Schneier on Security: Tagged United Arab Emirates

Entries Tagged "United Arab Emirates"

Page 2 of 2

More on the Al-Mabhouh Assassination

Interesting essay by a former CIA field officer on the al-Mabhouh assassination:

The truth is that Mr. Mabhouh’s assassination was conducted according to the book—a military operation in which the environment is completely controlled by the assassins. At least 25 people are needed to carry off something like this. You need “eyes on” the target 24 hours a day to ensure that when the time comes he is alone. You need coverage of the police—assassinations go very wrong when the police stumble into the middle of one. You need coverage of the hotel security staff, the maids, the outside of the hotel. You even need people in back-up accommodations in the event the team needs a place to hide.

I found this conclusion incredible:

I can only speculate about where exactly the hit went wrong. But I would guess the assassins failed to account for the marked advance in technology.

[…]

Not completely understanding advances in technology may be one explanation for the assassins nonchalantly exposing their faces to the closed-circuit TV cameras, one female assassin even smiling at one…. The other explanation—the assassins didn’t care whether their faces were identified—doesn’t seem plausible at all.

Does he really think that this professional a team simply didn’t realize that there were security cameras in airports and hotels? I think that the “other explanation” is not only plausible, it’s obvious.

The number of suspects is now at 27, by the way. And:

Also Monday, the sources said the UAE central bank is working with other nations to track funding and 14 credit cards—issued mostly by a United States bank—used by the suspects in different places, including the United States.

We’ll see how well these people covered their tracks.

EDITED TO ADD (3/3): Speculation that it’s Egypt or Jordan. I don’t believe it.

EDITED TO ADD (3/5): More commentary on the tactics. Speculation that it was Mossad.

Posted on March 2, 2010 at 5:55 AM • View Comments

Al-Mabhouh Assassination

The January 19th assassination of Mahmoud al-Mabhouh reads like a very professional operation:

Security footage of the killers’ movements during the afternoon, released by police in Dubai yesterday, underlines the professionalism of the operation. The group switched hotels several times and wore disguises including false beards and wigs, while surveillance teams rotated in pairs through the hotel lobby, never hanging around for too long and paying for everything in cash.

Folliard and another member of the party carrying an Irish passport in the name of Kevin Daveron were operating as spotters on the second floor of the hotel when the murder was committed. Both switched hotels that afternoon and dressed smartly to pose as hotel staff. The bald Daveron donned a dark wig and glasses, while Folliard appears to have removed a blonde wig to reveal dark hair.

Throughout the operation, none of the suspects made a direct call to any another. However, Dubai police traced a high volume of calls and text messages between three phones carried by the assassins and four numbers in Austria where a command centre had apparently been established.

To co-ordinate their movements on the ground, the team used discreet, sophisticated short-range communication devices as they tracked their victim.

And this:

The Dubai authorities claim there were two teams: one carried out surveillance of the target, while the other—which appears to be a group of younger men, at least as far as the camera shots show—carried out the killing.

Contrary to reports, the squad did not break into Mabhouh’s hotel room, nor did they knock on the door. They entered the room using copies of keys they had somehow acquired.

Read the whole thing—and watch (in three parts) this video compilation of all the CCTV cameras in the hotels and airprort. It’s impressive. And the professionalism leads pretty much everyone to suspect Mossad.

There are a few things I wonder about. The team didn’t know what hotel Mabhouh would be staying in, nor whether he would be alone or with others. The team also didn’t use any guns. How much of the operation was preplanned, and how much was created on the fly? Was that why there were so many people involved?

The team booked the hotel room directly across the hallway from Mabhouh. That seems like the part of the plan most likely to arouse suspicion. It’s unusual to reserve a particular room, and not unreasonable to think that the hotel desk staff might wonder who else is booked nearby.

How did they get into Mabhouh’s hotel room. The video shows evidence of them trying to reprogram the door. Given that they didn’t know the hotel until they got there, what kind of general hotel-key reprogramming devices do they have?

I wonder if any of those fake passports had RFID chips?

Dubai’s police chief said six of the suspects had British passports, three were Irish, one French and one German.

The passports are believed to be fakes.

And Mabhouh was discovered in his room, the door locked and barred from the inside. Is it really that easy to do that to a hotel room door?

Note: Please limit comments to the security considerations and lessons of the assassination, and steer clear of the politics.

EDITED TO ADD (2/19): Interesting analysis:

Investigators believe the assassins tried to reprogram the electronic lock on al-Mabhouh’s door to gain entry. Some news reports say the assassins entered the room while the victim was out and waited for him to return, while others say they were thwarted from entering the room when a hotel guest stepped off the elevator on al-Mabhouh’s floor. They then had to resort to tricking al-Mabhouh into opening his door to them after he returned.

[…]

He said the number of people involved in the operation indicates that it may have been put together in a rush.

“The less time you have to plan and carry out an operation, the more people you need to carry it out [on the ground],” he said. “The more time you have to plan . . . there’s a lot of things you eliminate.”

If you know that you can stop the elevator in the basement, for example, you don’t then need people guarding the elevator lobby on the victim’s floor to make sure no one steps off the elevator, he said.

He says it was likely that the Mossad’s second in command for operations was in the hotel or the area when the assassination took place and has gone unnoticed by the Dubai authorities.

[…]

Ostrovsky said although the operatives scattered to various parts of the world after the operation was completed, he believes they’re all back in Israel now. He says other countries are likely sifting through their airport surveillance tapes now to track the final destination of the team members.

He added that the Mossad was likely surprised by how the Dubai authorities pieced everything together so well and publicized the video and passport photos of the suspects.

[…]

Ostrovsky said that despite the Dubai operation’s success, it was amateurish at moments. He points to the bad disguises the suspects used—wigs, glasses and moustaches—and the fact that suspects seemed changed their disguises in the same place. He also points to two of the suspects who followed the victim to his hotel room while dressed in tennis outfits and didn’t seem to know what they were doing.

The two seemed to confer momentarily while the victim exited the elevator, as if deciding who would follow the victim to his room. A hotel employee accompanying the victim to his room even glanced back at the two, as if noticing their confusion.

“A lot of people in the field make those mistakes and they never come up because they’re never [caught on tape],” he said.

Posted on February 19, 2010 at 6:49 AM • View Comments

Censorship in Dubai

I was in Dubai last weekend for the World Economic Forum Summit on the Global Agenda. (I was on the “Future of the Internet” council; fellow council members Ethan Zuckerman and Jeff Jarvis have written about the event.)

As part of the United Arab Emirates, Dubai censors the Internet:

The government of the United Arab Emirates (UAE) pervasively filters Web sites that contain pornography or relate to alcohol and drug use, gay and lesbian issues, or online dating or gambling. Web-based applications and religious and political sites are also filtered, though less extensively. Additionally, legal controls limit free expression and behavior, restricting political discourse and dissent online.

More detail here.

What was interesting to me about how reasonable the execution of the policy was. Unlike some countries—China for example—that simply block objectionable content, the UAE displays a screen indicating that the URL has been blocked and offers information about its appeals process.

Posted on November 12, 2008 at 12:56 PM • View Comments

The Dubai Port Issue

This is a pretty good commentary on the issue.

(I’ve said in the past that the real security problem here is the transparency of the process.)

Posted on March 7, 2006 at 1:47 PM • View Comments

U.S. Port Security and Proxies

My twelfth essay for Wired.com is about U.S. port security, and more generally about trust and proxies:

Pull aside the rhetoric, and this is everyone’s point. There are those who don’t trust the Bush administration and believe its motivations are political. There are those who don’t trust the UAE because of its terrorist ties—two of the 9/11 terrorists and some of the funding for the attack came out of that country—and those who don’t trust it because of racial prejudices. There are those who don’t trust security at our nation’s ports generally and see this as just another example of the problem.

The solution is openness. The Bush administration needs to better explain how port security works, and the decision process by which the sale of P&O was approved. If this deal doesn’t compromise security, voters—at least the particular lawmakers we trust—need to understand that.

Regardless of the outcome of the Dubai deal, we need more transparency in how our government approaches counter-terrorism in general. Secrecy simply isn’t serving our nation well in this case. It’s not making us safer, and it’s properly reducing faith in our government.

Proxies are a natural outgrowth of society, an inevitable byproduct of specialization. But our proxies are not us and they have different motivations—they simply won’t make the same security decisions as we would. Whether a king is hiring mercenaries, an organization is hiring a network security company or a person is asking some guy to watch his bags while he gets a drink of water, successful security proxies are based on trust. And when it comes to government, trust comes through transparency and openness.

Posted on February 23, 2006 at 7:07 AM • View Comments

←Previous 1 2

Sidebar photo of Bruce Schneier by Joe MacInnis.