A Geek With Guns

Chronicling the depravities of the State.

Archive for the ‘Security Theater’ tag

Tightening the Chains

without comments

The turkey won’t be the only thing to get a hand up its ass this Thanksgiving:

New TSA screening guidelines will likely make Thanksgiving travel a disaster for legions of Americans — and the worst is yet to come.

Shortly after Trump’s inauguration, TSA announced more “comprehensive” pat-down procedures which the Denver airport suggested might involve “more intimate contact than before.” TSA preemptively notified local police to expect potential complaints, and plenty of travelers are howling:

The Transportation Security Administration (TSA) still hasn’t thwarted a single terrorist plot. After 16 years one might expect an agency to show proof of having accomplished something. Instead the agency has pulled the same stunt as every other government agency and claimed that its failures are due to lack of funding. And like every other government agency, the TSA has shown no evidence of improvement when its funding has been increased.

Creating the Super Bowl Experience

without comments

The toll of the Super Bowl continues to rise. Between the “security” turning the entire city into a prison, shutdown streets, and light rail use reserved exclusively for Super Bowl attendees, things have already become quite miserable for the denizens of Minneapolis. But the Super Bowl experience wouldn’t be complete if some wealthy attendees had their vision offended by a poor person so the homeless shelter near the stadium is being evacuated for the duration of the game:

Dozens of people who use a homeless shelter near U.S. Bank Stadium will be moved to a new, temporary facility during Super Bowl week because of security concerns.

In a deal struck with churches and social service agencies, up to 60 people who normally would spend the night at First Covenant Church in downtown Minneapolis will be relocated six blocks away to a makeshift shelter at St. Olaf Catholic Church. The transition will occur the Thursday before the 2018 game and last through Super Bowl Sunday.

It is, of course, being done in the name of security. However, the 60 people occupying that shelter are no more a security risk than the hundreds living in the condominiums near the stadium so it’s pretty obvious this decision has nothing to do with actual security. But most “security” decisions being made have nothing to do with security and everything to do with security theater being a convenient excuse to ensure the Super Bowl attendees don’t have to deal with the riffraff or Minneapolis.

Written by Christopher Burg

November 17th, 2017 at 10:00 am

For $19.95 You Too Can Rent a Weapon of Terror for 90 Minutes

with one comment

I’m predicting that it’s going to become a lot more difficult to rent a vehicle in the near future because of the attack perpetrated in Manhattan yesterday:

TRIBECA, Manhattan — A man described as a “lone wolf” deliberately drove a rented truck into a West Side bike path in lower Manhattan, killing at least eight people and injuring 11 others in the first terror attack in New York City since 9/11.

A high ranking police source tells PIX11 News the suspect has been identified as 29-year-old Sayfullo Saipov from Tampa, Florida. Saipov was brandishing two fake guns when he exited the truck after the multi-block rampage, yelling “Allah Akbar,” which is Arabic for God is great.

Since the attacker supposedly yelled, “Allah Akbar,” this attack was labeled terrorism, which brings us to a rather important point. For the low price of $19.95 (for 90 minutes) the attacker was able to acquire a weapon of terror from Home Depot. Asymmetrical warfare tactics are difficult to counter specifically because the weaponry is cheap and readily available.

Unfortunately, this attack will likely make renting a vehicle a huge pain in the ass in the near future. Because its logo is on the side of the truck, Home Depot will feel the need to demonstrate its piety to the State. It will likely do this by establishing new policies for vehicle rentals that include a bunch of new hoops for renters to jump through. Such policies will be futile but that doesn’t matter since they’ll be implemented for show, not for actual security reasons.

Make no mistake, terrorism is winning the War on Terror. Almost every attack that gets labeled terrorism results in the lives of everyday people being inconvenienced by more bureaucracy that does nothing to improve actual security. This attack will likely be no different in that regard.

Written by Christopher Burg

November 1st, 2017 at 11:00 am

TSA Agents Want to Talk to You

without comments

It must get lonely being a Transportation Security Administration (TSA) officer. They stand in line for hours making the lives of passengers who are just trying to get from one place to another miserable. Needless to say, there isn’t a lot of love for TSA officers. To help alleviate their loneliness, higher ups have implemented new security measures that will require people entering the country to make small talk with the agency’s flunkies:

New security measures including stricter passenger screening take effect on Thursday on all U.S.-bound flights to comply with government requirements designed to avoid an in-cabin ban on laptops, airlines said.

Airlines contacted by Reuters said the new measures could include short security interviews with passengers at check-in or the boarding gate, sparking concerns over flight delays and extended processing time.

They will affect 325,000 airline passengers on about 2,000 commercial flights arriving daily in the United States, on 180 airlines from 280 airports in 105 countries.

Now we know what the laptop ban was all about, making the intended security policy look better by comparison. This change in policy will also do nothing to improve airline security. I know that the agency is going for the Israeli system but that requires having people who know what they’re doing asking passengers questions. The TSA isn’t renowned for hiring competent individuals and any encounter with one of their officers will give anybody who has watched Idiocracy flashbacks.

Written by Christopher Burg

October 27th, 2017 at 10:30 am

Everything is a Big Ol’ Conspiracy

without comments

Can anything occur this day and age without people claiming that it’s part of a conspiracy? Almost immediately after the shooting in Las Vegas, before any investigation had a chance to even begin, people were claiming that the event was part of some conspiracy. As with most conspiracy theories, this conspiracy theory is based on spurious evidence. So far the dumbest “evidence” that “doesn’t add up” is news that the shooter used the freight elevator at Mandalay Bay:

Law enforcement sources told CBS News that Las Vegas shooter Stephen Paddock is believed to have used the freight elevator at the Mandalay Bay hotel casino in the days leading up to last week’s deadly attack.

It wasn’t clear what Paddock used the freight elevator for or how often he used it.

How could the shooter have accessed a restricted freight elevator without help from the inside? Obviously this is proof that he had help!

Anybody who claims that doesn’t realize just how poor building security generally is. I’ve used freight elevators on numerous occasions, including in casinos, without authorization. They’re usually “hidden” behind a nondescript door or one with a sign that says “Employees Only.” In almost every case the door is unlocked and the elevator lacks any form of access control. If the owners of the building are really concerned about security, there might be cameras that aren’t monitored by anybody facing the freight elevator doors although even that’s pretty rare.

Another way of gaining access to a freight elevator is to ask the person working at the front desk if you can use it to haul up a bunch of luggage. As it turns out, the person at the front desk who is tasked with making the customer happy will often let you use the freight elevator if it makes you happy. Humans are often wonderfully helpful creatures.

So I’m sorry to report that using a freight elevator isn’t evidence that “doesn’t add up.” It adds ups quite cleanly. Although I suspect that access control on freight elevators will become more common now that this information has been released.

Written by Christopher Burg

October 12th, 2017 at 10:00 am

Assume All Source Code is Open Source

without comments

Let’s pretend that you’re a fool and believe that security through obscurity works. Because of your foolish belief you sought closed source security software. Since potential adversaries can’t see the source code, they can’t find vulnerabilities in it to attack you with, right? Not so much. Just because software is closed source doesn’t mean nobody is allowed to see the source code. HP recently granted Russia permission to review the source code of one of its security software packages:

Last year, Hewlett Packard Enterprise (HPE) allowed a Russian defense agency to analyze the source code of a cybersecurity software used by the Pentagon, Reuters reports. The software, a product called ArcSight, is an important piece of cyber defense for the Army, Air Force and Navy and works by alerting users to suspicious activity — such as a high number of failed login attempts — that might be a sign of an ongoing cyber attack. The review of the software was done by a company called Echelon for Russia’s Federal Service for Technical and Export Control as HPE was seeking to sell the software in the country. While such reviews are common for outside companies looking to market these types of products in Russia, this one could have helped Russian officials find weaknesses in the software that could aid in attacks on US military cyber networks.

I don’t subscribe to the belief that open source software is inherently more secure (however, I do believe open source software offers several advantages over closed source software that are unrelated to security). I think the numerous critical vulnerabilities discovered in OpenSSL put that belief to bed. However, I also don’t believe that closed source software is inherently more secure. Just because a developer doesn’t share its source code with everybody doesn’t mean it doesn’t share its source code with third parties. In the case of HP, one of the third parties granted access to its source code was an adversary of one of its customers.

If you’re purchasing software from a third party, you have no control over who it shares its source code with. So if you believe in security through obscurity, closed source software won’t offer you any advantage, perceived or otherwise.

Written by Christopher Burg

October 6th, 2017 at 10:00 am

Posted in Technology

Tagged with ,

But Wait, There’s More

without comments

Equifax already displayed a staggering level of incompetence but like a Billy Mays commercial there’s more:

The official Equifax Twitter account encouraged people to visit a knock-off website that mocks the company’s security practices instead of the site the company created to warn of a massive data breach. That recent breach exposed personal details for as many as 143 million US consumers.

In a tweet on Tuesday afternoon, an Equifax representative using the name Tim wrote: “Hi! For more information about the product and enrollment, please visit: securityequifax2017.com.” The message came in response to a question about free credit monitoring Equifax is offering victims. The site is a knock-off of the official Equifax breach notification site, equifaxsecurity2017.com. A security researcher created the imposter site to demonstrate how easy it is to confuse a legitimate name with a bogus one. The Equifax tweet suggests that even company representatives can be easily fooled. The tweet was deleted late Wednesday morning, more than 18 hours after it went live.

It’s almost as if large credit agencies like Equifax aren’t held accountable for screwing up and therefore aren’t motivated to do an effective job. Weird.

Statists continue to claim that government is necessary to deliver justice when large corporations like this screw up. However, I’m still waiting to see the government do anything more than give a corporation like this a minor slap on the wrist for fuck ups of this magnitude. Hell, I’m still waiting to see the government give Equifax a stern talking to over this series of amateur mistakes. As far as I can tell, government seems exists primarily to protect large corporations like this from competitors that would currently be tearing it apart if there was a free market.

Written by Christopher Burg

September 22nd, 2017 at 10:30 am

Plan Ahead

without comments

Planning ahead can save you a great deal of grief, frustration, and money:

Two things are true of all festivals: the security is super tight and the booze is very expensive.

[…]

One guy from New York named Alex found an ingenious way to get past these two road blocks. Three weeks before the Electric Zoo festival in New York City, Alex travelled to the Randall’s Island where the event is located with a bottle of Vodka in arm.

He filled a reusable bottle with the Vodka and using a small shovel that he brought with him, Alex and his friends buried the bottle of booze in the ground a long time before the festival crew arrived to construct the stages for the event.

Alex is a real American hero (I know this story could be fake but I want it to be true so I’m going to believe it is).

On a more serious note, this tactic could also work for smuggling weapons into outdoor festivals. I wonder how many security providers have considered such a threat model. It’s also a difficult threat model to defend against since a security team would have to run metal detectors across the entire grounds and that would only offer protection against metallic weapons.

Written by Christopher Burg

September 14th, 2017 at 10:00 am

The TSA Continues Its 95 Precent Failure Rate

without comments

Two years ago we learned that the Transportation Security Administration (TSA) failed 95 percent of red team exercises. With such an abysmal record the agency must have been spending the last two years furiously improving its security screening processes, right? If the Minneapolis-St. Paul International Airport (MSP) is any indication, the TSA hasn’t improved its processes at all:

Last Thursday, what’s referred to as the “Red Team” in town from Washington D.C., posed as passengers and attempted to sneak items through security that should easily be caught.

In most cases, they succeeded in getting the banned items though. 17 out of 18 tries by the undercover federal agents saw explosive materials, fake weapons or drugs pass through TSA screening undetected.

Two sources said that the tests carried out Thursday were eventually stopped after the failure rate reached 95 percent.

It’s pretty sad when the exercise has to be stopped because the failure rate was only a hair’s breadth away from 100 percent.

I’m sure a spokesperson for the MSP TSA will have a list of excuses to try to explain away the 95 percent failure rating. But there’s no arguing that a 95 percent failure rating is touch to distinguish from having no security at all. If the TSA were abolished today and replaced with nothing the only real difference would be that air travelers wouldn’t have to show up at the airport two hours early just to get through the security line and the taxpayers would save a lot of money. Of course the TSA wouldn’t be replaced with nothing, it would be replaced with private security, which would be a significant improvement. Unlike the TSA, which has faced no repercussions for its ongoing 95 percent failure rating, private security firms can be held accountable and are therefore motivated to improve.

Written by Christopher Burg

July 6th, 2017 at 10:00 am

Not Surprising for an Agency with a 95 Precent Failure Rate

without comments

Almost two years ago it was revealed that the Transportation Security Agency (TSA) missed a whopping 95 precent of restricted items. You would think that such a damning report would have lead to a top to bottom rework of the agency’s practices. But the TSA is a government agency, which means it doesn’t suffer consequences for failing, unlike market actors, and therefore has no motivation to improve. That’s what, two years later, we still get to read stories like this:

An off-duty policewoman flew from Los Angeles international airport (LAX) to Taiwan with a gun in her hand luggage.

The weapon was not detected during security screening and Noell Grant only realised she was carrying it as she changed planes in Taipei.

At one point I noted that the TSA exists solely to provide warm and fuzzy feelings to passengers who are too ignorant to realize that the agency isn’t securing anything. But as these stories continue to role out even ignorant fools are likely becoming aware of the fact that the TSA is just as ineffective as every other government agency. When that realization sets in the warm and fuzzy feelings of ignorance vanish, which means the agency serves no purpose whatsoever. The TSA should be completely abolished tomorrow.

Written by Christopher Burg

April 21st, 2017 at 10:00 am