Schneier on Security
A blog covering security and security technology.
« "The Top 10 Data Breaches of 2007" |
| Tasers »
December 19, 2007
Police said Espinosa and Blunt were in adjacent cells and used a long metal wire to scrape away mortar around the cinder block between their cells and the outer wall in Espinosa's cell.
Once the cement block between the cells was removed, they smashed the block and hid the pieces in a footlocker. According to police, Blunt, who is 5 feet 10 inches and weighs 210 pounds, squeezed into Espinosa's cell through an approximately 16- to 18-inch hole.
The two inmates wiggled through another 18-inch hole in the outer wall. From a roof landing, the two men "took a running jump or they were standing and they jumped approximately 15 feet out and about 30 feet down," Romankow said.
Then they jumped a razor-wire fence onto a New Jersey transit railroad bed to freedom, police said. Authorities found two sets of footprints in the snow heading in opposite directions.
To delay discovery of the escape, Espinosa and Blunt used dummies made of sheets and pillows in their beds. They also hung photographs of bikini-clad women to hide the holes in the walls, a move reminiscent of a scene in the Hollywood hit "The Shawshank Redemption."
Posted on December 19, 2007 at 5:10 AM
• 39 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I was disappointed to read that there was no vaulting horse in the exercise yard and no Steve McQueen on a motorbike.
( de rigeur on TV in the UK at Christmas )
It is more like the movie staring Clint Eastwood where he escaped from Alcatraz...
Maby the prison needs to review it's movie policy with regards to what the prisoners watch ;)
Grin, this is so ... 1930ies, really. Looks like it isn't just us computer security geeks who keep tripping over ancient vulnerabilities.
Hiding the hole with a picture was in Shawshank Redemption. In the Clint Eastwood movie ("Escape from Alcatraz"?) he removed a grate and hid the fact by creating a paper mache grate.
But yeah, the real escape has elements from both movies.
Actually this neatly demonstrates how much security is required to stop really determined individuals from going into places where they shouldn't. Even high level prison security has its occasional glitches.
"According to police, Blunt tried to escape in September using similar methods. " And it didn't occur to them to have someone, idunno, check behind the posters on his walls occasionally? Especially since he tried this before? I mean, looking behind posters isn't such a difficult, time consuming, or high-tech thing to do...
FTA: According to police, Blunt tried to escape in September using similar methods..
And it's not just in the computer world where not taking action to block use of known vulnerabilities will get you into trouble.
Given the lack of sensitivity to the first escape attempt, a Caesar cipher would have sufficed. (As an aside, you do know that Solitaire is, er, somewhat broken?)
Am I blind? I see no date on this article anywhere; it talks about Saturday and Monday, and mentions a planned sentencing on January 25. Did this even happen this year?
Hmm. Well I do see 2007, 12, and 17 in the URL so I guess it's a current story. But is it so hard for CNN to add an unambiguous dateline? Sheesh.
Sorry to bitch and moan. Back to planning our escapes. Pass me that wire would you...?
Regarding known security vulnerabilities. The story says that "they jumped approximately 15 feet out and about 30 feet down." If I have done my arithmetic correctly, a fall of 30 feet results in a velocity of about 40 feet per or about 30 miles per hour (50 km/hr).
There is probably a substantial probability of minor to severe injury from landing after such a jump.
@RonK : Just curious, how broken is solitaire? The articles I've found only say that the output is not completely random.
Do you know more about how practical an attack there is?
there is a dateline, above the article title. right now (12/19, 10:30 EST), it says, "updated 11:02 p.m. EST, Mon December 17, 2007"
Dang movie plot criminals.
anon> there is a dateline, above the article title.
Thanks, but I don't see it.
Amusingly, if I allow cnn.com, but not cnn.net, the article text disappears. What idiots.
@Chuck: It's the winter in the north east right now, they probably landed in deep powder which would have broken their fall quite a bit. It's still risky and daring but they had little to lose. If the landing had been a concrete staircase, they might have though about it twice...
It took place in New Jersey. There was no snow.
You don't need snow to survive a 30' jump, you just need to know how to land correctly. Since they're jumping out, they've got forward momentum so they just tuck and roll. You might sprain or even break a leg, but nothing that's going to stop a determined criminal from hobbling a few hundred feet to the waiting getaway car.
> Do you know more about how practical an attack there is?
Frankly, since most people using Solitaire will be encrypting short messages, I rather doubt that in real life there are any practical attacks against it. But I'm just an amateur cryptographer, if that....
Yes, there was snow. The article talks about their footprints in the snow.
It's interesting how many obstacles they managed to overcome. It seems like the prison has defense in depth, but it still wasn't enough.
> It took place in New Jersey. There was no snow.
the article clearly states "Authorities found two sets of footprints in the snow heading in opposite directions."
Regarding jumping from that height.. you're right, jumping from high up can be dealt with by landing and rolling out correctly, but from 30'? That is essentially the 4th floor. Maybe the author embellished a little bit.
@TS, I live a few miles away from the jail -- there was snow then.
Or more than a little. Then again, it's a journalist; anyone who expects a journalist to get anything right has been sniffing something.
Ok, maybe there was a light coating, but the big storm didn't hit until the next day. Even then, there wouldn't have been enough to make any difference, you need several feet of snow, something NJ hasn't seen in many years.
So, when does "No posters, pictures, or photographs on the walls" rule go into effect?
> when does ... rule go into effect?
Right after they start enforcing the weapons ban.
They jumped 15' out? Possible but sounds un-likely. You really don't get as much extra distance from jumping from a height as you might think. People's impressions of jumping are colored by movie stunts that are a tad augmented and are not exactly what you'd call strictly physics-based.
@Scotty: They jumped 15' out? Possible but sounds un-likely. You really don't get as much extra distance from jumping from a height as you might think. People's impressions of jumping are colored by movie stunts that are a tad augmented and are not exactly what you'd call strictly physics-based.
True. You very soon start dropping like a brick.
Of course, in Jr. High track I always jumped around, usually, 15 feet. Granted, the conditions were better, but I was still 14 and not fully developed. (I don't know what I could jump in high school, since i finally made the basketball team.)
Though the methodology is similar to Shawshank Redemption, it's not as if tunneling hasn't been done before - from The Count of Monte Cristo to The Great Escape.
And let's not forget Dumas and King wrote their books long before the films came out.
All I gotta say is wow. If they only put as much effort into leading a legit life, how they might have turned out...
@Scotty: With a running start a 15foot jump is conceivable, and unless the fence was 30ft tall, their height would give them an added advantage. A jump like that would make the landing all the worse though.
Parkour or not, I am very skeptical of anyone jumping this distance without injury. The biggest vertical free drops those parkour guys do is about 10 feet; this is 3 times as much, which is a big deal.
Someone noted an impact speed of 40 fps. Actually, if you include the horizontal component to get 15 ft outward, its more like 45 fps.
Now parachutists are trained to land as safely as possible from high impact speeds. Yet with a "normal" speed of 19 fps, they still expect about a 1% rate of injuries severe enough to put a soldier temporarily hors de combat. And one study showed that a 30% increase in impact speed resulted in 16 times greater injury rate! (The injury rate also increases dramatically at night, which is when this escape occurred.) Thus it is not surprising that 50 fps is often cited as the LD50 of impact speeds (for untrained persons.)
As such, while a skilled jumper might well survive a 30 feet + 15 feet jump, unless the landing was on a VERY forgiving surface the odds of running away rather than hobbling or crawling, would be slight.
Without knowing what evidence the police had, I have another hypothesis: since these guys apparently crawled out of an 18" hole in an upper storey of an exterior wall, and then made it to the roof, they must be pretty good climbers. I would suggest that they probably climbed down, and any impact points at the spot 15 ft out from the wall may be from jumping from somewhere else.
I don't think the 15 feet across is unlikely. The descent of 30 feet would take about 1.4 seconds. Thus, the sideways velocity has to be only about 10 fps or 7 mph (11 kph). That's a slow run. If the jump had to be performed without a run, then the sideways distance is more of a challenge but certainly possible.
I was only considering the vertical component of the impact velocity. I think a sideways component is helpful---it would reduce the compression load and facilitate rolling out of the fall. I don't think rolling out of a fall is possible if you are going straight down.
If we're relying on the warden's statement for the details of the 30' jump, it's worth reflecting that the warden probably has a (possibly unconscious) bias towards making the escape seem as superhuman as possible -- something no reasonable warden could expect a prisoner to be able to do, and therefore something the warden shouldn't be blamed for not anticipating.
Perhaps the impact mark was from the bundle of whatever that they brought with them when they left; plain clothes or blankets they had smuggled or some such. They knew they were escaping into the winter.
Also, bear in mind that when you need to drop from a 30 foot height, if you can lower yourself first, then you can make it much more easily. We were trained for this in climbing exercises in the military; you lower as far as you can first, then when you can't hold anymore you drop down, let your legs buckle, and tumble to the ground. I have only ever done it from a 15 foot height, but it is certainly feasible that someone could do this.
@ those who have to compute the physics of the fall
Huh? What has that got to do with the security? It happened.
Whether the fence was 20, 25 or 30 feet - all sources agree that it was >20 feet high, and 15 feet away from the building. It was a big, risky jump over double razor wire rings.
I think the security issues are:
- was the note left behind for real or a "joe job"?
- why weren't these cells inspected, and why aren't the inspection documents available?
- when these inmates were identified as escape risks, why weren't they placed somewhere else - or moved around every week or so?
Regarding snow - yeah, there was a little snow on the ground. Not enough to cushion a fall, but enough to show footprints, demonstrate the lack of any blood, and possibly muffle some sound of landing.
In the days since this event, the Warden and assistant have been replaced, and all the on-duty guards have lawyered-up already. There has also been another escape attempt at the same facility.
Some links to news sources which may/may not represent anything close to truth:
" The distance from the building edge to the fence is 15 feet..."
" ...the men leaped from the roof, clearing a 30-foot-high fence topped with razor wire..."
Although the Asbury Park Press [app.com] describes the fence as ...25 foot high and topped with razor wire..
Photo slide show:
@Chuck: "I think a sideways component is helpful---it would reduce the compression load and facilitate rolling out of the fall."
As plausible as the idea seems, unfortunately, it is not correct. Ground wind speed -- which of increases the sideways component -- greatly increases accident rates among parachutists.
@havvok: "Perhaps the impact mark was from the bundle of whatever that they brought with them ..."
Interesting theory. Seems plausible enough.
"...30 foot height, if you can lower yourself first, ... I have only ever done it from a 15 foot..."
Lowering yourself first is a good strategy for moderate distances. An average-sized man dangling from his arms takes about 7 feet off the drop, turning that risky 15 ft drop into an 8 ft drop, somewhat less than the parkour guys manage and safe enough for someone trained to land well. However, taking 7 ft off a 30 ft fall still leaves you with 23 ft -- nearly 3 times as far, and 3 times as much energy to dissipate. BIG difference.
(Also, if you dangle and drop, there is no way you can land 15 ft out.)
Roger> Ground wind speed -- which of increases the sideways component -- greatly increases accident rates among parachutists.
Not a fair comparison, since ground wind often carries parachutists off their line of travel so that they would have to run diagonally. And if parachutists came straight down vertically you'd see a lot of broken ankles.
"All I gotta say is wow. If they only put as much effort into leading a legit life, how they might have turned out...
Posted by: pos"
Of course, if they led a legit life, they wouldn't have had months and months of free time...
Don't forget one of these guys was a blubber ball; overweight and sloppy. There is no way they went straight out for 15+ feet, not to pass the fance but to completely clear the razor wire, and then landed.
And what kind of wire is strong enough to scrape the mortar on the closest side of the block and to be stiff enough to reach accurately and straightly through to scrape away the morter on the other side of the block. I'd like to see that part of the stunt duplicated in a lab enviornment.
In fact, I'd like to see the jump duplicated by trained stuntmen.
This was clearly an inside job with inside help. It just goes to show that the gang rule inside our prison systems reaches through the guards and prison management to the streets outside.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.