Schneier on Security
A blog covering security and security technology.
« The End of In-Flight Wi-Fi? |
| Kahn, Diffie, Clark, and Me at Bletchley Park »
November 8, 2010
Young Man in "Old Man" Mask Boards Plane in Hong Kong
It's kind of an amazing story. A young Asian man used a rubber mask to disguise himself as an old Caucasian man and, with a passport photo that matched his disguise, got through all customs and airport security checks and onto a plane to Canada.
The fact that this sort of thing happens occasionally doesn't surprise me. It's human nature that we miss this sort of thing. I wrote about it in Beyond Fear (pages 153–4):
No matter how much training they get, airport screeners routinely miss guns and knives packed in carry-on luggage. In part, that's the result of human beings having developed the evolutionary survival skill of pattern matching: the ability to pick out patterns from masses of random visual data. Is that a ripe fruit on that tree? Is that a lion stalking quietly through the grass? We are so good at this that we see patterns in anything, even if they're not really there: faces in inkblots, images in clouds, and trends in graphs of random data. Generating false positives helped us stay alive; maybe that wasn't a lion that your ancestor saw, but it was better to be safe than sorry. Unfortunately, that survival skill also has a failure mode. As talented as we are at detecting patterns in random data, we are equally terrible at detecting exceptions in uniform data. The quality-control inspector at Spacely Sprockets, staring at a production line filled with identical sprockets looking for the one that is different, can't do it. The brain quickly concludes that all the sprockets are the same, so there's no point paying attention. Each new sprocket confirms the pattern. By the time an anomalous sprocket rolls off the assembly line, the brain simply doesn't notice it. This psychological problem has been identified in inspectors of all kinds; people can't remain alert to rare events, so they slip by.
A customs officer spends hours looking at people and comparing their faces with their passport photos. They do it on autopilot. Will they catch someone in a rubber mask that looks like their passport photo? Probably, but certainly not all the time.
Yes, this is a security risk, but it's not a big one. Because while -- occasionally -- a gun can slip through a metal detector or a masked man can slip through customs, it doesn't happen reliably. So the bad guys can't build a plot around it.
One last point: the young man in the old-man mask was captured by Canadian police. His fellow passengers noticed him. So in the end, his plot failed. Security didn't fail, although a bunch of pieces of it did.
EDITED TO ADD (11/10): Comment (from below) about what actually happened.
Posted on November 8, 2010 at 2:55 PM
• 38 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I believe his plot was to reach Canada and claim asylum. By that measure, his plot was successful, wasn't it?
Now we'll all have to remove our faces before going through the molest-o-vision.
So a determined jihadist could just use a rubber genital overlay to successfully sneak a bomb inside his underwear through the porno scanner and/or the fondle scanner.
The TSA is so useless.
Brian's right. His "plot" was to reach Canadian soil where under Canadian and international law he cannot be deported until his refugee claim is processed. By that measure he succeeded in what he set out to do.
The interesting thing to me is that he was only caught because someone noticed an old guy go into the bathroom and a young guy come out.
I wonder if he would have made it if he had waited until he got to the terminal washroom to change...
@: "I believe his plot was to reach Canada and claim asylum. By that measure, his plot was successful, wasn't it?"
By that measure, he was successful. I believe the point from a security standpoint is that if he were a terrorist or foriegn invader, it would have been a failure.
It kind of reminds me of The Governator in Total Recall... :-)
So the Mission Impossible movies were fact all along? We'd better keep an eye on Tom Cruise...if that's even his real name...
This connects with the problem posed by any detection scheme generating a host of false positives. If you have to work your way through 10,000 positives, after the first few dozen they all start looking the same, and you end up rubber-stamping the rest of them as 'cleared', becoming a useless automaton.
On a more serious note, the TSA is an automaton when it comes to boarding and serving sky marshals. Nobody can afford to be difficult with somebody believed to be carrying a gun and a badge, with the power to relieve anyone of their liberty, and maybe their life. So employees will kiss up to those they think are marshals. This is a real vulnerability, a way a good poser can bring a number of weapons aboard and get a nice seat in first class.
So fine, rubber masks don't work well. How about really well-applied movie makeup?
Nathan Fillion attended a panel with his former producer Joss Whedon at Comic Con. He stepped up to the mike disguised as some weird old guy to ask Whedon a question. I don't know whether Whedon detected him by the question, but I suspect most of the audience didn't until Whedon identified him although his voice on this YouTube video probably would have given him away.
Is it likely a TSA security person would detect artfully applied makeup if it matches the fake passport?
@ Spaceman Spliff,
"It kind of reminds me of The Governator in Tota Recall... :-)"
Or how about "mikey" in Men In Black?
Two Chinese airport security officials sitting in a booth watching passengers go by, when one turns to the other and says,
"You know the trouble with those caucasins... They all look the same"
The guy boarded in Hong Kong (where I live). According to the press here, he came to HK in transit using his real (mainland Chinese) identity then donned the rubber mask while airside at Hong Kong. The only identity or security check he went through as the old man was the airline's quick check (primarily for revenue protection) at the gate where they match the name on the passport against the name on the boarding card. And in his case he apparently used an Air Canada frequent flyer card rather than a passport, and this was accepted.
Once the plane was past the point of possibly turning back he could safely remove the disguise because his intention all along was simply to get to Canada and claim asylum. The mask and fake (US) passport simply enabled him to board the plane which the airline wouldn't otherwise have let him do since he was lacking a required visa for Canada in his real identity.
Things like this are very common at HK airport - there are apparently 100 immigration officers in plain clothes at any one time trying to spot mainland Chinese doing switches to fake documents airside to enable them to get on planes to countries where they would otherwise need visas. The only difference in this case was the use of the mask.
There is, of course, no security issue here at all. The passenger went through normal transit security checks at HK airport and was not carrying anything prohibited so was allowed through.
I don't really understand the problem. He didn't smuggle 8 oz. of Dr. Pepper on board. He didn't have a nail file. He didn't have PETN in his trousers. Nobody was ever in any sort of danger.
It seems that the only issue is that he defrauded the airline or maybe he lied to Chinese officials.
It strikes me that the tsa get a bit of bad press. Boarder or permitter security can only ever go so far in acting as a deterrent and the sheer scale of traffic moving through boarders coupled with the implicit lack of delays and fuss we all demand make it impossible to be truly effective. This is even more evident if you look at the estimated number of people who smuggle banned substances and items (knowingly or otherwise) in through customs.
Perhaps the solution is in technology such as biometric passports but I guess I risk raising a debate on the storage and sharing of personal data between boarder entities and governments.
I think it was Hannah Arendt who noted that one of the signs of the development of a totalitarian society is when people cease being angry/outraged by the actions of their rulers and seek solace in laughing at them impotently.
This describes more than half the comments here.
He removed his disguise mid-flight, according to reports I read, so success was really just getting on the plane.
I can only stand a few hours in economy class and then feel the need to let my hair down. This guy must have been desperate to get his mask off!
All the people pointing out that this guy was no actual threat are 100% correct.
For me at least, the take-away from this event is one more citeable case to use when arguing against racial profiling as a security measure.
"One last point: the young man in the old-man mask was captured by Canadian police. His fellow passengers noticed him. So in the end, his plot failed. Security didn't fail, although a bunch of pieces of it did."
This is a little mistake, Bruce. He intentionally took his mask off. So he wasn't 'outed' because it was a lousy disguise. Evidently he no longer had any need for the disguise--see the comments above about seeking asylum. So we really can't say that Security didn't fail. It did fail. If he had left his mask on...
imo, the point was for cn to get discussions going on disguises/disguise capabilities
if u can not catch the mouse in the hole, u draw the mouse out
@Jenny Juno - spot on, I agree wholeheartedly.
People can wear disguises through airports. This is hardly a "rubber" mask. How did some kid get this capability? How did he get the passport?
Making even realistic foam latex masks is not some trivial task.
The old man is very weathered. That is what he looks like. He looks bitter, and probably wears that cap, which is kind of communist. Is he some caucasian idealist who immigrated permamently to China?
I mean, his bitterness is deep in the lines of his face, as one who is very displeased with society. Someone who might immigrate permamently to a communist state.
People would be fooling themselves to think that everyone who passes through checkpoints are who they claim to be. This is surely routine, and rarely caught, because being normally g funded... it normally is practiced to a "t" so there is no failure.
So why wasn't the (scary) method of "gait analysis" used to discover this guy?
Won't a spry 20-something man walk more briskly and with more agility than a worn 80-something feeble man?
Many unanswered questions... For a start:
The slightly breathless CBSA alert (which it turns out was leaked to CNN by someone inside CBSA, and is not an official statement) says there was believed to be an accomplice who "performed a boarding pass swap", and is a US citizen born in 1955. So what happened to this guy, and why does no one seem interested? Did he board, and quietly leave the plane in Vancouver and go about his business? Did he obtain his boarding pass and then stay in HK? How did a "fail to board" passenger not trigger alarms and taking baggage off the plane? (Surely a carry-on-only passenger on such a long haul flight would itself trigger alarms.)
Then the mainland citizen in transit in HK theory - how could a mainland citizen even get on a plane to HK without having shown a visa (and therefore passport) valid for Canada?
Then the boarding with just an Aeroplan card problem... Certainly a top tier (Elite or higher) Aeroplan card can get you fawning and obsequious treatment from Air Canada, but trying to board a long haul flight with just that seems like a huge risk. Some good knowledge of HK airport procedures was clearly required. Was this card forged, stolen, or also the property of the US citizen? I'd think Mr. 1955 has some 'splainin to do, and it sounds as though they know who he is, but they're not saying.
And more recently, the Chinese man's Vancouver lawyer has applied to have Canadian Chinese-language media kept out of the hearing room, because he claims they are controlled by the Chinese government, which they of course deny.
I was pretty easy for the passengers and crew to notice him. He went to the bathroom as an old white man and came back a young Asian man.
The "asylum" part of the plan is easy. I think the goal was to leave China. From that point of view, the moment the aircraft left Chinese airspace, his plan had succeeded.
As a result, I think a more important lesson here is that he was able to evade the exsiting security structures primarily because he wasn't planning to be a threat as the existing security system defines threats. He didn't need to smuggle a knife or explosives, so a system designed largely to look for knives and explosives is going to see him as harmless.
@Posted by: SmDA at November 9, 2010 9:58 AM
You can very easily buy extremely realistic looking rubber masks like this one on the internet. Enough people make their living making these sorts of things that it's not terribly far-fetched to assume he just sent a check and a picture to a mask maker, and got a package in the mail a few weeks later.
The thermal profile of a face versus a face behind a mask (or makeup) is different. Also narrow-band NIR illumination and imaging would have revealed the deception.
We just like security theater better than security!
@jgreco: I guess so. You can get a foam latex setup, make "appendages" (fake noses, chin, cheek bones), or make copies of people's faces from even pictures. If the person is there, far easier.
It should be noted this was custom made. It had to fit the picture of the guy's passport.
It is also something else to have such a mask with tone coloring just right with realistic (under lights) depiction. And the masks people see at stores and such do not have the kind of quality - that I have ever seen - that literal adhere to the face so that expressions are kept. It is a static face without the ability to smile, frown, and so on.
An older person very wrinkled is easier in a sense, people tend to have older people be invisible... and this guy's face was more lined, wrinkled then most which could hide expressions.
Yes, I entirely agree. I am surprised they did not have such facial recognition technology in place. Even the stuff I have seen on television uses thermal and considers such disguises "out of the box". Do they alert on discrepancies, though?
@general note: This stuff is important. There are more then watch lists. There are faces. If people can change their faces at will, they can evade arrest even if they have very famous famous. Ala, think FBI Top Ten, etc.
Makeup and other alterations are just as easily detected. It does not need to be an automated detection. It could be a simple tool for the inspector (if there were one :=) ). The presence of a disguise is reasonable cause to look more closely at the individual.
We don't even authenticate travel documents, why should we check for altered faces or fingerprints (not a major problem)?
I wonder if its all a big hoax?
Can the makeup and mask be so perfect that it extends all the way to his chest?
If so, its like hollywood standard requiring hours to do this makeup.
It would be cooler if he had a dozen birds taped to his legs. That dude also got caught, but even more amusing.
>>So why wasn't the (scary) method of "gait analysis" used to discover this guy?
Won't a spry 20-something man walk more briskly and with more agility than a worn 80-something feeble man?
Yes. Older folks' joint angles vary over a smaller range. The speed of actuation also varies.
It can be faked, and isn't deployed. Yet.
And this guy was caught but there are probably others that succeeded in getting into the foreign country...who knows how many (or few)...
What's next...someone buys a Bruce Schneier mask and walks into some security symposium...
"The brain quickly concludes that all the sprockets are the same, so there's no point paying attention. Each new sprocket confirms the pattern. By the time an anomalous sprocket rolls off the assembly line, the brain simply doesn't notice it."
For years we've stressed "inspect one upstream and one downstream" of your station, and "if it looks wrong, throw your hand up", with marginal results. We do catch problems, but not as many as I thought could be attributed to operators (granted, not inspectors) actually paying attention to part detail. The excerpt from Beyond Fear has now opened my eyes to the fact that hundreds of sprockets (sometimes per day) will all look like good sprockets even with glaring differences.
Thanks for teaching me a new quality lesson!
Anyone remember the movie from the early 70s called Little Big Man where Dustin Hoffman played an old Indian man in the movies who told stories of his life. It was a long time ago but the old guy looked "real" to me back then. Techniques for masks and makeup have surely improved somewhat. Who knows, but maybe the young Chinese man watched the movie and got the idea for his plan from watching it? I doubt that movie would be something the Chinese would ban. I suspect most of the rubber masks sold today come from China so maybe he may have had some expertise in the craft of mask making and make up. I understand the shoe copiers over there are quite the experts in that craft so it's not surprising to me that he made it through customs. He could probably have also turned his head into looking like a Nike or Asics or whatever shoe he wanted with some practice.
Some time ago they also had a bank robbery in Ohio, in which the robber used a mask from the same company.
In this case the robber was caucasian but wore a "black person" mask.
Masks so realistic they're arresting the wrong guy
"Conrad Zdzierak, a 30-year-old Polish immigrant, used one of Slusser's masks to disguise himself as a black man during a series of Ohio robberies last spring. The costume was so good that six of seven bank tellers wrongly identified an African American man as the culprit in a photo lineup, said Det. Keenan Riordan, who investigated the case for the Springdale, Ohio, Police Department."
The article also stated:
"Authorities are even starting to think that the so-called Geezer Bandit, a Southern California bank robber believed for months to be an old man, might actually be a younger guy wearing one of the disguises made by SPFXMasks."
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.