Schneier on Security
A blog covering security and security technology.
« Going Dark to Protest SOPA/PIPA |
| The Onion on Facebook »
January 19, 2012
Using False Alarms to Disable Security
I wrote about this technique in Beyond Fear:
Beginning Sunday evening, the robbers intentionally set off the gallery's alarm system several times without entering the building, according to police.
The security staffers on duty, who investigated and found no disturbances, subsequently disabled at least one alarm. The burglars then entered through a balcony door.
Posted on January 19, 2012 at 6:36 AM
• 36 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
"How to Steal a Million" with Audrey Hepburn and Peter O'Toole. Certainly not the only classic movie where this method is used.
A classic technique. My favorite cinematic use is in "How to Steal a Million", where the alarm which disturbs government officials' sleep is ultimately disabled.
Funniest part: the director of the Greek National Gallery insists that it is safe and that security staff is well trained...
This is apparently how the last successful stealing of the T at Georgia Tech was pulled, the students would trip the alarm on a nightly basis so campus police would get slower and slower to respond.
This is a standard approach for stealing cars in Russia.
This goes way back. In fact Mark Twain wrote about it in "The McWilliamses And The Burglar Alarm" in 1882!
Spoiler: "...It was at this unprotected time that the heaviest calamity of all happened. The burglars walked in one night and carried off the burglar alarm! yes, sir, every hide and hair of it"
Full Text here:
Used in the robbery of the Beit art collection from Russborough House by the Martic Cahill (nicknamed 'The General') gang, notorious Dublin gang in the 1980s. The gang broke in through a window and place gum on the various PIR sensors and then immediatly left, locking the window behind them. After the police arrived and found nothing, the gang broke in again and robbed a lot of paintings at their leisure.
Car alarms that trigger on vibration always struck me as very insecure for this same reason. If a bus, a truck, or just a loud car drives by, the alarm is triggered. That happens many times a day, so owners (and perhaps more importantly) onlookers are just trained to ignore alarms. They end up being completely useless, just annoying.
It would be interesting to know what the optimal number of annoying false alarms is before people will turn the alarm off.
"Car alarms that trigger on vibration always struck me as very insecure for this same reason. If a bus, a truck, or just a loud car drives by, the alarm is triggered."
We used to go to a small (but good) restaurant after working at the scene shop regularly. Every time, this little red car would start yelling PROTECTED BY VIPER, STAND BACK as we walked across the lot. Apparently, just being withing 20 meters of the car was enough to set it off. So everyone just ignored it.
Sure enough, the car was rather nastily vandalized one night because one the neighbors couldn't stand it anymore. The alarm made it a target.
It goes all the way back to Aesop's boy who cried wolf, really.
One of the challenges setting up a monitoring system for computer/network environments (nagios, etc) is alerting for the things you care about without alerting so often that people ignore your alerts.
Scott H: I encountered one of those alarms years ago. Never have I been so tempted to vandalize a car.
Car alarms that trigger on vibration always struck me as very insecure for this same reason.
There's also this famous story of a boy who kept claiming he was being attacked by a wolf. The problem of multiple false alarms causing people to drop their guard has been around for a long time.
Probably goes back before that.
The little known Greek strategy of leaving a wooden mouse, then rabbit, then sheep, etc
outside the walls of Troy until the Trojans got used to carrying them inside!
Yes, it's my understanding that if the police actually bother to show up to investigate a car alarm, it's more likely to be so they can charge the owner with disturbing the peace than because they consider there to be any likelihood the car is actually being stolen.
I'm always a bit tempted to shoplift when I set off a detector on entering a store.
"Car alarms that trigger on vibration always struck me as very insecure for this same reason."
That's why car alarms should have their speakers and strobes inside the car where they would affect only would be thieves or the owner.
Is this a quote from Beyond Fear that you randomly decided to feature or is it from a recent story that you forgot to provide a link or reference to?
JJ - Bruce did apparently forget the link. Pablo's post above contains a link to the story.
Classic. One of the easiest, low-tech, oldest & EFFECTIVE ways to defeat any alarm-based defense. Richard Marcinko, creator of SEAL6, used this to get into nuclear plants and highly classified sites with lots of high tech security.
Curious, who was the first group known to use this strategy? I've often wondered. I figure it goes way, way back. Maybe some history buffs on here might know.
Twenty years ago some people did a big bank heist in Sweden. With water cooled diamond drills they went though the roof of a bank into the vault.
They tripped the vaults internal vibration alarms 6-7 times during the weekend nights and security staff with K9 arrived on scene but they never found anything or anyone. The security company did turn the alarm section in the vault off to stop the alarms which they was sure was defect. They were seen unnecessary as the rest of the alarm sections on the premises still were enabled.
Once the thiefs even tripped the fire alarm once but played it cool by staying inside the time locked vault while emptying several hundreds of deposit boxes.
On moday morning the bank staff came to a surprise when they opened the vault...
An old friend (now deceased) worked as a civilian dispatcher for a city police department. On the midnight-to-eight shift he noticed that when a commercial burglar alarm went off, it was always the same car that responded first, and never needed backup. Eventually he realized these cops were setting off the alarms, 'taking the call', and then burgling the place before the owner could show up to tell them was was missing.
Roberto Benigni's "The Monster" (Il Mostro) had this kind of trick in it, too.
I remember seeing something very similar to this in a popular foreign movie. If you've seen "La vita e bella" (Life is Beautiful) you'll remember the character (played by Roberto Benigni) goes to a supermarket and (stealthily) stuffs random groceries in the cart/purse of random customers. This eventually sets off the detectors at the door repeatedly (unbeknowst to the customers) and the employees can't figure it out. So they disable it as Roberto discreetly walks out the door wearing a trenchcoat full of groceries.
This happened at a High School I worked at. One night some students smashed a window then hid outside the school somewhere. Waited until the security turned up and as soon as security left they broke in. Fortunately we always left all the outside lights on at the school and our CCTV cameras worked beautifully.
Car alarms should do nothing except: (1) disable the ignition; (2) notify the owner (or a service) by radio. That way you or they can ambush the thief if there really is one.
I actually wrote my city council proposing a law that would allow anyone awakened by someone else's car alarm to take an axe, crowbar, or sledge hammer to the car until the alarm is permanently silenced.
Working in retail I see the same thing often, in whatever shop. There'll be some display, usually cameras, with rather sensitive alarms. So, they go off a hundred times a day anyway. Curating these alarms is a task performed by the staff with no concern for what may have caused it. Someone can and usually does take advantage of this to just grab a camera off the display and walk out with it.
@Scott H, Regis, et al:
I used to encounter this on a regular basis where I worked. Had to willfully refrain from "carrying my keys in my hand".
I'm looking forward to an answer of how to effectively defeat this tactic. Clearly requiring staff to repeatedly check alarms isn't effective.
The alarm can be the attack. In early 2010 there was some hapless immigrant who mistakenly opened a secure door at one of the New York City airports. I recall that the incident got an inordinate amount of press at the time because the airport had to be shut down while any threats were investigated. I also remember thinking that a handful of coordinated people at major hubs could shut down commercial aviation in the US just by opening emergency doors at around the same time. This "attack" would be easy to pull off, difficult to detect in advance, require little money or training and would require agents who had only enough fanaticism as to be willing to be arrested (as opposed to killing themselves).
"I'm looking forward to an answer of how to effectively defeat this tactic. Clearly requiring staff to repeatedly check alarms isn't effective."
Any method you consider to deal with this will have drawbacks, but I think randomization could be an effective way to deal with the problem.
Randomization is very simple. Here's an example. Instead of responding to the alert every time, you instead respond 50% of time.
So the alarm goes off. You flip a coin. Heads, you see what the problem is... Tails, you ignore the alarm.
Although I picked a response rate of 50%, one could do some analysis to figure out a rate that makes more sense for the situation.
Was also seen in the Bennini's movie Il Mostro. Lots of inspiration for burglars.
@Chris: "shut down commercial aviation in the US just by opening emergency doors at around the same time"
The same probably goes for leaving luggage unattended.
@Harry: "how to effectively defeat this tactic"
Obviously there is no perfect defense but one thing would be to make false alarms harder to trigger in a way that the person triggering it would escape from the subsequent investigation.
E.g., when a motion sensor is triggered, lock all adjacent rooms so that whoever triggered the alarm is trapped.
Let's call it something like a "defense-in-depth" strategy.
If you're more the balls-of-steel type, just set whatever you're guarding to self-destruct when one alarm is triggered. This removes all incentive for thieves to intentionally trigger alarms ;-)
The use of this as a military tactic goes back at least to Alexander the Great at the battle of Hydaspes. Alexander was camped across the river from his enemy. Every night his army would make a very noisy feint to cross the river, keeping the enemy armies constantly on guard. Once the enemy grew accustomed to this and reduced their readiness, he brought a real and successful attack.
I like more of the twist "how to steal brand new car battery" russian style.
Thief uses false alarms, to get car alarms set off but instead of stealing it he hides it somewhere nearby. Victim finds it out in the morning and gets new battery within few days to get car going. The thief comes back few nights later and repeats the beginning of the exercise, repeats and waits patiently when victims finally disables the alarm and goes to bed. He then swaps the old battery back and steals the new one instead. Pretty neat, victim either doesn't notice a thing long time or finds out what happened when gets car to shop to fix the alarm system.
My brother went ballistic when he was donethis while his contracting work at russia long time ago.
Above is combination of two quite clever separate cheating techniques. And ofcourse the car and the car battery are just examples, it works for more valuable items too.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.