Schneier on Security: Tagged weapons

Entries Tagged "weapons"

Page 9 of 12

U.S. Government Contractor Injects Malicious Software into Critical Military Computers

This is just a frightening story. Basically, a contractor with a top secret security clearance was able to inject malicious code and sabotage computers used to track Navy submarines.

Yeah, it was annoying to find and fix the problem, but hang on. How is it possible for a single disgruntled idiot to damage a multi-billion-dollar weapons system? Why aren’t there any security systems in place to prevent this? I’ll bet anything that there was absolutely no control or review over who put what code in where. I’ll bet that if this guy had been just a little bit cleverer, he could have done a whole lot more damage without ever getting caught.

One of the ways to deal with the problem of trusted individuals is by making sure they’re trustworthy. The clearance process is supposed to handle that. But given the enormous damage that a single person can do here, it makes a lot of sense to add a second security mechanism: limiting the degree to which each individual must be trusted. A decent system of code reviews, or change auditing, would go a long way to reduce the risk of this sort of thing.

I’ll also bet you anything that Microsoft has more security around its critical code than the U.S. military does.

Posted on April 13, 2007 at 12:33 PM • View Comments

TSA Failures in the News

I’m not sure which is more important—the news or the fact that no one is surprised:

Sources told 9NEWS the Red Team was able to sneak about 90 percent of simulated weapons past checkpoint screeners in Denver. In the baggage area, screeners caught one explosive device that was packed in a suitcase. However later, screeners in the baggage area missed a book bomb, according to sources.

“There’s very little substance to security,” said former Red Team leader Bogdan Dzakovic. “It literally is all window dressing that we’re doing. It’s big theater on TV and when you go to the airport. It’s just security theater.”

Dzakovic was a Red Team leader from 1995 until September 11, 2001. After the terrorist attacks, Dzakovic became a federally protected whistleblower and alleged that thousands of people died needlessly. He testified before the 9/11 Commission and the National Commission on Terrorist Attacks Upon the US that the Red Team “breached security with ridiculous ease up to 90 percent of the time,” and said the FAA “knew how vulnerable aviation security was.”

Dzakovic, who is currently a TSA inspector, said security is no better today.

“It’s worse now. The terrorists can pretty much do what they want when they want to do it,” he said.

Posted on April 2, 2007 at 12:16 PM • View Comments

Mennonites and Photo IDs

Mennonites are considering moving to a different state because they don’t want their photo taken for their drivers licenses. Many (all?) states had religious exemptions to the photo requirement, but now fewer do.

The most interesting paragraph to me is the last one, though:

And in Pennsylvania, Dr. Kraybill said, a law requiring photo identification to buy guns has prompted many Amish hunters to hire non-Amish neighbors to buy guns for them.

Sounds like the photo-ID requirement is backfiring in this case.

Posted on March 29, 2007 at 2:54 PM • View Comments

Airport Screeners Still Aren't Any Good

They may be great at keeping you from taking your bottle of water onto the plane, but when it comes to catching actual bombs and guns they’re not very good:

Screeners at Newark Liberty International Airport, one of the starting points for the Sept. 11 hijackers, failed 20 of 22 security tests conducted by undercover U.S. agents last week, missing concealed bombs and guns at checkpoints throughout the major air hub’s three terminals, according to federal security officials.

[…]

One of the security officials familiar with last week’s tests said Newark screeners missed fake explosive devices hidden under bottles of water in carry-on luggage, taped beneath an agent’s clothing and concealed under a leg bandage another tester wore.

The official said screeners also failed to use handheld metal-detector wands when required, missed an explosive device during a pat-down and failed to properly hand-check suspicious carry-on bags. Supervisors also were cited for failing to properly monitor checkpoint screeners, the official said. “We just totally missed everything,” the official said.

As I’ve written before, this is actually a very hard problem to solve:

Airport screeners have a difficult job, primarily because the human brain isn’t naturally adapted to the task. We’re wired for visual pattern matching, and are great at picking out something we know to look for—for example, a lion in a sea of tall grass.

But we’re much less adept at detecting random exceptions in uniform data. Faced with an endless stream of identical objects, the brain quickly concludes that everything is identical and there’s no point in paying attention. By the time the exception comes around, the brain simply doesn’t notice it. This psychological phenomenon isn’t just a problem in airport screening: It’s been identified in inspections of all kinds, and is why casinos move their dealers around so often. The tasks are simply mind-numbing.

To make matters worse, the smuggler can try to exploit the system. He can position the weapons in his baggage just so. He can try to disguise them by adding other metal items to distract the screeners. He can disassemble bomb parts so they look nothing like bombs. Against a bored screener, he has the upper hand.

But perversely, even a mediocre success rate here is probably good enough:

Remember the point of passenger screening. We’re not trying to catch the clever, organized, well-funded terrorists. We’re trying to catch the amateurs and the incompetent. We’re trying to catch the unstable. We’re trying to catch the copycats. These are all legitimate threats, and we’re smart to defend against them. Against the professionals, we’re just trying to add enough uncertainty into the system that they’ll choose other targets instead.

[…]

What that means is that a basic cursory screening is good enough. If I were investing in security, I would fund significant research into computer-assisted screening equipment for both checked and carry-on bags, but wouldn’t spend a lot of money on invasive screening procedures and secondary screening. I would much rather have well-trained security personnel wandering around the airport, both in and out of uniform, looking for suspicious actions.

Remember this truism: We can’t keep weapons out of prisons. We can’t possibly keep them out of airports.

Posted on October 31, 2006 at 12:52 PM • View Comments

Prison Shivs

A collection of 11 prison shivs confiscated over 20 years ago in New Jersey.

Think about these, and the adverse conditions they were made under, the next time you see someone’s pocket knife being taken away from them at airport security. We can’t keep weapons out of prisons; we can’t possibly expect to keep them out of airports.

Posted on August 10, 2006 at 2:29 PM • View Comments

Anti-Missile Defenses for Passenger Aircraft

It’s not happening anytime soon:

Congress agreed to pay for the development of the systems to protect the planes from such weapons, but balked at proposals to spend the billions needed to protect all 6,800 commercial U.S. airliners.

Probably for the best, actually. One, there are far more effective ways to spend that money on counterterrorism. And two, they’re only effective against a particular type of missile technology:

Both BAE and Northrop systems use lasers to jam the guidance systems of incoming missiles, which lock onto the heat of an aircraft’s engine.

Posted on August 3, 2006 at 7:30 AM • View Comments

Memoirs of an Airport Security Screener

This person worked as an airport security screener years before 9/11, before the TSA, so hopefully things are different now. It’s a pretty fascinating read, though.

Two things pop out at me. One, as I wrote, it’s a mind-numbingly boring task. And two, the screeners were trained not to find weapons, but to find the particular example weapons that the FAA would test them on.

“How do you know it’s a gun?” he asked me.

“it looks like one,” I said, and was immediately pounded on the back.

“Goddamn right it does. You get over here,” yelled Mike to Will.

“How do you know it’s a gun?”

“I look for the outline of the cartridge and the…” Will started.

“What?”

“The barrel you can see right here,” Will continued, oblivious to his pending doom.

“What the hell are you talking about? That’s not how you find this gun.”

“No sir. It’s how you find any gun, sir,” said Will. I knew right then that this was a disaster.

“Any gun? Any gun? I don’t give a fuck about any gun, dipshit. I care about this gun. The FAA will not test you with another gun. The FAA will never put any gun but this one in the machine. I don’t care if you are a fucking gun nut who can tell the caliber by sniffing the barrel, you look for this gun. THIS ONE.” Mike strode to the test bag and dumped it out at the feet of the metal detector, sending the machine into a frenzy.

“THIS bomb. This knife. I don’t care if you miss a goddamn bazooka and some son of a bitch cuts your throat with a knife you let through as long as you find THIS GUN.”

“But we’re supposed to find,” Will insisted.

“You find what I trained you to find. The other shit doesn’t get taken out of my paycheck when you miss it,” said Mike.

Not exactly the result we’re looking for, but one that makes sense given the economic incentives that were at work.

I sure hope things are different today.

Posted on July 28, 2006 at 6:22 AM • View Comments

Password-Protected Bullets

New invention, just patented:

Meyerle is patenting a design for a modified cartridge that would be fired by a burst of high-frequency radio energy. But the energy would only ignite the charge if a solid-state switch within the cartridge had been activated. This would only happen if a password entered into the gun using a tiny keypad matched one stored in the cartridge.

When they are sold, cartridges could be programmed with a password that matches the purchaser’s gun. An owner could set the gun to request the password when it is reloaded, or to perform a biometric check before firing. The gun could also automatically lock itself after a pre-set period of time has passed since the password was entered.

Posted on June 30, 2006 at 6:41 AM • View Comments

New Directions in Chemical Warfare

From New Scientist:

The Pentagon considered developing a host of non-lethal chemical weapons that would disrupt discipline and morale among enemy troops, newly declassified documents reveal.

Most bizarre among the plans was one for the development of an “aphrodisiac” chemical weapon that would make enemy soldiers sexually irresistible to each other. Provoking widespread homosexual behaviour among troops would cause a “distasteful but completely non-lethal” blow to morale, the proposal says.

Other ideas included chemical weapons that attract swarms of enraged wasps or angry rats to troop positions, making them uninhabitable. Another was to develop a chemical that caused “severe and lasting halitosis”, making it easy to identify guerrillas trying to blend in with civilians. There was also the idea of making troops’ skin unbearably sensitive to sunlight.

Technology always gets better; it never gets worse. There will be a time, probably in our lifetimes, when weapons like these will be real.

Posted on June 9, 2006 at 1:33 PM • View Comments

Homebrew Chemical Weapons

Nice article discussing the hype, and reality, over the threat of homebrew chemical weapons.

Posted on June 6, 2006 at 11:51 AM • View Comments

←Previous 1 … 7 8 9 10 11 12 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.