Airport Credentials Manipulated to Commit Crime

Some airport baggage handlers used their official credentials to bypass security and smuggle guns and marijuana onto an airplane.

This kind of thing is inevitable. Whenever you have a system that requires trusted people -- that is, every security system -- there is the possibility that those trusted people will not behave in a trustworthy manner.

But there are ways of minimizing this risk.

Posted on March 13, 2007 at 3:30 PM • 23 Comments

Comments

nzrussMarch 13, 2007 4:24 PM

>>>...... a duffel bag containing 14 guns and drugs on a commercial flight from Florida....

The rest of us have enough trouble with a tube of toothpaste or some cologne!

McGavinMarch 13, 2007 4:30 PM

This brings up a good point that I don't see much in the Security debate these days:

Trusted vs. Trustworthy

Rob MayfieldMarch 13, 2007 4:37 PM

@McGavin: true, but?
Trusted: a label you apply to someone/thing before you know for sure (or before you know better)
Trustworthy: a label you can only apply with hindsight

SpiderMarch 13, 2007 4:42 PM

"Whenever you have a system that requires trusted people -- that is, every security system -- there is the possibility that those trusted people will not behave in a trustworthy manner.

But there are ways of minimizing this risk."

Exactly. Thats why my passwords are a secret even to me.

You'd be amazed at you productivity when you've locked yourself out of your email account.

MathFoxMarch 13, 2007 4:42 PM

I've talked to a luggage handler on Amsterdam airport; he gets a metal detector and bag X-ray treatment like the passengers. (As a passenger I've watched it happen to apron personnel.) Copying this to the US would close a security hole.

jkohenMarch 13, 2007 4:44 PM

@nzruss

That's only until hygiene issues surpass terrorism in media attention. Maybe we should stop bathing and brushing our teeth at least one week before flying.

DPMarch 13, 2007 4:54 PM

I'm just wondering where they got 14 guns and 8 pounds of weed for 1800 bucks. It's a mystery.

McGavinMarch 13, 2007 5:54 PM

@Rob Mayfield:

"Trusted: a label you apply to someone/thing before you know for sure (or before you know better)

Trustworthy: a label you can only apply with hindsight"

Yes, if we assume you are talking about people.

bzelbobMarch 13, 2007 7:06 PM

"Whenever you have a system that requires trusted people -- that is, every security system -- there is the possibility that those trusted people will not behave in a trustworthy manner."

Awesome quote!

This perfectly describes government itself. I wonder if anyone has done a detailed analysis of the types of security failures that can occur within government itself?
(i.e. - Analysis of the government as if it was a computer operating system.)

...And how many people here believe that the government of the USA currently has multiple trojans/viruses/worms/rootkits in it?

AaronMarch 13, 2007 7:48 PM

"And how many people here believe that the government of the USA currently has multiple trojans/viruses/worms/rootkits in it?"

If they're smart? The same people who believe that of EVERY government...

Filias CupioMarch 13, 2007 9:39 PM

From the "Evil Overlord List" http://www.eviloverlord.com/

147. I will classify my lieutenants in three categories: untrusted, trusted, and completely trusted. Promotion to the third category will be awarded posthumously.

John DaviesMarch 14, 2007 3:47 AM

@MathFox

"I've talked to a luggage handler on Amsterdam airport; he gets a metal detector and bag X-ray treatment like the passengers. (As a passenger I've watched it happen to apron personnel.) Copying this to the US would close a security hole."

That's a good start but if it's your partner in crime doing the X-raying ...

BobMarch 14, 2007 8:05 AM

I just went thur OIA mar 3 & returned mar 9, and this comes as no surprise. Some of the tsa people looked like america's most wanted- ie sleazy and on my return they took 2 spare rechargeable camera batteries along with a small bottle of colonge, and a bottle of beer> Westvleteren '98. The were there when I went thur Customs... as I had the fun of having all my bags gone thur and yet they were gone when I picked them up later.

This was AFTER flying and being approved by the Custom's agents.

This also brings up another beef I had with tsa, I had to do the xray/metal det./shoes before I could leave! Theres no reason or need to be checked as you have never been exposed to a unsecure location after coming thur customs- and yet they give you a final search to retrive baggage? Thats just a waste of our tax $$$ , the baggage pickup is open to the street and yet the people coming in from the street haven't been checked, yet flyers who just went thur Customs,ect. need to be rechecked? B*^$%@!%*^#

Lets not go into how my wife gets the shaft- they cut open her tampons each & every last one! They are made to be sterile and now .... My wife is a federal worker , flying on tickets bought by the gov. using gov. CCard, ect and yet each & everytime she flies she gets the special treatment.

Its all a bunch of crap and a waste of time & money- OUR TAX $$$$

EdwinMarch 14, 2007 10:28 AM

Screening of passengers for risk analysis is primarily performed by examining reservation data and no-fly lists. However matching of passengers to ID is performed independently at the screening checkpoint, without reference to the reservation data.

Therefore:

Mr. OnNoflylist wishes to fly to a meeting within the USA. He simply makes a reservation and purchases a ticket in the name of Mr. SafetoFly. He then prints a boarding pass, and modifies digitally it on his computer to reflect the name OnNoflylist. (quite a trivial operation).

At the checkpoint, he presents his valid ID as Mr. OnNoflylist, together with his modified boarding pass. Then he simply boards the flight using his Mr. SafetoFly boarding pass.

There are many refinements to the technique, but the main point is that NoFly lists have little meaning for flights in the USA (and most other countries). [If unlucky enough to have been selected for special screening, Mr. OnNoflylist will of course have removed that SSSS indication from his boarding pass too]. [Even at some locations where international passengers have identity checked before boarding, this is manual and not crosschecked to reservation or INS data, so that any old fake ID with a fake boarding pass will do nicely]

It is a good example of the futility of the present approach to airport security.

Ed KohlerMarch 14, 2007 12:54 PM

Make sense to me. Smuggling is good money for a few minutes work. The credentials are worth more than the salary in cases like this.

quincunxMarch 14, 2007 2:08 PM

"But there are ways of minimizing this risk."

Not if it's in the hands of a compulsory monopolist.

X the UnknownMarch 14, 2007 5:48 PM

@quincunx: "Not if it's in the hands of a compulsory monopolist."

Security is ALWAYS in the hands of a compulsory monopolist, at least at the local level - otherwise they couldn't even pretend to enforce security.

averrosMarch 15, 2007 3:43 AM

X the Unknown --

> Security is ALWAYS in the hands of a
> compulsory monopolist,

This is just plainly untrue. Walk in a mall. See the private security guards. Which emphatically do not have monopoly on security services, even at the local level.

Are you claiming they do not provide security or are you claiming police have no powers in shopping malls?

The problem with government-provided security is precisely in the fact that it is monopolistic. The basic economics tells us that monopolies always deliver crappier and more expensive goods than competitive market. Production of security is no different.

AlvarezMarch 18, 2007 11:30 AM

Looks like airport security still neither have money incentive
to stop incidents like that nor any fines to pay for their mistakes.

aeschylusMarch 20, 2007 8:31 PM

"marajuana"?

Bruce, I guess you're either not a smoker, or you smoked so much you forgot how to spell "marijuana". :^)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..