A Geek With Guns

Chronicling the depravities of the State.

Archive for the ‘Security Theater’ tag

Eight Percent of the Time It Works Every Time

without comments

The Transportation Security Agency (TSA) is the embodiment of government incompetence. It has failed 95 percent of red team exercises, which doesn’t bode well for the agency’s general ability to detect weapons before air travelers are able to enter the “secure” area of an airport. However, the United States doesn’t have a monopoly on government incompetence. The United Kingdom (UK) also has its own program that has a failure rate of 90 percent:

A British police agency is defending (this link is inoperable for the moment) its use of facial recognition technology at the June 2017 Champions League soccer final in Cardiff, Wales—among several other instances—saying that despite the system having a 92-percent false positive rate, “no one” has ever been arrested due to such an error.

Of course nobody has been arrested due to a false positive. When a system has a false positive rate of 92 percent it’s quickly ignored by whomever is monitoring it.

False positives can be just as dangerous as misses. While misses allow a target to avoid a detection system, false positives breed complacency that quickly allows false positives to turn into misses. If a law enforcer is relying on a system to detect suspects and it constantly tells him that it found a suspect but hasn’t actually found a suspect, the law enforcer quickly ignores any report from the system. When the system does correctly identify the suspect, there’s a good chance that the law enforcer monitoring it won’t even bother to look at the report to verify it. Instead they’ll just assume it’s another false positive and continue sipping their tea or whatever it is that UK law enforcers do most of the time.

Written by Christopher Burg

May 9th, 2018 at 10:00 am

Important Lessons All Around

without comments

The students of the Marjory Stoneman Douglas High School are back in prison and are already learning some valuable lessons:

Survivors of the deadly school shooting in Florida have resisted new security rules that ban all but clear backpacks at their school.

Students at Marjory Stoneman Douglas High in Parkland, adorned their bags with signs, badges and slogans protesting against the measures.

Seventeen people were killed in the shooting on 14 February.

The attack led to an extensive social media campaign, culminating in a national march for tighter gun control.

But students have argued that the new bags will not prevent future attacks and infringe their privacy.

The first lesson, obviously, is that it sucks being punished for something you didn’t do.

The second lesson is probably a bit more subtle but the students have identified what the faculty who imposed this policy never comprehended: security theater is not security. Those students who are claiming that transparent backpacks don’t prevent future attacks are entirely correct. First of all, weapons can still be hidden in transparent backpacks. One can easily toss a weapon in a hollowed out book, pencil case, or tampon box. Moreover, an attacker doesn’t have to sneak a weapon into the school, they can just walk in with the weapon and shoot anybody who attempts to stop them.

The third lesson should be the most obvious but is probably the least obvious: laws (or in this case, policies) are irrelevant. While the school may require students to use transparent backpacks, the students have found the policy burdensome and are violating the spirit of it by concealing the contents of their backpacks behind signs and other obstructions. The words on pieces of paper that are the actual physical policy are unable to control the will of the students. This is why laws fail to prevent the behavior that they’re aimed at preventing. Gun control laws can’t stop individuals from acquiring of manufacturing a firearm. Transparent backpack requirements can’t stop individuals from obscuring the content of their backpacks.

Unfortunately, I have little faith that these lessons will be comprehended. The students, being interred in a government indoctrination center, are at a severe learning disadvantage due to the indoctrination that they’re being told is an education. The faculty were likely the product of the same indoctrination and are therefore also hindered from learning. And few people allow new knowledge to alter their beliefs. If new knowledge doesn’t support their beliefs, they will perform the mental gymnastics necessary to make it fit into their worldview.

Written by Christopher Burg

April 5th, 2018 at 11:00 am

Airport Security Remains a Joke

without comments

How can one best illustrate the ineffectiveness of airport security? By pointing out that serial stowaways are a thing:

The woman known as a “serial stowaway” for her years-long history of sneaking onto airplanes was arrested once again at Chicago’s O’Hare International Airport early Sunday — just two weeks after she managed to board a flight to London from the same airport.

In an attempt to divert attention away from the failure of the airport security team, a member of the local sheriff’s department made a statement that actually made them look even more incompetent:

The sheriff’s office had advocated for special treatment for Hartman, according to NBC Chicago.

“Releasing any seriously mentally ill person without support and treatment is never a good idea,” Cara Smith, the sheriff’s policy chief, told NBC Chicago on Thursday. “This order seriously reflects many things wrong with the criminal justice system.”

“We have a woman who is obviously suffering and in need of significant services,” she said, according to the station. “Without the help she clearly needs, history is likely to repeat itself.”

Not just any woman managed to board two flights but a woman who apparently doesn’t have full faculties.

Security theater continues to be a joke. Its existence only serves to ease the fears of ignorant flyers. Anybody who has read the seemingly ceaseless stream of stories about airport security failures is left to realize that airport and security are currently mutually exclusive terms.

Written by Christopher Burg

January 30th, 2018 at 10:30 am

Tightening the Chains

without comments

The turkey won’t be the only thing to get a hand up its ass this Thanksgiving:

New TSA screening guidelines will likely make Thanksgiving travel a disaster for legions of Americans — and the worst is yet to come.

Shortly after Trump’s inauguration, TSA announced more “comprehensive” pat-down procedures which the Denver airport suggested might involve “more intimate contact than before.” TSA preemptively notified local police to expect potential complaints, and plenty of travelers are howling:

The Transportation Security Administration (TSA) still hasn’t thwarted a single terrorist plot. After 16 years one might expect an agency to show proof of having accomplished something. Instead the agency has pulled the same stunt as every other government agency and claimed that its failures are due to lack of funding. And like every other government agency, the TSA has shown no evidence of improvement when its funding has been increased.

Creating the Super Bowl Experience

without comments

The toll of the Super Bowl continues to rise. Between the “security” turning the entire city into a prison, shutdown streets, and light rail use reserved exclusively for Super Bowl attendees, things have already become quite miserable for the denizens of Minneapolis. But the Super Bowl experience wouldn’t be complete if some wealthy attendees had their vision offended by a poor person so the homeless shelter near the stadium is being evacuated for the duration of the game:

Dozens of people who use a homeless shelter near U.S. Bank Stadium will be moved to a new, temporary facility during Super Bowl week because of security concerns.

In a deal struck with churches and social service agencies, up to 60 people who normally would spend the night at First Covenant Church in downtown Minneapolis will be relocated six blocks away to a makeshift shelter at St. Olaf Catholic Church. The transition will occur the Thursday before the 2018 game and last through Super Bowl Sunday.

It is, of course, being done in the name of security. However, the 60 people occupying that shelter are no more a security risk than the hundreds living in the condominiums near the stadium so it’s pretty obvious this decision has nothing to do with actual security. But most “security” decisions being made have nothing to do with security and everything to do with security theater being a convenient excuse to ensure the Super Bowl attendees don’t have to deal with the riffraff or Minneapolis.

Written by Christopher Burg

November 17th, 2017 at 10:00 am

For $19.95 You Too Can Rent a Weapon of Terror for 90 Minutes

with one comment

I’m predicting that it’s going to become a lot more difficult to rent a vehicle in the near future because of the attack perpetrated in Manhattan yesterday:

TRIBECA, Manhattan — A man described as a “lone wolf” deliberately drove a rented truck into a West Side bike path in lower Manhattan, killing at least eight people and injuring 11 others in the first terror attack in New York City since 9/11.

A high ranking police source tells PIX11 News the suspect has been identified as 29-year-old Sayfullo Saipov from Tampa, Florida. Saipov was brandishing two fake guns when he exited the truck after the multi-block rampage, yelling “Allah Akbar,” which is Arabic for God is great.

Since the attacker supposedly yelled, “Allah Akbar,” this attack was labeled terrorism, which brings us to a rather important point. For the low price of $19.95 (for 90 minutes) the attacker was able to acquire a weapon of terror from Home Depot. Asymmetrical warfare tactics are difficult to counter specifically because the weaponry is cheap and readily available.

Unfortunately, this attack will likely make renting a vehicle a huge pain in the ass in the near future. Because its logo is on the side of the truck, Home Depot will feel the need to demonstrate its piety to the State. It will likely do this by establishing new policies for vehicle rentals that include a bunch of new hoops for renters to jump through. Such policies will be futile but that doesn’t matter since they’ll be implemented for show, not for actual security reasons.

Make no mistake, terrorism is winning the War on Terror. Almost every attack that gets labeled terrorism results in the lives of everyday people being inconvenienced by more bureaucracy that does nothing to improve actual security. This attack will likely be no different in that regard.

Written by Christopher Burg

November 1st, 2017 at 11:00 am

TSA Agents Want to Talk to You

without comments

It must get lonely being a Transportation Security Administration (TSA) officer. They stand in line for hours making the lives of passengers who are just trying to get from one place to another miserable. Needless to say, there isn’t a lot of love for TSA officers. To help alleviate their loneliness, higher ups have implemented new security measures that will require people entering the country to make small talk with the agency’s flunkies:

New security measures including stricter passenger screening take effect on Thursday on all U.S.-bound flights to comply with government requirements designed to avoid an in-cabin ban on laptops, airlines said.

Airlines contacted by Reuters said the new measures could include short security interviews with passengers at check-in or the boarding gate, sparking concerns over flight delays and extended processing time.

They will affect 325,000 airline passengers on about 2,000 commercial flights arriving daily in the United States, on 180 airlines from 280 airports in 105 countries.

Now we know what the laptop ban was all about, making the intended security policy look better by comparison. This change in policy will also do nothing to improve airline security. I know that the agency is going for the Israeli system but that requires having people who know what they’re doing asking passengers questions. The TSA isn’t renowned for hiring competent individuals and any encounter with one of their officers will give anybody who has watched Idiocracy flashbacks.

Written by Christopher Burg

October 27th, 2017 at 10:30 am

Everything is a Big Ol’ Conspiracy

without comments

Can anything occur this day and age without people claiming that it’s part of a conspiracy? Almost immediately after the shooting in Las Vegas, before any investigation had a chance to even begin, people were claiming that the event was part of some conspiracy. As with most conspiracy theories, this conspiracy theory is based on spurious evidence. So far the dumbest “evidence” that “doesn’t add up” is news that the shooter used the freight elevator at Mandalay Bay:

Law enforcement sources told CBS News that Las Vegas shooter Stephen Paddock is believed to have used the freight elevator at the Mandalay Bay hotel casino in the days leading up to last week’s deadly attack.

It wasn’t clear what Paddock used the freight elevator for or how often he used it.

How could the shooter have accessed a restricted freight elevator without help from the inside? Obviously this is proof that he had help!

Anybody who claims that doesn’t realize just how poor building security generally is. I’ve used freight elevators on numerous occasions, including in casinos, without authorization. They’re usually “hidden” behind a nondescript door or one with a sign that says “Employees Only.” In almost every case the door is unlocked and the elevator lacks any form of access control. If the owners of the building are really concerned about security, there might be cameras that aren’t monitored by anybody facing the freight elevator doors although even that’s pretty rare.

Another way of gaining access to a freight elevator is to ask the person working at the front desk if you can use it to haul up a bunch of luggage. As it turns out, the person at the front desk who is tasked with making the customer happy will often let you use the freight elevator if it makes you happy. Humans are often wonderfully helpful creatures.

So I’m sorry to report that using a freight elevator isn’t evidence that “doesn’t add up.” It adds ups quite cleanly. Although I suspect that access control on freight elevators will become more common now that this information has been released.

Written by Christopher Burg

October 12th, 2017 at 10:00 am

Assume All Source Code is Open Source

without comments

Let’s pretend that you’re a fool and believe that security through obscurity works. Because of your foolish belief you sought closed source security software. Since potential adversaries can’t see the source code, they can’t find vulnerabilities in it to attack you with, right? Not so much. Just because software is closed source doesn’t mean nobody is allowed to see the source code. HP recently granted Russia permission to review the source code of one of its security software packages:

Last year, Hewlett Packard Enterprise (HPE) allowed a Russian defense agency to analyze the source code of a cybersecurity software used by the Pentagon, Reuters reports. The software, a product called ArcSight, is an important piece of cyber defense for the Army, Air Force and Navy and works by alerting users to suspicious activity — such as a high number of failed login attempts — that might be a sign of an ongoing cyber attack. The review of the software was done by a company called Echelon for Russia’s Federal Service for Technical and Export Control as HPE was seeking to sell the software in the country. While such reviews are common for outside companies looking to market these types of products in Russia, this one could have helped Russian officials find weaknesses in the software that could aid in attacks on US military cyber networks.

I don’t subscribe to the belief that open source software is inherently more secure (however, I do believe open source software offers several advantages over closed source software that are unrelated to security). I think the numerous critical vulnerabilities discovered in OpenSSL put that belief to bed. However, I also don’t believe that closed source software is inherently more secure. Just because a developer doesn’t share its source code with everybody doesn’t mean it doesn’t share its source code with third parties. In the case of HP, one of the third parties granted access to its source code was an adversary of one of its customers.

If you’re purchasing software from a third party, you have no control over who it shares its source code with. So if you believe in security through obscurity, closed source software won’t offer you any advantage, perceived or otherwise.

Written by Christopher Burg

October 6th, 2017 at 10:00 am

Posted in Technology

Tagged with ,

But Wait, There’s More

without comments

Equifax already displayed a staggering level of incompetence but like a Billy Mays commercial there’s more:

The official Equifax Twitter account encouraged people to visit a knock-off website that mocks the company’s security practices instead of the site the company created to warn of a massive data breach. That recent breach exposed personal details for as many as 143 million US consumers.

In a tweet on Tuesday afternoon, an Equifax representative using the name Tim wrote: “Hi! For more information about the product and enrollment, please visit: securityequifax2017.com.” The message came in response to a question about free credit monitoring Equifax is offering victims. The site is a knock-off of the official Equifax breach notification site, equifaxsecurity2017.com. A security researcher created the imposter site to demonstrate how easy it is to confuse a legitimate name with a bogus one. The Equifax tweet suggests that even company representatives can be easily fooled. The tweet was deleted late Wednesday morning, more than 18 hours after it went live.

It’s almost as if large credit agencies like Equifax aren’t held accountable for screwing up and therefore aren’t motivated to do an effective job. Weird.

Statists continue to claim that government is necessary to deliver justice when large corporations like this screw up. However, I’m still waiting to see the government do anything more than give a corporation like this a minor slap on the wrist for fuck ups of this magnitude. Hell, I’m still waiting to see the government give Equifax a stern talking to over this series of amateur mistakes. As far as I can tell, government seems exists primarily to protect large corporations like this from competitors that would currently be tearing it apart if there was a free market.

Written by Christopher Burg

September 22nd, 2017 at 10:30 am