Entries Tagged "public transit"

Page 4 of 7

Software that Assesses Security Risks to Transportation Networks

The TSA wants a tool that will assess risks against transportation networks:

“The tool will assist in prioritization of security measures based on their risk reduction potential,” said the statement of work accompanying TSA’s formal solicitation, which was posted April 18.

The software tool would help TSA gather and organize information about specific transport modes and assist agency officials to make risk management decisions.

The contract, which will be issued by TSA’s office of operational process and technology, envisions a one-year base period plus four one-year options. The chosen vendor will be expected to install the software, troubleshoot any hardware or software problems, consult on building risk assessment modules, attend classified intelligence meetings at TSA headquarters and maintain the software.

I don’t think you have to be very good to qualify here. This automated system put Boise, ID, on the top of its list of most vulnerable cities. The bar isn’t very high here; I’m just saying.

Posted on April 23, 2008 at 6:16 AMView Comments

London Tube Smartcard Cracked

Looks like lousy cryptography.

Details here. When will people learn not to invent their own crypto?

Note that this is the same card — maybe a different version — that was used in the Dutch transit system, and was hacked back in January. There’s another hack of that system (press release here, and a video demo), and many companies — and government agencies — are scrambling in the wake of all these revelations.

Seems like the Mifare system (especially the version called Mifare Classic — and there are billions out there) was really badly designed, in all sorts of ways. I’m sure there are many more serious security vulnerabilities waiting to be discovered.

Posted on March 14, 2008 at 7:27 AMView Comments

Risk of Knowing Too Much About Risk


Dread is a powerful force. The problem with dread is that it leads to terrible decision-making.

Slovic says all of this results from how our brains process risk, which is in two ways. The first is intuitive, emotional and experience based. Not only do we fear more what we can’t control, but we also fear more what we can imagine or what we experience. This seems to be an evolutionary survival mechanism. In the presence of uncertainty, fear is a valuable defense. Our brains react emotionally, generate anxiety and tell us, “Remember the news report that showed what happened when those other kids took the bus? Don’t put your kids on the bus.”

The second way we process risk is analytical: we use probability and statistics to override, or at least prioritize, our dread. That is, our brain plays devil’s advocate with its initial intuitive reaction, and tries to say, “I know it seems scary, but eight times as many people die in cars as they do on buses. In fact, only one person dies on a bus for every 500 million miles buses travel. Buses are safer than cars.”

Unfortunately for us, that’s often not the voice that wins. Intuitive risk processors can easily overwhelm analytical ones, especially in the presence of those etched-in images, sounds and experiences. Intuition is so strong, in fact, that if you presented someone who had experienced a bus accident with factual risk analysis about the relative safety of buses over cars, it’s highly possible that they’d still choose to drive their kids to school, because their brain washes them in those dreadful images and reminds them that they control a car but don’t control a bus. A car just feels safer. “We have to work real hard in the presence of images to get the analytical part of risk response to work in our brains,” says Slovic. “It’s not easy at all.”

And we’re making it harder by disclosing more risks than ever to more people than ever. Not only does all of this disclosure make us feel helpless, but it also gives us ever more of those images and experiences that trigger the intuitive response without analytical rigor to override the fear. Slovic points to several recent cases where reason has lost to fear: The sniper who terrorized Washington D.C.; pathogenic threats like MRSA and brain-eating amoeba. Even the widely publicized drunk-driving death of a baseball player this year led to decisions that, from a risk perspective, were irrational.

Posted on March 6, 2008 at 6:24 AMView Comments

Why Some Terrorist Attacks Succeed and Others Fail

In “Underlying Reasons for Success and Failure of Terrorist Attacks: Selected Case Studies” (Homeland Security Institute, June 2007), the authors examine eight recent terrorist plots against commercial aviation and passenger rail, and come to some interesting conclusions.

From the “Executive Summary”:

The analytic results indicated that the most influential factors determining the success or failure of a terrorist attack are those that occur in the pre-execution phases. While safeguards and controls at airports and rail stations are critical, they are most effective when coupled with factors that can be leveraged to detect the plot in the planning stages. These factors include:

  • Poor terrorist operational security (OPSEC). The case studies indicate that even plots that are otherwise well-planned and operationally sound will fail if there is a lack of attention to OPSEC. Security services cannot “cause” poor OPSEC, but they can create the proper conditions to capitalize on it when it occurs.
  • Observant public and vigilant security services. OPSEC breaches are a significant factor only if they are noticed. In cases where the public was sensitive to suspicious behavior, lapses in OPSEC were brought to the attention of authorities by ordinary citizens. However, the authorities must likewise be vigilant and recognize the value of unexpected information that may seem unimportant, but actually provides the opening to interdict a planned attack.
  • Terrorist profile indicators. Awareness of and sensitivity to behavioral indicators, certain activities, or past involvement with extremist elements can help alert an observant public and help a vigilant security apparatus recognize a potential cell of terrorist plotters.
  • Law enforcement or intelligence information sharing. Naturally, if security services are aware of an impending attack they will be better able to interdict it. The key, as stated above, is to recognize the value of information that may seem unimportant but warrants further investigation. Security services may not recognize the context into which a certain piece of information fits, but by sharing with other organizations more parts of the puzzle can be pieced together. Information should be shared laterally, with counterpart organizations; downward, with local law enforcement, who can serve as collectors of information; and with higher elements capable of conducting detailed analysis. Intelligence collection and analysis are relatively new functions for law enforcement. Training is a key element in their ability to recognize and respond to indicators.
  • International cooperation. Nearly all terrorist plots, including most of those studied for this project, have an international connection. This could include overseas support elements, training camps, or movement of funds. The sharing of information among allies appears from our analysis to have a positive impact on interdicting attack plans as well as apprehending members of larger networks.

I especially like this quote, which echos what I’ve been saying for a long time now:

One phenomenon stands out: terrorists are rarely caught in the act during the execution phase of an operation, other than instances in which their equipment or weapons fail. Rather, plots are most often foiled during the pre-execution phases.

Intelligence, investigation, and emergency response: that’s where we should be spending our counterterrorism dollar. Defending the targets is rarely the right answer.

Posted on February 28, 2008 at 6:25 AMView Comments

Amtrak to Start Passenger Screening

Amtrak is going to start randomly screening passengers, in an effort to close the security-theater gap between trains and airplanes.

It’s kind of random:

The teams will show up unannounced at stations and set up baggage screening areas in front of boarding gates. Officers will randomly pull people out of line and wipe their bags with a special swab that is then put through a machine that detects explosives. If the machine detects anything, officers will open the bag for visual inspection.

Anybody who is selected for screening and refuses will not be allowed to board and their ticket will be refunded.

In addition to the screening, counterterrorism officers with bomb-sniffing dogs will patrol platforms and walk through trains, and sometimes will ride the trains, officials said.

This is the most telling comment:

“There is no new or different specific threat,” [Amtrak chief executive Alex] Kummant said. “This is just the correct step to take.”

Why is it the correct step to take? Because it makes him feel better. That’s the very definition of security theater.

Posted on February 22, 2008 at 12:17 PMView Comments

Heavily Armed Officers on New York City Subways

Why does anyone think this is a good idea?

In the first counterterrorism strategy of its kind in the nation, roving teams of New York City police officers armed with automatic rifles and accompanied by bomb-sniffing dogs will patrol the city’s subway system daily, beginning next month, officials said on Friday.

Under a tactical plan called Operation Torch, the officers will board trains and patrol platforms, focusing on sites like Pennsylvania Station, Herald Square, Columbus Circle, Rockefeller Center and Times Square in Manhattan, and Atlantic Avenue in Brooklyn.

What does it accomplish besides intimidating innocent commuters?

Posted on February 7, 2008 at 6:06 AMView Comments

Little People Hiding in Luggage

This is both clever and very weird:

Swedish police are quizzing “people of limited stature” with criminal records following a spate of robberies from the cargo holds of coaches – possibly carried out by dwarves smuggled onboard in sports bags.


National coach operator Swebus confirmed it’d been hit by the audacious crims, who have over the last few months has lifted “thousands of pounds” in cash, jewellery and other valuables.

The company’s sales manager, Ingvar Ryggasjo, said that one short person had been put aboard a coach in a hockey bag. A female passenger said she’d seen some men squeezing the “large, heavy bag” into the cargo hold, and that she later found she’d been relieved of stuff including a camera and purse.

Posted on February 4, 2008 at 1:19 PMView Comments

Cameras in the New York City Subways

An update:

New York City’s plan to secure its subways with a next-generation surveillance network is getting more expensive by the second, and slipping further and further behind schedule. A new report by the New York State Comptroller’s office reveals that “the cost of the electronic security program has grown from $265 million to $450 million, an increase of $185 million or 70 percent.” An August 2008 deadline has been pushed back to December 2009, and further delays may be just ahead.


I’ve spent the last few months, on and off, reporting on New York’s counter-terror programs for the magazine. One major problem with the subway surveillance program has been wedging a modern security network into a 5,000 square-mile system that recently celebrated its hundredth birthday. Getting the power ­ and air-conditioning ­ needed for the cameras’ servers has been a nightmare. In many stations, there’s literally no place to put the things. Plus, the ceilings in most of the subway stations are only nine feet high, and there are columns every few yards. Which makes it very hard to get a good look at the passengers.

Posted on January 25, 2008 at 1:41 PMView Comments

Dutch RFID Transit Card Hacked

The Dutch RFID public transit card, which has already cost the government $2B — no, that’s not a typo — has been hacked even before it has been deployed:

The first reported attack was designed by two students at the University of Amsterdam, Pieter Siekerman and Maurits van der Schee. They analyzed the single-use ticket and showed its vulnerabilities in a report. They also showed how a used single-use card could be given eternal life by resetting it to its original “unused” state.

The next attack was on the Mifare Classic chip, used on the normal ticket. Two German hackers, Karsten Nohl and Henryk Plotz, were able to remove the coating on the Mifare chip and photograph the internal circuitry. By studying the circuitry, they were able to deduce the secret cryptographic algorithm used by the chip. While this alone does not break the chip, it certainly gives future hackers a stepping stone on which to stand. On Jan. 8, 2008, they released a statement abut their work.

Most of the links are in Dutch; there isn’t a whole lot of English-language press about this. But the Dutch Parliament recently invited the students to give testimony; they’re more than a little bit interested how $2B could be wasted.

My guess is the system was designed by people who don’t understand security, and therefore thought it was easy.

EDITED TO ADD (2/13): More info.

Posted on January 21, 2008 at 6:35 AMView Comments

Hacking Polish Trams

A 14-year-old built a modified a TV remote control to switch trains on tracks in the Polish city of Lodz:

Transport command and control systems are commonly designed by engineers with little exposure or knowledge about security using commodity electronics and a little native wit. The apparent ease with which Lodz’s tram network was hacked, even by these low standards, is still a bit of an eye opener.

Problems with the signalling system on Lodz’s tram network became apparent on Tuesday when a driver attempting to steer his vehicle to the right was involuntarily taken to the left. As a result the rear wagon of the train jumped the rails and collided with another passing tram. Transport staff immediately suspected outside interference.

Here’s Steve Bellovin:

The device is described in the original article as a modified TV remote control. Presumably, this means that the points are normally controlled by IR signals; what he did was learn the coding and perhaps the light frequency and amplitude needed. This makes a lot of sense; it lets tram drivers control where their trains go, rather than relying on an automated system or some such. Indeed, the article notes “a city tram driver tried to steer his vehicle to the right, but found himself helpless to stop it swerving to the left instead.”

The lesson here is that security by obscurity, combined with physical security of the equipment, wasn’t enough. This kid jumped whatever fences there were, and reverse-engineered the IR control protocol. Then he was able to play “trains” with real trains.

Posted on January 17, 2008 at 3:43 PMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.