Domodedovo Airport Bombing

I haven't written anything about the suicide bombing at Moscow's Domodedovo Airport because I didn't think there was anything to say. The bomber was outside the security checkpoint, in the area where family and friends wait for arriving passengers. From a security perspective, the bombing had nothing to do with airport security. He could have just as easily been in a movie theater, stadium, shopping mall, market, or anywhere else lots of people are crowded together with limited exits. The large death and injury toll indicates the bomber chose his location well.

I've often written that security measures that are only effective if the implementers guess the plot correctly are largely wastes of money -- at best they would have forced this bomber to choose another target -- and that our best security investments are intelligence, investigation, and emergency response. This latest terrorist attack underscores that even more. "Critics say" that the TSA couldn't have detected this sort of attack. Of course; the TSA can't be everywhere. And that's precisely the point.

Many reporters asked me about the likely U.S. reaction. I don't know; it could range from "Moscow is a long way off and that doesn't concern us" to "Oh my god we're all going to die!" The worry, of course, is that we will need to "do something," even though there is no "something" that should be done.

I was interviewed by the Esquire politics blog about this. I'm not terribly happy with the interview; I was rushed and sloppy on the phone.

Posted on January 28, 2011 at 3:15 PM • 33 Comments


BF SkinnerJanuary 28, 2011 4:08 PM

Well. I DID get a cold email yesterday selling the advantages of their companies bomb detectors and it specifically was said if Moscow had used it the bombing would have been prevented.

Standing in the new security concourse at Dulles it's always struck me as a point of how far away TSA is willing push the acceptable blast zone. To prevent a Moscow requries screening outside of the concourse at the airport roadway perimeters.

@Bruce. When are we going to discuss Egypt's internet kill switch? transit lines are up and so is their exchange but everything else seems shut down.

Davi OttenheimerJanuary 28, 2011 4:18 PM

"Doing anything would be an overreaction"

Right, like giving an interview? :)

I think you harp on the do nothing point a bit too much. Some things have changed and some things can be done about them.

After an attack, more information is known about the attackers and methods. That information is useful in defending against future attacks.

This seems to me consistent with your "Investigation, intelligence, and emergency response" doctrine, but it contradicts your "doing anything" point. The former is at risk of being lost in the latter because you emphasized doing nothing so much.

Ironman92January 28, 2011 4:21 PM

At least we know there will be no pat downs in rail stations; Obama himself said so in SOTU.

Tangerine BlueJanuary 28, 2011 4:33 PM

> I think you harp on the do nothing
> point a bit too much

I'm a big believer in doing nothing. It's easy, it's cheap, and it beats the hell out of "doing something" like confiscating water and fingernail clippers, removing shoes, backscatter x-ray, and groping privates.

To your point that analyzing the crime is important, I agree, and I think it goes without saying that law enforcement would come in and do some kind of investigation. "Doing nothing" here just means it doesn't require new legislation or security measures.

mcbJanuary 28, 2011 5:07 PM

Bruce, did you really say "crappily?"

Maybe you could send your interviewer a copy of Beyond Fear and ask him to read it before he calls you again...

NobodySpecialJanuary 28, 2011 5:40 PM

At US airports generally the baggage collection area is open to the street - bring in a suitcase, leave suitcase - bang!

In Belfast during 'the euphemisms' the police would check your bags before you entered the airport building.

GerryJanuary 28, 2011 5:40 PM

Good point about the SOTU comments. Is the idea to promote train travel by promising a perk (no pat down) to promote high use? Pretty cynical use of 'security', isn't it? This shows that it's not about protection, but more about control.

BF SkinnerJanuary 28, 2011 5:48 PM

@Tangerine Blue "believer in doing nothing"

King Log not King Stork.
Tend to agree with this myself.

@ Davi Ottenheimer "didn't we already"
well yeah but we didn't actually have a real world case study to use.

John HardinJanuary 28, 2011 6:03 PM

@davi: When a politician or bureaucrat feels the need to "do something" as Bruce suggests, it's generally something highly visible and only marginally effective.

We _do_ need to "do something" - we need to investigate the attack and learn from it. Unfortunately this activity is not highly visible, so a politician or bureaucrat cannot easily point to it and say "See? We're making you safer! I'm doing my job!"

IvanJanuary 28, 2011 6:16 PM

This blast is a Reichstag fire; a step in the preparation for Election-2012 in Russia ("We need to be tough on terror... Let's increase the security budget, show new batons on TV and gain a couple of rating points").

This operation has nothing to do with security _holes_: a man with an FSB ID can enter any location in Russia. Google "rdx ryazan".

The only way to prevent similar incidents is to dismiss the government, but do you want this idea to be seen on your website?

AndrewJanuary 28, 2011 6:40 PM

I have to disagree with one point.

>> From a security perspective, the bombing had nothing to do with airport security.

The existence and positioning of the checkpoint created the target zone. This "spillback" is the idea that by establishing a control in one area you can create a hazard some distance further away. Even if this is off property, it is still the result of activity on your own site, and the lawyers can have a field day with you if something happens.

If we accept that the Moscow bombing was not an "airport security" matter, we must grant that the safety of the traveling public is not an airport security goal.

EnnorJanuary 28, 2011 7:23 PM

Russian bombings will always be a bit different matter.

The main problem here is that nobody really knows who the bombers were working for. It could almost equally probable be caucazian terrorists, or high ranking FSB officials. And it is an extremely difficult task to uncover the plot when you have been ordered not to do so.

Marc ThibaultJanuary 28, 2011 7:52 PM

Those would be terrorists from the Caucazus?

It doesn't matter where you put your perimeter; there'll be a crowd at the gate. All you've done is move the targets and provided more of them.

Before all this nonsense started, you'd get to the airport a half-hour before boarding--There'd be between a half-hour and an hour's worth of passengers in the airport. Now there are two to three hours' worth of passengers in the airport, concentrated in a few small areas.

The "security" is worse, not better.

Bruce SchneierJanuary 28, 2011 10:16 PM

"Bruce, did you really say 'crappily?'"

I know, I know. I told you it was a bad interview.

Richard Steven HackJanuary 28, 2011 10:33 PM

"After an attack, more information is known about the attackers and methods. That information is useful in defending against future attacks."

Fine - you've now determined how the one time attack was executed.

Since the terrorists will never use that method again - since they know you now know - what good is that?

That's the whole point of Bruce's remarks. You don't learn anything from an attack except that you didn't anticipate it - because you CAN'T anticipate attacks. That's the problem by definition.

The ENTIRE concept of security is almost an oxymoron (not entirely because there's some advantage in "keeping out the riffraff".) The only security you can have is: 1) taking out your enemies before they can take you out; 2) be "inaccessible" to your enemies (not possible for a country or an airport, only an individual), and 3) don't have any enemies (i.e., change your policies or behavior so your enemies are no longer your enemies.)

Until this reality is acknowledged, everything done to attempt to have "security" is an utter waste of time, money and civil liberties.

Clive RobinsonJanuary 28, 2011 10:39 PM

@ Bruce,

"I know, I know. I told you it was a bad interview."

Speaking of "correcting the facts" and the fact people don't take it on board... it's a bit off topic but you might find this interesting food for thought,

If it's correct (and I don't know if it is or not) then it might go a long way to explaining some of the very very odd behaviour many of us have observed about politics and have commented on,on this blog. And further why some trolls are not actually trolls but just backed up into a corner and won't admit they are wrong even when presented with the facts...

It also has a nice throw away line,

"This would also explain why demagogues benefit from keeping people agitated."

Which speaks volumes about some current political rhetoric...

Clive RobinsonJanuary 29, 2011 12:47 AM

@ Davi,

"After an attack, more information is known about the attackers and methods. That information is useful in defending against future attacks"

I'm sorry but you are making some assumptions that just are not valid.

The first is "more... about the attackers and methods".

The current trend is towards suicide bombers, thus knowing more about the attacker will tell you not a lot unless their recruiters/handlers have been very inept. And even then the information is not likley to be of any real use (think about the lack of info from Captin Underpants and Corp. Hotfoot).

Secondly the "methods", there is the general class of "in or on the person" and the specific instance of "heal of shoe". Whilst you should take action about the general class, "focusing in" by taking action against a specific instance is going to miss the other 99.99...% of the possabilities in the general class. Also we should have a fairly good idea about the general classes prior to them being used so we should not miss them unless the procedures are deficient (which they were with Captn Underpants).

Deficient procedures are actually what we "the public" really find out about after an attack. Those in charge know (or should know) what the deficiencies are long before an attack, but have chosen for some (rational) reason not to deal with. And the main reason for not addressing them so far appears to be not resources (as you might expect) but the level of inconveniance caused to comercial organisations.

Thus we know where future attacks are goin to be prior to any attacks. If you look back Captin Underpants attack vector was known about and discussed openly prior to his attack. Likewise the vector with this Moscow bombing.

People have talked about "insider threats" of various types. One was bribing/human engineering baggage staff and Bruce has just posted about the TSA bribing an airline employee.

If you look at some of the posts on this page they mention other insecure areas such as catering, maintanence, cleaners and other insiders. It is thus reasonable to suppose this is an area under investigation by terrorist planners and within the next few years an attack will be made through this vector.

The problem is there are so many of these deficiencies each opening up a myriad of potential vectors that we cannot cover them all.

And this is where another of your assumptions,

"That information is useful in defending against future attacks"

is wrong. There are so many vectors available the terrorists get to chose which to try next, without ever having to go back to a previous vector.

As Bruce points out the only way you can play this game with any hope of even drawing even is to have real intel or the terrorists intentions.

The other option is not to play the game in the current form.

Imperfect CitizenJanuary 29, 2011 7:06 AM

I was glad to see you pointed out the harm in overreacting to security threats. You were right.

When the government breaks the law and you are a target, its an awful feeling. Turning citizens into watchers is terribly predatory and they project whatever fears the label stuck on you conjures up in their minds.

Even intelligence and investigation leave dangerous gaps where more harm than good can occur. Once you are targeted the business of watching takes on a life of its own. Its not the intelligence expert who watches its a farm out of citizens with fears and prejudices against the target gathering data. Imagine, you are a vet, you are given a great part time job watching people for the FBI/NSA. So you hear the person has ties to the enemy, say in Dearborn. Wow, so how does that color your perception? You see the person once or twice. You interpret what they do based on your poor information, gossip at the barbershop, gossip at the store. You ask store employees what they think, what did the person buy?

When the FBI/NSA farms you out to Uncle Booz or the other contractors you are pretty much at the mercy of whatever RA or PD is in the jurisdiction. Even then the observers have this above the law status with the Patriot Act. I wonder how much money these watching/intelligence contracts add to the location where the person lives, considering they use the NIMS/FEMA cellphone network/civil defense system.

I think the NSA has no idea what is going on. They target people in an area, say Dearborn, and then go on to the next thing. When they have contractors who say they can add to or drop things and either way it won't stick to them, I don't think they have safeguards against contractor misconduct. Its not cops or intelligence pros running the observations. Then when there are problems, well its just "citizens watching citizens" except the target does not have equal protection under the law.

My point being the intelligence part isn't always that intelligently done.

jbJanuary 29, 2011 9:01 AM

"After an attack, more information is known about the attackers and methods. That information is useful in defending against future attacks."
Fine - you've now determined how the one time attack was executed.
Since the terrorists will never use that method again - since they know you now know - what good is that?

The key thing is "terrorists will never use that method again." You push them into a worse, less-efficient method. The response to a terror attack should be the most minimal, cheapest thing that forces them to change just a little. Over time, you make them spend more resources to get anything done, which prices the ordinary terrorist out of the market, leaving only organized people who can be stopped by other means.

ddJanuary 29, 2011 10:48 AM

The fsb bombs apartment buildings and got caught once, they had impunity as all government goons do. FSB does not have suicide bombers, but they could use one by false flag recruitment like when the FBI recruits idiots that think they can blow up an airport with a match near a pipeline. So far FBI has not been caught alowing one of their propaganda actions to actually blow up anyone, the assasination of mrs e howard hunt and others in chicago was not done for propaganda. It was just an elimination of enemies at a time when the fbi director was in the habit of "deep six"ing evidence for his political party
the bomb detecting chia pets wont be effective when the terrorists use aphids.
But the TSA is really doing some good work testing things for al queda.

ModeratorJanuary 29, 2011 2:43 PM

DD, I give up. You've been using Bruce's blog as a platform for off-topic rants for a long time; in fact, you were warned about it in both 2008 and 2009, though I didn't connect those identities to you until recently. All I can seem to do is get you to avoid specific subjects for a while -- so now it's the FBI instead of the Minneapolis PD or Dick Cheney -- which doesn't really make any difference. Also, I now realize you should have been banned long ago for sockpuppeting after a warning. So I'm banning you now.

I've mentioned at least twice over the years that many of your comments would be more appropriate as posts on a blog of your own, so if you do start a blog, you can post a link to it here once.

tomasJanuary 29, 2011 3:34 PM

"The bomber was outside the security checkpoint"

I've never been to Domodedovo, but the other major Moscow airport, Sheremetyevo have a security screening prior entering waiting hall, similar to those in some museums: xray and metal detector. Could anyone comment on the actual setup?

Wee Wee FaceJanuary 29, 2011 4:22 PM

On the contrary, Bruce. I thought this interview was charmingly clear and to the point. We're all getting a little cantankerous about lemmings overreacting to every little nothing.

Richard Steven HackJanuary 29, 2011 5:58 PM

"The key thing is "terrorists will never use that method again." You push them into a worse, less-efficient method."

Says who? Who says the next method is "worse" or "less efficient"? That is an ASSUMPTION.

"which prices the ordinary terrorist out of the market,"

I did say security can be used to "keep out the riffraff". But your premise is still wrong. The "riff-raff" can just as easily come up with new "better" methods as the more capable. There is nothing in the process that forces them to come up with less efficient methods.

That's the whole point of the airport bombing - all the checkpoints do is push the target out further, which is in fact more efficient and less of a risk to the terrorist (other than a suicide bomber, of course).

I'll repeat the bottom line: There is no security.

Dirk PraetJanuary 29, 2011 6:03 PM

It is impossible to cover any and all attack vector because they're just too many. Next to intelligence, investigation and emergency reponse, security ops need to focus on weakest link analysis and modus operandi of terrorist organisations known or likely to strike at specific targets. In the case of AQ and the aviation industry, they have to date almost exclusively concentrated on downing airliners. Caucasus rebels and black widows are much less discriminate about their targets and contrary to AQ (so far) do go for the low hanging fruit. But they are also much less likely to strike at US or European soil.

Although it cannot be precluded that sooner or later AQ will engage in a similar plot as the Domodedovo bombing, extending security to departure and arrival lobbies will come at a serious extra cost not only in terms of budget but also in hastle to travellers to the point that more and more people will give up on air travel alltogether unless no other alternatives are available. IMHO, TSA has little reason to go there today, but I am slightly surprised that Russia - where such attacks have a much higher risk - seemed absolutely unprepared for it.

JaimeJanuary 30, 2011 3:21 AM

"I'm not terribly happy with the interview; I was rushed and sloppy on the phone."

I think that the interview is fine.

qJanuary 31, 2011 5:31 AM

@jb "Over time, you make them spend more resources to get anything done, which prices the ordinary terrorist out of the market"

The question is, do you have so many civilians to spare? There are tens of ways to compromise just one single location (such as an airport). There are millions of locations suitable for terrorists purposes in a country.

LawrenceJanuary 31, 2011 1:27 PM

I think it's worth noting that the airport was operational again within a few hours, and I've heard nothing about any nation-wide disruption to Russian air traffic as a result. I think that is the way to make airports less attractive targets. In the US, exploding a bomb in an "insecure" section of an airport would still have shut down the airport and possible all of US air traffic, drastically increasing the "value" of the attack (where "value" is defined as "what you can deny to your victim").

Doug CoulterJanuary 31, 2011 6:28 PM

I was kind of surprised to read this far down before seeing a comment saying that. I was immediately struck by how un-terrorized they were by the incident, and as you say, this kind of takes the effectiveness of the weapon away.

Refuse to be terrorized -- I think I've heard that here before (and agree. NRA says "refuse to be a victim", same idea).

wasfusJanuary 31, 2011 10:30 PM

In Israel, most places where people congregate have a security check at the perimeter. [Obviously this is based on risk assessments- you are unlikely to find them in places that do not cater to mostly Israeli Jews]

I realize this could never scale up to the size of the USA for example, but perhaps this shows where policies are headed?

Eventually, all you can do is seek to prevent a situation where gathering with other people presents a significant risk of terrorist action. As far as I know, this dire problem is only currently the case in Iraq, and only in some cities/neighborhoods.

ErikFebruary 1, 2011 4:16 AM

@thomas I just walked through DME arrivals yesterday (and I've been there several times). Like SVO, DME has metal detectors and X-Ray machines positioned at the entrances. But over the past couple of years, the transport police were letting people bypass those measures when entering terminal.

Yesterday, it looked like DME has reactivated the entrance checkpoints (hard to tell from my vantage point). The doors close to the arrivals hall are now exit-only and they've closed the stairwell exit most people used to quickly get to the parking area.

Compared to the security checkpoints required to get to a gate, the entrance examinations were more cursory (no laptop/shoe removal, for example). I've been wondering if gthey would have detected the devices used last week.

I totally understand what "security theatre" means and I know that activating the checkpoints will just push perpetrators to other methods (or other targets). But if my trip here had occured 1 week earlier, pepole waiting for me would have been standing where the bomb(s) went off. It's very hard to argue the entry checkpoints aren't sensible measures.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.