Schneier on Security
A blog covering security and security technology.
« Islam on Trial |
| Real-ID: Costs and Benefits »
January 29, 2007
Iraqi Gunmen Dressing Up in American Military Uniforms
I've previously written about how official uniforms are inherent authentication tokens, even though they shouldn't be (see also this and this for some less deadly anecdotes).
Now we see this tactic being used in Baghdad:
The armored sport utility vehicles whisked into a government compound in the city of Karbala with speed and urgency, the way most Americans and foreign dignitaries travel along Iraq's treacherous roads these days.
Iraqi guards at checkpoints waved them through Saturday afternoon because the men wore what appeared to be legitimate U.S. military uniforms and badges, and drove cars commonly used by foreigners, the provincial governor said.
Once inside, however, the men unleashed one of the deadliest and most brazen ambushes of U.S. forces in a secure, official area. Five American service members were killed in a hail of grenades and gunfire in a breach of security that Iraqi officials called unprecedented.
Uniforms are no substitute for real authentication. They're just too easy to steal or forge.
Posted on January 29, 2007 at 1:37 PM
• 43 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Geez, Bruce, you only seem to worry about those little niche details that have no real visibility in the public eye. I mean, come on... it's not like anyone made a movie about using stolen uniforms to gain access.
Dubya's flight jacket served similarly as a forged authentication token.
Real authentication doesn't help unless you train (& trust) those people (or systems) that are doing the authentication though Eh?
*cough* U-571 *cough*
Substitute U-boat (or rather U-boat like dressings on an S-class boat) for SUV and German for US uniforms.
This is a great example of real life impersonation. Guess sooner or later uniforms should include authenticator. The person who wears it should punch in a secret code which will make the person authentic.
y'know...it's funny....I saw this report on the news and the *first* thing I thought of was your blog posts about uniforms as security tokens.
Hmmm... how long before the Department of Homeland InSecurity seeks to outlaw all forms of cosplay?
Mission: Impossible did this sort of stuff all the time. The problem with the Bush administration: They don't watch enough tv. (But they watch too much Fox "News".)
Wow, for a minute I thought I was on Schneier's blog on security. I must've been redirected to moveon.org somehow.
I would guess that the US forces "trained" the Iraqi security forces over these past 4 years to not hinder them or get in their way-_US forces are from a different security class. I guess that anyone dressed like a US soldier and acting like a US soldier was not subject to the same security as the Iraqis.
So do the US armed forces in Iraq subject themselves to the same security as others or accept the odd attack with the wolves dressed in the sheeps clothing? It all comes down to a cost/benefit decision.
This incident again demonstrates that the enemy in Iraq are confident, resourceful, and very motivated.
If I'm not mistaken this is exactly the same tactic used by the terrorists who blew up our marine barracks in Beirut in the 80s. Official-looking vehicles, faked uniforms, and waved through by local security guards. The only saving grace this time around is the death toll of 5 rather than over 200.
I just learnt that the same thing happened when LTTE terrorists in Sri Lanka wore Army uniforms and set fire to an oil Distillation plant back in the 90s .It took the army over 8 hrs to contain the situation. I remember there was it was total chaos.
No matter how long you spend training soldiers to demand passes, you've always spent longer training them to salute senior officers...
There are too many real life situations throughout history to illustrate this issue (we won't even bother to mention how many movies and books have used the same plot) for this to come as a surprise to anyone.
It's nothing new to the rest of the world. It's just being made into a big deal because American forces were involved, and the "in bed", er imbedded, American media needs to play it up and show how underhanded the enemy can be...
Worse. The other guys were using Iraqi police and militia uniforms. So, the *US* command had uniforms designed using special material that was said to be hard to duplicate. Maybe, maybe not. A few days after they started to distribute the new uniforms, an ambush showed up wearing them.
The dumb part was in thinking the material in the uniforms had to be difficult to duplicate.
The replicas only need to be marginally good enough to pass a brief look from a ground post at a moving vehicle. Once the US troops have their guard down (i.e. once the instinctive recognition of "friend, not foe" is engaged), the sneaky enemy then has the benefit of the doubt. That means the defenders have to mentally work their way past the threshold of uncertainty, to one of considerable doubt, to avoid fratricide. By that time, the enemy has already made it inside.
Tragic for the US troops, but a f**kin' classical infiltration attack.
Who needs to make duplicates? All the bad guys have to do is bribe a supply sergeant, break into a warehouse, or ambush a patrol, and they can get their hands on the real thing.
I have no idea about the actual laws in various jurisdictions, but we US citizens are taught from early childhood to always obey the orders of a uniformed officer, "or else".
Impersonating an officer is generally a crime - but suspecting a legitimate officer of being an impersonator (and acting appropriately) would seem to be a crime, too.
The "authority and authenticity" conferred by a uniform is going to be a very difficult meme to break, even if it is obviously ill-advised to rely on such an easily-forged token.
>> The men then stormed into a room where Americans and Iraqis were making plans to ensure the safety of thousands of people expected to visit the holy city for an upcoming holiday.
I think there are more problems than just uniforms. Such as precision of enemy tactical intelligence. Knowing where to hit is much more interesting than having the capability to hit something.
There are several easy fixes to the uniform issue. Pins, IDs, colored bandannas (which is the classic SpecOps/SWAT solution), and even the venerable password ... and its high-tech equivalents such as RFID.
Not as easy to fix the checkpoint issue, which depends on chameleon-like deception.
The Israelis station an (expendable) soldier a couple hundred feet from the primary checkpoint to check IDs prior to close approach. This position rotates every half hour as it is so hazardous to the draftee's health.
Two checkpoints is the classy way to do it, but at some point, the economics of security takes over. You have less than half the perimeter protected in exchange for defense against a comparatively rare threat.
As for "being taught to obey a uniformed officer" . . . I am a uniformed (private) officer, and please rest assured that it does not work that way even for the guys in blue.
>> No matter how long you spend training soldiers to demand passes, you've always spent longer training them to salute senior officers...
That's it, exactly. Field supervision trains guards to look out for white pickup trucks with company markings. Hey, at least they are looking out for something.
Once you've let someone close enough to check their photo-ID card, you've generally let them close enough to kill you. Until recently, uniforms were about the only authentication system which could work at distances of about 10 metres.
So it seems a two layer system is needed: waving the convoy through the gate was fine, so long as just beyond the gate is a secure area where the ID can be checked in detail.
(It still isn't perfect, as your ID checkers are at risk, but at least you've forced your enemy to go to greater cost (fake uniforms) for lower payoff (killing just a few ID checkers.))
Alternatively you could make the convoy queue up outside a single gate - but then your legitimate convoys are exposed to danger while queuing.
The Geneva conventions explicitly refuse to cover soldiers who use enemy uniforms, who can thus legally be shot on the spot as spies or saboteurs if captured. Not that terrorists are likely to care...
The notorious nazi commando Otto Skorzeny used captured US jeeps and uniforms to sow chaos behind the lines during the Battle of the Bulge. After the war he was tried, but escaped the death penalty when a British General admitted in court Allied forces had done the same during the war.
"Airlock" with the incoming unit shielding from the outside (to allow "escaping"), but until it passes it's security checks, it's stuck in a reinforced concrete box (open top being overlooked by guards).
If authentication fails, they've not entered the actual location, and if they try to trigger a device, they'll do more damage to themselves than anything else.
But that's just a quick thought... We really do implicitly trust uniforms (or have been taught to).
One thought I've had when watching people getting tickets as I drive by is how one could prove that the officer is a real officer or someone impersonating one with a stolen/replica uniform.
Enter any international airport, or hang around outside one, look official and ask to see someones passport. Merely asking to see one lends authority.
Tell the person to wait there, and then walk off with said documents. How many would refuse or object? Not too many in this day and age.
>Bruce: Uniforms are no substitute for real authentication. They're just too easy to steal or forge.
Exactly. Numerous instances of such theft/forgery. Militants/terrorists in Kashmir too do this routinely so the police gets blamed and inflame the situation.
Geneva conventions -> rules of war.
This is the real world. Only the laws of mother nature can't be broken. Its silly to assume these rules will be followed.
If I follow them I'm at a large disadvatage agaist a enemy that won't follow them. Thing is that we not taking about "cheating" we talking about body count. Better to be on trial later than dead now.
"If I follow them I'm at a large disadvatage agaist a enemy that won't follow them."
Following the Geneva Conventions isn't really a huge disadvantage in a conventional war. You don't shoot hospital convoys, you treat POWs with minimum standards, you accept surrenders, you don't use certain weapons, you let the Red Cross/Crescent do their job.
OK, so occasionally a dastardly enemy will disguise soldiers as doctors (or civilians) and ambush you. It's a disadvantage to you that they use those tactics, but being allowed to break the rules yourself, and shoot at their doctors indiscriminately, wouldn't actually help you all that much. You probably wouldn't want to do that even if you could because of the political implications of massacring civilians out of hand.
Consider Vietnam - the US weren't at a disadvantage because they couldn't kill civilians indiscriminately (indeed, they *did* kill civilians indiscriminately at times). They were at a disadvantage for far more thorough reasons than that, namely that they had no means (legal or illegal) to hold the territory without scorching the earth.
The Geneva conventions are a huge disadvantage in the War on Terror, because they prevent you from holding POWs indefinitely and torturing them for information.
"The Geneva conventions are a huge disadvantage in the War on Terror, because they prevent you from holding POWs indefinitely"
The convention does NOT prevent you from holding POWs indefinitely, it merely sets standards as to how they are being handled.
" and torturing them for information."
A tactic poven to be ineffective in getting valid information (especially if the subject simply does not have it) and incredibly bad for international credibility (which in the long run is even more important than information)
"he convention does NOT prevent you from holding POWs indefinitely"
Yes it does: they have to be released at the end of the conflict in which they participated. You can't hang on to them, just in case they might in future get involved in other, similar conflicts.
Since the War on Terror won't stop until the POTUS says it has stopped, that may be a moot point in this case, if an argument could somehow be made that "all terrorists are basically on the same side".
"A tactic poven to be ineffective in getting valid information"
Depends on the situation. If I can torture you until I think you've told me everything you know, go away and check the correctness of the information, and then come back and torture you again until I think you've told me everything *else* you know, then I might start getting some accurate information out of you.
I'm not saying that torture is anything like as useful as the pro-torture lobby thinks. Just that there are circumstances where you can get some intelligence by torture. What it's most useful for, of course (aside from making sadists happy), is obtaining confessions, or other testimony scripted by the torturer. Those aren't of much value in warfare, but then the War on Terror isn't really a war.
"incredibly bad for international credibility"
You'd think, wouldn't you? And yet regimes which routinely torture have managed to persuade nominally anti-torture governments (such as the UK, US, and Sweden) to extradite prisoners to them for torture, simply by saying "aha, no, well, obviously we do torture some people, but we promise we won't torture these particular people. Honest, guvnor, would I lie to you?"
There is a wonderful museum in Berlin at the site of "Checkpoint Charlie" of methods people sucessfully used to escape to the west.
One of my favorites is a homemade U.S. army uniform. The creator even managed to get some authentic badges by writing letters claiming to be making a costume for a play. The person who used it to escape simply put it on and walked through the checkpoint on foot.
@SteveJ: [torture is] most useful for [...] obtaining confessions.
That is true. Victims are known to confess to everything under torture.
Excepting James Bond and Jack Bauer, of course.
@SteveJ: "Depends on the situation. If I can torture you until I think you've told me everything you know, go away and check the correctness of the information, and then come back and torture you again until I think you've told me everything *else* you know, then I might start getting some accurate information out of you."
Exactly. "Rubber-Hose Cryptanalysis" is a testable, iterative process. It won't necessarily get a subject to volunteer information about a steganographically hidden sub-message within the primary message, nor prove that you weren't given a key to a "decoy message". However, you can easily check that any supplied key decodes *some* message.
Not that I'm pro-torture or anything. I just think we need to be honest about the strengths and weaknesses of any given system in order to assess it.
For example, calling suicide bombers "cowardly" seems like a big mistake. It causes us to repeatedly underestimate their drive, dedication, and commitment. I don't find the practice "noble", particularly honorable, or "right" - but I do think it is usually a rather brave act.
So many people proposing "fixes" to the system...
First, my prayers and condolences to the families of those killed, in that attack for every other life lost defending American freedom.
The cost of this operation was relatively high for the enemy. At some point, we can't defend against attacks anymore. We can't lock down all of Iraq permanently (or at least until we leave). If they're willing to put enough on the line, we can't defend against their attacks. When the cost of defending against an attack is too high, we leave because we lost the war to a superior enemy.
I would imagine that all of the generals in charge of troops in Iraq were taught of the possibility of this in officer school, knew the risk, and took whatever precautions they thought were appropriate. They are probably especially cautious because this is the most likely way for them to lose their own lives.
Realist is right: this is nothing but the media picking up a story that paints someone they don't like in a bad light. It's certainly not the first time 5 Americans have died in one day in Iraq, nor the first time American bodies have been strung up unceremoniously in public view.
For the record, I think RFID is nuts. The last thing you want is your troops squaking their identities to anyone who's got a detector.
Ok, maybe you have not been following Schneier. Any security system can be hacked/cracked/social engineered.
So, first, we can not and should not fully trust any 'secure' validator for anyone, at least on one level. Anything mentioned, given time, can be invalidated. As an example, the uniform of a captured armed forces person could be used to get someone in, RFID, etc., and all.
But at the same time we do need quick validation of personal and such just to function correctly. So there is a trade off between quickness and confidence of validity.
So we should make it hard for someone to fake credentials, and should keep the information on how this is done secret. And maybe change it every so often.
"Uniforms are no substitute for real authentication. They're just too easy to steal or forge."
Or to put it another way: there is no real authentication. Anything can be fouled up.
And I can quote you on that from other pieces you have written.
Trust but verify? Anytime your verification sequence is known you can be fooled. And since 'social engineering' can get almost any information, it can be known. Security consists of keeping the barrier high, and being able to verify break-ins and breakage.
As I see it they have every right to dress how they like in their own country and use everyway they can to get rid of the invaders.
They are not terrorists and to call them such is an insult to people like the French resistance and did those brave people not dress up in German uniforms and attack the Germans in WWII to get rid of the invaders.
I know you will say but they are not all Iraqis but the same went for the resistance fighters in WWII people from many countries joined them to fight the invaders.
I expect some of you will be thinking for me to defend them means I must be Muslim I am not I am English white and have no religion.
But I do have friends from all races and all religions from all over the world, I did have friends in Iraq that were not Iraqis until they got shot by a US tank as they went outside their house to show they were not Iraqis because this Tank sat down the road using peoples houses like they were ducks at a fair ground shooting range.
This was when the US thought people would be on the streets to welcome them OH yea can you see anyone welcoming a army that has just invaded them.
re : Paul at January 31, 2007 10:16 AM
They are terrorists. Because they attack non combatant targets deliberately. And yes the "Fabled French Resistance" was also guilty of that a few times, but like the US in Vietnam, the vast majority of attacks were valid.
*SIGH* There are many groups in Iraq that are fighting. Almost all of those groups fighting Iraqi and US soldiers are not eligible for POW status, due to their own acts under the Geneva Conventions as accepted by the US ie not the Protocols of '77.
Even "resistance fighters" have to follow the Rules of War.
BTW Your grammar sure could have fooled me. ie not like English was your first language.
They also used authentic badges and spoke fluent English. So it wasn't just the uniforms. Sounds like Iranian Specops to me. They needed access lists. It's the way we did it in the US Sub Force.
You said They are terrorists. Because they attack non combatant targets deliberately.
The US killed my friends that were Filipino but living and working in Iraq.
They sat down the street shelling every house in that street not one shot was fired from that street at the US.
So they attacked non combatant targets deliberately does this make the US terrorists.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.