Carrier Pigeons Bringing Contraband into Prisons

In Brazil.

I think this is the first security vulnerability found in RFC 1149: "Standard for the transmission of IP datagrams on avian carriers." Deep packet inspection seems to be the only way to prevent this attack, although adequate fencing will prevent the protocol from running in the first place.

Posted on June 27, 2008 at 6:32 AM • 45 Comments


rikJune 27, 2008 7:26 AM

A seeded honeypot could be used to spoof the protocol and cause the packets to get dropped.

Lewis DonofrioJune 27, 2008 8:15 AM

Perhaps its a job for a DoS using

Up to 6 acres (3.2 hectares) at full volume."

mount them in the guard towers.... probably need four or eight of these for the entire are that you need to cover

Lewis Donofrio Sr. Windows / Unix Systems Administrator 734-355-0592

JohnJune 27, 2008 8:20 AM

This does not appear to be a security problem with the protocol described in RFC 1149.
It a bit like blaming the telephone system when its used by criminals.

Tangerine BlueJune 27, 2008 8:27 AM

> adequate fencing will prevent the
> protocol from running
They tried an air gap - it didn't help.

But using CAT-5 seems to take care of it.

derfJune 27, 2008 8:53 AM

What? A Pigeon carrying a jumbo frame?

It could grip it by the husk!

It's not a question of where he grips it! It's a simple question of weight ratios!

Wait a minute! Supposing two Pigeons carried it together?

No, they'd have to have it on a line.

Well, simple! They'd just use a strand of creeper!

What, held under the dorsal guiding feathers?

Well, why not?

Scott KJune 27, 2008 9:10 AM

Can someone edit the Wikipedia article on Carrier Pigeons ( to reflect this new implementation? (The 2001 Norwegian implementation is already listed in the article.)

Lewis DonofrioJune 27, 2008 9:13 AM

Bogwitch - I believe its no more than 256 milligrams

* Q: What is the typical MTU for an RFC 1149 transmission?
* A: From RFC 1149, Carrier Pigeon Internet Protocol: "The MTU is variable, and paradoxically, generally increases with increased carrier age. A typicall MTU is 256 milligrams"
* Credit: Joe Nygard

--Happy Friday...
__________________________________Lewis Donofrio Sr. Windows / Unix Systems Administrator 734-355-0592

J.D. AbolinsJune 27, 2008 9:18 AM

One of the classic counter-measures against carrier pigeons was using falcons.

As for C. Roy's question about carrier pigeons being extinct. The birds aren't but the use of the birds for routine delivery of messages is generally gone.

I recollect Switzerland being the last country to disband its military carrier pigeon unit. That was in the mid-1990s. One Swiss soldier reported said that the pigeons did have their advantages. If captured while transporting a pgieon, the soldier could claim he was transporting a pet or livestock. Also, if one was facing starvation, one can eat the pigeon, not so with an electronic communications device.

Dave B.June 27, 2008 9:22 AM

@C. Roy
You're thinking of the Passenger Pigeon.

Yeah, that was my first thought, but then I realised that the vulnerability was that the prison guards discovered the transactions.

Also, you'd need a serious pigeon launch capability to implement a Ping of Death DoS.

jeffJune 27, 2008 9:49 AM

@Dave B.

Launching a DOS would be a lot easier with a good botnet, but I expect that even the average consumer would recognize when their system was being used for that. The pigeon crap on their keyboard would be a dead giveaway.


boo lee hanJune 27, 2008 10:05 AM

But the REAL question is :

can it carry a large tube of toothpaste or not ?

that, freaks me out!

aikimarkJune 27, 2008 11:10 AM

I prefer OWLs, Hawks, and Falcons to an electronic distress sound generator. Carefully placed rubber snakes also make a good deterrent.

RoxanneJune 27, 2008 11:15 AM

The real question is whether or not it could carry a thumb drive across the border. So much for seizing that laptop....

AnonymousJune 27, 2008 12:14 PM

Need a way to share a secret key? Use this method with a tamper-evident seal. Place a USB key with 2GB of random text and use the XOR function for unbreakable encryption. If an attacker only was looking at the network, they would be out of luck.

Clive RobinsonJune 27, 2008 12:39 PM

All this talk of DoS attacks with pigeons reminds me of the Alfred Hitchcock movie "The Birds" which is just plain scary...

Because he for saw the perfect answer to Bruce's security theater competition when Bruce was (possibly) still in nappies.


AnonymousJune 27, 2008 1:10 PM

@John: This does not appear to be a security problem with the protocol described in RFC 1149.

It's not a problem for the traffic carried via RFC1149. However, it shows that RFC1149 implementations have a covert channel which an attacker can leverage.

You might also be able to detect if the covert channel is in use because of congestion between the legitimate and covert payloads. But a smart attacker will limit their payload so that you don't see any noticeable effect.

Chris SJune 27, 2008 1:14 PM

From the article...

"Officers were alerted to the scheme at a prison near Sao Paulo, when they noticed some of the birds experiencing difficulty flying."

A-ha! They did detect congestion caused by the covert payload!!!

bobchsJune 27, 2008 2:33 PM

@ Andrea S.

If the Internet itself is the addictive thing (and I think it may be) encryption would be counter-productive.

Josh OJune 27, 2008 4:02 PM

Uh Oh, Steve. with that double post, now we all know that you've been the one making all those "anonymous" comments all these years.

RocketmanJune 27, 2008 6:43 PM

Wouldn't the "shot blast" effect be an effective DoS (Dead or Scared) attack.

You aim your packet generation device at a vulnerable point along the carrier path and activate it when you detect traffic. I would suggest a point near the route endpoint being most effective due to the lack of intelligence on the origin of the packet and the concentrating effect of the single destination. The route endpoint is also closer to home comforts and so has fewer logistical issues.

A packet collision will cause effective carrier loss and provide data to analyze. Even a miss will most probably disrupt the carrier due to the built in Carrier Integrity Preservation System (CIPS). This weakness due to carrier self preservation is further enhanced due to its long term memory capabilities and Forward Looking Collision Avoidance. (FLCA*)

What is open for debate is the selection of packet size for the DoS attack. Due to the low carrier bandwidth and small packet size of the payload I would recommend smaller offensive packets with higher dispersal (bird shot).

* FLCA is an enhancement on FEC. It is designed to preserve the carrier rather than the integrity of the payload so that the channel stays open for retries. Unfortunately the engineers did not foresee the effects of CIPS.

ekstromJune 27, 2008 7:04 PM

I just read in AOPA Pilot (magazine) that the first air-to-air military combat was in 1870 (Franco-Prussian war) when the Prussians deployed trained hawks against French battlefield communications performed according to RFC1149

AndrewJune 28, 2008 9:48 AM

1) Micro SD card.

2) RFC 1149 protocol discovered to be surprisingly robust in defeating certain wireless countermeasures.

3) RFC 1149 protocol able to defeat certain wired countermeasures, including barbed wire and razor wire.

4) Excess packet size can result in dropped packets.

FredliciousJune 29, 2008 5:16 AM

A firewall would bring multiple benefits: no more contraband, and the guards get roast pigeon for dinner...

LDLJune 29, 2008 9:03 AM

I love it! I remember the first time I read that RFC and thought that
someday someone would exploit it. I just don't understand how the
media (birds) are trained in this scenario... the problem seems to me
how do you get the bi-directional flow? I can understand inbound or
outbound traffic... but bidirectional seems hard to achieve.

me too, laughingJune 30, 2008 6:46 AM


So, following a proven official procedure, should now be punished everybody selling magazines containing photos so that these cigarette terrrists won't be able to continue their mishaps

RogerJune 30, 2008 7:43 AM

> Use this method with a tamper-evident seal.

Unless we make assumptions about the limitations of the attacker's manufacturing capabilities, a tamper-evident seal requires either that the device be verified by the same person who applied it (not so useful for sending messages), or that there exists a secret pre-shared between applier and verifier. Otherwise, the attacker can just substitute the whole device, with a fresh seal.

> Place a USB key with 2GB of random text and use the XOR function for unbreakable encryption.

Sorry Steve, a Flash drive is a terrible way to implement a one-time pad. One of the necessary design features of a OTP is the ability to irrevocably erase key stream as soon as it is used. But because of wear levelling algorithms, it is difficult to overwrite data on a flash memory device; from the file system level, the only guaranteed way to do it is to overwrite the entire device. If you write your own driver and get bare-metal access, and IF wear levelling was implemented in drivers rather than in chip firmware, then at least you can erase just one block at a time -- still very inefficient if you just received a 50 word message, since the block size is a minimum of 16 kB and usually much larger.

RemoJune 30, 2008 10:54 AM

Those carrier pigeons have not vanished.
In the low counties (Belgium and the Netherlands) there are still many thousands of pigeon breeders with pigeons that are used for "racing". They are put somewhere in the field to fly back home. The distances those pigeons have to fly are up to several hundreds of miles. There is one point. The birds only know one destination, back home. They have to be transported first. I was told that they tend to prefer to fly from South to North. The other way around doesn't seem to work well.
take a look at :

OFFJuly 2, 2008 10:40 AM

More reliable than the new e-voting machines. Maybe we can start voting by carrier pigeon. Fly me to the polls.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..