Movie Plot Threat in Vancouver

The idiocy of this is impressive:

A Vancouver Police computer crime investigator has warned the city that plans for a citywide wireless Internet system put the city at risk of terrorist attack during the 2010 Winter Olympic Games.

The problem? Well, the problem seems to be that terrorists might attend the Olympic games and use the Internet while they're there.

"If you have an open wireless system across the city, as a bad guy I could sit on a bus with a laptop and do global crime," Fenton explained. "It would be virtually impossible to find me."

There's also some scary stuff about SCADA systems, and the city putting some of its own service on the Internet. Clearly this guy has thought about the risks a lot, just not with any sense. He's overestimating cyberterrorism. He's overestimating how important this one particular method of wireless Internet access is. He's overestimating how important the 2010 Winter Olympics is.

But the newspaper was happy to play along and spread the fear. The photograph accompanying the article is captioned: "Anyone with a laptop and wireless access could commit a terrorist act, police warn."

Posted on February 21, 2007 at 6:51 AM • 67 Comments

Comments

JohnFebruary 21, 2007 7:18 AM

Well.. wireless access without proper authentication and accountability is a real threat. I mean if someone goes around hacking into servers and causing general havoc and the organization that manages the infrastrucutre has no means to pinpoint who is doing it, they could (or should?) be held responsible.

Of course this could be greatly minimized by just limiting the acess do certain protocolos, and to deploy some filtering techniques to those too.

gregFebruary 21, 2007 7:45 AM

Don't tell him about all the cybercafes that will be open during the 2010 games...

Or that the "bad guy" could just book into a hotel with internet access.

Or whatever

AntonFebruary 21, 2007 8:02 AM

@John, finding who is accountable and preventing the crime in the first place are two totally different things. Using an open wireless network will not allow you to bypass any security mechanism that would otherwise prevent the crime from happening on the internet.

mitchFebruary 21, 2007 8:09 AM

This is really bugging me a lot -- *Everything* is a "terrorist act" anymore.

I was channel surfing a couple of nights ago, and caught the tail end of a an episode of Cops -- In this particular vignette, one idiot from a trailer park had whacked another idiot in the head a couple of times and then run off. Upon getting a description of the attack from the victim, the attending officer said, "So a terroristic attack, then."

One idiot punched another in the head. That's not terrorism, that's called "a fight". Gimme a break.

<rolls eyes>

DarrylFebruary 21, 2007 8:11 AM

We currently have an open wireless network in downtown Toronto (until March 07 anyway, then we gotta pay). To authenticate though, you need a functioning mobile phone, as the system sends an SMS message to your phone with the access credentials. There are plenty of holes in this system, but it's not a completely open unencrypted wireless connection.

St├ęphaneFebruary 21, 2007 8:30 AM

So what's the next step? Forbid laptop (and nail clipper, juice bottle, etc..) in bus? :-)

RJ JohnsonFebruary 21, 2007 8:31 AM

A laptop and wireless access, hmm? I wonder how many reporters on that paper meet that criteria.

AleFebruary 21, 2007 8:36 AM

It seems to me that the guy is arguing for these "critical" systems to be placed in a different network from the public wireless one. That much makes sense.

The "They-could-get-in-and-open-a-dam" bit is idiotic. And the fact that the Vancouver Sun is fuelling FUD to sell some newspapers is predictable - and pathetic.

nzrussFebruary 21, 2007 8:42 AM

Fear of open wi-fi providing anonymity? Wow. Lucky they've never heard of TOR.

Also, seeing as nobody has pointed it out yet, i'll do it. The recent "attacks" on the root DNS servers for the entire Internet was done with thousands of "owned" home computers (likely unpatched Windows machines). No one has pinpointed the location of the culprits beyond a continent where the majority of the owned machines were.

A malicious hacker (AKA: terrorist) is not likely to use their own computer for an attack, but one (or many) of the millions of 'owned' computers out there.

Why are they 'owned'? A. Security holes.
What can we do about it? Not much, except can protect our systems and reduce the effect of the attack to recover quickly.

What about disposable cell-phones. What about Wi-Max edge cards? You could use those on a bus, after social engineering anonymity or stealing one.

I think the Vancouver Police crime investigator watches too much "24".

BRUCE: I recall the competition you had a while back for the most 'plausible' terrorist attack - (another 911). I believe we've seen enough madness that you'd have plenty of fodder for a similar competition with suggestions that cause chaos though manipulating fears - AKA the Boston Brite-Lites. I'm sure reality will turn out to be far more ridiculous than any of the suggestions though.

SeanFebruary 21, 2007 9:04 AM

The word "terrorism" is being so overused that it's lost its meaning. Everything anyone doesn't understand or dislikes is being referred to as terrorism. Common violent acts that have been with us since monkeys climbed down from trees and started swatting each other with sticks is terrorism. I've even heard basic vandalism being referred to as terrorism. Welcome to "wus nation".

craigFebruary 21, 2007 9:14 AM

This paragraph must indicate the name of the movie for which this plot was dreamed up. Otherwise, why would every word be capitalized?

"Pedophiles and Identity Thieves are Known to Use Wireless Access to Download Illegal Child Pornography or Steal Personal Financial Information Because It Is So Difficult for the Police to Detect and Trace Them. Fenton Fears That Terrorists Could Exploit That Anonymity."
-- Starring Brad Pitt

AndyFebruary 21, 2007 9:15 AM

Isn't that much like saying "Anyone with hammer and crowbar could commit a terrorist act"? Or perhaps "hand and legs" ...

AlexFebruary 21, 2007 9:20 AM

Hmm, a little wardriving will find you a lot of unprotected wifi accesspoints. Everywhere. And in the past years how many terrorist acts were committed through these again?

Brian EwinsFebruary 21, 2007 9:21 AM

"If you have an open wireless system across the city, as a bad guy I could sit on a bus with a laptop and do global crime," Fenton explained. "It would be virtually impossible to find me."

Right, so they should campaign to have open wireless access shut down everywhere *but* Vancouver. That way when the bad guy commits 'global crime' they don't have to search the entire globe, just one city.

Remember to check the harbour for undersea bases, global criminal masterminds are tricky that way.

bearFebruary 21, 2007 9:27 AM

I have to laugh. As soon as I heard this last week, all I could do was sit here and shake my head and wonder what would be said next.

supersnailFebruary 21, 2007 9:44 AM

Lets get real here "terrorists", or at least the ones everybody is currently running away from (Al Qieda/Taliban/Middle Eastern Muslim Fundimentalists), dislike western high technoligy in principal and in practice.
Other highly experienced terrorist groups (IRA, ETA, RAF etc. etc.) of recent years have shunned high tech for very practical reasons -- its expensive, conspicuous, hard to get, easily traced and unreliable.
Most of the favoured terrorist weaponry was developed before 1950 (Kalashnikovs, Plastic Explosive etc. etc.)
The only modern high tech gizmos in use seem to be the Video Camera for propoganda and the mobile phone, but, then again everybody I know over 10 years old has both of these items.

I've said it before but the only way to stop this is to make it a crime to falsely invoke a terrorist threat in order to get a bigger budget.

jasonFebruary 21, 2007 9:46 AM

i'm pretty sure Vancouver already has EVDO and GPRS/EDGE cell services. Maybe we should turn off all cell towers before the Olympics.

Did he consider the fact that a terrorist in Iraq can attack the city's online services FROM IRAQ? I guess the city should do away with all Internet access for municipal buildings, too.

What if the terrorist connected form his hotel room? No Inet in hotels... check.

And the ignorant 65yr old sales exec who unknowingly has an open access point at his house? Ok, no private residential or commercial Inet either.

All this and I bet the city hasn't updated their Snort boxes yet ;)

RichFebruary 21, 2007 10:11 AM

Obvious solution: put fancy computer thingie face recognizing cameras on all buses. That way when a terrorist tries to do global crime, you'll, like, know it and be able to catch him.

paulFebruary 21, 2007 10:25 AM

Not just "fancy computer thingie face recognizing cameras" but also those gizmos that can tell from your body language when you're about to commit a terrorist act. I've heard it on good authority that hackers recite passages from the GNU Manifesto before launching a script, so microphones for every bus seat will also be a must.

ravuyaFebruary 21, 2007 10:43 AM

I was wondering how long it would take you to get around to it; I remember sighing and then being depressed after reading it in the newspaper.

Wanted to submit it but couldn't find it again.

jaoFebruary 21, 2007 10:43 AM

Ok. Let me first say that I completely agree that the word terrorism is overused. Let's not forget, though, that one of the reasons it is overused is because of the very broad definition it has been given by the government. Why should you care? Because, overbroad definitions of criminal acts mean that activities that you previously thought you could freely engage in -- ie public protest motivated by political ideology -- now becomes questionable and subjects you to the scrutiny of the police.

I agree that there is some humour here - which has been pointed out by all - but I also think we need to be continually vigilant about keeping the bounds of what is defined as terrorism narrow. It may be funny now, but there are potential consequences to that type of thinking.

DeanFebruary 21, 2007 10:52 AM

@supersnail
"Lets get real here "terrorists", or at least the ones everybody is currently running away from (Al Qieda/Taliban/Middle Eastern Muslim Fundimentalists), dislike western high technoligy in principal and in practice."

I dunno about that. Wasn't bin Laden at one point using satellite phones? And how do you suppose that those beheading videos ended up online? Terrorists of the Islamic variety don't have any problem using technology to propagate information or communicate with each other, so long as they don't believe they'll be caught (which is why bin Laden ditched his satellite phone some time ago).

averyFebruary 21, 2007 10:56 AM

"Anyone with a with a security job they're not really qualified for and the ear of the press could commit a terrorist act, police warn." would be a far more apropriate ending to this article.

Mikko HiltunenFebruary 21, 2007 10:59 AM

We have had a city-wide, fully open WLAN-access network with over 700 basestations for a few years now in Oulu, Finland. Current thread model includes this so called terrorist threat but it does not differ in anyway from traditional networks. Anyone can go to a library and use a public computer or steal WLAN-access from an innocent neighbour.

In a case of criminal activity, there are ways to bind mac addresses to a certain basestation in certain time, which is (in most cases) much more than the usual forensic information available in traditional networks.

It seems to me that WLAN-security is often worried most by telco lobbyists and security vendors who are worried about their revenue when the market is forcing them to change their strategy. Too bad, this insecurity-hype has been adopted by the clueless media.

Free Internet access for everyone: You must be a commu...ahem...terrorist.

SuomynonaFebruary 21, 2007 11:13 AM

Judge: Please answer the question with a Yes or No. Have you ever been a supporter of Open wi-fi or a terrorist organization ?

X the UnknownFebruary 21, 2007 11:23 AM

"If you have an open wireless system across the city, as a bad guy I could sit on a bus with a laptop and do global crime," Fenton explained. "It would be virtually impossible to find me."

Ah...so we should dismantle the bus system! That way, they couldn't "...sit on a bus with a cellphone and do global crime," either.

GreyFebruary 21, 2007 11:28 AM

Bunch of savages in this town...

I love how he's talking about Translink's wireless traffic lights and dams in the same sentence.

The wireless traffic system is a low power transmitter on busses that signals when some of the express busses are a block or 2 away from major intersections, and it sends the signal to an antenna on a light standard on the side of the road. Having looked at the system parts, I'd be surprised if it worked from more than 50-60 feet, and I'm sure it's proprietary.

Scada: Most SCADA systems are on 900 or 1200MHZ here. Why change them all if you're already using decent systems? and like another `consultant' in the article said, they use directional antennae on commercial frequencies, and some fair security.

Gas/Hydro meters: oooh. you can see meter number 13345 saying it's used 30kwh in the last x hours. You could also just look at it and it would tell you the same thing.

eh. whatever. more `post 9/11' fear-mongering.

MangoFebruary 21, 2007 11:36 AM

Thank God no-one has realized the simplest way to deal with terrorists is to eliminate their targets. George Bush would jump on that one and kill us (Americans) all then proclaim to the world that the terrorist threat has been eliminated in the US. Then Canada would follow suit and wipe out their population.

Anonymous Cow-ArdFebruary 21, 2007 11:57 AM

With SCADA, the only way to protect such infrastructure is to air-wall the SCADA from the public internet. This is not a drastic measure, as nobody will *remotely administer* a chemical plant or a dam.

Please, KEEP YOUR SCADA DISCONNECTED FROM THE INTERNET!

soupFebruary 21, 2007 11:59 AM

What about the plan of putting the control of the city infrastructure on the web?

I think that's what more concerning than the mere existence of free wireless for the city.

Yes, we do hope that they will put decent security measure around the control of the city infrastructure, but since they're going to control it from the same network, there is still a possibility (almost a certainty) that somebody will be able to hack their way into... say, setting green lights for every intersections, or worse.

I think, that is a real threat.

bobFebruary 21, 2007 12:25 PM

It's time for another contest. This time, though, it's not for a movie-plot threat, but for a movie-plot countermeasure.

In order to win, it should be directed only at a movie-plot threat, however. No fair doing simple, sensible, inexpensive countermeasures, like, uh, smoking lounges to avoid leaving the back door propped open.

It should also be plausible, so no fair using laser cannons on every street corner to target the busses that a trrrorist is riding around the city on, exploiting the wireless network to "do global crime".

The last criterion is that is has to have not already been done in a movie. Hey, if you're gonna write a movie script, it has to be ORIGINAL.

What say you, Bruce?

AnonymousFebruary 21, 2007 12:29 PM

@soup
"say, setting green lights for every intersections, or worse."

Traffic light controllers have failsafes. These are independent circuits that monitor the control outputs, and strictly forbid things like opposing green lights. If the failsafe detects such a failure, it forces the controller into a safe mode, usually all-way blinking red.

X the UnknownFebruary 21, 2007 12:38 PM

@bob: "It should also be plausible, so no fair using laser cannons on every street corner to target the busses that a trrrorist is riding around the city on, exploiting the wireless network to "do global crime"."

How is this significantly less plausible than putting effective anti-missile defenses on all commercial aircraft?

John StonerFebruary 21, 2007 12:57 PM

From TFA:

'The city is seeking a private partner to develop a wireless network that could provide free or low-cost wireless Internet access in Vancouver. The network would be accessible to anyone with a laptop computer and wireless Internet WiFi card. The plan calls for much of the city's infrastructure, from traffic signals and TransLink systems to BC Hydro generators and Terasen gas meters, to use the wireless platform for communications and remote operations. TransLink has already experimented with wireless traffic signal operation to speed bus service.

'"Putting those vital links on the same network, you are opening yourself up to terrorist attack, to hackers bringing those systems down," said Fenton, who attended meetings last fall with city staff and city councillors on the development of municipal WiFi.'

On the one hand, it does seem like a bad idea to put this kind of stuff on a public network. I suspect that most vulnerabilities are more in the 'prank' range than the 'terrorist act' range.

On the other hand, the more general tone of this guy's fear is obvious. He's been successfully terrorized.

DrifterFebruary 21, 2007 1:16 PM

@bob

"It's time for another contest ... What say you, Bruce?"

Do you remember how much work Bruce had to do judging the last competition? I suspect Bruce will not be easily persuaded to try something like that again :)

Left CoastFebruary 21, 2007 1:26 PM

There are so many unsecured corporate wireless spots in Vancouver one doesn't need to resort to a "city wide" system for annonymous access -- a recent war-driving effort found over 50 spots accessible along the waterfront alone -- and that was from the Seabus in the middle of the harbour! The same can be done on a city bus anywhere in the city right now, so what's this guy's panic?

And there are a lot easier ways to cause problems in Vancouver and surrounding area. Anyone who has a minimal knowledge of the area knows that a few well-staged car accidents will cause the place to lock up for hours.

Or just pray for snow (a mere 0.25 cm will do) -- Vancouver becomes gridlocked at the mere forecast of snow...

Disruptions can also be accomplished with just 2 - 4 people --- check out how the city was brought to a standstill and lives disrupted back in 2004 when there were simultaneous "police incidents" (jumpers) on the main bridges. Traffic between Vancouver and North / West Vancouver was disrupted for over 14 hours. Add a few jumpers to the Arthur Lang and Pettelo bridges and you can lock up the entire lower mainland for days.

RichFebruary 21, 2007 1:38 PM

Anyone notice that the 5th from bottom paragraph, all about Pedophiles and Identity Thieves, has every major word capitalized? Not the same presentation style as the rest of the article.

K. Signal EingangFebruary 21, 2007 1:44 PM

@mitch and others complaining about the overuse of "terrorism".

Not sure what you saw in that episode of "Cops" but the language of "terroristic threats" to describe everyday crimes is not something that just popped up after 9/11. It's been a common term in any case where one person's threatening to do harm to another's person or property, whether it's the KKK or an abusive spouse making the threats. That having been said, one guy whacking another with a stick doesn't fit the description so I don't know what's up with that.

I think the issue is that since 9/11 the term has lost its general, technical meaning, and for many of us has come to signify only violent religious fanatics with sinister designs on national landmarks.

RealistFebruary 21, 2007 1:48 PM

This detective certainly is into FUD. But he seems to be rather clueless as to what is already available around Vancouver.

One can do the same "annonymous" hacking in Vancouver today simply by visiting one of the city's public libraries. Annonymous accounts are available without having to have a libnrary card or other ID.

And several of the schools in the lower mainland have poorly secured wireless access points to allow students to use thier laptops, etc. Not to mention all the unsecured corporate sites.

As for flood threats from SCADA breaches to dams, I wonder if either of these "experts" has even bothered to look out their windows at the local terrain or speak with the folks who do the emergency planning for North and West Vancouver (separate cities from Vancouver). Vancouver proper might have some waterfront damage from flood waves, but the city certainly wouldn't be flooded. North and West Vancouver would suffer along some of the valleys and lower flood plain, but most of it would be contained by terrain and flushed into the harbour (which has tides, so the sudden rush of water really wouldn't be much more than an extra high tide).

Jack C LiptonFebruary 21, 2007 1:54 PM

Has anyone considered how much money a carrier who could _charge_ for wifi access would make, city-wide, during the Olympics?

Bruce SchneierFebruary 21, 2007 2:50 PM

"It's time for another contest. This time, though, it's not for a movie-plot threat, but for a movie-plot countermeasure."

Clever, but I already have an idea for this year's contest.

evil(bob)February 21, 2007 4:02 PM

@Bruce
"Clever, but I already have an idea for this year's contest."

Curses! Foiled again!

Bluezoo7February 21, 2007 4:48 PM

OHMYGOD! It just occurred to me that all road and freeway access to the Olympic Games will be UNAUTHENTICATED!

If we don't shut down the roads, a terrorist could use these to commit terrorist acts and WE WOULDN"T KNOW WHO THEY WERE!

Someone, call the Globe!

AlanFebruary 21, 2007 5:12 PM

I guess the Vancouver cops have been dipping into those drugs the US has been so worried about.

The easiest way to understand the mindset of articles like this is to imagine them taking a bonghit after every sentence.

RealistFebruary 21, 2007 6:05 PM

@Jeff Davis
I wonder if Fenton is coming up on a promotions review or something. All this FUD certainly seems to be an attempt at self-promotion to those who haven't a clue. He sounds like he's new to the security game and trying to impress the bosses (didn't the Vancouver police chief try something like this a few years ago as well?).

sidelobeFebruary 21, 2007 6:59 PM

Perhaps this is actually a plot to draw all of the cyberterrorists to one place. They will all descend on one city at the same time that police security is being reinforced in anticipation of the crowds. All of the extra security people will be able to "warm up" by rounding up all of the surreptitious WiFi-exploiting criminals.

SamFebruary 21, 2007 7:02 PM

Wow, I'm disappointed in Bruce, and 90% of the commenters above.

What this guys is saying is that there is a risk in allowing anonymous public access to the same wireless net that traffic signals and other infrastructure controls will be using.

And that is correct. There is a significant technical difference in allowing access to the same wireless network, and the general threat from dialup/EVDO/coffee-shop wifi internet users, that commenters are totally ignoring.

You can certainly mitigate that threat, but it is there. And should be noted and dealt with.

I don't see anywhere in the article he proposes shutting down the wifi, just "it raises huge security concerns".

Is that really too subtle a point for the "security theater" parrots commenting on this blog to grasp?

the other GregFebruary 21, 2007 7:41 PM

@ Sam

Perhaps you missed it because it was unsubtle.

The nice officer didn't say pranksters would play with the traffic. He said they would "terrorist attack during the 2010 Winter Olympic Games" and "do global crime".

ThomasFebruary 21, 2007 9:00 PM

"""... there is a risk in allowing anonymous public access to the same wireless net that traffic signals and other infrastructure controls will be using."""

All wireless allows "anonymous public access".

Maybe the vital infrastructure network shouldn't be wireless.

CosFebruary 21, 2007 11:56 PM

"... as a bad guy I could sit on a bus ..."

Stop right there! A bus? A bad guy could *blow up* a bus. Vancouver must stop all bus service, to protect itself from this threat.

kiwanoFebruary 22, 2007 3:31 AM

Nice work slipping the pedophiles in at the end of the article too.. heaven forbid that only one of the four horsemen of the internet apocalypse be invoked. The identity thieves were also a nice touch.

TarkeelFebruary 22, 2007 6:10 AM

The Register has some more on it (http://www.theregister.co.uk/2007/02/22/wifi_terror_vancouver/); it seems that the main problem is "much of the municipal infrastructure is to make use of the proposed net, including "gas meters, bus services...and traffic signals"". I agree that the risk seems a bit blown out of proportions though.

guvnrFebruary 22, 2007 9:43 AM

@Sam, 90% is low...

@Tarkeel, the problem is that the risks are always understated and minimized by proponents so in order to balance that tendency the alarm has to be stark.

For example, reread this thread and note how many posts are totally one-sided, without trying to understand why a responsible and qualified professional would make such apparently fallacious statements.

For those who might dispute my characterization of Det. Fenton, consider that he is an 18-year veteran who has been recognized with an award from financial industry for his work on computer financial crimes. His qualifications would certainly be challenged by every defense attorney in the cases he worked, so they'll be good enough to stand up in court or he'd've been out of a job long before he made 18 years on the force.

Maybe he had a point, even if most of the posters here don't want to see that side of the coin...

c. netmanFebruary 23, 2007 11:31 AM

Sadly guvnr...

The fact that Det. Fenton's work has stood up in court is more an indictment of the BC legal system than an endorsement of the police.

That said, it's got to be a thankless job. Hardly surprising that after 18 years he would become a little paranoid and out of touch.

The stupidest thing about the article is that it critiques a network that is yet to be designed. It's unfortunate that, as a network is going to be built, the VPD missed the opportunity to draw attention to real online security issues that should be addressed by the project and instead choose to spread FUD.

...there ought to be a law against that!

JoeFebruary 27, 2007 7:21 PM

The snippet that started this thread is taken out of context, so of course it sounds demented. Here is the context: in the Munich Olympics, in which Israeli athletes were murdered by terrorists, the weapons were placed in the Olympic Village (where the athletes stayed) in advance by a confederate. Consider a similar scenario where explosives are emplaced in advance. How would the signal be transmitted to detonate the explosives? By what means could this be prevented?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..