Schneier on Security
A blog covering security and security technology.
« Tourist Scams |
| Flying While Armed »
December 8, 2008
Mumbai Terrorists Used Google Earth, Boats, Food
The Mumbai terrorists used Google Earth to help plan their attacks. This is bothering some people:
Google Earth has previously come in for criticism in India, including from the country's former president, A.P.J. Abdul Kalam.
Kalam warned in a 2005 lecture that the easy availability online of detailed maps of countries from services such as Google Earth could be misused by terrorists.
Of course the terrorists used Google Earth. They also used boats, and ate at restaurants. Don't even get me started about the fact that they breathed air and drank water.
A Google spokeswoman said in an e-mail today that Google Earth's imagery is available through commercial and public sources. Google Earth has also been used by aid agencies for relief operations, which outweighs abusive uses, she said.
That's true for all aspects of human infrastructure. Yes, the bad guys use it: bank robbers use cars to get away, drug smugglers use radios to communicate, child pornographers use e-mail. But the good guys use it, too, and the good uses far outweigh the bad uses.
Posted on December 8, 2008 at 2:20 PM
• 47 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I used to make a similar argument about limits on cryptography (i.e., governments that want to limit the strength so they can crack it). While it is true that "outlaws" may use cryptography to hide information, "good guys" use it to protect their information from the outlaws.
I think the old quote goes "once you outlaw something, only outlaws will have it."
People who have the duty of "providing security" rather than "reducing risk" are in an awkward position. Their job function is actually impossible, so they see the world in a distorted way in hopes of being able to do the impossible.
I agree that it is ridiculous to blame Google for being a facilitator in the attacks.
That said, Google once edited some aerial pictures of US military facilities and government buildings, like the White House a few years ago, to hide where the air intakes and antennas are on the building's roof. I think it was during the anthrax scare.
If they take too much heat from that kind of press coverage, they might do something similar for official buildings across the globe, so they will appear to be doing something, even if it is ridiculous.
@nick: "People who have the duty of "providing security" rather than "reducing risk" are in an awkward position."
That's very true. That's part of the reason why I try to be a bit more tolerant in my criticisms of how some of them try to fulfill their responsibilities, however wrong they are. Because, after something happens, be it Mumbai Google Earth terrorism or a homeland terror attacks, no one will be saying "wow, it's been a while and that's rare, so thank you for reducing risk." No, the focus will be on the failure to "provide security"--correctly noted by nick as impossible.
Tools are tools. (big list: cryptography, airplanes, firearms, cars, google, prisons, screwdrivers, drugs) Tools can be used and they can be abused; and it is impossible to make one sophisticated enough that it can only be used for "good" purposes.
They are currently in the throes of developing 'nonabusable' cars; ie the car knows the speed limit in any given location and wont exceed it, the car wont start if the operator is UI, the car will voluntarily stop at the push of a button by someone who can convince the car that they possess the authority to shut it down, etc. It will be a maintenance and operational nightmare and cost a fortune.
And it still will not solve the "problem". But it will get people killed when they cant run away from attackers, the car gets confused and directs the operator into a river, the car wont let them go over 25mph on a freeway...
@mailman: "so they will appear to be doing something, even if it is ridiculous."
A lot of it is CYA, and perhaps even legal liability. When something happens and the fingers are pointing (and as we know there is always finger pointing at someone who could have prevented "it", whatever it may be), they can then point to what they did as "they were doing what they could to prevent 'it'."
If this happens again, Google Earth may well face a lawsuit, with sobbing relatives of victims and arguments that "Google Knew." Emotion may well trumph reason.
I'd call this the "lazy terrorist" approach to security.
The theory seems to be that terrorists are so lazy that they won't carry out an attack if they have to get out of their chairs and actually do physical legwork to scout their target. Cut off their lazy internet scouting methods and the attacks will stop!
Of course it should be quite obvious that terrorists are not quite this spectacularly lazy.
I suppose it's just as well that the terrorists didn't use carrier pigeons. Interrogating them might have been messy.
The real issue is not if terrorists use common human infrastructure but which part between legitimate uses and illegitimate ones is greater.
The India government probably never use Google Earth services, so from their point of view only terrorists use them (who cares if normal folk us it? this is a matter of national security after all), therefore Google Earth is illegitimate.
The direct benefit of this service is more difficult to see than email or radio, which have a direct impact on the economy and social life as a whole.
"When marriage is outlawed, only outlaws will have in-laws"...
Accumulating in-laws is one reason that polygyny has, for the most part, died out.
Even the plow can be used "wrongly".
Un-armed airlines can be used as a weapon.
Anyone here remember Mycroft's "throwing rocks" in "Moon Is A Harsh Mistress"?
Likewise, any "innocent" device is a weapon if the person wielding it can apply it... so the weapon is in the mind of the wielder.
I agree with the arguement in the blog. But here is a question that I have (Not specific to this incident)-
Isn't the layout of a country the propery of that country? In that case can anyone publish the layout without the consent of the owner (in this case the country itself)?
Recently there was a similar report about Google Street View. Families feared that google street view will pose significant threat as they felt it made them and their locations more vulnerable.
This webpage has a wealth of information about ships at sea:
Who wants to bet the Somalia pirates have this page bookmarked to help plan their raids? Should this page be put behind security or taken down altogether?
"Isn't the layout of a country the property of that country?"
Well, Rand McNally, National Geographic, Langenscheidt Publishing Group and Universal Map Enterprises are in for a world of hurt if that is true.
@Madrocketscientist: it shows exactly 0 vessels in the gulf of aden. apparently they have already been contacted.
People hook onto whatever is new and not well understood as the cause of all the world's ills. It is like video games, which after the Columbine incident were once again targeted as a corrupting influence on our children. Of course, those children also bowled(although they likely did not bowl on the morning in question). I wonder if there was a time in history when bowling was targeted as a corrupting influence on our children.
"they breathed air and drank water"
I kind of felt this sentence clouded the point. You are trying to suggest that Google Earth is just like any other tool but breathing and drinking are not by themselves tool related activities.
I also would have included the fact that they used buildings as it is another very obvious example of the sort of tool people aren't likely to abandon because they might be used by terrorists.
Professional Burglars use Google Earth to map targets and routes. It's great.
Professional security specialists use Google Earth to better secure their sites.
Competitive intelligence units love Google Earth. A lot. Very, very much. We (ahem) . . . they LOVE Google Earth. Thanks Google!
Terrorists also love Google Earth. But so does No Such Agency. It evens out.
Google earth is a tool which has tendency to be misused, but let's not blame Google for that. For critical site, vulnerability of residual risk should be treated with appopriate controls in the presence of a potential threat. At the same time we have to maintain the balancing act of security and availbility, especially for a public site.
They had GPS, they could have used an Eicher street map, which would have told them a lot more than GooEarth.
And Google Earth didn't help them
a. Decide which targets to pick
b. Find that security is posted only at the front entrance of the hotel
c. Find the back entrance that was unguarded
d. Know that Nariman House was a Jewish Centre
e. Know that police presence outside the train station and Nariman House is minimal/ ineffective
f. Determine their sea route and landing points that would attract minimal attention
On the other hand, GooEarth did help tourists reach the hotels and train station attacked.. Why not blame it for that??
Quick, burn all the maps.
Remove all the street signs.
Paint over all the shop signs.
If a local gives directions, put them in jail.
Ban all cameras, cell phones.
Assume all strangers are enemies.
Use North Korea as an example.
Complain when tourism and the local economy collapses.
Have people considered the political angle?
India and Pakistan have been "officialy" at war for longer than most people have been alive.
The US used to "effectivly" regard Pakistan as one of the Axis of evil countries, and therefore favourd India even though they had ties with both the Russian's and Chinese at one point or another.
Pakistan realised (like many other countries) that Nukes and Missiles means the US respects you (see recent changes to N.Korea).
Pakistan proved it had both the nukes and the systems to deliver them a few years ago and there was a genuine fear around the world that that part of the world would be the first to become "Hot Ashville".
Due to other events involving a nation the US protects from it's neighbours (Israel), suddenly the US started being nice to Pakistan, and India had it's nose put out of joint and became very nervous about US intent.
From the Idian point of view the US is becoming a threat to what they regard as their national security in a major way.
Therefor I expect India Politicos to start attacking any high visability US company or organisation when ever they can to protect it's self from it's home voters.
To Politicos votes are the currancy of survival , so as the old addage goes "follow the money"...
Clive, your history is all mixed up.
US relations with India were decidedly frosty throughout the cold war. In the same period, the US gave significant assistance to Pakistan. Because of it's perceived value in countering soviet influence, the US was willing to overlook military coups, dictatorship, and an active nuclear program... this policy largely continues today, because the US wants Pakistan on their side in the "war on terror"
This would be true even if they didn't have nukes, although that fact certainly constrains US options.
Pakistani nuclear capability significantly predates the DPRKs. Pakistan first tested in '98 (in response to an Indian test) but they had the capability a decade or so earlier.
"Isn't the layout of a country the propery of that country?"
I suppose some elements might be considered intellectual 'property'. In as far as they are the result of original creative/intellectual processes.
"In that case can anyone publish the layout without the consent of the owner (in this case the country itself)?"
I think it would be fair use; in the same way that you can publish reviews (which entails disclosing some aspects of the copyrighted material). There's also the issue that anyone, in principle, can see the layout of the country from a plane, or space. It is in 'public view' (for some given value of public).
I agree with Clive. Note that the Indian Army's hardware is full of T-90 and T-80 tanks, Mil-8 helicopters, etc., while Pakistan's has more US issue.
On that note, it was interesting to read about the weapons used in the Mumbai attacks: "AK-56, AK-47 and 9mm revolvers and hand grenades possibly of Chinese make"
In this paper: http://news.bbc.co.uk/2/hi/south_asia/7757500.stm
"...they breathed air and drank water."
Dammit Bruce, you stole my next storyline.
The FBI gets to see Google search strings, so I'm glad if terrorists are dumb enough to use it.
"Clive, your history is all mixed up.
US relations with India were decidedly frosty throughout the cold war."
No the history of the region is at best complicated and not helped by the US and it's change of policies as the Cold War moved into it's end game back in Europe where it started.
If you want to include the cold war history of the area you realy need to go back to at least the mid 1970's if not earlier. I'll try to give some limited highlites...
There was a degree of political stability in Afganistan, Iran, Iraq and Pakistan. However things where going wrong for both the Russian's and the American's in one way or another as the Cold War played it's games out in the middle east from the late 60's onwards.
Russia had been supplying aid in one form or another to Afganistan even before Russia had it's revoloution as part of the "great game" against the British (have a look at some of Kipplings poetry to understand just how fudal and barbaric Afganistan was also look at Turky and Cyprus history). In 1919 Russia gave a million in economic aid to the then rulers to keep them "on side" as a buffer nation.
Afganistan lost it's traditional rulers in 73 to a coup by ex-priminister Daoud deposing his cousin the king with the assistance of the military on charges of coruption and economic mis managment etc. This had the effect of encoraging the Russians to covertly help the fledgling PDPA. Daoud's attempts at economic reform where unsuccessfull and the broadly communist PDPA rapidly gained strength and support from the military and in 78 another coup saw Daoud, his family and many others executed. The PDPA assumed power but had become factionalised. It tried to put in it's own economic changes by land reform, sweeping away the fudal system and marriage customs. In a mainly Islamic country where the fudal system gave the landowners their power tension so arose and things soon boild over and rebelion started. The PDPA then virtualy wiped out the traditional civil and religeous leaders (mullas/imans) and this started to scare a large number of people across the boarder in Pakistan, who started to lend help to the rebals as self defense stratagie.
Mean while Iraq was starting to pull away from Russia and an uprising in Iran saw the American backed Shah fall, which encoraged Iraq to get quite close to the US and several wars followed between Iran and Iraq.
Supposadly the Americans saw the events in Afganistan as a glorious oportunity to give the Russian's their own Vietnam. Pakistan fearfull of falling under Russian invasion and having an influx of people from Afganistan it could not support gladly allowed various Western nations to send in aid agencies and turn a blind eye to US/UK/Saudi military activities, on the principle of "mine enamies enamies...". It was at this time that the Afgan rebels came very much into the picture and were being activly supported with finance and weapons by both the Saudi's and the American CIA, the UK supposadly supplied expert training etc. This by the way was how Osama Bin Laden arrived on the scene and learned his trade...
Initialy reluctant to get involved with Afganistan's internal problems, it was only after the American involvment became clear that Russia started to move troops into Afganistan to support the pro-Russian government who had effectivly lost control of large parts of the country.
Things went from bad to worse for the Russian's and by 83 it was obvious to the Russian's that their "assistance" was nolonger tenable in the contested areas and they started withdrawing troops around 84/5 compleating the task with full withdrawal in 89 and Afganistan fell to the rebels and the real troubles started.
With the change in US political leadership the Americans effectivly lost interest as cold war efforts moved to Eastern Europe in the mid 80's. Which left Pakistan to deal with the problem of Afgan rebels and refugees in it's teritory (they effectivly out numbered the Pakistani army and had to be treated carefully due to the level of support they received from within Pakistan). The real effect was that Pakistan had effectivly ceeded most of it's boarder regeions to the rebals and retained it as territory in name only (and it is still very much that way today).
India meanwhile had got it's nuclear reactors and fuel sufficient to start a weapons program from the Russians. Who due to the problems in Afganistan where loosing influance in India. The Indian's therefor started to court the US in an attempt to stop American support of Pakistan causing India problems. Whilst initialy unsuccesfull India's nuke tests in 89 brought the US on side.
The US supplied nuclear technology so that India could build the Tarapur nuclear plant, and this has been controversialy fueled by the Russian's and Chinese in the past when the "West" has turned the tap off for one reason or another (in fact India has just anounced a new 700mill 5 year deal with Russia for nuclear fuel).
Pakistan having moved out of favour with the US during the latter half of the 80's was left with the "Afgan problem" during the 90's. Which as we are now all aware gave rise to 9/11, and the US's renewed interest with Pakistan (which might also account for India's new nuclear fule deal with Russia). However it was also Pakistan's nuclear and missile tests that brought the US back on side as opposed to invading (and we saw the same thing with North Korea and wonder why the Iranians are so keen on being a nuclear state...).
So no it's not my memory of history that is muddled, it's the history of the regeion that is. It realy depends on which time period you are looking at and what the various sides claim. For instance I still have my doubts about the US trapping the Russian's into their own Vietnam, in the same way I doubt that the Regan administration "Starwars" program ended the cold war (Russia was clearly showing signs of economic meltdown long befor this).
s/ So no it's not my memory of history that is muddled, it's the history of the regeion that is / So no it's not my memory of history or yours that is muddled, it's the history of the regeion that is muddled /
The Egyptian government is asking Apple to disable the GPS feature on its iPhones sold in Egypt, because "GPS functionality should be limited to military purposes."
[insert rolling eyes here]
These terrorist could of just as easily purchased an aerial map of the area. Keeping technologies such as satellite imagery and gps out of the publics hands is impeding our technological progress.
The headline had me wondering where I could sign up for Google Boats and Google Food.
Guys.. just read the post.. and I have only one view..
If google earth is so damn fucking good utility and is no threat.. then, why US govt. blocks it from showing Pentagon / White House / and all other buildings of importance.. Com'on everyone knows where pentagon is...
you are cribbing that Indian government objects to google earth showing important landmarks / buildings but why not crib for the same already done by US government. I would say that US government and infact, all the governments in the world are equally stupid.
Google Earth imagery is useful for relief operations but I don't think blocking important landmarks of the country are trouble for good uses..
Its just that ofcourse, bad people do manage all the information but then, why let them have easy access.
We know that encryption can be broken by some people but does not mean that we leave the data unprotected.
some level of protection keeps us safe from atleast stupid or novice bad guys.
one more thing..
It was good to know that few of you guys understand this part of the world.. The History has always mentioned and the future will always talk about the immortal enimity between Indian and Pakistan....
US has always supported Pakistan and will continue to do so as it is in their own interest. Condolezza Rice goes strong on Pakistan the first day but changes her statement as Pakistan threatens to pull troops from Afghanistan Border which US doesn't want... US has always overlooked Pakistani dictatorship, nuke programs etc because Pakistan provided them a base on her land.
"Isn't the layout of a country the propery of that country? In that case can anyone publish the layout without the consent of the owner (in this case the country itself)?"
The layout of a country is likely public domain, if you mean things like the geography and naturally occuring objects etc. Publications of depictions of that same layout CAN be copyrighted and protected.
Now if you start to delve into layout of manmade structures, objects, or private lands with manmade influences (lakes, dams, structures, etc) you might be able to make a case for protection, but there are a lot of loops and holes that would allow the readily visible object to be determined as public. Again the map or photograph of that same structure or location could be Copyrighted.
I suppose you could argue that sovereign nations can call whatever area of their landmass they choose to be protected in the interest of national security, but the landmass shapes and natural objects like lakes, rivers, moutains, deserts, etc have all more or less pre-existed before the government of the nations we know today, and probably of many previous governments prior to that.
I agree the points of Schneier. Actually there are a series of negative report of Google Earth exploited by Mumbai terrorists, tools are tools.
Interestingly, India is producing a competitor for Google Earth (ref: http://blog.foreignpolicy.com/node/10351). Banning Google Earth for "security reasons" should help the Indian government compete w/ Google (in India at least).
> Note that the Indian Army's hardware is full of T-90 and T-80 tanks, Mil-8 helicopters, etc., while Pakistan's has more US issue.
This is not correct. Both India and Pakistan have significant indigenous arms industries. BOTH have also imported weapons from former Eastern bloc nations (Pakistan mainly but not exclusively from China, India mainly from Russia, East Germany and Ukraine) but also from pretty well every other country that ever manufactured arms. Both even have some old British equipment still in reserve. Neither India nor Pakistan has a substantial component of US equipment; there is some, but it is even outnumbered by French sourced equipment.
In particular, BOTH Indian and Pakistani tank fleets consist largely of old Russian designs that have been indigenously modernised (plus, in India's case, some T-90s), but with the most recent tanks, in both cases, being an indigenous design. So far as I can tell, neither has any US MBTs. As for helicopters, most Indian military helicopters are license-built copies of French designs, plus some older ex-soviet models; the single most numerous Pakistani military helicopter is also ex-soviet, while they also have French and US models. (And a substantial portion of Pakistan's US built attack helicopters arrived only last year.)
> On that note, it was interesting to read about the weapons used in the Mumbai attacks: "AK-56, AK-47 and 9mm revolvers and hand grenades possibly of Chinese make"
To the extent that this is apparently intended to imply that India is more likely to have supplied these weapons, this is nonsense. AK-56s are available to both Pakistan and India; the true AK-47 hasn't been a front-line weapon for decades but the numerous variants often mistaken for it are available to both Pakistan and India; 9 mm is used by both (but it is a semi-automatic pistol calibre, not suitable for revolvers because it is rimless.) The one telling feature -- if it can be considered evidence of any worth -- is that Pakistan uses Chinese hand grenades, but India does not.
"Google Earth could be misused by terrorists."
Actually, as a Google stock holder, I'd argue they used Google Earth exactly as Google designed it: To plan daily travel and activities.
Beside Earth, a boat, and air, didn't the terrorists also rely machine guns and grenades? Let's put those on the list, too.
It is easy to lose sight of the fact that GPS and allied technologies (Gaileo, GLONASS) are very dangerous precision military tools, especially in those countries that are not adequately mapped by Western standards.
Egypt and Russia are among a number of countries who consider GPS in the hands of private persons an espionage device. Russia has a long history of treating maps as classified intelligence and has profited in several wars from keeping detail maps secret.
Egypt is worried about 1) Israel and 2) terrorism. Not necessarily in that order.
If you have a known location (your hotel room) and a known range (which can be calculated easily) and bearing, you can create exact GPS coordinates for interesting places. The kind of people who do these calculations are not exactly planning to picnic at Ground Zero. This is the sort of pre-attack intelligence one needs for mortars and unguided rockets.
Also, an iPhone with enabled GPS could make a nifty [REDACTED]. Security through obscurity is sometimes a really, really good idea.
In some countries the authoritative government maps are a state secret and deliberately inaccurate bowdlerised maps are issued for general consumption. Greece is a case in point as they traditionally expect invasion from Turkey. In the UK the maps are produced by the Ordnance Survey Ordinance being artillery. Bang!
We need buildings, aeroplanes etc. That's why we tolerate lowlifes using them as well; the benefit outweighs the disadvantage. Why does anyone "need" to see the layout of your house, garden and garage? It facilitates locating precise break in points and escape planning. Previously, burglars needed to pretend to be a TV repair man or somesuch; i.e., take some risk and use some energy. Now, they can just click to plan. So tell me - why do I need to know the exact location of your pathways, gates and yard layout? How is that any of my business and what wider benefit is served? Who would suffer if street view etc was confined to local cops or withdrawn completely? A pro burglar will get this anyway, but this puts it in the hands of opportunist criminals.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.