Entries Tagged "public transit"

Page 5 of 7

Dutch RFID Transit Card Hacked

The Dutch RFID public transit card, which has already cost the government $2B—no, that’s not a typo—has been hacked even before it has been deployed:

The first reported attack was designed by two students at the University of Amsterdam, Pieter Siekerman and Maurits van der Schee. They analyzed the single-use ticket and showed its vulnerabilities in a report. They also showed how a used single-use card could be given eternal life by resetting it to its original “unused” state.

The next attack was on the Mifare Classic chip, used on the normal ticket. Two German hackers, Karsten Nohl and Henryk Plotz, were able to remove the coating on the Mifare chip and photograph the internal circuitry. By studying the circuitry, they were able to deduce the secret cryptographic algorithm used by the chip. While this alone does not break the chip, it certainly gives future hackers a stepping stone on which to stand. On Jan. 8, 2008, they released a statement abut their work.

Most of the links are in Dutch; there isn’t a whole lot of English-language press about this. But the Dutch Parliament recently invited the students to give testimony; they’re more than a little bit interested how $2B could be wasted.

My guess is the system was designed by people who don’t understand security, and therefore thought it was easy.

EDITED TO ADD (2/13): More info.

Posted on January 21, 2008 at 6:35 AMView Comments

Hacking Polish Trams

A 14-year-old built a modified a TV remote control to switch trains on tracks in the Polish city of Lodz:

Transport command and control systems are commonly designed by engineers with little exposure or knowledge about security using commodity electronics and a little native wit. The apparent ease with which Lodz’s tram network was hacked, even by these low standards, is still a bit of an eye opener.

Problems with the signalling system on Lodz’s tram network became apparent on Tuesday when a driver attempting to steer his vehicle to the right was involuntarily taken to the left. As a result the rear wagon of the train jumped the rails and collided with another passing tram. Transport staff immediately suspected outside interference.

Here’s Steve Bellovin:

The device is described in the original article as a modified TV remote control. Presumably, this means that the points are normally controlled by IR signals; what he did was learn the coding and perhaps the light frequency and amplitude needed. This makes a lot of sense; it lets tram drivers control where their trains go, rather than relying on an automated system or some such. Indeed, the article notes “a city tram driver tried to steer his vehicle to the right, but found himself helpless to stop it swerving to the left instead.”

The lesson here is that security by obscurity, combined with physical security of the equipment, wasn’t enough. This kid jumped whatever fences there were, and reverse-engineered the IR control protocol. Then he was able to play “trains” with real trains.

Posted on January 17, 2008 at 3:43 PMView Comments

UK Spends Billions to Force Rail Terrorists to Drive a Little Further

Makes no sense:

Passengers at Liverpool’s Lime Street station face airport-style searches and bag-screening, under swingeing new anti-terror measures unveiled yesterday.

And security barriers, vehicle exclusion zones and blast-resistant buildings will be introduced at airports, ports and up to 250 of the busiest train stations, Gordon Brown announced.

Of course, less busy train stations are only a few minutes away by car.

Posted on November 22, 2007 at 6:28 AMView Comments

Taking Pictures from a Train

This is a very moving story about a foreign tourist being removed from a train for taking pictures:

The train is a half hour west of New Haven when the conductor, having finished her original rounds, reappears. She moves down the aisle, looks, stops between our seats, faces the person taking pictures. “Sir, in the interest of national security, we do not allow pictures to be taken of or from this train.” He starts, “I…….” but, without English, his response trails off into silence. The conductor, speaking louder, forcefully: “Sir, I will confiscate that camera if you don’t put it away.” Again, little response. “Sir, this is a security matter! We cannot allow pictures.” She turns away abruptly and, as she moves down the aisle, calls over her shoulder, in a very loud voice, “Put. It. Away!” He packs his camera.

Within a minute after our arrival in New Haven, two armed police officers entered the car, approached my neighbor’s seat. “Sir, we’re removing you from this train.” “I….;” “I……” “Sir, you have breached security regulations. We must remove you from this train.” “I…,” “I…..” “Sir, we are not going to delay this train because of you. You will get off, or we will remove you physically.” “I…..”

Nearby passengers stir. One says, “It’s obvious he doesn’t speak English. There are people here who speak more than one language. Perhaps we can help.” Different ones ask about the traveler’s language; learn he speaks Japanese. For me, a sudden flash of memory—a student at International Christian University in Japan, I took countless pictures without arousing suspicion.

The police speak through the interpreter, with the impatience of authority. “The conductor asked this man three times to discontinue. We must remove him from the train.” The traveler hears the translation, is befuddled. Hidden beneath the commotion is a cross-cultural drama. With the appearance of police officers, this quiet visitor is embarrassed to find he is the center of attention. The officers explain, “After we remove him from the train, when we are through our investigation, we will put him on the next train.” The woman translates. The passenger replies, “I’m meeting relatives in Boston. They cannot be reached by phone. They expect me and will be worried when I do not arrive on schedule.” “Our task,” the police repeat, “is to remove you from this train. If necessary, we will do so by force. After we have finished the investigation, we’ll put you on another train.” The woman translates. The traveler gathers his belongings and departs.

My earlier suggestion that you imagine being in his place leaves you free to respond and draw your conclusions. Remember: you’ve been removed from the train, are being interrogated, perhaps having your equipment confiscated; while I continue to do what I take for granted ­ traveling unimpeded, on to Providence.

The more I replay the scene, the more troublesome it is. It is the stuff of nightmares. Relations between people and countries lie at the heart of the issue. The abstract terms that inform political and social debate appear, as if in person, unexpectedly, near enough to hear, touch, feel. Taking no position is not an option. As an educator, I would prepare and deliver a lecture on how others perceive America in the world community, then seek an audience. I’ll spare you. But—I just watched armed police officers remove a visitor from the train for taking pictures. I don’t understand this. I’m disturbed ­ no, shaken ­ to bear witness to these events.

EDITED TO ADD (11/13): A response from the writer of the original article, after people questioned the veracity of the story.

Posted on November 8, 2007 at 1:53 PMView Comments

Conversation with Kip Hawley, TSA Administrator (Part 5)

This is Part 5 of a five-part series. Link to whole thing.

BS: So far, we’ve only talked about passengers. What about airport workers? Nearly one million workers move in and out of airports every day without ever being screened. The JFK plot, as laughably unrealistic as it was, highlighted the security risks of airport workers. As with any security problem, we need to secure the weak links, rather than make already strong links stronger. What about airport employees, delivery vehicles, and so on?

KH: I totally agree with your point about a strong base level of security everywhere and not creating large gaps by over-focusing on one area. This is especially true with airport employees. We do background checks on all airport employees who have access to the sterile area. These employees are in the same places doing the same jobs day after day, so when someone does something out of the ordinary, it immediately stands out. They serve as an additional set of eyes and ears throughout the airport.

Even so, we should do more on airport employees and my House testimony of April 19 gives details of where we’re heading. The main point is that everything you need for an attack is already inside the perimeter of an airport. For example, why take lighters from people who work with blowtorches in facilities with millions of gallons of jet fuel?

You could perhaps feel better by setting up employee checkpoints at entry points, but you’d hassle a lot of people at great cost with minimal additional benefit, and a smart, patient terrorist could find a way to beat you. Today’s random, unpredictable screenings that can and do occur everywhere, all the time (including delivery vehicles, etc.) are harder to defeat. With the latter, you make it impossible to engineer an attack; with the former, you give the blueprint for exactly that.

BS: There’s another reason to screen pilots and flight attendants: they go through the same security lines as passengers. People have to remember that it’s not pilots being screened, it’s people dressed as pilots. You either have to implement a system to verify that people dressed as pilots are actual pilots, or just screen everybody. The latter choice is far easier.

I want to ask you about general philosophy. Basically, there are three broad ways of defending airplanes: preventing bad people from getting on them (ID checks), preventing bad objects from getting on them (passenger screening, baggage screening), and preventing bad things from happening on them (reinforcing the cockpit door, sky marshals). The first one seems to be a complete failure, the second one is spotty at best. I’ve always been a fan of the third. Any future developments in that area?

KH: You are too eager to discount the first—stopping bad people from getting on planes. That is the most effective! Don’t forget about all the intel work done partnering with other countries to stop plots before they get here (UK liquids, NY subway), all the work done to keep them out either through no-flys (at least several times a month) or by Customs & Border Protection on their way in, and law enforcement once they are here (Ft. Dix). Then, you add the behavior observation (both uniformed and not) and identity validation (as we take that on) and that’s all before they get to the checkpoint.

The screening-for-things part, we’ve discussed, so I’ll jump to in-air measures. Reinforced, locked cockpit doors and air marshals are indeed huge upgrades since 9/11. Along the same lines, you have to consider the role of the engaged flight crew and passengers—they are quick to give a heads-up about suspicious behavior and they can, and do, take decisive action when threatened. Also, there are thousands of flights covered by pilots who are qualified as law enforcement and are armed, as well as the agents from other government entities like the Secret Service and FBI who provide coverage as well. There is also a fair amount of communications with the flight deck during flights if anything comes up en route—either in the aircraft or if we get information that would be of interest to them. That allows “quiet” diversions or other preventive measures. Training is, of course, important too. Pilots need to know what to do in the event of a missile sighting or other event, and need to know what we are going to do in different situations. Other things coming: better air-to-ground communications for air marshals and flight information, including, possibly, video.

So, when you boil it down, keeping the bomb off the plane is the number one priority. A terrorist has to know that once that door closes, he or she is locked into a confined space with dozens, if not hundreds, of zero-tolerance people, some of whom may be armed with firearms, not to mention the memory of United Flight 93.

BS: I’ve read repeated calls to privatize airport security: to return it to the way it was pre-9/11. Personally, I think it’s a bad idea, but I’d like your opinion on the question. And regardless of what you think should happen, do you think it will happen?

KH: From an operational security point of view, I think it works both ways. So it is not a strategic issue for me.

SFO, our largest private airport, has excellent security and is on a par with its federalized counterparts (in fact, I am on a flight from there as I write this). One current federalized advantage is that we can surge resources around the system with no notice; essentially, the ability to move from anywhere to anywhere and mix TSOs with federal air marshals in different force packages. We would need to be sure we don’t lose that interchangeability if we were to expand privatized screening.

I don’t see a major security or economic driver that would push us to large-scale privatization. Economically, the current cost-plus model makes it a better deal for the government in smaller airports than in bigger. So, maybe more small airports will privatize. If Congress requires collective bargaining for our TSOs, that will impose an additional overhead cost of about $500 million, which would shift the economic balance significantly toward privatized screening. But unless that happens, I don’t see major change in this area.

BS: Last question. I regularly criticize overly specific security measures, because forcing the terrorists to make minor modifications in their tactics doesn’t make us any safer. We’ve talked about specific airline threats, but what about airplanes as a specific threat? On the one hand, if we secure our airlines and the terrorists all decide instead to bomb shopping malls, we haven’t improved our security very much. On the other hand, airplanes make particularly attractive targets for several reasons. One, they’re considered national symbols. Two, they’re a common and important travel vehicle, and are deeply embedded throughout our economy. Three, they travel to distant places where the terrorists are. And four, the failure mode is severe: a small bomb drops the plane out of the sky and kills everyone. I don’t expect you to give back any of your budget, but when do we have “enough” airplane security as compared with the rest of our nation’s infrastructure?

KH: Airplanes are a high-profile target for terrorists for all the reasons you cited. The reason we have the focus we do on aviation is because of the effect the airline system has on our country, both economically and psychologically. We do considerable work (through grants and voluntary agreements) to ensure the safety of surface transportation, but it’s less visible to the public because people other than ones in TSA uniforms are taking care of that responsibility.

We look at the aviation system as one component in a much larger network that also includes freight rail, mass transit, highways, etc. And that’s just in the U.S. Then you add the world’s transportation sectors—it’s all about the network.

The only components that require specific security measures are the critical points of failure—and they have to be protected at virtually any cost. It doesn’t matter which individual part of the network is attacked—what matters is that the network as a whole is resilient enough to operate even with losing one or more components.

The network approach allows various transportation modes to benefit from our layers of security. Take our first layer: intel. It is fundamental to our security program to catch terrorists long before they get to their target, and even better if we catch them before they get into our country. Our intel operation works closely with other international and domestic agencies, and that information and analysis benefits all transportation modes.

Dogs have proven very successful at detecting explosives. They work in airports and they work in mass transit venues as well. As we test and pilot technologies like millimeter wave in airports, we assess their viability in other transportation modes, and vice versa.

To get back to your question, we’re not at the point where we can say “enough” for aviation security. But we’re also aware of the attractiveness of other modes and continue to use the network to share resources and lessons learned.

BS: Thank you very much for your time. I appreciate both your time and your candor.

KH: I enjoyed the exchange and appreciated your insights. Thanks for the opportunity.

Posted on August 3, 2007 at 6:12 AMView Comments

Joke That'll Get You Arrested

Don’t say that I didn’t warn you:

If you are sitting next to someone who irritates you on a plane or train…

1. Quietly and calmly open up your laptop case.
2. Remove your laptop.
3. Boot it.
4. Make sure the person who won’t leave you alone can see the screen.
5. Open your email client to this message.
6. Close your eyes and tilt your head up to the sky.
7. Then hit this link: http://www.thecleverest.com/countdown.swf

If you try it, post what happened in comments.

Posted on May 19, 2007 at 10:16 AMView Comments

Stink Bombs As Terrorist Tools

Two teenage boys detonated a stink bomb on a Sydney commuter train, and prompted a counter-terrorism response.

Best quote:

“It would have been terrifying. You’re on a train, you hear a loud bang, the logical conclusion that people drew was (that it was) probably a terrorist attack,” Mr Owens told reporters.

I agree that it was the conclusion that people drew, but not that it was a logical conclusion.

Posted on May 7, 2007 at 7:15 AMView Comments

Terrorist Bus Drivers

I thought we were done with this scary-story-but-nothing-to-worry-about stuff:

The FBI has issued an “informational bulletin” to state and local officials saying to watch out for people tied to extremist groups trying to earn licenses to drive school buses.

The Associated Press reports that members of the unnamed extremist groups have succeeded in gaining the drivers licenses, but a Department of Homeland Security official told FOX News that “at this time there is no evidence that any of these individuals have got these jobs, or got hold of school buses.”

“There is no plot. There is no threat. And parents and children can feel perfectly safe,” FBI spokesman Richard Kolko told FOXNews.com.

Wacky.

EDITED TO ADD (3/20): Cory Doctorow has some more terrorist possibilities not to worry about.

Posted on March 19, 2007 at 1:51 PMView Comments

Random Bag Searches in Subways

Last year, New York City implemented a program of random bag searches in the subways. It was a silly idea, and I wrote about it then. Recently the U.S. Court of Appeals for the 2nd Circuit upheld the program. Daniel Solove wrote about the ruling:

The 2nd Circuit panel concluded that the program was “reasonable” under the 4th Amendment’s special needs doctrine. Under the special needs doctrine, if there are exceptional circumstances that make the warrant and probable cause requirements unnecessary, then the search should be analyzed in terms of whether it is “reasonable.” Reasonableness is determined by balancing privacy against the government ‘s need. The problem with the 2nd Circuit decision is that under its reasoning, nearly any search, no matter how intrusive into privacy, would be justified. This is because of the way it assesses the government’s side of the balance. When the government’s interest is preventing the detonation of a bomb on a crowded subway, with the potential of mass casualties, it is hard for anything to survive when balanced against it.

The key to the analysis should be the extent to which the search program will effectively improve subway safety. In other words, the goals of the program may be quite laudable, but nobody questions the importance of subway safety. Its weight is so hefty that little can outweigh it. The important issue is whether the search program is a sufficiently effective way of achieving those goals that it is worth the trade-off in civil liberties. On this question, unfortunately, the 2nd Circuit punts. It defers to the law enforcement officials:

That decision is best left to those with “a unique understanding of, and responsibility for, limited public resources, including a finite number of police officers.” Accordingly, we ought not conduct a “searching examination of effectiveness.” Instead, we need only determine whether the Program is “a reasonably effective means of addressing” the government interest in deterring and detecting a terrorist attack on the subway system…

Instead, plaintiffs claim that the Program can have no meaningful deterrent effect because the NYPD employs too few checkpoints. In support of that claim, plaintiffs rely upon various statistical manipulations of the sealed checkpoint data.

We will not peruse, parse, or extrapolate four months’ worth of data in an attempt to divine how many checkpoints the City ought to deploy in the exercise of its day to day police power. Counter terrorism experts and politically accountable officials have undertaken the delicate and esoteric task of deciding how best to marshal their available resources in light of the conditions prevailing on any given day. We will not and may not second guess the minutiae of their considered decisions. (internal citations omitted)

Although courts should not take a “know it all” attitude, they must not defer on such a critical question. The problem with many security measures is that they are not a very wise expenditure of resources. It is costly to have a lot of police officers engage in these random searches when they could be doing other things or money could be spent on other measures. A very small number of random searches in a subway system of over 4 million riders a day seems more symbolic that effective. If courts don’t question the efficacy of security measures in the name of terrorism, then it allows law enforcement officials to win nearly all the time. The government just needs to come into court and say “terrorism” and little else will matter.

Posted on August 16, 2006 at 3:32 PMView Comments

London Rejects Subway Scanners

Rare outbreak of security common sense in London:

London Underground is likely to reject the use of passenger scanners designed to detect weapons or explosives as they are “not practical”, a security chief for the capital’s transport authority said on 14 March 2006.

[…]

“Basically, what we know is that it’s not practical,” he told Government Computing News. “People use the tube for speed and are concerned with journey time. It would just be too time consuming. Secondly, there’s just not enough space to put this kind of equipment in.”

“Finally there’s also the risk that you actually create another target with people queuing up and congregating at the screening points.”

Posted on March 23, 2006 at 1:39 PMView Comments

1 3 4 5 6 7

Sidebar photo of Bruce Schneier by Joe MacInnis.