Entries Tagged "terrorism"

Page 57 of 80

Richard Clarke on the "Puppy Dog" Theory of Terrorism

Excellent op ed, by someone who actually knows about this stuff:

How is this odd terrorist puppy dog behavior supposed to work? The President must believe that terrorists are playing by some odd rules of chivalry. Would this be the “only one slaughter ground at a time” rule of terrorism?

Of course, nothing about our being “over there” in any way prevents terrorists from coming here. Quite the opposite, the evidence is overwhelming that our presence provides motivation for people throughout the Arab world to become anti-American terrorists.

Some 100,000 Iraqis, probably more, have been killed since our invasion. They have parents, children, cousins and fellow tribal clan members who have pledged revenge no matter how long it takes. For many, that revenge is focused on America.

Posted on April 27, 2007 at 11:54 AMView Comments

Triggering Bombs by Remote Key Entry Devices

I regularly read articles about terrorists using cell phones to trigger bombs. The Thai government seems to be particularly worried about this; two years ago I blogged about a particularly bizarre movie-plot threat along these lines. And last year I blogged about the cell phone network being restricted after the Mumbai terrorist bombings.

Efforts to restrict cell phone usage because of this threat are ridiculous. It’s a perfect example of a “movie-plot threat“: by focusing on the specfics of a particular tactic rather than the broad threat, we simply force the bad guys to modify their tactics. Lots of money spent: no security gained.

And that’s exactly what happened in Thailand:

Authorities said yesterday that police are looking for 40 Daihatsu keyless remote entry devices, some of which they believe were used to set off recent explosions in the deep South.

Militants who have in the past used mobile phones to set off bombs are being forced to change their detonation methods as security forces continue to block mobile phone signals while carrying out security missions, preventing them from carrying out their attacks.

[…]

Police found one of the Daihatsu keys near a blast site in Yala on April 13. It is thought the bomber dropped it while fleeing the scene. The key had been modified so its signal covered a longer distance, police said.

Posted on April 26, 2007 at 1:28 PMView Comments

Recognizing "Hinky" vs. Citizen Informants

On the subject of people noticing and reporting suspicious actions, I have been espousing two views that some find contradictory. One, we are all safer if police, guards, security screeners, and the like ignore traditional profiling and instead pay attention to people acting hinky: not right. And two, if we encourage people to contact the authorities every time they see something suspicious, we’re going to waste our time chasing false alarms: foreigners whose customs are different, people who are disliked by someone, and so on.

The key difference is expertise. People trained to be alert for something hinky will do much better than any profiler, but people who have no idea what to look for will do no better than random.

Here’s a story that illustrates this: Last week, a student at the Rochester Institute of Technology was arrested with two illegal assault weapons and 320 rounds of ammunition in his dorm room and car:

The discovery of the weapons was made only by chance. A conference center worker who served in the military was walking past Hackenburg’s dorm room. The door was shut, but the worker heard the all-too-familiar racking sound of a weapon, said the center’s director Bill Gunther.

Notice how expertise made the difference. The “conference center worker” had the right knowledge to recognize the sound and to understand that it was out of place in the environment he heard it. He wasn’t primed to be on the lookout for suspicious people and things; his trained awareness kicked in automatically. He recognized hinky, and he acted on that recognition. A random person simply can’t do that; he won’t recognize hinky when he sees it. He’ll report imams for praying, a neighbor he’s pissed at, or people at random. He’ll see an English professor recycling paper, and report a Middle-Eastern-looking man leaving a box on sidewalk.

We all have some experience with this. Each of us has some expertise in some topic, and will occasionally recognize that something is wrong even though we can’t fully explain what or why. An architect might feel that way about a particular structure; an artist might feel that way about a particular painting. I might look at a cryptographic system and intuitively know something is wrong with it, well before I figure out exactly what. Those are all examples of a subliminal recognition that something is hinky—in our particular domain of expertise.

Good security people have the knowledge, skill, and experience to do that in security situations. It’s the difference between a good security person and an amateur.

This is why behavioral assessment profiling is a good idea, while the Terrorist Information and Prevention System (TIPS) isn’t. This is why training truckers to look out for suspicious things on the highways is a good idea, while a vague list of things to watch out for isn’t. It’s why this Israeli driver recognized a passenger as a suicide bomber, while an American driver probably wouldn’t.

This kind of thing isn’t easy to train. (Much has been written about it, though; Malcolm Gladwell’s Blink discusses this in detail.) You can’t learn it from watching a seven-minute video. But the more we focus on this—the more we stop wasting our airport security resources on screeners who confiscate rocks and snow globes, and instead focus them on well-trained screeners walking through the airport looking for hinky—the more secure we will be.

EDITED TO ADD (4/26): Jim Harper makes an important clarification.

Posted on April 26, 2007 at 5:43 AMView Comments

English Professor Reported for Recycling Paper While Looking Middle Eastern

This is just awful:

Because of my recycling, the bomb squad came, then the state police. Because of my recycling, buildings were evacuated, classes were canceled, the campus was closed. No. Not because of my recycling. Because of my dark body. No. Not even that. Because of his fear. Because of the way he saw me. Because of the culture of fear, mistrust, hatred and suspicion that is carefully cultivated in the media, by the government, by people who claim to want to keep us “safe.”

[…]

What does that community mean to me, a person who has to walk by the ROTC offices every day on my way to my own office just down the hall—who was watched, noted and reported, all in a day’s work? Today, we gave in willingly and wholeheartedly to a culture of fear and blaming and profiling. It is deemed perfectly appropriate behavior to spy on one another and police one another and report on one another. Such behaviors exist most strongly in closed, undemocratic and fascist societies.

Posted on April 25, 2007 at 3:02 PMView Comments

A Rant from a Cop

People use policemen as props in their personal disputes:

Noon, its 59 degrees and I get a call from a guy whose neighbor’s dog has been left in a car. I get there, the windows are cracked, and the dog has only been in there 20 minutes. It’s 59 Degrees! It’s not summer and if it were the dead of winter I’d say the car is a $20,000 dog house. But it turns out this guy has a running dispute with his neighbor so guess who he calls to irritate the guy a little more? Me. When I go to leave, the asshole that called this in yells, “hey, aren’t you gonna do anything?” I explain why I am not and he says “great, I’m writing a letter to the paper” Holy shit. Now I’m the bad guy because I didn’t embarrass your target enough for you? Grow the hell up.

When the police implement programs to let ordinary citizens report suspected terrorists, this is the kind of thing that will result.

Posted on April 25, 2007 at 1:08 PMView Comments

How Australian Authorities Respond to Potential Terrorists

Watch the video of how the Australian authorities react when someone—dressed either as an American or Arab tourist—films the Sydney Harbor Bridge and a nuclear reactor.

The synopsis: The Arab is intercepted within three minutes both times, while the U.S. tourist is given instructions on how to get inside the nuclear facility.

Moral for terrorists: dress like an American.

By the way, Lucas Heights is a research reactor. It produces medical isotopes and performs research, and doesn’t produce power.

Posted on April 24, 2007 at 7:12 AMView Comments

Social Engineering Notes

This is a fantastic story of a major prank pulled off at the Super Bowl this year. Basically, five people smuggled more than a quarter of a ton of material into Dolphin Stadium in order to display their secret message on TV. A summary:

Just days after the Boston bomb scare, another team of Boston-based pranksters smuggled and distributed 2,350 suspicious light-up devices into the Super Bowl. Due to its attractiveness as a terrorist target, Dolphin Stadium was on a Level One security alert, a level usually reserved for Presidential inaugurations. By posing as media reporters, the pranksters were able to navigate 95 boxes through federal marshals, Homeland Security agents, bomb squads, police dogs, and a five-ton X-ray crane.

Given all the security, it’s amazing how easy it was for them to become part of the security perimeter with all that random stuff. But to those of us who follow this thing, it shouldn’t be. His observations are spot on:

1. Wear a suit.
2. Wear a Bluetooth headset.
3. Pretend to be talking loudly to someone on the other line.
4. Carry a clipboard.
5. Be white.

Again, no surprise here. But it makes you wonder what’s the point of annoying the hell out of ordinary citizens with security measures (like pat down searches) when the emperor has no clothes.

Someone who crashed the Oscars last year gave similar advice:

Show up at the theater, dressed as a chef carrying a live lobster, looking really concerned.

On a much smaller scale, here’s someone’s story of social engineering a bank branch:

I enter the first branch at approximately 9:00AM. Dressed in Dickies coveralls, a baseball cap, work boots and sunglasses I approach the young lady at the front desk.

“Hello,” I say. “John Doe with XYZ Pest Control, here to perform your pest inspection.?? I flash her the smile followed by the credentials. She looks at me for a moment, goes “Uhm… okay… let me check with the branch manager…” and picks up the phone. I stand around twiddling my thumbs and wait while the manager is contacted and confirmation is made. If all goes according to plan, the fake emails I sent out last week notifying branch managers of our inspection will allow me access.

It does.

Social engineering is surprisingly easy. As I said in Beyond Fear (page 144):

Social engineering will probably always work, because so many people are by nature helpful and so many corporate employees are naturally cheerful and accommodating. Attacks are rare, and most people asking for information or help are legitimate. By appealing to the victim’s natural tendencies, the attacker will usually be able to cozen what she wants.

All it takes is a good cover story.

EDITED TO ADD (4/20): The first commenter suggested that the Zug story is a hoax. I think he makes a good argument, and I have no evidence to refute it. Does anyone know for sure?

EDITED TO ADD (4/21): Wired concludes that the Super Bowl stunt happened, but that no one noticed. Engaget is leaning toward hoax.

Posted on April 20, 2007 at 6:41 AMView Comments

Another Boston Terrorism Overreaction

Are these people trying to be stupid?

Sofia Loginova, 17, a Quincy High senior, said she didn’t hire anyone to hang four backpacks emblazoned with her Web site’s name, www.B4Class.com, and filled with newspapers and some dollar bills, from tree limbs and on a fence near the school. The unexplained backpacks sparked a panic.

The State Police Bomb Squad brought in a mechanical robot and a bomb-sniffing dog to investigate, immediately bringing to mind the Cartoon Network marketing ploy that shut down parts of Boston for hours earlier this year.

Terrorism used to be hard. Now all you have to is hang backpacks from trees near schools.

Refuse to be terrorized, people!

Posted on April 17, 2007 at 7:23 AMView Comments

Ordinary People Being Labeled as Terrorists

By law, every business has to check their customers against a list of “specially designated nationals,” and not do business with anyone on that list.

Of course, the list is riddled with bad names and many innocents get caught up in the net. And many businesses decide that it’s easier to turn away potential customers with whose name is on the list, creating—well—a shunned class:

Tom Kubbany is neither a terrorist nor a drug trafficker, has average credit and has owned homes in the past, so the Northern California mental-health worker was baffled when his mortgage broker said lenders were not interested in him. Reviewing his loan file, he discovered something shocking. At the top of his credit report was an OFAC alert provided by credit bureau TransUnion that showed that his middle name, Hassan, is an alias for Ali Saddam Hussein, purportedly a “son of Saddam Hussein.”

The record is not clear on whether Ali Saddam Hussein was a Hussein offspring, but the OFAC list stated he was born in 1980 or 1983. Kubbany was born in Detroit in 1949.

Under OFAC guidance, the date discrepancy signals a false match. Still, Kubbany said, the broker decided not to proceed. “She just talked with a bunch of lenders over the phone and they said, ‘No,’ ” he said. “So we said, ‘The heck with it. We’ll just go somewhere else.’ ”

Kubbany and his wife are applying for another loan, though he worries that the stigma lingers. “There’s a dark cloud over us,” he said. “We will never know if we had qualified for the mortgage last summer, then we might have been in a house now.”

Saad Ali Muhammad is an African American who was born in Chicago and converted to Islam in 1980. When he tried to buy a used car from a Chevrolet dealership three years ago, a salesman ran his credit report and at the top saw a reference to “OFAC search,” followed by the names of terrorists including Osama bin Laden. The only apparent connection was the name Muhammad. The credit report, also by TransUnion, did not explain what OFAC was or what the credit report user should do with the information. Muhammad wrote to TransUnion and filed a complaint with a state human rights agency, but the alert remains on his report, Sinnar said.

Colleen Tunney-Ryan, a TransUnion spokeswoman, said in an e-mail that clients using the firm’s credit reports are solely responsible for any action required by federal law as a result of a potential match and that they must agree they will not take any adverse action against a consumer based solely on the report.

The lawyers’ committee documented other cases, including that of a couple in Phoenix who were about to close on their first home, only to be told the sale could not proceed because the husband’s first and last names—common Hispanic names—matched an entry on the OFAC list. The entry did not include a date or place of birth, which could have helped distinguish the individuals.

In another case, a Roseville, Calif., couple wanted to buy a treadmill from a home fitness store on a financing plan. A bank representative told the salesperson that because the husband’s first name was Hussein, the couple would have to wait 72 hours while they were investigated. Though the couple eventually received the treadmill, they were so embarrassed by the incident they did not want their names in the report, Sinnar said.

This is the same problem as the no-fly list, only in a larger context. And it’s no way to combat terrorism. Thankfully, many businesses don’t know to check this list and people whose names are similar to suspected terrorists’ can still lead mostly normal lives. But the trend here is not good.

Posted on April 10, 2007 at 6:23 AMView Comments

1 55 56 57 58 59 80

Sidebar photo of Bruce Schneier by Joe MacInnis.