Entries Tagged "Secret Service"

Page 2 of 2

Driver's License Printer Stolen and Recovered

A specialized printer used to print Missouri driver’s licenses was stolen and recovered.

It’s a funny story, actually. Turns out the thief couldn’t get access to the software needed to run the printer; a lockout on the control computer apparently thwarted him. When he called tech support, they tipped off the Secret Service.

On the one hand, this probably won’t deter a more sophisticated thief. On the other hand, you can make pretty good forgeries with off-the-shelf equipment.

Posted on October 31, 2007 at 6:11 AM

Air Force One Security Leak

Last week the San Francisco Chronicle broke the story that Air Force One’s defenses were exposed on a public Internet site:

Thus, the Air Force reacted with alarm last week after The Chronicle told the Secret Service that a government document containing specific information about the anti-missile defenses on Air Force One and detailed interior maps of the two planes — including the location of Secret Service agents within the planes — was posted on the Web site of an Air Force base.

The document also shows the location where a terrorist armed with a high-caliber sniper rifle could detonate the tanks that supply oxygen to Air Force One’s medical facility.

And a few days later:

Air Force and Pentagon officials scrambled Monday to remove highly sensitive security details about the two Air Force One jetliners after The Chronicle reported that the information had been posted on a public Web site.

The security information — contained in a “technical order” — is used by rescue crews in the event of an emergency aboard various Air Force planes. But this order included details about Air Force One’s anti-missile systems, the location of Secret Service personnel within the aircraft and information on other vulnerabilities that terrorists or a hostile military force could exploit to try to damage or destroy Air Force One, the president’s air carrier.

“We are dealing with literally hundreds of thousands of Web pages, and Web pages are reviewed on a regular basis, but every once in a while something falls through the cracks,” Air Force spokeswoman Lt. Col. Catherine Reardon told The Chronicle.

“We can’t even justify how (the technical order) got out there. It should have been password-protected. We regret it happened. We removed it, and we will look more closely in the future.”

Turns out that this story involves a whole lot more hype than actual security.

The document Caffera found is part of the Air Force’s Technical Order 00-105E-9 – Aerospace Emergency Rescue and Mishap Response Information (Emergency Services) Revision 11. It resided, until recently, on the web site of the Air Logistics Center at Warner Robins Air Force Base. The purpose is pretty straight-ahead: “Recent technological advances in aviation have caused concern for the modern firefighter.” So the document gives “aircraft hazards, cabin configurations, airframe materials, and any other information that would be helpful in fighting fires.”

As a February 2006 briefing from the Air Force Civil Engineer Support Agency, explains that the document is “used by foreign governments or international organizations and is cleared to share this information with the general global public…distribution is unlimited.” The Technical Order existed solely on paper from 1970 to mid-1996, when the Secretary of the Air Force directed that henceforth all technical orders be distributed electronically (for a savings of $270,000 a year). The first CD-ROMs were distributed in January 1999 and the web site at Warner Robins was set up 10 months later. A month after that, the web site became the only place to access the documents, which are routinely updated to reflect changes in aircraft or new regulations.

But back to the document Caffera found. It’s hardly a secret that Air Force One has defenses against surface-to-air missiles. The page that so troubled Caffera indicates that the plane employs infrared countermeasures, with radiating units positioned on the tail and next to or on all four engine pylons. Why does the document provide that level of detail? Because emergency responders could be injured if they walk within a certain radius of one of the IR units while it is operating.

Nor is it remarkable that Secret Service agents would sit in areas on the plane that are close to the President’s suite, as well as between reporters, who are known to sit in the back of the plane, and everyone else. Exactly how this information endangers anyone is unclear. But it would help emergency responders in figuring out where to look for people in the event of an accident. (Interestingly, conjectural drawings of the layout of Air Force One like this one are pretty close to the real deal.)

As for hitting the medical oxygen tanks to destroy the plane, you’d have to be really, really lucky to do that while the plane is moving at any significant speed. And if it’s standing still and you are after the President and armed with a high-caliber sniper rifle, why wouldn’t you target him directly? Besides, if you wanted to make the plane explode, it would be much easier to aim for the fuel tanks in the wings (which when fully-loaded hold 53,611 gallons). Terrorists don’t need a diagram to figure that out. But a rescuer would want this information so that the oxygen valves could be turned off to mitigate the risk of a fire or explosion.


An Air Force source familiar with the history and purpose of the documents who asked not to be identified laughed when told of the above quote, reiterated that the Technical Order is and always has been unclassified, and said it is unclear how the document can be distributed now, adding that firefighters in particular won’t like any changes that make their jobs more difficult or dangerous.

“The order came down this afternoon [Monday] to remove this particular technical order from the public Web site,’ said John Birdsong, chief of media relations at Warner Robins Air Logistics Center, the air base in Georgia that had originally posted the order on its publicly accessible Web site.

According to Birdsong, the directive to remove the document came from a number of officials, including Dan McGarvey, the chief of information security for the Air Force at the Pentagon.”

Muddying things still further are comments from Jean Schaefer, deputy chief of public affairs for the Secretary of the Air Force. “We have very clear policies of what should be on the Web,” she said. “We need to emphasize the policy to the field. It appears that this document shouldn’t have been on the Web, and we have pulled the document in question. Our policy is clear in that documents that could make our operations vulnerable or threaten the safety of our people should not be available on the Web.”

And now, apparently, neither should documents that help ensure the safety of our pilots, aircrews, firefighters and emergency responders.

Another news report.

Some blogs criticized the San Francisco Chronicle for publishing this, because it gives the terrorists more information. I think they should be criticized for publishing this, because there’s no story here.

EDITED TO ADD (4/11): Much of the document is here.

Posted on April 11, 2006 at 2:40 PMView Comments

Counterfeiting Ring in Colombia


Police assisted by U.S. Secret Service agents on Sunday broke up a network capable of printing millions of dollars a month of excellent quality counterfeit money and arrested five suspects during a raid on a remote village in northwest Colombia, officials said.

It’s a big industry there:

Fernandez said Valle del Cauca, of which Cali is the state capital, has turned into a center of global counterfeiting. “Entire families are dedicated to falsifying and trafficking money.”


Colombia is thought to produce more than 40 percent of fake money circulating around the world.

Posted on November 29, 2005 at 4:29 PMView Comments

$5M Bank Con

Great crime story:

An ingenious fraudster is believed to be sunning himself on a beach after persuading leading banks to pay him more than €5 million (£3.5 million) in the belief that he was a secret service agent engaged in the fight against terrorist money-laundering.

The man, described by detectives as the greatest conman they had encountered, convinced one bank manager to leave him €358,000 in the lavatories of a Parisian bar. “This man is going to become a hero if he isn’t caught quickly,” an officer said. “The case is exceptional, perfectly unbelievable and surreal.”

Moral: Security is a people problem, not a technology problem

Posted on October 12, 2005 at 7:15 AMView Comments

DHS Enforces Copyright

Why is the Department of Homeland Security involved in copyright issues?

Agents shut down a popular Web site that allegedly had been distributing copyrighted music and movies, including versions of Star Wars Episode III: Revenge of the Sith. Homeland Security agents from several divisions served search warrants on 10 people around the country suspected of being involved with the Elite Torrents site, and took over the group’s main server.

Shouldn’t they be spending their resources on matters of national security instead of worrying about who is downloading the new Star Wars movie? Here’s the DHS’s mission statement, in case anyone is unsure what they’re supposed to be doing.

We will lead the unified national effort to secure America. We will prevent and deter terrorist attacks and protect against and respond to threats and hazards to the nation. We will ensure safe and secure borders, welcome lawful immigrants and visitors, and promote the free-flow of commerce.

I simply don’t believe that running down file sharers counts under “promote the free-flow of commerce.” That’s more along the lines of checking incoming shipping for smuggled nuclear bombs without shutting down our seaports.

Edited to add: Steve Wildstrom of Business Week left this comment, which seems to explain matters:

The DHS involvement turns out to be not the least bit mysterious. DHS is a sprawling agglomeration of agencies and the actual unit involved was Immigration and Customs Enforcement, a/k/a the Customs Service. Its involvement arose because the pirated copy of Star Wars apparently originated outside the U.S. and Customs is routinely involved in the interception and seizure of material entering the U.S. in violation of copyright or trademark laws. In Washington, for example, Customs agents regularly bust street vendors selling T-shirts with unlicensed Disney characters and other trademarked and copyright stuff.

The Secret Service’s role in computer crime enforcement arose from its anti-counterfeiting activities which extended to electronic crimes against financial institutions and cyber-crime in general. But they aren’t very good at it (anyone remember the Steve Jackson Games fiasco?) and the functions would probably best be turned over to another agency.

Posted on June 1, 2005 at 2:31 PMView Comments

Insider Threats

CERT (at Carnegie Mellon) just released a study on insider threats. They analyze 49 insider attacks between 1996 and 2002, and draw some conclusions about the attacks and attackers. Nothing about the prevalence of these attacks, and more about the particulars of them.

The report is mostly obvious, and isn’t worth more than a skim. But the particular methodology only tells part of the story.

Because the study focuses on insider attacks on information systems rather than attacks using information systems, it’s primarily about destructive acts. Of course the major motive is going to be revenge against the employer.

Near as I can tell, the report ignores attacks that use information systems to otherwise benefit the attacker. These attacks would include embezzlement — which at a guess is much more common than revenge.

The report also doesn’t seem to acknowledge that the researchers are only looking at attacks that were noticed. I’m not impressed by the fact that most of the attackers got caught, since those are the ones that were noticed. This reinforces the same bias: network disruption is far more noticeable than theft.

These are worrisome threats, but I’d be more concerned about insider attacks that aren’t nearly so obvious.

Still, there are some interesting statistics about those who use information systems to get back at their employers.

For example of the latter, the study’s “executive summary” notes that in 62 percent of the cases, “a negative work-related event triggered most of the insiders’ actions.” The study also found that 82 percent of the time the people who hacked their company “exhibited unusual behavior in the workplace prior to carrying out their activities.” The survey surmises that’s probably because the insiders were angry at someone they worked with or for: 84 percent of attacks were motivated by a desire to seek revenge, and in 85 percent of the cases the insider had a documented grievance against their employer or a co-worker….

Some other interesting (although not particularly surprising) tidbits: Almost all — 96 percent — of the insiders were men, and 30 percent of them had previously been arrested, including arrests for violent offenses (18 percent), alcohol or drug-related offenses (11 percent), and non-financial-fraud related theft offenses (11 percent).

Posted on May 18, 2005 at 9:28 AMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.