Tag: Security Theater

But They’ll Keep A Master Key Safe

We’re constantly being told by the State and its worshippers that cryptographic backdoors are necessary for the safety and security of all. The path to security Nirvana, we’re told, lies in mandating cryptographic backdoors in all products that can be unlocked by the State’s master key. This path is dangerous and idiotic on two fronts. First, if the master key is compromised every system implementing the backdoor is also compromised. Second, the State can’t even detect when its networks are compromised so there’s no reason to believe it can keep a master key safe:

The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert obtained by Motherboard.

The alert, which is also available online, shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers, their activities going unnoticed for years.

[…]

This group of “persistent cyber criminals” is especially persistent. The group is none other than the “APT6” hacking group, according to sources within the antivirus and threat intelligence industry. There isn’t much public literature about the group, other than a couple of old reports, but APT6, which stand for Advanced Persistent Threat 6, is a codename given to a group believed to be working for the Chinese government.

Even if somebody believes the United States government is a legitimate entity that can be trusted with a cryptographic master key, they probably don’t believe the likes of Iran, China, and North Korea are as well. But those are the governments that would likely get the master key and enjoy exploiting it for years before anybody became the wiser.

And the impact of such a master key being leaked, even if you mistakenly believe the United States government can be trusted to only use it for good, is hard to overstate. Assuming a law was passed mandating all devices manufactured or sold in the United States had to implement the backdoor, a leak of the master key would effective render every American device unencrypted.

So the real question is, do you trust a government that cannot detect threats within its network for years on end to secure a master key that can unlock all of your sensitive information? Only a fool would answer yes.

FBI Heroically Saves Us From Yet Another Person It Radicalized

Without the Federal Bureau of Investigations (FBI) who would protect us from the people radicalized by the FBI? Without the heroics of the agency a lot of people might be dead today — killed by a terrorist radicalized by the FBI:

KHALIL ABU RAYYAN was a lonely young man in Detroit, eager to find a wife. Jannah Bride claimed she was a 19-year-old Sunni Muslim whose husband was killed in an airstrike in Syria. The two struck up a romantic connection through online communications.

Now, Rayyan, a 21-year-old Michigan man, is accused by federal prosecutors of supporting the Islamic State.

Documents released Tuesday show, however, that Rayyan was motivated not by religious radicalism but by the desire to impress Bride, who said she wanted to be a martyr.

Jannah Bride, not a real name, was in fact an FBI informant hired to communicate with Rayyan, who first came to the FBI’s attention when he retweeted a video from the Islamic State of people being thrown from buildings. He wrote later on Twitter: “Thanks, brother, that made my day.”

According to the FBI, the agency discovered a radicalized supporter of the Islamic State that was going to perpetrate a terrorist attack. But the attack never happened because the FBI was able to discover the individual ahead of time and intervene.

Put into normal people lingo, the FBI found somebody with neither the motivation or means to perform a terrorist attack. The agency then provided the motivation and eventually the means. If the FBI hadn’t inserted itself into this individual’s life they still wouldn’t have perpetrated a terrorist attack.

I like to say, if it weren’t for the people radicalized by FBI agents there wouldn’t be any terrorists for the FBI to capture. When I first started saying that it was done with a modicum of sarcasm because I assumed the agency did manage to fight some actual crime once in a while. But so many of these FBI created cases exist that they literally fill a book. It’s getting to the point where seems the agency’s only job is dealing with the “terrorists” it creates.

For Statists The Only Response Is Attacking Individual Freedom

When a problem, perceived or real, arises there is only one response for statists: attacking individual freedom. As I noted last week, the knowledge that the Paris attackers used burner phones instead of encrypted communications would likely inspire useless legislation aimed at prohibiting burner phones. Jackie Speier seems hellbent on proving me right because she has introduced legislation to do exactly that:

Congresswoman Jackie Speier, a Democrat representing California’s 14th district, has introduced a the “Closing the Pre-Paid Mobile Device Security Gap Act of 2016,” or HR 4886, which will require people who purchase a prepaid device to provide proper identification.

“This bill would close one of the most significant gaps in our ability to track and prevent acts of terror, drug trafficking, and modern-day slavery,” Speier said in a blog post. “The ‘burner phone’ loophole is an egregious gap in our legal framework that allows actors like the 9/11 hijackers and the Times Square bomber to evade law enforcement while they plot to take innocent lives. The Paris attackers also used ‘burner phones.’ As we’ve seen so vividly over the past few days, we cannot afford to take these kinds of risks. It’s time to close this ‘burner phone’ loophole for good.”

Regardless of Speier’s claims, burner phones are not a significant gap in the State’s ability to prevent acts of terror, drug trafficking, or modern-day slavery. Setting aside the fact that most acts of terror, negative aspects of drug trafficking, and modern-day slavery are created by the State, we’re still left having to accept the fact that pervasive communication technology has rendered any ability to control communications practically impossible.

Burner phones are just one method of communicating in a way that’s difficult to surveil. The same effect can be achieved with cloned subscriber identity module (SIM) cards. Furthermore, registrations are easy to bypass. The firearm community is well aware of the term straw purchase. It’s a term that describes having somebody who isn’t prohibited from purchasing firearms to purchase one for somebody who is prohibited. By having somebody else purchase a phone for you you can avoid having that phone tied to your person. Getting somebody to purchase a cell phone for you would be even easier than a firearm since few people see a cell phone as a destructive device. There is also the fact that burner phones from overseas can be smuggled into the country and sold for cash.

Legislation aimed at prohibiting something only accomplish one thing: creating a black market. Not a single piece of legislation aimed at prohibiting something has been successful. This bill will be no different.

Checkpoints All The Way Down

The investigation into the Brussels attack hasn’t concluded yet but politicians are already calling for actions to be taken to prevent such an attack from happening here:

Security experts, politicians and travelers alike say the Brussels bombings exposed a weak spot in airport security, between the terminal entrance and the screening checkpoint.

“If you think about the way things were done in Brussels — and have been done in other places — literally people only have to only walk in, and they can attack at will,” said Daniel Wagner, CEO of security consulting firm Country Risk Solutions.

These idiots will be putting security checkpoints before the security checkpoints if we let them:

Wagner suggests U.S. airports establish pre-terminal screening before travelers enter the facility.

“That is a common approach in many countries around the world — you cannot even get in the terminal until your bags and your person have been pre-screened,” he said. “That is, through an X-ray machine both for the bags and for the individual.”

It’ll be checkpoints all the way down. What none of these stooges have stopped to consider is that the checkpoints themselves are attractive targets. Checkpoints are chokepoints. They forces large numbers of people to gather in a single place so they can slowly (very slowly in the case of Minneapolis’ airport) be filtered through by security. If a suicide bomber wants to kill a lot of people they need only step in the checkpoint line.

Adding an additional chokepoint or moving the current one doesn’t fix the problem. Reducing the amount of damage a terrorist can cause in an airport requires dispersing people, which means making major changes to current airport security practices. The long security lines have to go. This can be done by simplifying the screening process, making it consistent (anybody who travels frequently knows that the orders barked by the Transportation Security Administration (TSA) goons can change drastically from day to day), and increasing the number of checkpoints. None of those measures will be taken though because the idiots who make the policies know nothing about security.

Is That A Bitcoin In Your Pocket

Considering the Transportation Security Administration (TSA) achieved a 95 percent failure rate it’s not surprising this happened:

The TSA attempted to “screen” airline passenger Davi Barker for the virtual currency Bitcoin.

Barker is co-founder of BitcoinNotBombs, a Bitcoin advocacy group that gets donation-based organizations and social entrepreneurs set up to handle the currency. He’s written a very detailed telling of what happened right here. After going through security (he opted out of the body scanner but was successfully cleared through the checkpoint), two people stopped him, and it got uncomfortable quickly.

What next? Will some random TSA goon demand to see the Transportation Layer Security (TLS) certificate in your briefcase?

The agency’s 95 percent failure rate makes a lot of sense when stories like this keep popping up in the news. When your agents are so clueless that they harass passengers after seeing something entirely imaginary there’s little hope that they’ll catch any of the real dangers.

Amateur Results

Remember Schneier’s point about expecting amateur results when using amateurs for frontline security? This is the result:

The couple says within twenty minutes, the door to the cabin opened and three, armed Port Authority police officers started walking down the aisle.

They stopped at aisle 23, where Chan and Serrano were sitting. One of them looked at Kathleen Chan.

“And he turns to her and says, ‘Do you have ID?’” Serrano remembered.

Chan showed her New York State driver’s license, with its photo ID and proof that she lived at the same address in Astoria that Serrano did.

In fact, the couple was about to mark nine years together, which included buying their Queens home in 2011 and refurbishing it.

[…]

“I asked him, ‘Can you tell me what this is about?’” Chan recalled. “He told me the flight crew had alerted the police that it was a possible case of sex trafficking. They thought I had not spoken any English, and that I was taking directions from Jay during the flight.”

Somebody on the flight crew saw something and decided to say something. Unfortunately the member of the flight crew wasn’t trained in any meaningful way to identify potential sex trafficking. So their reported ended up being a costly waste of time for everybody involved and needlessly terrorized an innocent couple.

If you see something, and you have no idea what you’re doing, just shut your mouth.

How To Spot A Sex Trafficker According To The DHS

How do you spot a sex trafficker? According to the Department of Homeland Security (DHS) the signs of a sex trafficker in a hotel are almost exactly the same as the signs of anybody else in a hotel that’s ready for a good time:

  • garbage cans containing many used condoms
  • frequent use of “Do Not Disturb” sign on room door
  • excessive foot traffic in and out of a room
  • “excessive sex paraphernalia” in room
  • an “overly smelly room” that reeks of “cigarette, marijuana, sweat, bodily fluids, and musk”
  • a guest who “averts eyes or does not make eye contact”
  • individuals “dressed inappropriate for age” or with “lower quality clothing than companions”
  • guests with “suspicious tattoos”
  • the presence of multiple computers, cell phones, pagers, credit card swipes, or other technology
  • the presence of photography equipment
  • minibar in need of frequent restocking
  • guests with too many personal hygiene products, especially “lubrication, douches”
  • guests with too few personal possessions
  • rooms paid for with cash or a rechargeable credit card
  • “individuals loitering and soliciting male customers”
  • “claims of being an adult though appearance suggests adolescent features”
  • refusal of room cleaning services for multiple days

This list, with an except of a few token points thrown in to make it seem otherwise, appears to be aimed at prostitution instead of sex trafficking. Furthermore, it’s absurd to expect hotel staff to identify sex traffickers. To quote Bruce Schneier, “If you ask amateurs to act as front-line security personnel, you shouldn’t be surprised when you get amateur security.” There is no value in having hotel staff act as investigators. I would even say it has less than no value since the cost of chasing false positives, including money paid to investigators following up on leads and the complacency that comes from a continuous stream of false positives, will likely become detrimental to efforts of fighting sex trafficking.

Programs like this are exercises in security theater. By holding these training sessions the DHS can claim it is doing something to thwart sex trafficking without actually having to do anything.

Centralized Failure

People have been using the attacks in Cologne to argue in favor of stronger border controls because, you know, the attacks must have been caused by immigrants and not the usual drunken debauchery that accompanies New Year’s Eve. Such arguments miss the point (well they miss several points but I’ll only address the biggest one here), which is the danger of centralization. It has been revealed that the police in Cologne were being overwhelmed with reports:

An internal police report reveals officers “could not cope” with the volume of attacks in Cologne on New Year’s Eve, German media say.

Women were “forced to run the gauntlet” through gangs of drunken and aggressive men outside the station, it said.

Police say the number of reported crimes from the incident has risen to 121, about three-quarters of which involve sexual assault.

[…]

“The task forces could not cope with all the events, assaults, and crimes – there were just too many happening at the same time,” the senior officer concluded.

Cologne police chief Wolfgang Albers has rejected claims teams were understaffed, insisting “we were well prepared”.

But he described what happened as “a completely new dimension of crime”.

I’ve discussed the weaknesses inherent in centralized security before. In this case it appears the central point of failure, relying on the police for security, was a major factor in these attacks getting as out of hand as they did. As the number of attacks increased the inability of the police to effectively respond became more obvious so the perceived risk of perpetuating additional attacks decreased. Since the average German citizen is unable to carry a firearm the risk of attacking them is already lower than it is in most states here. Couple that with the inability of the police to respond and you have a feedback loop of more attacks reducing the perceived risk of committing attacks, which in turn increases the likelihood of more attacks.

Without The TSA Who Would Molest 10 Year-Old Girls

When a job description involved feeling up small children nobody should be surprised when the applicants turn out to be pedophiles. Granted, the grounds on which I accused the Transportation Security Administration (TSA) goon in this story of being a pedophile are speculative but I can’t think of any other reason why she spent two minutes “patting down” a 10 year-old girl:

A young girl’s family is speaking out after a TSA agent patted her down for nearly two minutes at an airport over the holiday break, leaving the girl feeling like screaming.

The girl should have screamed. She should have also kicked the TSA officer as hard as she could and ran as fast as she could. Her parents should have intervened. But what makes this story even more angering is the fact the girl’s father just filmed the molestation and then got down and licked the TSA’s boots like a good little slave:

Her father shot video of the incident at an airport in North Carolina, for a flight back to San Diego. Kevin Payne told NBC San Diego he’s all for airport security and making sure people have a safe trip, but he and his daughter feel the pat-down was uncomfortable, long and inappropriate.

Apparently the father is all for sexual molestation but only if it lasts for less than two minutes. And herein lies my biggest problem with American culture: complacency. For a nation full of people who pride themselves on not taking shit from anybody it seems most Americans are more than happy to roll right the fuck over when somebody with a badge orders them to. Unless the culture can be changed there is no hope for freedom for the masses currently incarcerated in the United States.

Punishing The People Because Of Terrorism

The San Bernardino attack is just another tragedy on a long list of tragedies exploited by the State. Again we’re seeing the tired claim by the political body that the people must be severely punished:

Obama said he will “urge high-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice,” without going into details, and order a review of the visa waiver program that allowed one of the San Bernardino terrorists into the US. Obama also called on Congress to ban people on no-fly lists from buying guns. “What could possibly be the argument for allowing a terrorist suspect to buy a semi-automatic weapon?” he asked. “This is a matter of national security.”

Mr. Obama may not have gone into specifics but we know what he’s hinting at. “Making it harder for terrorists to use technology to escape from justice,” is a euphemism for prohibiting the use of effective cryptography. In other words the basic security tools every one of us relies on every day must be broken so the State can further expand it’s already too expansive surveillance apparatus.

Reviewing the visa program is a euphemism for finding more ways to restrict people from crossing the imaginary lines often referred to as borders. Anybody who has been paying attention to recent political maneuvering is aware that the State is becoming more interested in tightening the borders. Just remember that a secure border prevents tax cattle from leaving.

Finally the question, “What could possibly be the argument for allowing a terrorist suspect to buy a semi-automatic weapon,” is a euphemism for removing due process from decided who can and cannot own a firearm. Apparently having to go through the process of finding somebody guilty of a crime before they can be prohibited from owning a firearm is just too damn inconvenient.

Notice how each of these proposals requires punishing the entire population of almost 319 million for the actions of two individuals. Also notice how none of these proposals will do anything to curtail terrorism. Just because domestic companies can’t release tools that use effective cryptography doesn’t mean foreign entities can’t. According to the United States government the border is 102,514 miles long. Any thoughts of effective controlling over 100,000 miles of territory is nothing but a fantasy. Prohibiting more people from owning firearms only ensures attackers will be met with lighter resistance.

There are many ways of making a society more resilient to attacks. Punishing everybody in society whenever attack occurs is not one of them.