Page 10 of 21
Some movie-plot attacks actually happen:
They never touched the floor—that would have set off an alarm.
They didn’t appear on store security cameras. They cut a hole in the roof and came in at a spot where the cameras were obscured by advertising banners.
And they left with some $26,000 in laptop computers, departing the same way they came in—down a 3-inch gas pipe that runs from the roof to the ground outside the store.
Since they are hard to conceal, the study says, noses would work well for identification in covert surveillance.
The researchers say noses have been overlooked in the growing field of biometrics, studies into ways of identifying distinguishing traits in people.
“Noses are prominent facial features and yet their use as a biometric has been largely unexplored,” said the University of Bath’s Dr Adrian Evans.
“Ears have been looked at in detail, eyes have been looked at in terms of iris recognition but the nose has been neglected.”
The researchers used a system called PhotoFace, developed by researchers at the University of the West of England, Bristol and Imperial College, London, for the 3D scans.
Interesting essay by a former CIA field officer on the al-Mabhouh assassination:
The truth is that Mr. Mabhouh’s assassination was conducted according to the book—a military operation in which the environment is completely controlled by the assassins. At least 25 people are needed to carry off something like this. You need “eyes on” the target 24 hours a day to ensure that when the time comes he is alone. You need coverage of the police—assassinations go very wrong when the police stumble into the middle of one. You need coverage of the hotel security staff, the maids, the outside of the hotel. You even need people in back-up accommodations in the event the team needs a place to hide.
I found this conclusion incredible:
I can only speculate about where exactly the hit went wrong. But I would guess the assassins failed to account for the marked advance in technology.
[…]
Not completely understanding advances in technology may be one explanation for the assassins nonchalantly exposing their faces to the closed-circuit TV cameras, one female assassin even smiling at one…. The other explanation—the assassins didn’t care whether their faces were identified—doesn’t seem plausible at all.
Does he really think that this professional a team simply didn’t realize that there were security cameras in airports and hotels? I think that the “other explanation” is not only plausible, it’s obvious.
The number of suspects is now at 27, by the way. And:
Also Monday, the sources said the UAE central bank is working with other nations to track funding and 14 credit cards—issued mostly by a United States bank—used by the suspects in different places, including the United States.
We’ll see how well these people covered their tracks.
EDITED TO ADD (3/3): Speculation that it’s Egypt or Jordan. I don’t believe it.
EDITED TO ADD (3/5): More commentary on the tactics. Speculation that it was Mossad.
My fourth essay for CNN.com, on surveillance cameras. The Al-Mabhouh assassination made a nice news hook.
EDITED TO ADD (3/4): The security camera industry responds.
It’s a really creepy story. A school issues laptops to students, and then remotely and surreptitiously turns on the camera. (Here’s the lawsuit.)
This is an excellent technical investigation of what actually happened.
This investigation into the remote spying allegedly being conducted against students at Lower Merion represents an attempt to find proof of spying and a look into the toolchain used to accomplish spying. Taking a look at the LMSD Staff List, Mike Perbix is listed as a Network Tech at LMSD. Mr. Perbix has a large online web forum footprint as well as a personal blog, and a lot of his posts, attributed to his role at Lower Merion, provide insight into the tools, methods, and capabilities deployed against students at LMSD. Of the three network techs employed at LMSD, Mr. Perbix appears to have been the mastermind behind a massive, highly effective digital panopticon.
The January 19th assassination of Mahmoud al-Mabhouh reads like a very professional operation:
Security footage of the killers’ movements during the afternoon, released by police in Dubai yesterday, underlines the professionalism of the operation. The group switched hotels several times and wore disguises including false beards and wigs, while surveillance teams rotated in pairs through the hotel lobby, never hanging around for too long and paying for everything in cash.
Folliard and another member of the party carrying an Irish passport in the name of Kevin Daveron were operating as spotters on the second floor of the hotel when the murder was committed. Both switched hotels that afternoon and dressed smartly to pose as hotel staff. The bald Daveron donned a dark wig and glasses, while Folliard appears to have removed a blonde wig to reveal dark hair.
Throughout the operation, none of the suspects made a direct call to any another. However, Dubai police traced a high volume of calls and text messages between three phones carried by the assassins and four numbers in Austria where a command centre had apparently been established.
To co-ordinate their movements on the ground, the team used discreet, sophisticated short-range communication devices as they tracked their victim.
And this:
The Dubai authorities claim there were two teams: one carried out surveillance of the target, while the other—which appears to be a group of younger men, at least as far as the camera shots show—carried out the killing.
Contrary to reports, the squad did not break into Mabhouh’s hotel room, nor did they knock on the door. They entered the room using copies of keys they had somehow acquired.
Read the whole thing—and watch (in three parts) this video compilation of all the CCTV cameras in the hotels and airprort. It’s impressive. And the professionalism leads pretty much everyone to suspect Mossad.
There are a few things I wonder about. The team didn’t know what hotel Mabhouh would be staying in, nor whether he would be alone or with others. The team also didn’t use any guns. How much of the operation was preplanned, and how much was created on the fly? Was that why there were so many people involved?
The team booked the hotel room directly across the hallway from Mabhouh. That seems like the part of the plan most likely to arouse suspicion. It’s unusual to reserve a particular room, and not unreasonable to think that the hotel desk staff might wonder who else is booked nearby.
How did they get into Mabhouh’s hotel room. The video shows evidence of them trying to reprogram the door. Given that they didn’t know the hotel until they got there, what kind of general hotel-key reprogramming devices do they have?
I wonder if any of those fake passports had RFID chips?
Dubai’s police chief said six of the suspects had British passports, three were Irish, one French and one German.
The passports are believed to be fakes.
And Mabhouh was discovered in his room, the door locked and barred from the inside. Is it really that easy to do that to a hotel room door?
Note: Please limit comments to the security considerations and lessons of the assassination, and steer clear of the politics.
EDITED TO ADD (2/19): Interesting analysis:
Investigators believe the assassins tried to reprogram the electronic lock on al-Mabhouh’s door to gain entry. Some news reports say the assassins entered the room while the victim was out and waited for him to return, while others say they were thwarted from entering the room when a hotel guest stepped off the elevator on al-Mabhouh’s floor. They then had to resort to tricking al-Mabhouh into opening his door to them after he returned.
[…]
He said the number of people involved in the operation indicates that it may have been put together in a rush.
“The less time you have to plan and carry out an operation, the more people you need to carry it out [on the ground],” he said. “The more time you have to plan . . . there’s a lot of things you eliminate.”
If you know that you can stop the elevator in the basement, for example, you don’t then need people guarding the elevator lobby on the victim’s floor to make sure no one steps off the elevator, he said.
He says it was likely that the Mossad’s second in command for operations was in the hotel or the area when the assassination took place and has gone unnoticed by the Dubai authorities.
[…]
Ostrovsky said although the operatives scattered to various parts of the world after the operation was completed, he believes they’re all back in Israel now. He says other countries are likely sifting through their airport surveillance tapes now to track the final destination of the team members.
He added that the Mossad was likely surprised by how the Dubai authorities pieced everything together so well and publicized the video and passport photos of the suspects.
[…]
Ostrovsky said that despite the Dubai operation’s success, it was amateurish at moments. He points to the bad disguises the suspects used—wigs, glasses and moustaches—and the fact that suspects seemed changed their disguises in the same place. He also points to two of the suspects who followed the victim to his hotel room while dressed in tennis outfits and didn’t seem to know what they were doing.
The two seemed to confer momentarily while the victim exited the elevator, as if deciding who would follow the victim to his room. A hotel employee accompanying the victim to his room even glanced back at the two, as if noticing their confusion.
“A lot of people in the field make those mistakes and they never come up because they’re never [caught on tape],” he said.
Any facility executive involved in the design of a new building would agree that security is one important goal for the new facility. These days, facility executives are likely to say that green design is another priority. Unfortunately, these two goals are often in conflict. Consider the issues that arise when even a parking lot is being designed. From a security perspective, bright lights in the parking lot enable security cameras to pick up all activity at night. From a green point of view, a brightly lit parking lot is a waste of energy and a source of light pollution. An advocate of green design would argue for plenty of leafy trees and bushes in the parking lot to minimize the urban heat island effect; a security consultant would reply that trees in the lot will block surveillance cameras and provide hiding places for would-be criminals.
There is no shortage of conflicts between sustainability and security goals. Fortunately these conflicts can be resolved to the mutual benefit of both parties, resulting in sustainable and secure buildings and campuses. This balance can be best achieved if security is involved early in the design process.
Sometimes mediocre encryption is better than strong encryption, and sometimes no encryption is better still.
The Wall Street Journal reported this week that Iraqi, and possibly also Afghan, militants are using commercial software to eavesdrop on U.S. Predators, other unmanned aerial vehicles, or UAVs, and even piloted planes. The systems weren’t “hacked”—the insurgents can’t control them—but because the downlink is unencrypted, they can watch the same video stream as the coalition troops on the ground.
The naive reaction is to ridicule the military. Encryption is so easy that HDTVs do it—just a software routine and you’re done—and the Pentagon has known about this flaw since Bosnia in the 1990s. But encrypting the data is the easiest part; key management is the hard part. Each UAV needs to share a key with the ground station. These keys have to be produced, guarded, transported, used and then destroyed. And the equipment, both the Predators and the ground terminals, needs to be classified and controlled, and all the users need security clearance.
The command and control channel is, and always has been, encrypted—because that’s both more important and easier to manage. UAVs are flown by airmen sitting at comfortable desks on U.S. military bases, where key management is simpler. But the video feed is different. It needs to be available to all sorts of people, of varying nationalities and security clearances, on a variety of field terminals, in a variety of geographical areas, in all sorts of conditions—with everything constantly changing. Key management in this environment would be a nightmare.
Additionally, how valuable is this video downlink is to the enemy? The primary fear seems to be that the militants watch the video, notice their compound being surveilled and flee before the missiles hit. Or notice a bunch of Marines walking through a recognizable area and attack them. This might make a great movie scene, but it’s not very realistic. Without context, and just by peeking at random video streams, the risk caused by eavesdropping is low.
Contrast this with the additional risks if you encrypt: A soldier in the field doesn’t have access to the real-time video because of a key management failure; a UAV can’t be quickly deployed to a new area because the keys aren’t in place; we can’t share the video information with our allies because we can’t give them the keys; most soldiers can’t use this technology because they don’t have the right clearances. Given this risk analysis, not encrypting the video is almost certainly the right decision.
There is another option, though. During the Cold War, the NSA’s primary adversary was Soviet intelligence, and it developed its crypto solutions accordingly. Even though that level of security makes no sense in Bosnia, and certainly not in Iraq and Afghanistan, it is what the NSA had to offer. If you encrypt, they said, you have to do it “right.”
The problem is, the world has changed. Today’s insurgent adversaries don’t have KGB-level intelligence gathering or cryptanalytic capabilities. At the same time, computer and network data gathering has become much cheaper and easier, so they have technical capabilities the Soviets could only dream of. Defending against these sorts of adversaries doesn’t require military-grade encryption only where it counts; it requires commercial-grade encryption everywhere possible.
This sort of solution would require the NSA to develop a whole new level of lightweight commercial-grade security systems for military applications—not just office-data “Sensitive but Unclassified” or “For Official Use Only” classifications. It would require the NSA to allow keys to be handed to uncleared UAV operators, and perhaps read over insecure phone lines and stored in people’s back pockets. It would require the sort of ad hoc key management systems you find in internet protocols, or in DRM systems. It wouldn’t be anywhere near perfect, but it would be more commensurate with the actual threats.
And it would help defend against a completely different threat facing the Pentagon: The PR threat. Regardless of whether the people responsible made the right security decision when they rushed the Predator into production, or when they convinced themselves that local adversaries wouldn’t know how to exploit it, or when they forgot to update their Bosnia-era threat analysis to account for advances in technology, the story is now being played out in the press. The Pentagon is getting beaten up because it’s not protecting against the threat—because it’s easy to make a sound bite where the threat sounds really dire. And now it has to defend against the perceived threat to the troops, regardless of whether the defense actually protects the troops or not. Reminds me of the TSA, actually.
So the military is now committed to encrypting the video … eventually. The next generation Predators, called Reapers—Who names this stuff? Second-grade boys?—will have the same weakness. Maybe we’ll have encrypted video by 2010, or 2014, but I don’t think that’s even remotely possible unless the NSA relaxes its key management and classification requirements and embraces a lightweight, less secure encryption solution for these sorts of situations. The real failure here is the failure of the Cold War security model to deal with today’s threats.
This essay originally appeared on Wired.com.
EDITED TO ADD (12/24): Good article from The New Yorker on the uses—and politics—of these UAVs.
EDITED TO ADD (12/30): Error corrected—”uncleared UAV operators” should have read “uncleared UAV viewers.” The point is that the operators in the U.S. are cleared and their communications are encrypted, but the viewers in Asia are uncleared and the data is unencrypted.
This is cool:
Ghost imaging is a technique that allows a high-resolution camera to produce an image of an object that the camera itself cannot see. It uses two sensors: one that looks at a light source and another that looks at the object. These sensors point in different directions. For example, the camera can face the sun and the light meter can face an object.
That object might be a soldier, a tank or an airplane, Ron Meyers, a laboratory quantum physicist explained during an Oct. 28 interview on the Pentagon Channel podcast “Armed with Science: Research and Applications for the Modern Military.”
Once this is done, a computer program compares and combines the patterns received from the object and the light. This creates a “ghost image,” a black-and-white or color picture of the object being photographed. The earliest ghost images were silhouettes, but current ones depict the objects more realistically.
[…]
Using virtually any light source—from a fluorescent bulb, lasers, or even the sun—quantum ghost imaging gives a clearer picture of objects by eliminating conditions such as clouds, fog and smoke beyond the ability of conventional imaging.
EDITED TO ADD (12/12): A better explanation of the effect, and a detailed paper.
From the Courier-Mail:
A man who established a sophisticated network of peepholes and cameras to spy on his flatmates has escaped a jail sentence after police were unable to crack an encryption code on his home computer.
[…]
They found a series of holes drilled in to walls and ceilings throughout the Surfers Paradise apartment with wires leading back to Wyllie’s bedroom.
Police seized his personal computer, but files were encrypted and a video camera was not plugged in.
[…]
In passing sentence, Judge Devereaux took in to account the 33 days Wyllie had spent in custody after being arrested and ordered that two years’ probation was sufficient punishment, given that there was no hard evidence proving he had secretly recorded his flatmates.
Sidebar photo of Bruce Schneier by Joe MacInnis.