Entries Tagged "forgery"

Page 9 of 13

GAO Report on International Passenger Prescreening

From the U.S. GAO: “Aviation Security: Efforts to Strengthen International Prescreening are Under Way, but Planning and Implementations Remain,” May 2007.

What GAO Found

Customs and Border Protection (CBP), the Department of Homeland Security (DHS) agency responsible for international passenger prescreening, has planned or is taking several actions designed to strengthen the aviation passenger prescreening process. One such effort involves CBP stationing U.S. personnel overseas to evaluate the authenticity of the travel documents of certain high-risk passengers prior to boarding U.S.-bound flights. Under this pilot program, called the Immigration Advisory Program (IAP), CBP officers personally interview some passengers deemed to be high-risk and evaluate the authenticity and completeness of these passengers’ travel documents. IAP officers also provide technical assistance and training to air carrier staff on the identification of improperly documented passengers destined for the United States. The IAP has been tested at several foreign airports and CBP is negotiating with other countries to expand it elsewhere and to make certain IAP sites permanent. Successful implementation of the IAP rests, in part, on CBP clearly defining the goals and objectives of the program through the development of a strategic plan.

A second aviation passenger prescreening effort designed to strengthen the passenger prescreening process is intended to align international passenger prescreening with a similar program (currently under development) for prescreening passengers on domestic flights. The Transportation Security Administration (TSA)—a separate agency within DHS—is developing a domestic passenger prescreening program called Secure Flight. If CBP’s international prescreening program and TSA’s Secure Flight program are not effectively aligned once Secure Flight becomes operational, this could result in separate implementation requirements for air carriers and increased costs for both air carriers and the government. CBP and TSA officials stated that they are taking steps to coordinate their prescreening efforts, but they have not yet made all key policy decisions.

In addition to these efforts to strengthen certain international aviation passenger prescreening procedures, one other issue requires consideration in the context of these efforts. This issue involves DHS providing the traveling public with assurances of privacy protection as required by federal privacy law. Federal privacy law requires agencies to inform the public about how the government uses their personal information. Although CBP officials have stated that they have taken and are continuing to take steps to comply with these requirements, the current prescreening process allows passenger information to be used in multiple prescreening procedures and transferred among various CBP prescreening systems in ways that are not fully explained in CBP’s privacy disclosures. If CBP does not issue all appropriate disclosures, the traveling public will not be fully aware of how their personal information is being used during the passenger prescreening process.

Posted on May 23, 2007 at 7:18 AMView Comments

10,000 Fake British Passports in One Year

This is the kind of thing that demonstrates why attempts to make passports harder to forge are not the right way to spend security dollars. These aren’t fake passports; they’re real ones mis-issued. They have RFID chips and any other anti-counterfeiting measure the British government includes.

The weak link in identity documents is the issuance procedures, not the documents themselves.

Posted on March 26, 2007 at 6:46 AMView Comments

Diplomatic Immunity

Interesting article about diplomatic immunity as a “get out of jail free” card in Germany.

Shopping for free involves no legal consequences for the roughly 6,000 diplomats in Berlin and their families. Protected by diplomatic immunity as guaranteed under international law, members of the diplomatic service have all sorts of options not available to others. They can ignore red lights without fear of being fined, race through a speed trap drunk, bully the maid or refuse to pay the workman’s bills.

Berlin’s public prosecutor’s office registered about 100 such offenses last year, including theft, traffic violations, fleeing the scene of accidents, and inflicting bodily harm. No one is keeping precise statistics. Those who get caught need only show their red diplomatic passport to get off scot-free in most cases.

Of course they’re being counterfeited:

It seems like everybody wants one of those nice red “get out of jail free” cards these days: Senior prosecutor Karlheinz Dalheimer warns that “counterfeit diplomatic passports have been a major problem recently.”

Posted on March 22, 2007 at 1:44 PMView Comments

Iraqi Gunmen Dressing Up in American Military Uniforms

I’ve previously written about how official uniforms are inherent authentication tokens, even though they shouldn’t be (see also this and this for some less deadly anecdotes).

Now we see this tactic being used in Baghdad:

The armored sport utility vehicles whisked into a government compound in the city of Karbala with speed and urgency, the way most Americans and foreign dignitaries travel along Iraq’s treacherous roads these days.

Iraqi guards at checkpoints waved them through Saturday afternoon because the men wore what appeared to be legitimate U.S. military uniforms and badges, and drove cars commonly used by foreigners, the provincial governor said.

Once inside, however, the men unleashed one of the deadliest and most brazen ambushes of U.S. forces in a secure, official area. Five American service members were killed in a hail of grenades and gunfire in a breach of security that Iraqi officials called unprecedented.

Uniforms are no substitute for real authentication. They’re just too easy to steal or forge.

Posted on January 29, 2007 at 1:37 PMView Comments

Buying Fake European Passports

Interesting story of a British journalist buying 20 different fake EU passports. She bought a genuine Czech passport with a fake name and her real picture, a fake Latvian passport, and a stolen Estonian passport.

Despite information on stolen passports being registered to a central Interpol database, her Estonian passport goes undetected.

Note that harder-to-forge RFID passports would only help in one instance; it’s certainly not the most important problem to solve.

Also, I am somewhat suspicious of this story. I don’t know about the UK laws, but in the US this would be a major crime—and I don’t think being a reporter would be an adequate defense.

Posted on December 5, 2006 at 1:38 PM

Notary Fraud

Many countries have the concept of a “notary public.” Their training and authority varies from country to country; in the United States, their primary role is to witness the signature of legal documents. Many important legal documents require notarization in addition to a signature, primarily as a security device.

When I get a document notarized, I present my photo ID to a notary public. Generally, I go to my local bank, where many of the employees are notary publics and I don’t have to pay a fee for the service. I sign the document while the notary watches, and he then signs an attestation to the fact that he saw me sign it. He doesn’t read the document; that’s not his job. And then I send my notarized document to whoever needed it: another bank, the patent office, my mortgage company, whatever.

It’s an eminently hackable system. Sure, you can always present a fake ID—I’ll bet my bank employee has never seen a West Virginia driver’s license, for example—but that takes work. The easiest way to hack the system is through social engineering.

Bring a small pile of documents to be notarized. In the middle of the pile, slip in a document with someone else’s signature. Since he’s busy with his own signing and stamping—and you’re engaging him in slightly distracting conversation—he’s probably not going to notice that he’s notarizing something “someone else” signed. If he does, apologize for your honest mistake and try again elsewhere.

Of course, you’re better off visiting a notary who charges by the document: he’ll be more likely to appreciate the stack of documents you’ve brought to him and less likely to ask questions. And pick a location—not like a bank—that isn’t filled with security cameras.

Of course, this won’t be enough if the final recipient of the document checks the signature; you’re on your own when it comes to forgery. And in my state the notary has to keep a record of the document he signs; this one won’t be in his records if he’s ever asked. But if you need to switch the deed on a piece of property, change ownership of a bank account, or give yourself power of attorney over someone else, hacking the notary system makes the job a lot easier.

Anyone know how often this kind of thing happens in real life?

Posted on November 29, 2006 at 7:19 AMView Comments

1 7 8 9 10 11 13

Sidebar photo of Bruce Schneier by Joe MacInnis.