Schneier on Security
A blog covering security and security technology.
« The Exclusionary Rule and Security |
| Interview with an Adware Developer »
January 29, 2009
Helping the Terrorists
It regularly comes as a surprise to people that our own infrastructure can be used against us. And in the wake of terrorist attacks or plots, there are fear-induced calls to ban, disrupt or control that infrastructure. According to officials investigating the Mumbai attacks, the terrorists used images from Google Earth to help learn their way around. This isn't the first time Google Earth has been charged with helping terrorists: in 2007, Google Earth images of British military bases were found in the homes of Iraqi insurgents. Incidents such as these have led many governments to demand that Google remove or blur images of sensitive locations: military bases, nuclear reactors, government buildings, and so on. An Indian court has been asked to ban Google Earth entirely.
This isn't the only way our information technology helps terrorists. Last year, a US army intelligence report worried that terrorists could plan their attacks using Twitter, and there are unconfirmed reports that the Mumbai terrorists read the Twitter feeds about their attacks to get real-time information they could use. British intelligence is worried that terrorists might use voice over IP services such as Skype to communicate. Terrorists may train on Second Life and World of Warcraft. We already know they use websites to spread their message and possibly even to recruit.
Of course, all of this is exacerbated by open-wireless access, which has been repeatedly labelled a terrorist tool and which has been the object of attempted bans.
Mobile phone networks help terrorists, too. The Mumbai terrorists used them to communicate with each other. This has led some cities, including New York and London, to propose turning off mobile phone coverage in the event of a terrorist attack.
Let's all stop and take a deep breath. By its very nature, communications infrastructure is general. It can be used to plan both legal and illegal activities, and it's generally impossible to tell which is which. When I send and receive email, it looks exactly the same as a terrorist doing the same thing. To the mobile phone network, a call from one terrorist to another looks exactly the same as a mobile phone call from one victim to another. Any attempt to ban or limit infrastructure affects everybody. If India bans Google Earth, a future terrorist won't be able to use it to plan; nor will anybody else. Open Wi-Fi networks are useful for many reasons, the large majority of them positive, and closing them down affects all those reasons. Terrorist attacks are very rare, and it is almost always a bad trade-off to deny society the benefits of a communications technology just because the bad guys might use it too.
Communications infrastructure is especially valuable during a terrorist attack. Twitter was the best way for people to get real-time information about the attacks in Mumbai. If the Indian government shut Twitter down - or London blocked mobile phone coverage - during a terrorist attack, the lack of communications for everyone, not just the terrorists, would increase the level of terror and could even increase the body count. Information lessens fear and makes people safer.
None of this is new. Criminals have used telephones and mobile phones since they were invented. Drug smugglers use airplanes and boats, radios and satellite phones. Bank robbers have long used cars and motorcycles as getaway vehicles, and horses before then. I haven't seen it talked about yet, but the Mumbai terrorists used boats as well. They also wore boots. They ate lunch at restaurants, drank bottled water, and breathed the air. Society survives all of this because the good uses of infrastructure far outweigh the bad uses, even though the good uses are - by and large - small and pedestrian and the bad uses are rare and spectacular. And while terrorism turns society's very infrastructure against itself, we only harm ourselves by dismantling that infrastructure in response - just as we would if we banned cars because bank robbers used them too.
This essay originally appeared in The Guardian.
EDITED TO ADD (1/29): Other ways we help the terrorists: we put computers in our libraries, we allow anonymous chat rooms, we permit commercial databases and we engage in biomedical research. Grocery stores, too, sell food to just anyone who walks in.
EDITED TO ADD (2/3): Washington DC wants to jam cell phones too.
EDITED TO ADD (2/9): Another thing that will help the terrorists: in-flight Internet.
Posted on January 29, 2009 at 6:00 AM
• 54 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Politicians and bureaucrats are boosting these fears for the same reasons they quickly got behind the early environmentalist movements in the early 1970s, they provide camouflage and legitimization for the expansion of their powers over their victims/citizens.
"If India bans Google Earth, a future terrorist won't be able to use it to plan; nor will anybody else."
Of course the (smart) terrorist will. The (average) "anybody else" will not.
I suppose if they wish to breed intelligent terrorists this is the way to go.
The 'terrorists training in World of Warcraft' was nothing but bunk, if I recall. The example cited mixed WoW with Everquest and was basically shown to be another, "well, they MIGHT do it" scenario.
Nothing in WoW has relevance to the real world. Nothing. Even your perceptions are governed by the program, and since you're just WASD/Mousing around, you're not even acquiring muscle memory or physical skills.
I'm surprised that this is lumped in with things that can actually be of use to terrorists.
is it rude to point out the broken link at the end of the post - in the edit ...
In fact, shutting down infrastructure is helping the terrorists, because they supposedly want to disrupt infrastructure.
How stupid can our peuple become?
I keep being amazed and I shouldn't be. Everything in Federal law and NIST recommendations talks to Risk Management. Risk Management talks about risk probability, not possibility.
Scenario spinning is just creating possibilities. Yes it is POSSIBLE that a black hole we haven't detected could crash into the earth in 5 seconds.......you still there?
People (especially gov't managers/workers) don't think in terms of managing risk. Even when it's the requirement. They want it eliminated.
(oh my favoriate possibility - it's POSSIBLE that all the air in the room will jump to the half that you're not in leaving you to suffocate.)
As usual Bruce Schneier says it as it is, we should stop being afraid of the terrorists (and instead worry about the real problems facing our world). But I am left with one question after reading the article. Is the blurring of military bases on google earth a good or bad thing?
I can see that outright banning of google earth is a bad thing. You ban the good uses with the bad. On the other hand burring only of selected areas does not stop you from enjoying all the other places on google earth. You are only barred from seeing places which you are not meant to see. So what legitimate reason should one have to see inside military bases? These places have high fences and guards just to prevent people form peeping in. On the other hand once you start to blur out military bases and energy facilities. Then you can start to blur out large private properties, government offices, smaller properties until the whole of google earth is just one big blur. So where should one draw the line?
@BF: As a similar scenario to your black hole: I once helped write evaluation docs for some software. One section listed threats to the system. They were all labeled T.something, like T.DOS for the chance of a DoS attack, T.Disaster for the chance of a natural disaster striking the data center, etc. In an internal draft version, just to see if people were paying attention, I added T.Rex for the chance of a dinosaur rampaging through the building. ;-)
My favorite improbable example, shamelessly stolen from Hitchhiker's Guide, is that you're at a party and all the molecules in the hostess's underwear simultaneously decide to leap three feet to the left.
Oh, and it is POSSIBLE, with the help of the Finite Improbability Generator, for "All the molecules in the hostess' undergarments to simultaneously jump one foot to the right..." thus helping to break the ice at otherwise boring Improbability Physics parties.
We need someone like the late Douglas Adams to bring an appreciation of the ridiculous to a sublime level (pointing out absurdity by being absurd).
On the other hand, to quote someone in D.C.: "We must not let this crisis go to waste." I expect those withtheir hands on the wheel are fully cognizant of the infrastucture issue, and wouldn't mind limiting its use to a "Need To Use," basis. And, of course, they would be among the few with a "Need To Use."
"I try not to be cynical, but it's hard, sometimes." -- Eomer Dane
I can see the NRA latching on to this because guns and grenades don't kill people, it's the internet and mobile phones that kill people.
It would go down as a classic misdirection.
@Dave Aronson: Brother!!
Great minds follow similar lines, eh what?
@ Eddie Butt
That is a calumny, as the NRA does NOT advocate private ownership of grenades, per se. Guns, yes.
They are on the side of: tools do not harm, only the operators of said tools harm.
We would not blame the internet, etc. We would place the blame squarely on the terrorist.
Yes, I'm a member. But it wouldn't matter, as my wife is not, and she holds very similar views.
Thank God for the NSA. As a young attorney called "John Yoo" once said, "in order to defeat terrorism, we at least need access to the entire flow!".
Actually, read that as "...would and do place the blame..."
(I've got to proofread these posts better...)
Nick, as I remember the concern wasn't that terrorists could in any way train in WoW or other MMORPGs but that they could use them as places to meet up and hatch their sinister plots. Of course the planning idea is just as laughable and I speak as someone who was a WoW addict for a year or so. As you say it was a case of something they "might" do, just like they might plan in pubs (ban them!), flats (ban them!), parks (ban them!) or anywhere else.
I prefer the training idea though - a 25-terrorist raid on Washington, pets out of control, warlocks pulling too much aggro from SWAT teams, healers going OOM left, right and centre...
Let's start at the beginning. Most terrorists are born in hospitals and/or receive medical care at some point in their lives. Banning all medical care now will proactively reduce the number of terrorists in the future.
I wonder if car based terrorism and bank robbery has reduced in central London since the latest increase in congestion charging?
On a related note, has the recession hit terrorists too? Are there less acts of organised violence in the last couple of years?
If all of the blurry areas are strategic targets then why not just put a sticker over them saying so?
"...just as we would if we banned cars because bank robbers used them too."
This reminds me of an instance (reported by a bank-teller friend) of a case in downtown Denver in which a bank robber took his money, walked across the street to the bus mall and made is getaway on one of the dozen-or-so buses that pass through every couple of minutes.
So - let's just get rid of public transportation!
blurring sensitive places is just one bit of more information of where to strike, in my opinion. and there are tons of other method to have the planimetry of the intended target, and in the end it makes no difference: if the attack requires surgical precision, then google earth is too imprecise and doesn't cover building interiors, if the attack aim to strike the general target area, just point it at the center of the blur.
Whew. Reading this, its a good thing that Microsoft has ended development of its Flight Simulator game and layed off all the game's developers ;)
I grew up with FS and I am sad to see it go (hopefully another game developer picks it up). I know a number of private pilots (including myself) who have enjoyed that game over the years.
More importantly, terrorists also use public transport, telephones, the postal service and hotels. Those will join Google Earth in being banned on the same grounds, I take it?
A lot of terrorists have nose hairs. We should ban nose hairs, too.
I agree that government wants all threats eliminated and they know it. This isn't going to happen. However, I think that a good portion of the fear mongering is due to a single reason (at least in the US): money. The more possible terrorist scenarios that a department can create, the greater the chance they get money from DHS. Also, money in terms of lawsuits. When 9/11 happened, the government was sued and paid out. Now, once a "threat" is "discovered" they have to act on it because if the threat actually does happen and the government didn't do something to prevent it, they will get sued again. Victim of a crime (whether its caused by a terrorist or not) don't think in terms of risk and money priorities, they want somebody to pay for it. I believe money/lawsuit is the real perceived risk by the DHS/US government - hence security theater.
Banning WiFi networks is simply to "show" that bureaucrats are keeping up with technology and will address hidden threats!
But I don't think one could rationally insist a military installation should be "observable".
The idea of disabling cell phones during an attack is scary. Quite often during these events, cell phone calls from people trapped within buildings or on the scene are sources of information for authorities. Following this, I could easily see someone using this to their advantage -- cause a distraction terrorist attack in order to attack another target while cell phones are down.
Hey, the cops can use Google Earth too!
Swiss police said Thursday they stumbled across a large marijuana plantation while using Google Earth, the search engine company's satellite mapping software.
Umm.. I have to disagree with you all. As security practicioners we live by: Deny By Default prinicples.. Then by the Least Privilege user...
Well, clearly you don't have to use a cell phone unless you need to make a call and that should need to be authorized by the right person.
Bruce wrote, "Grocery stores, too, sell food to just anyone who walks in."
Ah, this could play into various food control notions. Eliminate the options for anonymous food purchases with cash. Link every purchaser's identity to the purchase. Chain of custody requirements for food. We don't want people feeding obese people, feral cats or terrorists, do we?
This notion may be quite saleable to governments and corporations. Food store "loyalty cards" (loyal to whom?) get a boost. More Marketing data. Health insurance can enforce healthier eating via rewards and penalties, or bar purchase of certain food items according to medical & social profile. Data mining can be done to see if the buyer's food choices resemble profiles of those for terrorists. Can assess carbon footprint assessment with a food component. Beef having a higher impact than chicker or vegetables.
And so on.
As I was reading the article this morning it caused me to remember the words of a song,
"You've got to,
Accentuate the positive,
Eliminate the negative,
Latch on to the affirmative,
Don't mess with Mister In-Between"
(Sung by both Bing Crosby and Johnny Mercer who co-wrote it.)
It kind of aptly describes most of these daft initiatives.
The only trouble is that as Bruce notes they don't think things through.
In that for every negative there is always a posative usually of equal value and it is just a mater of "realising it"...
For instance if Google where to use a software recognisable way to blur targets then it would actualy help find targets to attack...
As some people are aware Google Earth is not the only game in town for photo reconasance pictures so if realy required (which I doubt) getting the information is still going to be possible.
Oh and if the terorists realy wanted up to date pictures of their target, it is actually not that difficult to build a "spy in the sky" these days. Which is the way a lot of these companies doing pictures of your house do it. The hard part is finding a way to get rid of camera shake whilst still getting the desired resolution...
Just another infratstructure comment.
We have spent billions "hardening" what the government considers "high-value" targets.
So aren't we just directing the bad guys to the softest target?
We're just protecting those who might respond to the attack?
Speaking of hardening our food supply against terrorist use, why don't we add inert identification marker molecules to everything we eat - like they do to commercial explosives? That we we could track terrorist via their excrement!
I love the idea of some TSA agent stationed in the sewer...
"they" also use cars on public roads, wear clothes, read books, use pen an d paper to make notes, eat food, drink water, etc. Should we not then also ban all of these things?
The problem is not Google Earth -- it is that every organization thinks it has to put information about itself on the internet. Even if Google Earth is banned from showing military sites, for example, there is still lots of info around from the site's own web pages!
The call to ban Google Earth fundamentally misunderstands the nature of the threat. There are in effect infinitely many targets for terrorists to strike and most of them do not need Google Earth for planning. How useful was it for planning to detonate bombs in the London underground system? Attacks on cities probably benefit more from standard city maps and in-person recon than Google Earth.
The IRA taunted the UK govt during the 1980s; I don't remember the exact words but the gist summarised the asymmetry of the situation: "Your protection measures need to work every time; we only need one of our attacks to succeed". If Google Earth were shut down, attention would merely be displaced to somewhere where other methods could be used for planning.
And is there any evidence that terrorist attacks have increased in frequency or effectiveness since any particular technology developed, whether newspapers, telephones, computers, mobile phones, Google Earth ... ?
Well said, but I think you're preaching to the choir with The Guardian. Try to get that broadcast on FOX.
Interesting factoid regarding the "terrorists meeting up in WoW" meme:
All games on Microsoft's on-line service Xbox Live, are required to *encrypt* all game-related data that they transmit back and forth, except for voice or text messages between players, for which the exact opposite is required (i.e. chat data MUST be unencrypted). Games have to follow these rules or MS won't certify them. I don't know what rules Sony has for its service, but I wouldn't be surprised if they had a similar policy.
The obvious reasons for this policy are that the game data should be encrypted to make it harder for cheaters and hackers to interfere with the games, but the person-to-person communications should be UNENCRYPTED in case law enforcement goes to Microsoft with a warrant demanding that they record the communications between certain players. (And possibly also so that Microsoft can detect if players are violating their EULA/policies regarding coarse language, racism, whatever...)
So in the ridiculous, unlikely case that the government believes that 'terrists' are using Xbox Live as a chatroom for planning something nefarious, if they went to Microsoft and demanded that communications between those various people be tapped, it is at least theoretically possible for them to comply.
'But I don't think one could rationally insist a military installation should be "observable".'
It's not that we think that a military installation "should" be observable, that point is moot. The plain fact is that it "is" observable, and banning Google Earth has no effect on that.
The fact is that dozens of commercial and military satellites pass over such installations daily, foreign and domestic. If the military have something to hide, they should _hide_ it. Leaving it in the open and then having it blurred in one and only one source, after the fact, is useless at best, and merely highlights its strategic importance at worst!
"When I send and receive email, it looks exactly the same as a terrorist doing the same thing."
That's why you're being sent to Gitmo! (or Colorado, or wherever you terrorists are being sent now.)
Now let me get back to making black holes with my particle accelerator ....
As a person who has done many years in rescue....
turning off cellphone coverage and GPS would make our job much harder.
much of the infrastructure that the bad guys use to kill is the same as the infrastructure we use to save lives.
"Now let me get back to making black holes with my particle accelerator ...."
Sorry your ring lacks the power...
Our daughter was in London during the Underground bombings. In New Zealand we saw the news of them on TV and rang her (mobile) to see if she was OK (she uses one of the bombed lines). She had no idea what was going on; only that her bus had stopped and everyone had been told to get off. We were able to give her a reasonable summary of facts from TV and she was able to act in an informed way (and tell other people what was going on). Mobile coverage is very important during a disaster.
@moo re: in-game encryption
What if the terrorists have an in-game signaling mechanism, like moving lettered tiles around to spell words. Or leaving coins on a table to spell out targets in a dot-matrix typefont. Or just lining up items along a road to spell new words from the initial letter of each item's name. Fountain... Unicorn... Coin...
I think there was even an outcry once about some children's game online, where the innocent-looking alphabet blocks could be rearranged to spell naughty words or carry solicitations from child-molestors.
Here is some additional ones: We send them to school, teach them to read, even give them jobs! And we have females getting pregnant and giving birth to them before!
The stupidity of those in power never ceases to astonish me.
We *used* to mock the Soviet Union for classifying street maps and arresting folk for taking pictures of train stations. Now we do this ourselves.
It makes me want to cry. We won the Cold War but are imitating the enemy anyway? What *are* we thinking of?!?
Can ya help a sista out and blur my house outta google earth puhleeze?
Just in case...
Terrorist main objectives are to spread fear and weaken Government. By attacking the site they achieved the first objective and now you letting them succeed in second objective as well by shutting down infrastructure. Mobile phone, Google earth have become part of people daily life as Bruce says “good uses of infrastructure far outweigh the bad uses”. Its Government job put effective controls in place which doesn’t affect people daily life.
One notable difference between the maligned services and their alternatives is the possibility of duly authorised audit.
Yes, for decades it has been possible to get overhead imagery of potential target locations; but in the aftermath of a crime there, it has also been possible to find out who ordered the imagery. Similarly there are many alternatives to Twitter or pre-paid cellphones, but with one court order you could find out the attacker's contacts.
Even eating at restaurants: if the investigator appears at the restaurant with warrant in hand (or often, merely with official ID) he/she may quite possibly be able to obtain information that assists in investigating the responsible group. And, of course, using a vehicle, or even a horse (back in the day, everyone could identify individual horses, and many a good "lawman" could follow an individual horse by its shoes.)
Of course, there have long been many things in society that are both open and unaudited. For example, the criminal can simply use a map to plan his or her raid. But most such things do not give the anti-social users powerful asymmetric advantages.
Audit is a powerful feature. Precisely as required here, it enables systems to be completely open to honest users, and yet still have some protection against abusers. (Indeed, there are systems like wikis were audit is the *only* security feature, and others like blogs and credit cards where it is the main one.)
Audit also reduces brittleness, and enables more gracefulness to failures. If you have a novel system, perhaps including some of the above, where it turns out after deployment that the system greatly facilitates anti-social uses, you are faced with the dilemma posed by Bruce: do we shut down the system, and thus lose its benefits, or just carry on (perhaps in a constant cycle of half-baked patches) constantly accepting the concomitant harm? Often, indeed, we have no way to know which path maximises the public good. But through audit, a range of other options open up, and we are even provided with the data to decide on the least harmful / most beneficial course.
Of course, audit is not a panacea. As the recent voting machine fiasco shows, poorly designed logs may be close to useless. Further, the information can be abused, and even become a target in and of itself, so we must be careful that we collect the least data that is useful for investigating serious abuses, protect it with care, and carefully control access to it -- indeed, audit that access too!
But in general, designing new powerful or valuable systems without audit features if downright foolish, and leads to just dilemma, complaints and counter-claims we see here.
I used my eyes the other day to observe something ...
... I'm waiting for DHS to pass out blindfolds.
Another way we help the terrorists: we allow web sites that advertise women from Latin America that want to come to the US to marry an American... the women get a green card and become a permanent resident. Osama Bin Laden and other terrorists have spent time in Brazil and there are millions of muslims there, some of which give aid to the terrorists... so some of the women that are being advertised on the web sites could be operatives or spies wanting to infiltrate our country... maybe the women tend to choose men in the military and police force because they can get access to more information on our country...
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..