Entries Tagged "UK"

Page 10 of 19

War on Terror Over in the UK

The British Government changes their rhetoric:

The words “war on terror” will no longer be used by the British government to describe attacks on the public, the country’s chief prosecutor said Dec. 27.

Sir Ken Macdonald said terrorist fanatics were not soldiers fighting a war but simply members of an aimless “death cult.”

The Director of Public Prosecutions said: ‘We resist the language of warfare, and I think the government has moved on this. It no longer uses this sort of language.”

London is not a battlefield, he said.

“The people who were murdered on July 7 were not the victims of war. The men who killed them were not soldiers,” Macdonald said. “They were fantasists, narcissists, murderers and criminals and need to be responded to in that way.”

This is excellent. The only war has been rhetorical, and using that language only served to scare people and legitimize the terrorists. Someday the U.S. will follow suit.

Posted on January 2, 2008 at 12:59 PMView Comments

Defeating the Shoe Scanning Machine at Heathrow Airport

For a while now, Heathrow Airport has had a unique setup for scanning shoes. Instead of taking your shoes off during the normal screening process, as you do in U.S. airports, you go through the metal detector with your shoes on. Then, later, there is a special shoe scanning X-ray machine. You take your shoes off, send them through the machine, and put them on at the other end.

It’s definitely faster, but it’s an easy system to defeat. The vulnerability is that no one verifies that the shoes you walked through the metal detector with are the same shoes you put on the scanning machine.

Here’s how the attack works. Assume that you have two pairs of shoes: a clean pair that passes all levels of screening, and a dangerous pair that doesn’t. (Ignore for a moment the ridiculousness of screening shoes in the first place, and assume that an X-ray machine can detect the dangerous pair.) Put the dangerous shoes on your feet and the clean shoes in your carry-on bag. Walk through the metal detector. Then, at the shoe X-ray machine, take the dangerous shoes off and put them in your bag, and take the clean shoes out of your bag and place them on the X-ray machine. You’ve now managed to get through security without having your shoes screened.

This works because the two security systems are decoupled. And the shoe screening machine is so crowded and chaotic, and so poorly manned, that no one notices the switch.

U.S. airports force people to put their shoes through the X-ray machine and walk through the metal detector shoeless, ensuring that all shoes get screened. That might be slower, but it works.

EDITED TO ADD (12/14): Heathrow Terminal 3, that is. The system wasn’t in place in Terminal 4, and I don’t know about Terminals 1 and 2.

Posted on December 14, 2007 at 5:43 AMView Comments

MI5 Sounds Alarm on Internet Spying from China

Someone in MI5 is pissed off at China:

In an unprecedented alert, the Director-General of MI5 sent a confidential letter to 300 chief executives and security chiefs at banks, accountants and legal firms this week warning them that they were under attack from “Chinese state organisations.”

[…]

Firms known to have been compromised recently by Chinese attacks are one of Europe’s largest engineering companies and a large oil company, The Times has learnt. Another source familiar with the MI5 warning said, however, that known attacks had not been limited to large firms based in the City of London. Law firms and other businesses in the regions that deal even with only small parts of Chinese-linked deals are being probed as potential weak spots, he said.

A security expert who has also seen the letter said that among the techniques used by Chinese groups were “custom Trojans”, software designed to hack into the network of a particular firm and feed back confidential data. The MI5 letter includes a list of known “signatures” that can be used to identify Chinese Trojans and a list of internet addresses known to have been used to launch attacks.

A big study gave warning this week that Government and military computer systems in Britain are coming under sustained attack from China and other countries. It followed a report presented to the US Congress last month describing Chinese espionage in the US as so extensive that it represented “the single greatest risk to the security of American technologies.”

EDITED TO ADD (12/13): The Onion comments.

EDITED TO ADD (12/14): At first, I thought that someone in MI5 was pissed off at China. But now I think that someone in MI5 was pissed that he wasn’t getting any budget.

Posted on December 4, 2007 at 12:34 PMView Comments

Animal Rights Activists Forced to Hand Over Encryption Keys

In the UK:

In early November about 30 animal rights activists are understood to have received letters from the Crown Prosecution Service in Hampshire inviting them to provide passwords that will decrypt material held on seized computers.

The letter is the first stage of a process set out under RIPA which governs how the authorities handle requests to examine encrypted material.

Once a request has been issued the authorities can then issue what is known as a Section 49 notice demanding that a person turn the data into an “intelligible” form or, under Section 51 hand over keys.

Although much of RIPA came into force many years ago, the part governing the handing over of keys only passed in to law on 1 October 2007. This is why the CPS is only now asking for access to files on the seized machines.

Alongside a S49 notice, the authorities can also issue a Section 54 notice that prevents a person revealing that they are subject to this part of RIPA.

Actually, we don’t know if the activists actually handed the police their encryption keys yet. More about the law here.

If you remember, this was sold to the public as essential for fighting terrorism. It’s already being misused.

Posted on November 28, 2007 at 12:12 PMView Comments

UK's Privacy Chernobyl

I didn’t write about this story at first because we’ve seen it so many times before: a disk with lots of personal information is lost. Encryption is the simple and obvious solution, and that’s the end of it.

But the UK’s loss of 25 million child benefit records—including dates of birth, addresses, bank account information, and national insurance numbers—is turning into a privacy disaster, threatening to derail plans for a national ID card.

Why is it such a big deal? Certainly the scope: 40% of the British population. Also the data: bank account details; plus information about children. There’s already a larger debate on the issue of a database on kids that this feeds into. And it’s a demonstration of government incompetence (think Hurricane Katrina).

In any case, this issue isn’t going away anytime soon. Prime Minister Gordon Brown has apologized. The head of the Revenue and Customs office has resigned. More is certainly coming.

And this is an easy security problem to solve! Disk and file encryption software is cheap, easy to use, and effective.

Posted on November 26, 2007 at 1:15 PMView Comments

UK Spends Billions to Force Rail Terrorists to Drive a Little Further

Makes no sense:

Passengers at Liverpool’s Lime Street station face airport-style searches and bag-screening, under swingeing new anti-terror measures unveiled yesterday.

And security barriers, vehicle exclusion zones and blast-resistant buildings will be introduced at airports, ports and up to 250 of the busiest train stations, Gordon Brown announced.

Of course, less busy train stations are only a few minutes away by car.

Posted on November 22, 2007 at 6:28 AMView Comments

British Nuclear Security Kind of Slipshod

No two-person control or complicated safety features: until 1998, you could arm British nukes with a bicycle lock key.

To arm the weapons you just open a panel held by two captive screws—like a battery cover on a radio—using a thumbnail or a coin.

Inside are the arming switch and a series of dials which you can turn with an Allen key to select high yield or low yield, air burst or groundburst and other parameters.

The Bomb is actually armed by inserting a bicycle lock key into the arming switch and turning it through 90 degrees. There is no code which needs to be entered or dual key system to prevent a rogue individual from arming the Bomb.

Certainly most of the security was procedural. But still….

Posted on November 21, 2007 at 12:50 PMView Comments

More "War on the Unexpected"

The “War on the Unexpected” is being fought everywhere.

In Australia:

Bouncers kicked a Melbourne man out of a Cairns pub after paranoid patrons complained that he was reading a book called The Unknown Terrorist.

At the U.S. border with Canada:

A Canadian firetruck responding with lights and sirens to a weekend fire in Rouses Point, New York, was stopped at the U.S. border for about eight minutes, U.S. border officials said Tuesday.

[…]

The Canadian firefighters “were asked for IDs,” Trombley said. “I believe they even ran the license plate on the truck to make sure it was legal.”

In the UK:

A man who had gone into a diabetic coma on a bus in Leeds was shot twice with a Taser gun by police who feared he may have been a security threat.

In Maine:

A powdered substance that led to a baggage claim being shut down for nearly six hours at the Portland International Jetport was a mixture of flour and sugar, airport officials said Thursday.

Fear is winning. Refuse to be terrorized, people.

Posted on November 21, 2007 at 6:39 AMView Comments

House of Lords on the Liquid Ban

From the UK:

“We continuously monitor the effectiveness of, in particular, the liquid security measures…”

How, one might ask? But hold on:

“The fact that there has not been a serious incident involving liquid explosives indicates, I would have thought, that the measures that we have put in place so far have been very effective.”

Ah, that’s how. On which basis the measures against asteroid strike, alien invasion and unexplained nationwide floods of deadly boiling custard have also been remarkably effective.

Posted on October 31, 2007 at 2:52 PMView Comments

1 8 9 10 11 12 19

Sidebar photo of Bruce Schneier by Joe MacInnis.