London Bombing and the Usefulness of Terrorist Watch Lists
According to the London Times:
Security sources confirmed that none of the bombers was on any MI5 file, although one had links to a person investigated by police.
Entries Tagged "terrorism"
Page 76 of 80
Security Risks of Airplane WiFi
I’ve already written about the stupidity of worrying about cell phones on airplanes. Now the Department of Homeland Security is worried about broadband Internet.
Federal law enforcement officials, fearful that terrorists will exploit emerging in-flight broadband services to remotely activate bombs or coordinate hijackings, are asking regulators for the power to begin eavesdropping on any passenger’s internet use within 10 minutes of obtaining court authorization.
In joint comments filed with the FCC last Tuesday, the Justice Department, the FBI and the Department of Homeland Security warned that a terrorist could use on-board internet access to communicate with confederates on other planes, on the ground or in different sections of the same plane—all from the comfort of an aisle seat.
“There is a short window of opportunity in which action can be taken to thwart a suicidal terrorist hijacking or remedy other crisis situations on board an aircraft, and law enforcement needs to maximize its ability to respond to these potentially lethal situations,” the filing reads.
Terrorists never use SSH, after all. (I suppose that’s the next thing the DHS is going to try to ban.)
Terrorism Defense: A Failure of Imagination
The 9/11 Commission report talked about a “failure of imagination” before the 9/11 attacks:
The most important failure was one of imagination. We do not believe leaders understood the gravity of the threat. The terrorist danger from Bin Ladin and al Qaeda was not a major topic for policy debate among the public, the media, or in the Congress. Indeed, it barely came up during the 2000 presidential campaign.
More generally, this term has been used to describe the U.S. government’s response to the terrorist threat. We spend a lot of money defending against what they did last time, or against particular threats we imagine, but ignore the general threat or the root causes of terrorism.
With the London bombings, we’re doing it again. I was going to write a long post about this, but Richard Forno already wrote a nice essay.
The London bombs went off over 12 hours ago.
So why is CNN-TV still splashing “breaking news” on the screen?
There’s been zero new developments in the past several hours. Perhaps the “breaking news” is that CNN’s now playing spooky “terror attack” music over commercial bumpers now filled with dramatic camera-phone images from London commuters that appeared on the Web earlier this morning.
Aside from that, the only new development since about noon seems to be the incessant press conferences held by public officials in cities around the country showcasing what they’ve done since 9/11 and what they’re doing here at home to respond to the blasts in London…which pretty much comes down to lots of guys with guns running around America’s mass transit system in an effort to present the appearance of “increased security” to reassure the public. While such activities are a political necessity to show that our leaders are ‘doing something’ during a time of crisis we must remember that talk or activity is no substitute for progress or effectiveness.
Forget the fact that regular uniformed police officers and rail employees can sweep or monitor a train station just as well as a fully-decked-out SWAT team—not to mention, they know it better, too. Forget that even with an added law enforcement presence, it’s quite possible to launch a suicide attack on mass transit. Forget that a smart terrorist now knows that the DHS response to attacks is to “increase” the security of related infrastructures (e.g., train stations) and just might attack another, lesser-protected part of American society potentially with far greater success. In these and other ways today following the London bombings, the majority of security attention has been directed at mass transit. However, while we can’t protect everything against every form of attack, our American responses remain conventional and predictable—just as we did after the Madrid train bombings in 2004 and today’s events in London, we continue to respond in ways designed to “prevent the last attack.”
In other words, we are demonstrating a lack of protective imagination.
Contrary to America’s infatuation with instant gratification, protective imagination is not quickly built, funded, or enacted. It takes years to inculcate such a mindset brought about by outside the box, unconventional, and daring thinking from folks with expertise and years of firsthand knowledge in areas far beyond security or law enforcement and who are encouraged to think freely and have their analyses seriously considered in the halls of Washington. Such a radical way of thinking and planning is necessary to deal with an equally radical adversary, yet we remain entrenched in conventional wisdom and responses.
Here at home, for all the money spent in the name of homeland security, we’re not acting against the terrorists, we’re reacting against them, and doing so in a very conventional, very ineffective manner. Yet nobody seems to be asking why.
While this morning’s events in London is a tragedy and Londoners deserve our full support in the coming days, it’s sad to see that regarding the need for effective domestic preparedness here in the United States, nearly 4 years after 9/11, it’s clear that despite the catchy sound-bytes and flurry of activity in the name of protecting the homeland, the more things seem to change, the more they stay the same.
Surveillance Cameras and Terrorism
I was going to write something about the foolishness of adding cameras to public spaces as a response to terrorism threats, but Scott Henson said it already:
Homeland Security Ubermeister Michael Chertoff just told NBC’s Tim Russert on Meet the Press this morning that the United States should invest in “cameras and dogs” to protect subway, rail and bus transit systems from terrorist attacks.
B.S.
Surveillance cameras didn’t deter the terrorist attacks in London. They didn’t stop the courthouse killing spree in Atlanta. But they’re prone to abuse. And at the end of they day they don’t reduce crime.
London Transport Bombings
I am on vacation today and this weekend, and won’t be able to read about the London Transport bombings in depth until Monday. For now I would just like to express my sympathy and condolences to those directly affected, and the good people of London, England, Europe, and the world. Targeting innocents might be an effective tactic, but that doesn’t make it any less craven and despicable.
I would also like to urge everyone not to get wrapped up in the particulars of the terrorist tactics. We need to resist the urge to react against the particulars of this particular terrorist plot, and to keep focused on the terrorists’ goals. Spending billions to defend our trains and busses at the expense of other counterterrorist measures makes no sense. Terrorists are out to cause terror, and they don’t care if they bomb trains, busses, shopping malls, theaters, stadiums, schools, markets, restaurants, discos, or any other collection of 100 people in a small space. There are simply too many targets to defend, and we need to think smarter than protecting the particular targets the terrorists attacked last week.
Smart counterterrorism focuses on the terrorists and their funding—stopping plots regardless of their targets—and emergency response that limits their damage.
I’ll have more to say later. But again, my sympathy goes out to those killed and injured, their family and friends, and everyone else in the world indirectly affected by these acts as they are endlessly repeated in the media.
White Powder Anthrax Hoaxes
Earlier this month, there was an anthrax scare at the Indonesian embassy in Australia. Someone sent them some white powder in an envelope, which was scary enough. Then it tested positive for bacillus. The building was decontaminated, and the staff was quarantined for twelve hours. By then, tests came back negative for anthrax.
A lot of thought went into this false alarm. The attackers obviously knew that their white powder would be quickly tested for the presence of a bacterium of the bacillus family (of which anthrax is a member), but that the bacillus would have to be cultured for a couple of days before a more exact identification could be made. So even without any anthrax, they managed to cause two days of terror.
At a guess, this incident had something to do with Schapelle Corby (yet another security related story). Corby was arrested in Bali for smuggling drugs into the country. Her defense, widely believed in Australia, was that she was an unwitting dupe of the real drug smugglers. Supposedly, the smugglers work as airport baggage handlers and slip packages into checked baggage and remove them at the far end before reclaim. In any case, Bali has very strict drug laws and Corby was recently convicted in what Australians consider a miscarriage of justice. There have been news reports saying that there is no connection, but it just seems too obvious.
In an interesting side note, the media have revealed for the first time that 360 “white powder” incidents have taken place since 11 September 2001. This news had been suppressed by the government, which had issued D notices to the media for all such incidents. So there has been one such incident approximately every four days—an astonishing number, given Australia’s otherwise low crime rate.
Risks of Cell Phones on Airplanes
Everyone—except those who like peace and quiet—thinks it’s a good idea to allow cell phone calls on airplanes, and are working out the technical details. But the U.S. government is worried that terrorists might make telephone calls from airplanes.
If the mobile phone ban were lifted, law enforcement authorities worry an attacker could use the device to coordinate with accomplices on the ground, on another flight or seated elsewhere on the same plane.
If mobile phone calls are to be allowed during flights, the law enforcement agencies urged that users be required to register their location on a plane before placing a call and that officials have fast access to call identification data.
“There is a short window of opportunity in which action can be taken to thwart a suicidal terrorist hijacking or remedy other crisis situations on board an aircraft,” the agencies said.
This is beyond idiotic. Again and again, we hear the argument that a particular technology can be used for bad things, so we have to ban or control it. The problem is that when we ban or control a technology, we also deny ourselves some of the good things it can be used for. Security is always a trade-off. Almost all technologies can be used for both good and evil; in Beyond Fear, I call them “dual use” technologies. Most of the time, the good uses far outweigh the evil uses, and we’re much better off as a society embracing the good uses and dealing with the evil uses some other way.
We don’t ban cars because bank robbers can use them to get away faster. We don’t ban cell phones because drug dealers use them to arrange sales. We don’t ban money because kidnappers use it. And finally, we don’t ban cryptography because the bad guys it to keep their communications secret. In all of these cases, the benefit to society of having the technology is much greater than the benefit to society of controlling, crippling, or banning the technology.
And, of course, security countermeasures that force the attackers to make a minor modification in their tactics aren’t very good trade-offs. Banning cell phones on airplanes only makes sense if the terrorists are planning to use cell phones on airplanes, and will give up and not bother with their attack because they can’t. If their plan doesn’t involve air-to-ground communications, or if it doesn’t involve air travel at all, then the security measure is a waste. And even worse, we denied ourselves all the good uses of the technology in the process.
Security officials are also worried that personal phone use could increase the risk that remotely-controlled bomb will be used to down an airliner. But they acknowledged simple radio-controlled explosive devices have been used in the past on planes and the first line of defence was security checks at airports.
Still, they said that “the departments believe that the new possibilities generated by airborne passenger connectivity must be recognized.”
That last sentence got it right. New possibilities, both good and bad.
Billions Wasted on Anti-Terrorism Security
Recently there have been a bunch of news articles about how lousy counterterrorism security is in the United States, how billions of dollars have been wasted on security since 9/11, and how much of what was purchased doesn’t work as advertised.
The first is from the May 8 New York Times (available at the website for pay, but there are copies here and here):
After spending more than $4.5 billion on screening devices to monitor the nation’s ports, borders, airports, mail and air, the federal government is moving to replace or alter much of the antiterrorism equipment, concluding that it is ineffective, unreliable or too expensive to operate.
Many of the monitoring tools—intended to detect guns, explosives, and nuclear and biological weapons—were bought during the blitz in security spending after the attacks of Sept. 11, 2001.
In its effort to create a virtual shield around America, the Department of Homeland Security now plans to spend billions of dollars more. Although some changes are being made because of technology that has emerged in the last couple of years, many of them are planned because devices currently in use have done little to improve the nation’s security, according to a review of agency documents and interviews with federal officials and outside experts.
From another part of the article:
Among the problems:
- Radiation monitors at ports and borders that cannot differentiate between radiation emitted by a nuclear bomb and naturally occurring radiation from everyday material like cat litter or ceramic tile.
- Air-monitoring equipment in major cities that is only marginally effective because not enough detectors were deployed and were sometimes not properly calibrated or installed. They also do not produce results for up to 36 hours—long after a biological attack would potentially infect thousands of people.
- Passenger-screening equipment at airports that auditors have found is no more likely than before federal screeners took over to detect whether someone is trying to carry a weapon or a bomb aboard a plane.
- Postal Service machines that test only a small percentage of mail and look for anthrax but no other biological agents.
The Washington Post had a series of articles. The first lists some more problems:
- The contract to hire airport passenger screeners grew to $741 million from $104 million in less than a year. The screeners are failing to detect weapons at roughly the same rate as shortly after the attacks.
- The contract for airport bomb-detection machines ballooned to at least $1.2 billion from $508 million over 18 months. The machines have been hampered by high false-alarm rates.
- A contract for a computer network called US-VISIT to screen foreign visitors could cost taxpayers $10 billion. It relies on outdated technology that puts the project at risk.
- Radiation-detection machines worth a total of a half-billion dollars deployed to screen trucks and cargo containers at ports and borders have trouble distinguishing between highly enriched uranium and common household products. The problem has prompted costly plans to replace the machines.
The second is about border security.
And more recently, a New York Times article on how lousy port security is.
There are a lot of morals here: the problems of believing companies that have something to sell you, the difficulty of making technological security solutions work, the problems with making major security changes quickly, the mismanagement that comes from any large bureaucracy like the DHS, and the wastefulness of defending potential terrorist targets instead of broadly trying to deal with terrorism.
Fearmongering About Bot Networks
Bot networks are a serious security problem, but this is ridiculous. From the Independent:
The PC in your home could be part of a complex international terrorist network. Without you realising it, your computer could be helping to launder millions of pounds, attacking companies’ websites or cracking confidential government codes.
This is not the stuff of science fiction or a conspiracy theory from a paranoid mind, but a warning from one of the world’s most-respected experts on computer crime. Dr Peter Tippett is chief technology officer at Cybertrust, a US computer security company, and a senior adviser on the issue to President George Bush. His warning is stark: criminals and terrorists are hijacking home PCs over the internet, creating “bot” computers to carry out illegal activities.
Yes, bot networks are bad. They’re used to send spam (both commercial and phishing), launch denial-of-service attacks (sometimes involving extortion), and stage attacks on other systems. Most bot networks are controlled by kids, but more and more criminals are getting into the act.
But your computer a part of an international terrorist network? Get real.
Once a criminal has gathered together what is known as a “herd” of bots, the combined computing power can be dangerous. “If you want to break the nuclear launch code then set a million computers to work on it. There is now a danger of nation state attacks,” says Dr Tippett. “The vast majority of terrorist organisations will use bots.”
I keep reading that last sentence, and wonder if “bots” is just a typo for “bombs.” And the line about bot networks being used to crack nuclear launch codes is nothing more than fearmongering.
Clearly I need to write an essay on bot networks.
ITConversations Interview
This is an interview with me from ITConversations.
Sidebar photo of Bruce Schneier by Joe MacInnis.