Entries Tagged "homeland security"

Page 28 of 37

TSA Security Round-Up

Innocent passenger arrested for trying to bring a rubber-band ball onto an airplane.

Woman passes out on plane after her drugs are confiscated.

San Francisco International Airport screeners were warned in advance of undercover test.

And a cartoon.

We have a serious problem in this country. The TSA operates above, and outside, the law. There’s no due process, no judicial review, no appeal.

EDITED TO ADD (11/21): And six Muslim imams removed from a plane by US Airways because…well because they’re Muslim and that scares people. After they were cleared by the authorities, US Airways refused to sell them a ticket. Refuse to be terrorized, people!

Note that US Airways is the culprit here, not the TSA.

EDITED TO ADD (11/22): Frozen spaghetti sauce confiscated:

You think this is silly, and it is, but a week ago my mother caused a small commotion at a checkpoint at Boston-Logan after screeners discovered a large container of homemade tomato sauce in her bag. What with the preponderance of spaghetti grenades and lasagna bombs, we can all be proud of their vigilance. And, as a liquid, tomato sauce is in clear violation of the Transportation Security Administration’s carry-on statutes. But this time, there was a wrinkle: The sauce was frozen.

No longer in its liquid state, the sauce had the guards in a scramble. According to my mother’s account, a supervisor was called over to help assess the situation. He spent several moments stroking his chin. “He struck me as the type of person who spent most of his life traveling with the circus,” says Mom, who never pulls a punch, “and was only vaguely familiar with the concept of refrigeration.” Nonetheless, drawing from his experiences in grade-school chemistry and at the TSA academy, he sized things up. “It’s not a liquid right now,” he observantly noted. “But it will be soon.”

In the end, the TSA did the right thing and let the woman on with her frozen food.

Posted on November 21, 2006 at 12:51 PMView Comments

The Zotob Worm and the DHS

On August 18 of last year, the Zotob worm badly infected computers at the Department of Homeland Security, particularly the 1,300 workstations running the US-VISIT application at border crossings. Wired News filed a Freedom of Information Act request for details, which was denied.

After we sued, CBP released three internal documents, totaling five pages, and a copy of Microsoft’s security bulletin on the plug-and-play vulnerability. Though heavily redacted, the documents were enough to establish that Zotob had infiltrated US-VISIT after CBP made the strategic decision to leave the workstations unpatched. Virtually every other detail was blacked out. In the ensuing court proceedings, CBP claimed the redactions were necessary to protect the security of its computers, and acknowledged it had an additional 12 documents, totaling hundreds of pages, which it withheld entirely on the same grounds.

U.S. District Judge Susan Illston reviewed all the documents in chambers, and ordered an additional four documents to be released last month. The court also directed DHS to reveal much of what it had previously hidden beneath thick black pen strokes in the original five pages.

“Although defendant repeatedly asserts that this information would render the CBP computer system vulnerable, defendant has not articulated how this general information would do so,” Illston wrote in her ruling (emphasis is lllston’s).

The details say nothing about the technical details of the computer systems, and only point to the incompetence of the DHS in handling the incident.

Details are in the Wired News article.

Posted on November 6, 2006 at 12:11 PMView Comments

Forge Your Own Boarding Pass

Last week Christopher Soghoian created a Fake Boarding Pass Generator website, allowing anyone to create a fake Northwest Airlines boarding pass: any name, airport, date, flight. This action got him visited by the FBI, who later came back, smashed open his front door, and seized his computers and other belongings. It resulted in calls for his arrest—the most visible by Rep. Edward Markey (D-Massachusetts)—who has since recanted. And it’s gotten him more publicity than he ever dreamed of.

All for demonstrating a known and obvious vulnerability in airport security involving boarding passes and IDs.

This vulnerability is nothing new. There was an article on CSOonline from February 2006. There was an article on Slate from February 2005. Sen. Chuck Schumer spoke about it as well. I wrote about it in the August 2003 issue of Crypto-Gram. It’s possible I was the first person to publish it, but I certainly wasn’t the first person to think of it.

It’s kind of obvious, really. If you can make a fake boarding pass, you can get through airport security with it. Big deal; we know.

You can also use a fake boarding pass to fly on someone else’s ticket. The trick is to have two boarding passes: one legitimate, in the name the reservation is under, and another phony one that matches the name on your photo ID. Use the fake boarding pass in your name to get through airport security, and the real ticket in someone else’s name to board the plane.

This means that a terrorist on the no-fly list can get on a plane: He buys a ticket in someone else’s name, perhaps using a stolen credit card, and uses his own photo ID and a fake ticket to get through airport security. Since the ticket is in an innocent’s name, it won’t raise a flag on the no-fly list.

You can also use a fake boarding pass instead of your real one if you have the “SSSS” mark and want to avoid secondary screening, or if you don’t have a ticket but want to get into the gate area.

Historically, forging a boarding pass was difficult. It required special paper and equipment. But since Alaska Airlines started the trend in 1999, most airlines now allow you to print your boarding pass using your home computer and bring it with you to the airport. This program was temporarily suspended after 9/11, but was quickly brought back because of pressure from the airlines. People who print the boarding passes at home can go directly to airport security, and that means fewer airline agents are required.

Airline websites generate boarding passes as graphics files, which means anyone with a little bit of skill can modify them in a program like Photoshop. All Soghoian’s website did was automate the process with a single airline’s boarding passes.

Soghoian claims that he wanted to demonstrate the vulnerability. You could argue that he went about it in a stupid way, but I don’t think what he did is substantively worse than what I wrote in 2003. Or what Schumer described in 2005. Why is it that the person who demonstrates the vulnerability is vilified while the person who describes it is ignored? Or, even worse, the organization that causes it is ignored? Why are we shooting the messenger instead of discussing the problem?

As I wrote in 2005: “The vulnerability is obvious, but the general concepts are subtle. There are three things to authenticate: the identity of the traveler, the boarding pass and the computer record. Think of them as three points on the triangle. Under the current system, the boarding pass is compared to the traveler’s identity document, and then the boarding pass is compared with the computer record. But because the identity document is never compared with the computer record—the third leg of the triangle—it’s possible to create two different boarding passes and have no one notice. That’s why the attack works.”

The way to fix it is equally obvious: Verify the accuracy of the boarding passes at the security checkpoints. If passengers had to scan their boarding passes as they went through screening, the computer could verify that the boarding pass already matched to the photo ID also matched the data in the computer. Close the authentication triangle and the vulnerability disappears.

But before we start spending time and money and Transportation Security Administration agents, let’s be honest with ourselves: The photo ID requirement is no more than security theater. Its only security purpose is to check names against the no-fly list, which would still be a joke even if it weren’t so easy to circumvent. Identification is not a useful security measure here.

Interestingly enough, while the photo ID requirement is presented as an antiterrorism security measure, it is really an airline-business security measure. It was first implemented after the explosion of TWA Flight 800 over the Atlantic in 1996. The government originally thought a terrorist bomb was responsible, but the explosion was later shown to be an accident.

Unlike every other airplane security measure—including reinforcing cockpit doors, which could have prevented 9/11—the airlines didn’t resist this one, because it solved a business problem: the resale of non-refundable tickets. Before the photo ID requirement, these tickets were regularly advertised in classified pages: “Round trip, New York to Los Angeles, 11/21-30, male, $100.” Since the airlines never checked IDs, anyone of the correct gender could use the ticket. Airlines hated that, and tried repeatedly to shut that market down. In 1996, the airlines were finally able to solve that problem and blame it on the FAA and terrorism.

So business is why we have the photo ID requirement in the first place, and business is why it’s so easy to circumvent it. Instead of going after someone who demonstrates an obvious flaw that is already public, let’s focus on the organizations that are actually responsible for this security failure and have failed to do anything about it for all these years. Where’s the TSA’s response to all this?

The problem is real, and the Department of Homeland Security and TSA should either fix the security or scrap the system. What we’ve got now is the worst security system of all: one that annoys everyone who is innocent while failing to catch the guilty.

This essay—my 30th for Wired.com—appeared today.

EDITED TO ADD (11/4): More news and commentary.

EDITED TO ADD (1/10): Great essay by Matt Blaze.

Posted on November 2, 2006 at 6:21 AMView Comments

DHS Privacy Committee Recommends Against RFID Cards

The Data Privacy and Integrity Advisory Committee of the Department of Homeland Security recommended against putting RFID chips in identity cards. It’s only a draft report, but what it says is so controversial that a vote on the final report is being delayed.

Executive Summary:

Automatic identification technologies like RFID have valuable uses, especially in connection with tracking things for purposes such as inventory management. RFID is particularly useful where it can be embedded within an object, such as a shipping container.

There appear to be specific, narrowly defined situations in which RFID is appropriate for human identification. Miners or firefighters might be appropriately identified using RFID because speed of identification is at a premium in dangerous situations and the need to verify the connection between a card and bearer is low.

But for other applications related to human beings, RFID appears to offer little benefit when compared to the consequences it brings for privacy and data integrity. Instead, it increases risks to personal privacy and security, with no commensurate benefit for performance or national security. Most difficult and troubling is the situation in which RFID is ostensibly used for tracking objects (medicine containers, for example), but can be in fact used for monitoring human behavior. These types of uses are still being explored and remain difficult to predict.

For these reasons, we recommend that RFID be disfavored for identifying and tracking human beings. When DHS does choose to use RFID to identify and track individuals, we recommend the implementation of the specific security and privacy safeguards described herein.

Posted on November 1, 2006 at 7:29 AMView Comments

Airport Screeners Still Aren't Any Good

They may be great at keeping you from taking your bottle of water onto the plane, but when it comes to catching actual bombs and guns they’re not very good:

Screeners at Newark Liberty International Airport, one of the starting points for the Sept. 11 hijackers, failed 20 of 22 security tests conducted by undercover U.S. agents last week, missing concealed bombs and guns at checkpoints throughout the major air hub’s three terminals, according to federal security officials.

[…]

One of the security officials familiar with last week’s tests said Newark screeners missed fake explosive devices hidden under bottles of water in carry-on luggage, taped beneath an agent’s clothing and concealed under a leg bandage another tester wore.

The official said screeners also failed to use handheld metal-detector wands when required, missed an explosive device during a pat-down and failed to properly hand-check suspicious carry-on bags. Supervisors also were cited for failing to properly monitor checkpoint screeners, the official said. “We just totally missed everything,” the official said.

As I’ve written before, this is actually a very hard problem to solve:

Airport screeners have a difficult job, primarily because the human brain isn’t naturally adapted to the task. We’re wired for visual pattern matching, and are great at picking out something we know to look for—for example, a lion in a sea of tall grass.

But we’re much less adept at detecting random exceptions in uniform data. Faced with an endless stream of identical objects, the brain quickly concludes that everything is identical and there’s no point in paying attention. By the time the exception comes around, the brain simply doesn’t notice it. This psychological phenomenon isn’t just a problem in airport screening: It’s been identified in inspections of all kinds, and is why casinos move their dealers around so often. The tasks are simply mind-numbing.

To make matters worse, the smuggler can try to exploit the system. He can position the weapons in his baggage just so. He can try to disguise them by adding other metal items to distract the screeners. He can disassemble bomb parts so they look nothing like bombs. Against a bored screener, he has the upper hand.

But perversely, even a mediocre success rate here is probably good enough:

Remember the point of passenger screening. We’re not trying to catch the clever, organized, well-funded terrorists. We’re trying to catch the amateurs and the incompetent. We’re trying to catch the unstable. We’re trying to catch the copycats. These are all legitimate threats, and we’re smart to defend against them. Against the professionals, we’re just trying to add enough uncertainty into the system that they’ll choose other targets instead.

[…]

What that means is that a basic cursory screening is good enough. If I were investing in security, I would fund significant research into computer-assisted screening equipment for both checked and carry-on bags, but wouldn’t spend a lot of money on invasive screening procedures and secondary screening. I would much rather have well-trained security personnel wandering around the airport, both in and out of uniform, looking for suspicious actions.

Remember this truism: We can’t keep weapons out of prisons. We can’t possibly keep them out of airports.

Posted on October 31, 2006 at 12:52 PMView Comments

Paramedic Stopped at Airport Security for Nitroglycerine Residue

At least we know those chemical-residue detectors are working:

The punch line is that my bag tested positive for nitroglycerine residue. Which is, in hindsight, totally not unexpected, since it has been home to several bottles of nitro spray that at one point or another have found their way into my pockets and then into my bag. (Don’t look at me like that—I’m not stealing the damn drug. It’s just that it’s frequently easier to shove them in a pants pocket rather than keep fishing for one at the bedside or whatever, and besides, we’ve now gone to single-patient use sprays so that once you use one on one patient, it’s fininshed.) Whether one discharged, or leaked, or whatevered in my bag, it somehow got NTG molecules all over the place, and that’s what the detector picked up. The guy said this happens all the time but I’m not so sure, and in any event I’m not even remotely certain how I could go about getting the NTG residue off my bag so this doesn’t happen in the future. NTG spray has a pretty distinctive smell. All I can smell in my bag is consumer electronics, so it must have been some minute amount somewhere.

Posted on October 25, 2006 at 8:59 AMView Comments

Airport Security Confiscates Rock

They already take away scissors. Can paper be far behind?

Here’s the story:

In retrospect, I suppose I could have put the grapefruit-sized specimen inside my sock, swung it around my head like a mace, charged the cabin and attempted to hijack the flight. This, of course, never occurred to me until the zealous inspector declared my rock a “dual-use” item.

“What, pray tell, is a dual-use item?” I asked. I’m afraid I chuckled just a little, causing her to glare, withhold a satisfactory answer and call her supervisor. He hefted my rock, scrutinized it for a moment, and agreed that my specimen was indeed a dual-use item, meaning a potential low-tech weapon. During those uneasy moments when I thought I would be detained, I wondered if a doctor’s stethoscope would also be declared a dual-use item, since it could be used to strangle a pilot.

We can’t keep weapons out of prisons. We can’t possibly keep them out of airports.

Posted on October 10, 2006 at 11:53 AMView Comments

No-Fly List

60 Minutes has a copy:

60 Minutes, in collaboration with the National Security News Service, has obtained the secret list used to screen airline passengers for terrorists and discovered it includes names of people not likely to cause terror, including the president of Bolivia, people who are dead and names so common, they are shared by thousands of innocent fliers.

[…]

The “data dump” of names from the files of several government agencies, including the CIA, fed into the computer compiling the list contained many unlikely terrorists. These include Saddam Hussein, who is under arrest, Nabih Berri, Lebanon’s parliamentary speaker, and Evo Morales, the president of Bolivia. It also includes the names of 14 of the 19 dead 9/11 hijackers.

But the names of some of the most dangerous living terrorists or suspects are kept off the list.

The 11 British suspects recently charged with plotting to blow up airliners with liquid explosives were not on it, despite the fact they were under surveillance for more than a year.

The name of David Belfield who now goes by Dawud Sallahuddin, is not on the list, even though he assassinated someone in Washington, D.C., for former Iranian leader Ayatollah Khomeini. This is because the accuracy of the list meant to uphold security takes a back seat to overarching security needs: it could get into the wrong hands. “The government doesn’t want that information outside the government,” says Cathy Berrick, director of Homeland Security investigations for the General Accounting Office.

When are we going to realize that this list simply isn’t effective?

Posted on October 6, 2006 at 6:07 AMView Comments

Screening People with Clearances

Why should we waste time at airport security, screening people with U.S. government security clearances? This perfectly reasonable question was asked recently by Robert Poole, director of transportation studies at The Reason Foundation, as he and I were interviewed by WOSU Radio in Ohio.

Poole argued that people with government security clearances, people who are entrusted with U.S. national security secrets, are trusted enough to be allowed through airport security with only a cursory screening. They’ve already gone through background checks, he said, and it would be more efficient to concentrate screening resources on everyone else.

To someone not steeped in security, it makes perfect sense. But it’s a terrible idea, and understanding why teaches us some important security lessons.

The first lesson is that security is a system. Identifying someone’s security clearance is a complicated process. People with clearances don’t have special ID cards, and they can’t just walk into any secured facility. A clearance is held by a particular organization—usually the organization the person works for—and is transferred by a classified message to other organizations when that person travels on official business.

Airport security checkpoints are not set up to receive these clearance messages, so some other system would have to be developed.

Of course, it makes no sense for the cleared person to have his office send a message to every airport he’s visiting, at the time of travel. Far easier is to have a centralized database of people who are cleared. But now you have to build this database. And secure it. And ensure that it’s kept up to date.

Or maybe we can create a new type of ID card: one that identifies people with security clearances. But that also requires a backend database and a card that can’t be forged. And clearances can be revoked at any time, so there needs to be some way of invalidating cards automatically and remotely.

Whatever you do, you need to implement a new set of security procedures at airport security checkpoints to deal with these people. The procedures need to be good enough that people can’t spoof it. Screeners need to be trained. The system needs to be tested.

What starts out as a simple idea—don’t waste time searching people with government security clearances—rapidly becomes a complicated security system with all sorts of new vulnerabilities.

The second lesson is that security is a trade-off. We don’t have infinite dollars to spend on security. We need to choose where to spend our money, and we’re best off if we spend it in ways that give us the most security for our dollar.

Given that very few Americans have security clearances, and that speeding them through security wouldn’t make much of a difference to anyone else standing in line, wouldn’t it be smarter to spend the money elsewhere? Even if you’re just making trade-offs about airport security checkpoints, I would rather take the hundreds of millions of dollars this kind of system could cost and spend it on more security screeners and better training for existing security screeners. We could both speed up the lines and make them more effective.

The third lesson is that security decisions are often based on subjective agenda. My guess is that Poole has a security clearance—he was a member of the Bush-Cheney transition team in 2000—and is annoyed that he is being subjected to the same screening procedures as the other (clearly less trusted) people he is forced to stand in line with. From his perspective, not screening people like him is obvious. But objectively it’s not.

This issue is no different than searching airplane pilots, something that regularly elicits howls of laughter among amateur security watchers. What they don’t realize is that the issue is not whether we should trust pilots, airplane maintenance technicians or people with clearances. The issue is whether we should trust people who are dressed as pilots, wear airplane-maintenance-tech IDs or claim to have clearances.

We have two choices: Either build an infrastructure to verify their claims, or assume that they’re false. And with apologies to pilots, maintenance techs and people with clearances, it’s cheaper, easier and more secure to search you all.

This is my twenty-eighth essay for Wired.com.

Posted on October 5, 2006 at 8:27 AMView Comments

1 26 27 28 29 30 37

Sidebar photo of Bruce Schneier by Joe MacInnis.