Defeating a Tamper-Proof Bottle

Here's an interesting case of doctored urine-test samples from the Sochi Olympics. Evidence points to someone defeating the tamper resistance of the bottles:

Berlinger bottles come in sets of two: one for the athlete's "A" sample, which is tested at the Games, and the other for the "B" sample, which is used to corroborate a positive test of the A sample. Metal teeth in the B bottle's cap lock in place, so it cannot be twisted off.

"The bottles are either destroyed or retain visible traces of tampering if any unauthorized attempt is made to open them," Berlinger's website says about the security of the bottles.

The only way to open the bottle, according to Berlinger, is to use a special machine sold by the company for about $2,000; it cracks the bottle's cap in half, making it apparent that the sample has been touched.

Yet someone figured out how to open the bottles, swap out the liquid, and replace the caps without leaving any visible signs of tampering.

EDITED TO ADD: There's a new article on how they did it.

In Room 124, Dr. Rodchenkov received the sealed bottles through the hole and handed them to a man who he believed was a Russian intelligence officer. The man took the bottles to a building nearby. Within a few hours, the bottles were returned with the caps loose and unbroken.

One commenter complained that I called the bottles "tamper-proof," even though I used the more accurate phrase "tamper-resistance" in the post. Yes, that was sloppy.

Posted on May 16, 2016 at 6:03 AM • 68 Comments

Comments

RobertMay 16, 2016 6:34 AM

The account does not imply that the bottles were opened. It only implies that the old cap was removed and an intact cap (maybe a different one) with the same code was provided. If one had the ability to engrave the 7-digit code onto a cap and had a supply of caps without any code the rest should be easy.

RichardMay 16, 2016 6:35 AM

For actual tampering, I think with a strong enough magnet you might be able to pull up the metal security ring.
But how hard would it be to just manufacture your own bottles, then engrave them on the spot? Or even just steal an unengraved batch from the factory.

TravisMay 16, 2016 6:52 AM

...or keep the cap and replace the bottle (if the bottle isn't uniquely coded like the caps are).

Honestly the description of a room full of doctors looking at the bottle and declaring it secure because "they can't think of a way to get in" is silly. They're doctors, not professional safe crackers. If the bottle was examined by the NSA and they couldn't figure out a way to get in, then I'd be impressed. Otherwise it just sounds like another "impenetrable encryption product based on proprietary algorithms".

de La BoetieMay 16, 2016 7:14 AM

Off post topic, there has been what looks like a significant case of the harmful iatrogenics of security precautions:-

https://www.theguardian.com/football/2016/may/15/manchester-united-abandon-final-premier-league-game-after-security-alert-leads-to-old-trafford-evacuation

A football match between Manchester United and Bournemouth was called off after a "very realistic" device was reported in a toilet.

The reason it looked very realistic appears to have been because it was inadvertently left there after a security training simulation, and was designed to look like a bomb.

One of the big features of the increased security postures - including the ones affecting mass surveillance etc, is the extent to which the harms done by those postures is not accounted for, or dismissed as unimportant or someone else's problem. Nor do those who are careless or casual but cause the problem (including LE) usually bear any significant costs for that, it's some else's problem or it comes out of the public purse anyway.

And that's without accounting for the very-difficult-to-measure-but-real costs of alienating groups of our society. Plus the costs of crying wolf once too often.

Vesselin BontchevMay 16, 2016 7:16 AM

Nothing made of regular glass is "tamper-proof". It's forgivable if NYT doesn't know the difference between "tamper-proof" and "tamper-evident" but at least Bruce shouldn't have confused the two.

ATSMay 16, 2016 7:16 AM

Well from the pictures of the bottles and caps shown in the NYT article, its just a simple 7 digit number twice on the bottle with a single bar code. The cap just appears to have the number.

So screw trying to get the cap off without doing damage to it, just break it into two with a tool and engrave a new cap. Simple easy. Its not like a multi-million dollar doping plan can't afford to have a couple parts made.

The only thing those bottles are tamper resistant from are small time players. Any Governmental sized player is going to have no problem replicating them completely. Hell, as a government doing this, I wouldn't even bother opening the bottles, just print matching numbers onto blank bottles/caps on the fly. 2 Hours is more than enough time to do it.

Really, there is no practical way that you are going to make something tamper resistant to a Tier 1 governmental adversary.

ianfMay 16, 2016 7:44 AM


[…] replace the steroid-tainted urine of top athletes with clean urine, stockpiled in soda bottles and other containers in the months leading up to the Games.

Too much soda water (CO₂H₂O) consumed by that NYT journo in the hours leading up to writing the article. Try: sterile containers in dark refrigerators under lock and key.

ianfMay 16, 2016 8:11 AM


@ ATS: “there is no practical way that you are going to make something tamper resistant to a Tier 1 governmental adversary.

Quite. It's a question of how much [state/ national, etc] prestige rides on the "correct" content of a tamper-resistant bottle. Were I tasked with making it happen, I'd simply acquire a illicit batch of the original Swiss caps + the same engraving/ labeling machine with the same programming; then simply break the original cap, substitute for the "old but clean" pee, and close it off with on the fly labeled "cloned" cap that's indistinguishable from the original under naked eye & quite a few levels down (though perhaps not under a forensic microscope).

AnonMay 16, 2016 8:34 AM

Hell, as a government doing this, I wouldn't even bother opening the bottles, just print matching numbers onto blank bottles/caps on the fly. 2 Hours is more than enough time to do it.

It's even easier than that - an attacker has more than 2 hours to clone the caps.

I'd assume that the paperwork the athletes are given includes the bottle number. I'd also assume the athlete watches their sample be transferred to the bottles, and the bottles sealed, before signing to say they've seen it. That way, if sample "A" 1234567 tests positive, the athlete knows for certain whether sample 1234567 was theirs or not, and if the athlete tries to dispute that in court then the anti-doping people have a signed acknowledgement from the athlete that they watched their sample go into bottles 1234567 "A" and "B", and the athlete can have their experts watching as the "B" sample 1234567 is opened and tested.

So an attacker has more than 2 hours to clone the bottle, they can start as soon as the sample has been taken and the athlete has given them their paperwork.

GweihirMay 16, 2016 9:08 AM

This is probably just a question of effort invested. Neither the cap nor the bottle looks like it would be very hard to manufacture if you really want to and can invest some money. Probably cheaper would be to steal some blanks (typically by bribing somebody to "discard" a few in QA or the like) or to re-mark caps to a different code in order to get the desired one. May require a plastics expert for chemical or physical removal of the old markings, but we are talking about a nation-state adversary here with considerable resources.

And, as pointed out above, if you can destroy and replace the bottle without damaging the cap, that would be even easier.

The only way to do this securely is to keep the 2nd bottle with a trusted third party. That comes with its own obvious problems though.

Bruce SchneierMay 16, 2016 9:27 AM

"Nothing made of regular glass is 'tamper-proof'. It's forgivable if NYT doesn't know the difference between 'tamper-proof' and 'tamper-evident' but at least Bruce shouldn't have confused the two."

You're right. That was sloppy of me.

ianfMay 16, 2016 10:17 AM


@ Vesselin Bontchev,

please explain to me all the finer lexical/semantic points of difference in Bruce's colloquial use of "tamper-proof," where "tamper-evident" would perhaps be the more correct term. We're talking a small-size glass bottle, don't we, made out of a material which is malleable only in very high temperatures, holes in walls not easy to reseal unobtrusively, and thus de-facto tamper-proof by its very nature… UNLESS evidence of tampering is of no consequence.

    Be as specific as you can, no word is too big or too long, do take all day, and use up all the ASCII allowance for this blog if so required… we NEED to get to the bottom of this.

Peter GerdesMay 16, 2016 10:21 AM

Uhh, what reason do we have to believe the bottles were actually opened?

How hard would it be to divert a bunch of unused bottles from some legitimate use and simply counterfeit the labels? I doubt the labels are anywhere as near as hard to counterfeit as money?

AJWMMay 16, 2016 10:21 AM

The reason it looked very realistic appears to have been because it was inadvertently left there after a security training simulation, and was designed to look like a bomb.

Which looks like what, exactly? If one were to put explosives and a timer inside a stuffed teddy bear, would that look like a bomb? Did this device come with a countdown timer made of large 7-segment LEDs, too?

More to the point, don't they inventory these things, so that after an exercise they know if they've come up one short? Or more disturbing, one too many. ;)

ianfMay 16, 2016 10:45 AM


@ AJWM […] don't they inventory these things, so that after an exercise they know if they've come up one short?

Listen, those things happen despite the best intentions. Surgeons have been known to forget surgical linen (and their duty nurses tasked with accounting for all such items miss that), and even forceps, etc., inside sewn-up body cavities. I heard of a policeman who visited a toilet prior to queuing up for lunch in a market cafeteria, then realized by the dessert counter that he left his belt with all the gear, the Glock pistol, extra ammo, tear gas canister, in the loo. He rushed there… too late, all gone. Still missing for all I know. He may be on "Lost Property[*]" duty now for all I know ;-))

[vide: * Lester Freamon, The Wire, Season 1;
* Antigone Bezzerides, True Detective, Season 2]

GweihirMay 16, 2016 10:49 AM

@Peter Gerdes:

We have no reason to believe the bottles were opened. It is one of the options, and possibly the cheapest and fastest and most hard to detect one as soon as you know how to do it. But several other options are being discussed and likely most of them would work and the differences are with regards to cost and risk of detection. Obviously, the attackers will chose what looks best after having evaluated all avenues of attack.

As to counterfeiting money: That is not hard as long as you have the right equipment and supplies, you know, as states do for example. You can even order money to be printed for you by private companies, for example from Gieseke & Devrient. Of course, they will make sure you are authorized to do so.

swap_shopMay 16, 2016 10:55 AM

Swapping samples is an allegation that has existed since shortly after the start of standardized testing for IOC sports.

The WADA system is much better than the non-existent testing prior, but have been corrupted. It is drug testing theater and the IOC is perfectly okay with it.

You'll note the IOC's silence on irregularities in Kenya, Russia, and Ethiopia. It's okay to dope. But, you better win, or have a sponsor like Nike ready to pay the bribes.

ianfMay 16, 2016 11:06 AM


@ Peter Gerdes asks: “How hard would it be to divert a bunch of unused bottles from some legitimate use

Not so much divert unused, as target them for nefarious reuse. Given the bottles' specific high-security dedicated use, I doubt they are easy to get hold of outside of the authorized channels. But the plastic seals/caps are another matter. They don't seem to carry glued-on labels, but some etched or laser printed ID on the cap itself… so that's the counterfeit vector to employ (not very hard with the right equipment).

swap_shopMay 16, 2016 11:08 AM

Anyone can buy the bottles. They are not something that is difficult to source.

The minor challenge is reproducing the bottle code. They would have much more than a few hours to do this. They'd have days as samples appear to be put into a test queue. Other than that, adhesives are fungible.

The IOC is okay with the corruption. They got a very nice pay day from Sochi both above the board and all the bribes that went on behind the curtains.

Every games cycle there is a new controversy that erupts regarding never testing athletes positive during the Olympics show. It's not an endeavour for athletes who choose not to dope.

SteveMay 16, 2016 11:14 AM

More rigorous cats simply breed smarter mice.

There are two paths to elite athlete status: Either be a genetic outlier or some sort of augmentation. If you chose the wrong parents, there's really only one path to the podium. Go doped or go home.

ianfMay 16, 2016 11:25 AM


@ swap_shop “Anyone can buy the[se] bottles. They are not something that is difficult to source

Oh, really? Perhaps you could point me to the exact catalog page of that glass foundry which makes these very bottles, and supplies them to all comers? Granular URL complete with price list would be a bonus.

Doesn't seem to have registered with you that AS these particular containers are intended for a specific high-security purpose, they MAY BE (and most probably ARE) subjected to restrictions in distribution. The pretty high quoted item price (US$15) seems to indicate that as well. But you go on, daydreaming on the web.

jaysonMay 16, 2016 11:26 AM

With luck the war on doping will end with the war on drugs and render these bottles useless.

swap_shopMay 16, 2016 11:31 AM

@ianf

Really? This isn't morphine manufacturing, it's lab supplies.

TatütataMay 16, 2016 11:33 AM

I think I might know how the containers could have been opened.

I can find three relevant patents filed by Berlinger between 1993 and 2011.

The photo in the NYT article corresponds closely to the earliest patent DE4318311 filed in 1993.

The system is a ratchet mechanism comprising:

1) Teeth in the shoulder of the container;

2) A locking ring (called "Klemmring 5" in the patent), mounted in the cap, and engaging the teeth in the container;

3) A resilient polymer O-ring (called "Federelement 23", literally "spring-element 23"), which pushes down the locking ring onto the matching teeth in the container.

My hunch is that the vulnerability comes in part from the O-ring, as even though it is heavily compressed, it must still be have a little bit of compressibility left in the locked position, or otherwise the teeth of the locking ring wouldn't have been able to climb over those of the container.

The other part of the vulnerability would be the locking ring itself. The patent doesn't specify the material it is made of, but from the NYT picture it appears metallic in nature, possibly soft or pig iron, which would be a problem.

It would therefore be possible to apply a magnetic force from outside the system pushing the locking ring upward slightly, further crushing the O-ring by one millimeter or so [the document suggests tolerances], and permitting the opening of the container. It's a bit like picking the tooth of a nylon fastener with a pin in order to open it.

If the [presumably metallic] locking ring is made of a non-ferrous material, then it could be pushed upward with a strong AC magnetic field, like in a electromagnetic gun. Otherwise, either an AC or DC field would be appropriate.

Since the operation should last only a fraction of a second or so, long enough to twist off the cap enough to clear the teeth, one wouldn't have to worry too much about overheating.

WaelMay 16, 2016 11:35 AM

Tamper evident bottles won't protect all "pee attack vectors", so to speak. Even if the athlete is closely watched during the "sample" collection session, this one-and-a-half-minute video demonstrates how an end run attack can be mounted.

Then again, who needs "piss-poor" tamper evident bottles when a well-designed IoT Smartthrone© can provide real-time histograms of "sample" characteristics?

TatütataMay 16, 2016 11:40 AM

jayson wrote:

With luck the war on doping will end with the war on drugs and render these bottles useless.

Personally, I hope and expect that those pointless and expensive mega-events will eventually go away.

FIFA WM in Qatar? Winter games in Sotchi? Puleeze! And Norway pulling out of the race, leaving Kazakhstan and Beijing as the final contenders?

I stopped paying any attention to them decades ago, even though I confess I do like the Romans do when the circus comes to town, and go out for a pleasant evening with friends at the Biergarten, as there is literally nothing else to do.

[Through patient observation, I did figure out that the ball was round and the game lasts 90 minutes or so, but the reasons and rules for "penalty", "11 meter" "corner" or whatever shots still elude me.]

ianfMay 16, 2016 12:09 PM


@ Wael

it ain't a IoT Smartthrone© unless it can take "chassis-selfies" and post them on the Instagram with an invitation to match the "rear bits" to given celebs' "front bits" – perhaps even a competition with prizes sponsored by Depends or other company intending to de-sensationalize, i.e. normalize their products' self-evident utility in daily life.

LarsenMay 16, 2016 12:56 PM

What about partnering up with Thin Film Electronics? They might solve this quite easy and cheap.

ianfMay 16, 2016 1:00 PM


@ swap_shop

Given moral weight, hypocrisy (and potential repercussions and stigma) attached to the supposedly pure, for-the-love-of-the-guaranteed-unafulterated-sport results, yes, it's far worse than some morphine. Ever heard of sport stars losing lucrative sponsor contracts due to them being tainted with "doping?" A morphine—painkiller—adiction is nothing, NOTHING by comparison


@ Tatütata

listen, neither of us knows for sure which particular bottles and locking mechanisms were used, so any speculating on it is just that, speculating. Suffice it to say that IF the original requirement called for a tamper-proof container, it is probably that IN THE FIELD UNDER STIPULATED USE. I've seen another factory single-closure container for a hardener that's stable in an inert gas inside, but starting to cure as soon as it was exposed to air... (window of application: around 3 minutes). You could not get the lid off, it required a special sardine-can-like opener, hence the proof of it having been tampered with.

milkshakeMay 16, 2016 1:07 PM

it should be simple enough for the bottle manufacturer to add a proprietary tracer dry pellets that dissolve in the urine sample. The tracer composition would serve as a three-letter code, individualized for each bottle. The tracer would show up during regular urine analysis on mass spectrometer/liquid chromatography thats done for doping test. The only way to figure out the used tracer code would be to open the bottle and run the analysis (on a very expensive instrument) - this takes time, so while it would be possible to determine the tracer composition for a single sample, switch the content and fake the tracer, (if you have well-equipped lab with the instrument and few hours to analyze and switch the sample) it would take too long to attempt this for multiple urine samples as they have done in Sochi.
The tampering deterrent does not have to be perfect, it just has to make the fakery too time consuming

KenMay 16, 2016 1:21 PM

Or use something like a DNA encoded library added to each sample - choose the right end cap and you could have something easy enough to read but hard to amplify with PCR and 're-cap' the DNA.

AnuraMay 16, 2016 1:38 PM

In chemistry lab in college I somehow managed to get a test tube stuck inside a beaker even though the test tube lip was wider than the mouth of the beaker, essentially defying the laws of physics. To get it out, the test tube had to be broken (which came out of my pocket). I think if I can figure out how I did it, I can patent it as a one-way, tamper-resistant cap, impossible to remove without breaking.

WaelMay 16, 2016 1:41 PM

@ianf,

"rear bits" to given celebs' "front bits"...

Uh! That's covered in this Wiki article! I leave the mapping between "rear bits" and "front bits" to "big-endian" and "little-endian" for your vivid imagination. Network byte orders are big-endian, whereas Host byte orders are little-endian. Unless the SmartThrone© runs on a big-endian system (for customers with a big butt), the mapping maybe a nop.

WaelMay 16, 2016 2:04 PM

@Anura,

I can patent it as a one-way, tamper-resistant cap, impossible to remove without breaking

Think of it this way: The bottle is the transport, and the "liquid" is the payload. Securing the bottle is analogous to securing the transport. We need a method to secure the payload as well (it is PII, so it needs payload encryption; it needs to be authenticated as well!) How about if the athlete is made to swallow a pill that binds the time of the test to the bottle and the DNA of the subject? Something like what @Jacob mentioned in the past?

Just make sure you don't spill it!

TatütataMay 16, 2016 2:10 PM

As I was reading the patents, I was also musing about the lines of adding a marker of sorts to the sample, especially in the form of arbitrary synthesized DNA sequences, and was already considering drafting a patent application, when the other readers came up with the same suggestions. So I won't get rich quick just today yet.

There could be also be objections to adding markers as being tantamount to adulterating the sample. The purity of the added markers would have to such as to guarantee never to interfere with the most sensitive tests likely to be conducted. A tall order, IMO.

The athlete's own DNA would already be spread about the bottle, either free-floating or within cells, together with other stuff (bacterial, viral, etc.) filtered out by the kidneys.

An easier solution would therefore to test the sample for the athlete's own DNA. The cost of sequencing has come down tremendously in the last decade, and a library of assays could be developed.

A falsified urine sample would either come from a different individual, or contain no DNA at all if it is synthetic, or would have to have been preserved frozen from earlier days. I don't quite see how the dopey stuff could be filtered out while keeping the genetic profile of whatever else is in the container.

WaelMay 16, 2016 2:18 PM

@Tatütata,

when the other readers came up with the same suggestions. So I won't get rich quick just today yet.

He who gets to the patent office first wins. Don't let that inhibit your prospects, just hurry up and draft it! It's only around $10,000 :)

AnuraMay 16, 2016 2:26 PM

Of course, the real question is why not just allow drugs? I want to see genetically engineered, chemically enhanced behemoths competing. This way, it's not about who is born with the best genetics, it's about what country has the best scientists. Besides, wouldn't you rather watch two seven-foot tall, 500 lb giants beating the crap out of each other rather than a couple scrawny 250lb, six and a half foot tall weaklings?

rMay 16, 2016 2:29 PM

@ianf,

If the bottles aren't run of the mill hopefully they're isotopically doped glass. I'm interested to see more about the comment on glass being insecure by default. But I do realize none of this applies.

John MacdonaldMay 16, 2016 3:47 PM

@Anura - the concern about using drugs comes from the side-effects on the athlete. Some drugs that have been used have serious side-effects on the body of the athletes that take them. Does society really want to support an environment in which the competitors must accept seriously impacting the rest of their life to have a hope of competing successfully?

ianfMay 16, 2016 3:54 PM


@ Anura,
               it's people like you who give chemistry its bad name. You always start small, with some haphazard test tube-beaker lab vandalism, and then, before the season is halfway through, start cooking meth on an industrial scale. Then progress to—if that's the word—DIY robotic large caliber machine guns concealed in the boot of a (and not even current model!!!!) sedan. Just so you know that I'm keeping a virtual eye on what your ilk will come up with next.

@ Wael
             OH, NO, you're not going to lure me into that endian(undef), not to mention the end-times, quagmire. It's laundry day on Thursday, need to brace mentally for that. Besides, you, who's been to Tokyo, 🇯🇵 (acc. to own testimony), probably could entertain us with many an anecdote of your steep learning to love the Japanese shower toilet curve. Or you could just leave out the curve and go straight to the would-submit-again-blindfolded-tomorrow bit. Unless you're chicken (here garden poultry equivalent of quack-quack for emphasis).

@ rrrrrr,
              The anti-doping movement carries lots of political and financial heft (and/or threats ;-)) so it's no wonder that it has grown into a global cottage industry. These bottles need not have been designed explicitly for doping tests, but, once selected from some robust glass sample container manufacturer's catalog for that use by some top-tier body, PROBABLY they now are made with a special identifying bottom stamp to confirm their origin (the pee-collecting and processing procedures themselves must run to tens of binders' worth), with the entire yearly production going to the designated client(s). Observe: I have no knowledge of this particular case, but that's how things are done among consenting pee-adults.

AnuraMay 16, 2016 4:32 PM

@John Macdonald

That's actually a larger problem than just drugs. Professional athletes are always harming their bodies by nature by overexerting themselves; this is why athletes are at a much higher risk for permanent injuries than the general population. I'm not sure that the evidence is there to support the argument that performance enhancing drugs pose significant harm; at, least not so much as them being significantly worse than the risks that come from being an athlete in and of itself. Besides, it's not like they aren't using them already.

Rule #1May 16, 2016 4:47 PM

NOTHING is "____-proof". How much effort and money do you want to put into it? Period.

Anybody and anything can be "got".

rMay 16, 2016 5:57 PM

@ianf,

I guess a high tech stamp is better than doped 'glass' that could be melted slagged and reshaped.

Thanks

AnuraMay 16, 2016 6:09 PM

@r, ianf

Instead of using an isotope, just use a lot of small flecks of metal. Then you can scan them in, create a 3D map containing the position of all the metal flecks, which should be randomly distributed. Hash the 3D map, use that as the serial number and sign it. It should be ridiculously difficult to counterfeit/reshape undetectably.

JoshMay 16, 2016 6:20 PM

A lot of speculation around reproducing the caps, but would seem to be easier to reproduce the bottles. Unlike the cap which has a code imprinted into it, the bottles appear to have a label of sorts affixed onto it. How hard would it be to create a counterfeit label using the sample-specific number and affix that to another bottle where the old label has been removed?

To keep the original cap intact, you don't break the cap, you break the bottle. The cap still in one piece can then be reaffixed to the new bottle with the counterfeit label once the clean urine sample has been added.

fajensenMay 17, 2016 5:16 AM

In our day and age with Biotech coming out on the other side of the Hype-Wave could one not just get researchers to design some extra glands to eat the metabolites of whatever custom dopant the athlete is on?

@ianf

Now you mention Breaking Bad - http://www.nature.com/nchembio/journal/v10/n10/full/nchembio.1613.html

"A microbial biomanufacturing platform for natural and semisynthetic opioids"

I'd wager that it takes about two university courses, one on basic lab skills, another one on experimental synthetic biology, and probably some smarts to get going with this :)

rMay 17, 2016 8:01 AM

@anura,

Sparkles, that's good.


@all,

Some acids and organic solvents have to be stored in glass, you guys said there's a rubber oring and metal 'spring'? I'm sure the magnetic method would take less time but solvents might be able to weaken either target 'just enough.'

Clive RobinsonMay 17, 2016 8:15 AM

@ Abura,

As I lay here in the hospital your testube story reminds me of the "unopenable screw top jars" that jam etc use to come in prior to the "tamper button" lid idea.

What used to happen is occasionaly the jar and lid tempratures would not be equalised before the lid was screwed down. The result was the different rates of expansion/contraction would jam the lid on way to tight for a normal human to undo. The solution was to "run the hot tap till very hot" then play the hot water on the metal lid only for a few moments, it would thus expand sufficiently for a normal human to get the lid off by first putting a tea towel over and then twisting.

Chemistry glass ware is made of different glasses depending on what it is to be used for. Measuring beakers are often made of the more thermaly stable borate glass, others different glasses those with "ground stoppers" have a very different rate of expansion to test tubes "blown in lab" out of the likes of low melt temprature crown class etc.

Thus testubes can "get soft" at lower tempratures than other glasses and like the boild egg in the milk bottle trick, if the tube gets sucked at by a vacuum that forms as a liquid cools, like the egg the test tube could get sucked into another glass vessel.

Then again maybe you missed an oportunity to go to Hogworts ;-)

Bumble BeeMay 17, 2016 4:04 PM

The only way to make things tamper-proof is to go after the people that are doing the tampering. I don't care if they are tampering with food, drink, urine samples, blood samples, the U.S. mail, my package that is supposed to come by Fed-Ex or UPS, or the brakes on my car.

1. Yes they do all these things.

2. Find out who they are and deport them not just from this country, but entirely from this earthly life, so they can spend eternity in hell where they belong.

nooneMay 17, 2016 8:36 PM

The bottle isn't tamper proof - it is designed to appear tamper proof.

They want to allow cheating.

Ugly hole in the wall demonstrates those who carried out the plan lacked the ingenuity of the who conconcted the scheme who undoubtably had influence in the designed of the bottles.

Misleading intro - I clicked to find out HOW THEY DID IT.

Magnet, heat, centerfuge, vacuum or remanufacture it is all good.

John HenryMay 18, 2016 9:27 PM

I used to work with product surety mainly in consumer package goods. I also did a number of presentations on the topic at conferences.

I said that NOTHING is tamper proof.

I used to pass around samples to the audience so they could see different techniques. One of the samples I always passed around was a Carnation milk can. I would say that cans were as close to tamper proof as you could get.

On the sample can I replaced the label with an identical one, made on my inkjet printer, in which Elsie the cows head (in the daisy) was replaced by my head.

Nobody ever noticed.

At the end of my talk, I would give the can and a can opener to someone in the audience and ask them to open it.

They were always surprised to find the milk can full of M&Ms.

I would conclude by reiterating that NOTHING is tamper proof.

John Henry
Changeover.com

ianfMay 19, 2016 4:32 AM


@ John Henry “would conclude [his presentation] by reiterating that NOTHING is tamper proof.

Of course, if you have access to/ control over/ the industrial mass-product packaging line, then you can put anything into (a number of) container blanks, and tamper-proof seal them prior to distribution/ delivery.

But that's not what "tamper-proof" really is about. Instead it is a method, a means, and a semaphore signaling that the contents of some package may have been breached/ tampered with AFTER it left its presumably kosher & secure packaging enviro. Your sample, effective in a boardroom-shock value kind of way though it was, did not demonstrate your alleged "nothing is really ever tamper-proof" claim, but that the latter depends on the degree of security in all previous links in the production chain. Weakest link in the chain as with everything else.

    In the early days of mass-packaged liquid produce days, it was supposedly common in certain dairy markets in the USA for shelf-stocking agents (then in the employ of producers, not the grocers) to sabotage one another's wares in the supermarket shelves, to discourage buyers of competing "leaky" containers. Esp. when one's own were bottled with no-leakage-footprint twist-off metal caps. That methodology died a natural death after grocers started banding together and not renewing contracts for deliveries from manufacturers with the supposedly less leakage-prone containers.

PS. In the attic I have a couple of cases of pristine factory sealed at the top, open at the bottom 1.25mm PE wall standup tubes for [Brand-Names all] mayonnaise, ketchup, other emulsive foodstuffs, ready to be filled with ANYTHING, and thermosealed below the inner content level with essentially two serrated edge irons. A residue of sorts of one long-term logistical project. Been thinking of filling them with random household floatsam, sealing them, then leaving in situ for future discoverers to be baffled over the intent of such supposedly motivated packaging act. Life is made of such inexplicable moments of serendipitous Interrobangs ‽ ‽ ‽ ‽ ‽ or at least it ought to be. We'll see.

Scott RomanowskiMay 19, 2016 10:25 AM

@Josh
"you break the bottle"

That's what I immediately thought of. The embossing on the bottom of the bottle doesn't look like the number on the label (and if it was, you wouldn't need a label). You can be very sloppy about destroying the bottle.

--- Scott

John HenryMay 19, 2016 11:02 PM

IANF,

I did not do my tampering in the factory. I did my tampering with a can that came out of my kitchen cupboard.

The trick is opening and reclosing a seamed can so that it is not noticeable. Even by an audience that was in the mood to think about product surety, even by an audience that has just been told that there is no such thing as tamper proof.

It is not really even much of a trick. It requires a $6 tool available in any supermarket.

As for the label, remove original, scan, photoshop, cut the photoshopped label to size, repaste on the can.

I've spent the past 40 years working in packaging plants. Lots of food, beverage, pharma, cosmetics and the like. It is VERY hard to tamper with product inside the plant. Basically too many people around at the various points where you could tamper with it.

John Henry

Clive RobinsonMay 20, 2016 4:27 AM

@ John Henry,

It is not really even much of a trick. It requires a $6 tool available in any supermarket.

Years ago, I made myself a "chocolate biscuit tin" --for my desk at work-- out of a "full fat" coke can (originally a bigger beer can but the boss objected). It was not very difficult to do, but it still supprised people from time to time. That is till somebody would steal it, and then I'd have to make another one :-(

Just to annoy people I made a trick biscuit tin out of sheet stainless steel that had a combination lock in the lid. Even if you got the combination right, it still would not open unless you pushed up a concealed button in the bottom.

I find such toys on your desk with food treats inside, work on my --past-- colleagues like those films you see of training squirrels or trying to keep out honey badgers etc ;-)

@ The usuall suspects,

No I'm not a sadist, I just like people to have fun whilst they are learning to be inquisitive.

ianfMay 20, 2016 2:09 PM


[Apologies for a compound reply, better one post from me, than many…]

@ Anura wants to see genetically engineered, chemically enhanced behemoths competing. This way, it's not about who is born with the best genetics, [but] what country has the best scientists. Wouldn't we rather watch two seven-foot tall, 500 lb giants beating the crap out of each other than scrawny 250lb, six and a half foot tall weaklings?

In a roundabout kind of way, sure, let us proceed to the next stage in arena sports, and have stadium-sized no-restriction Thunderdomes in each and every city (just like the Romans that built coliseums for man-vs.-beast, later gladiator death fights in major cities of their empire). Complete with morgues in the rear, and manned/ empowered-to-fire machine-gun emplacements along the exit walkways to "cool down" any overexcited spectators attempting to "reenact" and continue the just-ended onstage carnage. Given projected high attrition rate among the spectators however, and potentially scaring off squeamish others, I'm not sure about the economics of such a refinement of those events. Still, maybe, just maybe, such liberalization of permitted "chemical performance enhancers" for the players, combined with free-combat rules, would be just the ticket for the eradication of violent human male genes, so that female ones could then come to the fore!

Fantasy or not, however, there is always the risk of us breeding fighting robots instead, or hybrid human-machine ditto (and not mere Robocop sissies either); and then one or more of them going rogue, overpowering human remote kill-switch supervision, and roving about in dense urban setting as practically indestructible killing agents. What you gonna do, A-bomb the backlot of the Universal Studios in Hollywood where the Terminator last was seen?

    This reminded me of a short story I once read of a super-sized, self-contained humanoid robot designed to withstand extreme mining conditions on the Moon, that for some reason went rogue, and started to destroy man-made installations there. It may have been this "The Hunt," because the names Lem and Pirx ring a bell (2 bells in fact, chromatically almost in unison).

Lastly, Anura, should the powers that be LET ATHLETES HAVE ALL THE DRUGS THEY FANCY, there'd soon be calls from non-jocks—who outnumber the first—to at least be given free reign of on-demand euthanasia Peaceful Death pills. Which would definitely wreck havoc with the economy, because, no matter what one thinks of it, they'd be single-ingestion items, directly at odds with present models of recurrent-consumption-equals-higher-tax-revenue societies.


@ rrrrrr, Anura,

all the high-tech methods to prevent and/or raise the visibility of tampering with those bottles that you envisioned would count for nothing anyway BECAUSE of the state-level adversary with basically unlimited resources AND the mega inferiority complex-driven goal of no face-loss PRESTIGE. Plus a strategically placed, if low-tech, hole in the wall in the critical place.


@ John Henry says [tampering with a can] is not really even much of a trick. It requires a $6 tool available in any supermarket.

Thank you for that Anglo/American-parochial instruction on where to get that wonder tool, because, last time I looked, nothing like that stood out in my supermarket. I once saw a handheld battery-driven can-top slicer sold by $AMZN, but it failed miserably with a Japanese Kirin (curvy vase-shaped) alu beer can that I brought over from San Francisco, CA, and kept for a special occasion - only to discover that it started leaking at the bottom after 20 years.

That said, I though we discussed real-world tampering (=ad-hoc adulterating contents of a container prior to point of sale, say), rather than demoing the opposite to a roomful of morons. I would have spotted your alteration simply by weighting in hand/ shaking the can and registering the rattle of its contents.

BTW. I once pretty much accidentally invented—a client asked for new ideas—a child-proof plastic closure for dishwasher etc. caustic granular powder boxes (it required simultaneous pressure on 3 points too far apart for small hands). The adults were ecstatic, but I had my doubts… knowing how inventive kids are, and that all it took was for some pre-pubescent smart-alec to figure it out and demo to mates. So I never progressed with it, and a same-principle but more complex closure that appeared a few years later has since disappeared as well.

@ Clive Robinson assures us that “he's not a sadist.”

Careful there, Clive, of running afoul of the doth protests too much probity. Me, I don't have that problem, preferring others to find that out for themselves instead SHOULD THE NEED ARISE.

As for your office pranks of truly Gareth-Keenan'ian proportions, I could but note the obvious parallels of your motivation to JFK's famous 1962 goal: [a paraphrase; the royal] we choose to tamper with the can… we choose to tamper with the can, and do the other things, not because they are hard, but because they are easy. [emphasis mine]

WaelMay 20, 2016 10:35 PM

@ianf,

... of this world assembling the ID-puzzle

Your feeble disinformation mini campaign is futile. I know how Germans write in English, and you don't write like one.

CuriousMay 22, 2016 4:54 AM

Would it be necessary to alter the content of the bottle?

Having glanced at this thread, perhaps the simplest way to "alter" the content of a bottle, would be to simply use a new bottle, and swap the old one with the new.

Matt LebronMay 24, 2016 12:49 AM

Did you ever consider that this guy may be full of it?

Really. Nobody on this form has even considered the easiest explanation for the mystery of how the bottles were opened.

This guy is making it all up, because he is getting revenge for being fired. Nobody questioned his motives.

For instance, he didn't come forward while he was gainfully employed, only after getting fired for questionable behavior.

The Times Article was bad enough to not explore this possibility.

I really think the story begs credibility. Especially the part about storing the urine in soda bottles and such.

It's a super sophisticated operation on one end, but they store urine in soda bottle on the other end. Did they label the soda bottles? How many soda bottle were there? Hundreds? No, THOUSANDS. Come on.

Really deconstruct the story. It stinks.

ScottMay 24, 2016 8:39 AM

If you have physical access to an object or system - it is inherently insecure.

MikeJune 3, 2016 12:43 AM

The article said the bottles and caps were returned opened, with the tainted urine still in the bottles, whereupon they would have to clean and dry the bottles.

From that description, it seems that at least the bottles were the original ones when the athlete left a sample.

il--yaJuly 19, 2016 9:32 AM

1. Replace the metal spring with identically-looking one made of ferrous metal before it's been locked.
2. After the bottle is locked, apply strong magnetic field to lift the spring. Open the bottle.
3. Replace the spring with original one. The bottle is ready to be re-locked.

Job done.

I'm assuming here that the original spling is made of non-ferrous metal. Otherwise that would be just simple stupid.

il--yaJuly 19, 2016 9:48 AM

Just read Tatütata's comment, which explains that the spring element was made of plastic. Well, that's even easier, as the tamperer wouldn't need to substitute anything in advance. Just soften the "resilient polymer O-ring" spring-element with a laser through a glass cap, push the cap down to compress the ring, cool down, open the bottle, replace the deformed plastic O-ring with a fresh one (taken from used sample A bottles, for example) - job done.

JonAugust 14, 2016 4:24 AM

Berlinger has categorically stated their bottles are tamper proof. They've asked for demonstrations on how anyone was able to beat their system but as of yet no evidence has been forthcoming. I wait with baited breath ...

Clive RobinsonAugust 14, 2016 4:53 AM

@ Jon,

... but as of yet no evidence has been forthcoming. I wait with baited breath ...

I Would not do that, you might go first blue then green and eventually runny ;-)

Look at it this way, if you had a valuable secret would you just "give it away"?

It helps to think of it as the same as an OS zero day vulnerability, why give it for free to some very rich but totally stingy giant corp, when there are small "security" companies offering a quater of a million dollars or more, and you know that they are going to seriously profit on it selling it to tax rich organisations.

But you also need to consider who the real "greedy entity" is... Is it the person who has discovered the vulnarability by either luck or hard work... Or is it a giant corp that thinks it is entitled to be told for nothing about defects in it's products in order that it save face, profit and potentialy avoid a costly class action?

Personaly I hope they lose the contract to supply their bottles, not that it is going to happen. The thing is it's become clear by it's actions --which speak louder than words-- that IOC want to lift the corner of the carpet and sweep the whole mess under it. To put it another way they do not care one iota about actual dopping just the look of it and the politics that might interupt their lucrative cash flow... So it's not in their interests nor others down the chain to have realy tamper proof bottles, just have ones that look like they are. Then just like Nelson they can put the viewing glass to their blind eye and claim "I see no ships" or in their case dopping.

RogerSeptember 12, 2016 9:21 AM

@Jon:

... but as of yet no evidence has been forthcoming. I wait with baited breath ...

I'd be happy to have a crack, if they send me a few bottles to try. In the interest of supporting WADA [1], I'll even waive half my usual fee.

In the meantime, I see a lot of interesting suggestions above, ranging somewhat in practicality, but no-one seems to have mentioned simple picking.

The metal locking ring has 12 teeth [2], but the glass bottles only have 4 teeth for them to engage. And due to its internal ribbing, there is a fine gap between the inside of the skirt of the cap, and the glass flange on which the glass teeth are mounted.

So it seems like it might be possible, perhaps even simple, to insert 4 specially shaped fine picks to make ramps for the metal teeth to override the glass teeth in reverse.

If it wasn't for the aforementioned ribbing, you could probably lock these tools in place (e.g. with a cable tie or hose clamp) and completely unscrew the lid in one go. Unfortunately, the same ribbing that forces Berlinger to have a gap, would also force you to remove and re-set these tools once every ¼ turn. Judging by the depth of the teeth and the pitch of the screw thread, you would only need about 1½ turns to unlock it completely -- call it 4 x 1½ = 6 stages on inserting picks, 4 pick insertions per stage = 24 pick insertions, probably an hour's work if they're well-practiced.

But the real WTF ...
... is the whole of the rest of the protocol. Perhaps it shouldn't be too surprising when they get a security container evaluated by showing it to a roomful of medicos, instead of thieves. But the protocol itself seems to be idiotic. Ignoring the "A sample", "B sample" stuff, which isn't relevant here, it seems to go something like this:


  1. Athlete urinates into (two) sample bottles under close scrutiny. The scrutineer is presumed utterly trustworthy, because otherwise everything falls apart right from the start.

  2. Scrutineer seals the sample bottles, and records their 7 digit serial number.

  3. Scrutineer hands over the bottles to a much less trustworthy person who is, in all probability, completely partisan.

  4. Partisan person takes the samples to a "secure area", constructed and maintained by the athlete's national government, which has no actual security features such as alarms, guards, CCTV, or even solid walls.

  5. In the "secure area", the partisan person deposits the samples in a storeroom where they are now left unguarded and unmonitored for an indefinite period of time in an area accessible to non-trustworthy people.

  6. Non-trustworthy people are allowed to enter the "secure storage area" at all hours of the night, and remain there for hours without giving any explanation of what the heck they are doing in there with all those bottles of piss at 2 a.m.

  7. At some point the bottles reach an analytical laboratory where, because the lid has a little ratchet, we can assume that absolutely nothing could have gone wrong between steps 2 and 7.


Hmm. Conspiracy or incompetence?


____

1. That's a joke, son. I don't waive my fee and I don't support WADA. WADA has done a lot of ridiculous and grossly unreasonable stuff, but they really lost me during the meldonium kerfuffle. In case you were living under a rock last March, there is considerable debate about whether the recently banned meldonium is actually performance enhancing. It is normally given to heart patients to help recover from minor heart attacks. There is evidence that athletes who were using it did so not to enhance performance, but because it helps to prevent the accumulated stress injuries that arise from heavy training regimes. So by banning it, WADA has quite possibly harmed athletes' health, on the strength of little more than speculation that it might enhance performance.

But that debate itself is not where they lost me. While listening to those arguments, I discovered that for the great majority of the hundreds of banned substances, there is no medical or scientific evidence that they are actually performance enhancing (or masking, or what have.) My personal favorite, by the way, is argon. Yes, argon the noble gas, that is totally chemically inert and has no physiological effects other than asphyxia. It is banned under the category "Peptide Hormones, Growth Factors, Related Substances". I kid you not -- look it up. The convoluted logic by which argon is banned as a peptide-hormone-related-substance is both fascinating and utterly idiotic. It'd be hilarious if these fanatics weren't wrecking peoples' lives and careers.

2. Curiously, only 4 of the 12 teeth are angled sharply down to act as ratchets. The other 8 are folded back halfway along their length. They may not engage at all, but it's possible that they just engage on the last ¼ turn. I can't see the reason for this. It doesn't seem to have any effect on the difficult of my proposed picking attack, nor on any of the others mentioned above.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.