terrorism Archives - Page 18 of 80 - Schneier on Security

Entries Tagged "terrorism"

Page 18 of 80

Yet Another Way to Evade TSA's Full-Body Scanners

Last night, at the Third EPIC Champion of Freedom Awards Dinner, we gave an award to Susie Castillo, whose blog post and video of her treatment in the hands of the TSA has inspired thousands to complain about the agency and their treatment of travellers.

Sitting with her at dinner, I learned yet another way to evade the TSA’s full body scanners: carry a small pet. She regularly travels with her small dog, and has found that she is always directed away from the full-body scanners and through the magnetometers. I suspect that the difficulty of keeping the dog still is why TSA makes that determination. (The carrier, of course, goes through the x-ray machine.)

I’m not sure what the TSA is going to do now that I’ve publicized this unpublished exception. Those of you who travel with small pets: please let me know what happens.

(For those of you who are appalled that I could give the terrorists ideas on how to evade the full-body scanners, there are already so many ways that one more can’t hurt.)

Posted on June 14, 2011 at 7:54 AM • View Comments

Fighting Terrorism with Cupcakes

MI6 hacked into an online al-Qaeda magazine and replaced bomb-making instructions with a cupcake recipe.

It’s a more polite hack than subtly altering the recipe so it blows up during the making process. (I’ve been told, although I don’t know for sure, that the 1971 Anarchist’s Cookbook has similarly flawed recipes.)

Posted on June 6, 2011 at 2:59 PM • View Comments

Keeping Sensitive Information Out of the Hands of Terrorists Through Self-Restraint

In my forthcoming book (available February 2012), I talk about various mechanisms for societal security: how we as a group protect ourselves from the “dishonest minority” within us. I have four types of societal security systems:

moral systems—any internal rewards and punishments;
reputational systems—any informal external rewards and punishments;
rule-based systems—any formal system of rewards and punishments (mostly punishments); laws, mostly;
technological systems—everything like walls, door locks, cameras, and so on.

We spend most of our effort in the third and fourth category. I am spending a lot of time researching how the first two categories work.

Given that, I was very interested in seeing an article by Dallas Boyd in Homeland Security Affairs: “Protecting Sensitive Information: The Virtue of Self-Restraint,” where he basically says that people should not publish information that terrorists could use out of moral responsibility (he calls it “civic duty”). Ignore for a moment the debate about whether publishing information that could give the terrorists ideas is actually a bad idea—I think it’s not—what Boyd is proposing is actually very interesting. He specifically says that censorship is bad and won’t work, and wants to see voluntary self-restraint along with public shaming of offenders.

As an alternative to formal restrictions on communication, professional societies and influential figures should promote voluntary self-censorship as a civic duty. As this practice is already accepted among many scientists, it may be transferrable to members of other professions. As part of this effort, formal channels should be established in which citizens can alert the government to vulnerabilities and other sensitive information without exposing it to a wide audience. Concurrent with this campaign should be the stigmatization of those who recklessly disseminate sensitive information. This censure would be aided by the fact that many such people are unattractive figures whose writings betray their intellectual vanity. The public should be quick to furnish the opprobrium that presently escapes these individuals.

I don’t think it will work, and I don’t even think it’s possible in this international day and age, but it’s interesting to read the proposal.

Slashdot thread on the paper. Another article.

Posted on May 31, 2011 at 6:34 AM • View Comments

Bin Laden Maintained Computer Security with an Air Gap

From the Associated Press:

Bin Laden’s system was built on discipline and trust. But it also left behind an extensive archive of email exchanges for the U.S. to scour. The trove of electronic records pulled out of his compound after he was killed last week is revealing thousands of messages and potentially hundreds of email addresses, the AP has learned.

Holed up in his walled compound in northeast Pakistan with no phone or Internet capabilities, bin Laden would type a message on his computer without an Internet connection, then save it using a thumb-sized flash drive. He then passed the flash drive to a trusted courier, who would head for a distant Internet cafe.

At that location, the courier would plug the memory drive into a computer, copy bin Laden’s message into an email and send it. Reversing the process, the courier would copy any incoming email to the flash drive and return to the compound, where bin Laden would read his messages offline.

I’m impressed. It’s hard to maintain this kind of COMSEC discipline.

It was a slow, toilsome process. And it was so meticulous that even veteran intelligence officials have marveled at bin Laden’s ability to maintain it for so long. The U.S. always suspected bin Laden was communicating through couriers but did not anticipate the breadth of his communications as revealed by the materials he left behind.

Navy SEALs hauled away roughly 100 flash memory drives after they killed bin Laden, and officials said they appear to archive the back-and-forth communication between bin Laden and his associates around the world.

Posted on May 18, 2011 at 8:45 AM • View Comments

Extreme Authentication

Exactly how did they confirm it was Bin Laden’s body?

Officials compared the DNA of the person killed at the Abbottabad compound with the bin Laden “family DNA” to determine that the 9/11 mastermind had in fact been killed, a senior administration official said.

It was not clear how many different family members’ samples were compared or whose DNA was used.

[…]

Also to identify bin Laden, a visual ID was made. There were photo comparisons and other facial recognition used to identify him, the official said. A second official said that in addition to DNA, there was full biometric analysis of facial and body features.

EDITED TO ADD (5/5): A better article.

Posted on May 5, 2011 at 12:52 PM • View Comments

Bin Laden's Death Causes Spike in Suspicious Package Reports

It’s not that the risk is greater, it’s that the fear is greater. Data from New York:

There were 10,566 reports of suspicious objects across the five boroughs in 2010. So far this year, the total was 2,775 as of Tuesday compared with 2,477 through the same period last year.

[…]

The daily totals typically spike when terrorist plot makes headlines here or overseas, NYPD spokesman Paul Browne said Tuesday. The false alarms themselves sometimes get break-in cable news coverage or feed chatter online, fueling further fright.

On Monday, with news of the dramatic military raid of bin Laden’s Pakistani lair at full throttle, there were 62 reports of suspicious packages. The previous Monday, the 24-hour total was 18. All were deemed non-threats.

Despite all the false alarms, the New York Police Department still wants to hear them:

“We anticipate that with increased public vigilance comes an increase in false alarms for suspicious packages,” Kelly said at the Monday news conference. “This typically happens at times of heightened awareness. But we don’t want to discourage the public. If you see something, say something.”

That slogan, oddly enough, is owned by New York’s transit authority.

I have a different opinion: “If you ask amateurs to act as front-line security personnel, you shouldn’t be surprised when you get amateur security.”

People have always come forward to tell the police when they see something genuinely suspicious, and should continue to do so. But encouraging people to raise an alarm every time they’re spooked only squanders our security resources and makes no one safer.

“Refuse to be terrorized,” people.

Posted on May 5, 2011 at 6:43 AM • View Comments

Social Solidarity as an Effect of the 9/11 Terrorist Attacks

It’s standard sociological theory that a group experiences social solidarity in response to external conflict. This paper studies the phenomenon in the United States after the 9/11 terrorist attacks.

Conflict produces group solidarity in four phases: (1) an initial few days of shock and idiosyncratic individual reactions to attack; (2) one to two weeks of establishing standardized displays of solidarity symbols; (3) two to three months of high solidarity plateau; and (4) gradual decline toward normalcy in six to nine months. Solidarity is not uniform but is clustered in local groups supporting each other’s symbolic behavior. Actual solidarity behaviors are performed by minorities of the population, while vague verbal claims to performance are made by large majorities. Commemorative rituals intermittently revive high emotional peaks; participants become ranked according to their closeness to a center of ritual attention. Events, places, and organizations claim importance by associating themselves with national solidarity rituals and especially by surrounding themselves with pragmatically ineffective security ritual. Conflicts arise over access to centers of ritual attention; clashes occur between pragmatists deritualizing security and security zealots attempting to keep up the level of emotional intensity. The solidarity plateau is also a hysteria zone; as a center of emotional attention, it attracts ancillary attacks unrelated to the original terrorists as well as alarms and hoaxes. In particular historical circumstances, it becomes a period of atrocities.

This certainly makes sense as a group survival mechanism: self-interest giving way to group interest in face of a threat to the group. It’s the kind of thing I am talking about in my new book.

Paper also available here.

Posted on April 27, 2011 at 9:10 AM • View Comments

Security Fears of Wi-Fi in London Underground

The London Underground is getting Wi-Fi. Of course there are security fears:

But Will Geddes, founder of ICP Group which specialises in reducing terror or technology-related threats, said the plan was problematic.

He said: “There are lots of implications in terms of terrorism and security.

“This will enable people to use their laptop on the Tube as if it was a cell phone.”

Mr Geddes said there had been numerous examples of bomb attacks detonated remotely by mobile phone in Afghanistan and Iraq.

He warned a wi-fi system would enable a terror cell to communicate underground.

And he said “Trojan” or eavesdropping software could be used to penetrate users’ laptops and garner information such as bank details.

Mr Geddes added: “Eavesdropping software can be found and downloaded within minutes.”

This is just silly. We could have a similar conversation regarding any piece of our infrastructure. Yes, the bad guys could use it, just as they use telephones and automobiles and all-night restaurants. If we didn’t deploy technologies because of this fear, we’d still be living in the Middle Ages.

Posted on April 13, 2011 at 1:14 PM • View Comments

Israel's Counter-Cyberterrorism Unit

You’d think the country would already have one of these:

Israel is mulling the creation of a counter-cyberterrorism unit designed to safeguard both government agencies and core private sector firms against hacking attacks.

The proposed unit would supplement the efforts of Mossad and other agencies in fighting cyberespionage and denial of service attacks.

Posted on April 12, 2011 at 2:06 PM • View Comments

←Previous 1 … 16 17 18 19 20 … 80 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.