Categories
Security Terrorism Uncategorized

Terrorist or idiot?

Bruce Schneier has written an excellent piece on how the actual dangers posed by terrorist plots often differs widely from the dangers portrayed by the media and governments, it is titled Portrait of the Modern Terrorist as an Idiot.

The recently publicized terrorist plot to blow up John F. Kennedy International Airport, like so many of the terrorist plots over the past few years, is a study in alarmism and incompetence: on the part of the terrorists, our government and the press.

Terrorism is a real threat, and one that needs to be addressed by appropriate means. But allowing ourselves to be terrorized by wannabe terrorists and unrealistic plots — and worse, allowing our essential freedoms to be lost by using them as an excuse — is wrong.

These wannabe terrorists are often pathetic Walter Mitty type characters whose fantasies of martyrdom are undermined by their utter of competence and ability to carry out their ridiculous plots. The case of Russell Defreitas and his plot to blow up JFK airport is a good example.

It’s a plot straight from the disaster movie genre. Destroy New York’s major airport, its terminals, and even parts of the borough of Brooklyn in one dastardly explosion.

Unfortunately for the alleged plotters, the real life Jack Bauers (of 24 fame) were ahead of the ticking bomb. Not only was the idea outlandish and highly unlikely to succeed, but authorities have been recording the conversations of the plotters for the past 18 months.

– Did these men pose a threat? Undoubtedly.
– Could they have blown up JFK airport? It’s doubtful and in any case they were barely into the planning stage of the attack and had been under surveillance for a long time so whatever threat they posed could never be realised.

Categories
Reviews Security Terrorism TV

24: CTU security

Is it just me or does CTU LA seem to be the least secure Counter Terrorist facility on the planet. I’ve lost track now of how many times it has been successfully infiltrated or attacked it seems to have at least once a season if not more.

Hour 21 of Season 6 and it has happened again and been taken over by Chinese agents. Poor foolish Milo. This would never have happened had Bill Buchanan been left in charge!

Categories
Security Uncategorized

Iris scam. Iris scan

Iridology may be bogus science, but it appears that the eyes really could windows to the soul as Swedish researchers reveal it may be possible to read a person’s personality from their irises.

Categories
Computing Security

The Psychology of Security

Bruce Schneier’s Essay The Psychology of Security

Categories
Security Surveillance Uncategorized

The street value of X-ray cameras

BBC News: Could X-ray scanners work on the street?

X-ray cameras that would “undress” passers-by in a bid to thwart terrorists concealing weapons, could be coming to a street near you, according to reports. Aside from the obvious privacy issues, would such a plan work?

Leaked documents said to have been drawn up by the Home Office and seen by the Sun newspaper say cameras which can see through clothes could be built into lamp posts to “trap terror suspects”.

X-ray type cameras have their place in the security framework but in the War on Terror they would be costly and ineffective if implemented widely like surveillance cameras.

They are effective in situations where specific locations need securing such as airports as they can be used to filter out individuals for additional scrutiny by security guards who are hand to do so.

Surveillance cameras are used in an entirely different manner they are predominantly used as a visible deterrent against criminal acts or as evidence gathering devices for prosecution of criminals after the fact. They are very rarely used to apprehend criminals in the act.

Security expert Bob Ayers, of Chatham House, believes putting an X-ray lens on a lamppost poses all sorts of resource questions.

“Some guy walks past and his picture is beamed back to a control room to say that something is under his jacket. What do you do? Despatch a police car to hunt him down and frisk him?

“The real question is not whether the technology can see something under the clothing. It’s how you respond to it when the technology says there’s something unusual.

This may well have been obtained from leak Home Office documents but I doubt even that incompetent government department would pursue this ill-thought out scheme.

Categories
Computing Security

Gold standard for identity. Yeah right!

BBC News: Giant ID computer plan scrapped

Not unfortunately the scrapping of a plan for a government computer the size of a building like they had at Bureau West near where I live.

P5150072 In fact the government has announced that the proposed National Identity Register which underpins their ID Card scheme will not be created anew so as to be clean and error-free but instead will be constructed from the current databases of various government agencies.

The information will be stored in three separate databases including the Department of Work and Pensions’ Customer Information Service, which holds national insurance records, and the Identity and Passport Service computer system.

Mr Reid denied IT companies had wasted millions on preparation work for an entirely new system, saying the industry had been consulted on the move.

The government has reportedly spent about £35m on IT consultants since the ID cards project began in 2004.

“Doing something sensible is not necessarily a U-turn,” Mr Reid told reporters.

“We have decided it is lower risk, more efficient and faster to take the infrastructure that already exists, although the data will be drawn from other sources.”

So we’ll have a National Identity Register that is as full of errors as the current ones are, hardly the ‘Gold Standard’ for identity that the Home Office proudly announced it would be is it.

Interestingly the Press Release from the Identity and Passport Service makes no reference to this at all other than in passing.

This news comes as Home Office Minister Liam Byrne published a Strategic Action Plan for the National Identity Scheme and the Borders, Immigration and Identity Action Plan, which follow the wider Home Office review earlier this year and signal the countdown to the introduction of ID cards to UK citizens in 2009.

The Strategic Action Plan being the document where the new plans for the National Identity Register are laid out. Instead the press release focuses on the part of the plan that describes how the fingerprinting of foreign nationals will help secure Britain’s border and crackdown on illegal working and fraudulent access to services. Immigration Minister Liam Byrne said:

We’re determined that Britain won’t be a soft touch for illegal immigration. Compulsory biometric identity for foreign nationals will help us secure our borders, shut down access to the illegal jobs, which we know attracts illegal immigrants, and help fight foreign criminals.

But all this is completely irrelevant when we are talking about the establishment of a biometric based National Identity Register of UK citizens.

As NO2ID theorize this is about the establishment of the ‘database state’.

There is a growing list of planned systems.

* So-called ‘biometric’ ePassports that log data about your travel when used – see www.RenewForFreedom.org
* Centralised medical records without privacy – see www.TheBigOptOut.org
* Biometrics in schools – see www.LeaveThemKidsAlone.com
* Recording of all car journeys as a matter of course, using ANPR.

Categories
Politics Security Uncategorized

BAE Systems are above the law

The Guardian reports that due to National Security issues a major SFO investigation of BAE Systems has been halted.

A major criminal investigation into alleged corruption by the arms company BAE Systems and its executives was stopped in its tracks yesterday when the prime minister claimed it would endanger Britain’s security if the inquiry was allowed to continue.

The remarkable intervention was announced by the attorney general, Lord Goldsmith, who took the decision to end the Serious Fraud Office inquiry into alleged bribes paid by the company to Saudi officials, after consulting cabinet colleagues.

It would appear that the lobbying of the company and the Saudi government has finally payed off and the government has pulled the plug as it were on the inquiry. The Serious Fraud Office issued this statement.

The Attorney General had apparently consulted with the prime minister, the defence secretary, foreign secretary, and the intelligence services, and they jointly decided that “the wider public interest” “outweighed the need to maintain the rule of law”.

So BAE Systems can now in my opinion be considered above the law, but then that has seemed always to have been the way when it comes to British arms companies, at least under the previous Conservative government.

I suppose naively I had thought that this government would be different especially given that we’ve a prime minister who once taunted his predecessor as someone “knee deep in dishonour” over an arms deal and who promised that he would be “purer than pure” in office.

I feel like one of the animals looking in at the pigs and men at the end of Animal Farm.

The creatures outside looked from pig to man, and from man to pig, and from pig to man again; but already it was impossible to say which was which.

Edit: Garry Smith of A Big Stick and a Small Carrot apparently feels exactly the same and beat me to the punch with the quote.

Categories
Security Uncategorized

Activating my card.

I finally got around to activating my new credit card this morning that I had received a few weeks ago.

I put it off as I really do hate these phone calls and I’ve done it quite a few times in the past as I transfer balances around to new cards in order to take advantage of the 0% balance transfer rates.

It is a good security procedure but more and more the card companies are using it as an opportunity to flog their overpriced payment protection policies. So sure enough having sat there on hold for five minutes waiting until they could connect me to an operator I was then told it would take five minutes to activate my card.

Like hell does it!

It takes a fraction of a second to activate the card and then five minutes of sales pitch.

Categories
Politics Security Surveillance Uncategorized

If thine eye offends thee, pluck it out.

The Guardian reports: Police want power to crack down on offensive demo chants and slogans

Present curbs are too light, Met chief to tell Goldsmith

This seems like nothing more than a power grab and an appeal to the right wing members sections of Britain that are incensed by these uppity sandal-wearing Lefties and Muslim types voicing their displeasure about various things.

The country’s biggest force, the Metropolitan police, is to lobby the attorney general, Lord Goldsmith, because officers believe that large sections of the population have become increasingly politicised, and there is a growing sense that the current restrictions on demonstrations are too light.

It seems to me that Tony Blair’s government has recently freaked out about something which has been going on for quite a few years and that is issue politics. The populace seem generally apathetic about the political parties but a number are passionate about singular political issues be it marching in opposition to the Hunting Bill or demonstrating against the Iraq war etc. Also there has been a rise in political views being expressed online as the number of fora has increased where such views can be aired.

I think that they have freaked out because virtually all these views being expressed are anti-government. You’d be hard pressed to find any Joe Public commenter expressing a pro-Iraq opinion for example.

Most worrying is the following bit of it.

The police want powers to tackle a “grey area” in the array of public order laws. At present, causing offence by itself is not a criminal offence.

Causing offence is not a criminal offence and it never bloody well should be.

He talks about respecting freedom of speech.

We also need to think more laterally around how we police public demonstrations where ‘offence’ could be caused, while still respecting the British position around freedom of speech.

But this sounds like just a piece of management speak that means nothing.

But then I’m part of the problem not the solution aren’t I.

Categories
Computing Security

British biometric passports’ security cracked

Earlier this year the UK Passport Service (now the Identity and Passport Service) started to introduce Biometric Passports (pdf link) in an effort to vastly improve the security of the passport system. In their words

To:
• help fight passport fraud and forgery;
• help the public and the UK to fight identity fraud;
• ensure the British Passport stays one of the most secure and respected in the world;

However it seems that according to a report in today’s Guardian that these new ultra-secure passports aren’t all they are cracked up to be and that the security has been severely undermined by a number poor decisions made in the implementation of the system.

Firstly they have opted to use RFID chips to store the data in accordance to standards drawn up by the International Civil Aviation Organization. The use of RFID to store the data is bad enough but the ICAO standard also directs that the key used to access the data should be comprised of , in the following order, the passport number, the holder’s date of birth and the passport expiry date, all of which are contained on the printed page of the passport on a “machine readable zone.”

Bruce Schneier an authority in the area of security has written a number of times about the security wreckage associated with passports containing RFIDs.

• April 28, 2005 RFID Passport Security

• November 03, 2005 The Security of RFID Passports

Including on August 03, 2006 Hackers Clone RFID Passports a very similar hack to the one carried out by Adam Laurie on behalf of The Guardian newspaper.

Most recently Schneier has revealed that The Data Privacy and Integrity Advisory Committee of the Department of Homeland Security has recommended against putting RFID chips in identity cards. Whether the US government heeds this advice is yet to be seen but unfortunately for us in Britain our government has already made the poor choice.

The security measures in place to prevent unauthorized access to the data held on the chip work by creating a encrypted ‘conversation’ between the chip and the reader. Interestingly they have used the Triple DES algorithm for the encryption instead of AES which was introduced to replace Triple DES in 2002 and which is much more efficient. However the choice of algorithm is a secondary concern compared with how it was implemented with a key that is comprised of non-secret information that is published in the passport itself.

As Laurie puts it so eloquently “That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat.”