet, I suspect it flows a lot of traffic through subcontractors for smaller destinations.
Besides a bomb, a clever terrorist could slip in a leaky "dirty" package that would cause a lot of down-stream problems. Consider what would happen to the passengers on a return trip were their luggage to be contaminated with radioactive or explosive dust.
Could "70%" refer to total shipments from a quantity perspective? (1 giant crate on a shipping plane = 1 FedEx letter on an aircraft?)
Am I the only one uncomfortable with the newspaper publicizing such a serious loophole? As with serious software exploits, shouldn't responsible investiagtors give the airline security administration a limited window to address the problem before publishing the report?
This has been a problem known before 9/11 and was brought up multiple times right after 9/11. At one point the majority of US postal mail overnight packages were sent via various airline carriers. [Again stuff brought up and then quickly forgotten by the population, but probably well known by those wanting to do harm.]
I think that larger threat from FedEx/UPS airplanes is the one that you came up in your movie winner.
And yet, despite the hysteria and the apparent ease with which this could be accomplished, there have, as yet, been no known attacks on cargo planes. Is the threat actually smaller than believed or is the so-called war on terror having an effect?
All of these fear-based assessments and terrorist plot ideas fail to point out that terrorism in the US is rare.
Terrorism must be harder than it seems, not because the targets are really hard to hit, or that a crazy person will be caught first because of scanning phone, email and web postings, or because of new security precautions. Terrorism is rare here because there are few here who feel compelled to kill innocent people for vagues causes that will not be resolved because of the terrorist attack.
Most terrorist attacks are easy to commit -- just look at Iraq or Afghanistan today. You can be a sniper, backpack bomber, bike bomber, car or truck bomber, arsonist, kidnapper, etc. None of these can be stopped very easily for a determined attacker.
Until people return to freedom and rights, terrorism will not abate. Heck, if some country really wants to live life under the oppression of Islamic radicals, so be it. That's their choice and preference, and it's not our job to tell them that "our way" is better. Freedom is based on choice, and we don't help freedom by imposing "our way" on them.
The U.S. borders haven't had a fence protecting them ever. Why is it only now that this is such a huge problem? If millions are crossing that border illegally, why aren't there more terrorists in the mix, like we're told is a real risk.
In the end, our safety can only be guaranteed by ensuring people in the U.S. don't feel threatened by tyranny, even of the masses that democracy produces without sufficient protection of rights.
If life is so dangerous because of guns, suicide, terrorists, car accidents, pollution, tainted food supplies, porous borders, etc., then why has the average U.S. lifespan increased. Clearly, people live longer (and fatter) than ever before.
Personally, I sometimes wonder if this "security" blog is as much about fear as anything else, with all of its musing about ways to attack despite the lack of people actually attacking them.
There are millions of targets, so playing a guessing game is pointless.
It's not about protecting millions of targets.
It's about freedom, rights and treating others with similar respect so that they don't hate enough to commit such crimes in the first place. And surely it's about law enforcement bringing criminals to justice. The U.S. has not been doing so well on these fronts recently, which only means that you can expect more fear and attacks and loss of liberty in the future because the spiral is screwing us down hard.
Regarding "I bet nobody who planned that expected the World Trade Center towers to collapse". I remember it was a great topic of discussion when I was an architecture student as to whether we should build structures which would collapse if fire could not be contained. I seem to remember that the WTC towers were given more fire protection later but I always thought the terrorists did expect a massive collapse.
Geez, thanks Bruce for publicizing this loophole.
Now how am I going to get my nailclippers, deoderant and toothpaste to my destination? Hide them in the catered meals?
I'm wondering when somebody else will finally pick up on my "how-to-crash-more-airplanes-into-buildings" terrorist plot.
Just pack a box with the tools of the trade:
2 torch cutters
2 oxygen tanks + masks
Just ship that box via air freight on a cargo plane, cut yourself out after the flight takes off, use the torches to cut your way into the main cargo area / cockpit, take control of the air plane, and crash it.
Of course, I have no idea what the inside of a cargo plane looks like (packing arrangements, bulkheads, etc.), but surely a variation on this theme might work.
You are quick to dismiss this due to the fact that no-one would want to blow up a cargo plane. However, given the almost 0 chance of detection, how many bombs could 10 guys in different parts of the world get in the air at one time?
It's still quite a bit easier to drive a van loaded with explosives or walk into a school with a pistol to create chaos and fear. Why allow the media to force blinders on us and focus only on airline security? 9/11 was sensational, but it's certainly not the only, easiest, or even most probable avenue for a future attack.
It's certainly easier for the government to pretend the situation is taken care of by defending a relatively fewer number of scattered airports with TSA theatrics than trying to defend against each possible terrorist target with an actual risk reducing solution. But we're apparently not getting our money's worth even there.
Lufthansa Cargo transports a significant amount of cargo on passenger aircraft. It even allows online selection of the EXACT flight number and time that will carry the cargo, including the selection of passenger aircraft (PAX):
Here is an example of a shipment between SFO and FRA:
So yes, it's a problem.
A year or two ago I needed to get some papers signed quickly, and the obvious thing was to put them on an airplane, have them picked up at the airport, and put back on an airplane.
We searched pretty darned hard for someone who would be our proxy to ship an envelope there and back, and couldn't find one.
We didn't have time to set up whatever the shipping arrangement was with the airlines, but they made it sound like it was a long arduous process.
So I'm not buying that this is a wide open hole. Based on my experiences it'd be far easier to breach physical security in the airport and load something on to the airplane that way than to get it on there through the air freight mechanisms.
This was U.S. domestic, but every time I go through airport security I spot all sorts of ways I can get weapons or explosives past security as a passenger, but as a shipper I couldn't get a single sheet of paper on to that airplane through legitimate channels.
I think as an attacker you're far better off getting a job on the ramp or recruiting someone who works there.
I cannot remember a reference but I read a Canadian parliamentary report on aircraft security in the last couple of years in which this subject was analysed carefully by the political questioners. One Canadian MP in particular mentioned that he had on occasion sent live lobster as cargo and had been able to specify which flight it travelled on in order that he could gurantee that it was met on arrival. He felt that this was an exploitable loophole. I think that in the Canadian case, the postal service assum,ed the airlines checked things and the airlines assumed that the postal service checked things
Six or seven years ago, I used to fly cheaply as a courier from the US to Japan and Europe. As a courier, you are allowed only carry-on baggage and your "checked" baggage is used for thousands of pounds of business envelopes and packages, I suppose being sent overnight or two-day. It wasn't FedEx, who I suppose uses their own planes, but another familiar shipping name.
The rationale, as it was explained casually to me, is that passenger baggage clears customs within an hour of landing, where "cargo" can sit for days awaiting inspection and clearance.
This, of course, puts a more predictable class of shipped package on a passenger flight.
Wow. This post is over a year old and not much has changed. By the way, selecting a flight to put a lobster on is one thing... try walking up to a counter to put a specific item on a specific plane. The reason terrorism here is rare is that once you escape your hellish country and get here with your ideals, kwikee mart is the first thing you see and suddenly you can have everything you ever wanted but was unable to get in your home country. Why blow up what you were seeking all your life? And if you try, we gotsum hells angels that will kick his rear to the moon.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.