Tag: Security Theater

Duplicating “Do Not Duplicate” Keys

Security is a heck of a lot of fun. Whenever you believe you have made a better mouse trap somebody finds an exploit in it. Since all security mechanisms can be bypassed, and will be bypassed, the field is constantly changing. One of the things that society needs to learn is that printing words on surfaces doesn’t equate to security. For example, many “high security” locks will have keys that say “Do Not Duplicate” on them. It’s a pointless thing to print because duplicating keys isn’t rocket science:

When lock maker Schlage imprinted the words “do not duplicate” across the top of the keys for their high-security Primus locks, they meant to create another barrier to reproducing a piece of metal that’s already beyond the abilities of the average hardware store keymaker. One group of hackers, of course, took it instead as a direct challenge.

At the Def Con hacker conference Saturday, MIT students David Lawrence and Eric Van Albert plan to release a piece of code that will allow anyone to create a 3D-printable software model of any Primus key, despite the company’s attempts to prevent the duplication of those carefully-controlled shapes. With just a flatbed scanner and their software tool, they were able to produce precise models that they uploaded to the 3D-printing services Shapeways and i.Materialise, who mailed them working copies of the keys in materials ranging from nylon to titanium.

“In the past if you wanted a Primus key, you had to go through Schlage. Now you just need the information contained in the key, and somewhere to 3D-print it,” says 21-year old Van Albert. “You can take a high security ‘non-duplicatable’ key and basically take it to a virtual hardware store to get it copied,” adds 20-year-old Lawrence.

This is just an evolution in key manufacturing. Before duplication using 3D printers was a thing we used files. If you didn’t have a key to a lock you could always impressions one:

The lesson to take away from this story is that printing “Do Not Duplicate” on a key doesn’t equate to security. While a locksmith may abide by that text for professional reasons nobody else is likely to do so.

The State’s Continuing War with Liberty

The state has always been at war with Eurasia Eastasia liberty but it has seldom been as overt as it is today:

The New Hampshire Union Leader reports on the desire of Concord, NH, police to get all militaried up with Bearcat armored SWAT vehicles, paid for by the federal Department of Homeland Security, natch.

Excerpts:

[…]

In its grant application to DHS, the police department said New Hampshire’s experience with terrorism “slants primarily towards the domestic type,” and said “the threat is real and here.”

“Groups such as the Sovereign Citizens, Free Staters and Occupy New Hampshire are active and present daily challenges,” the application stated. In addition to organized groups, it cited “several homegrown clusters that are anti-government and pose problems for law enforcement agencies.”

Emphasis mine. The groups rattled off in the application tend to be extremely peaceful. The Free Staters are especially peaceful and their shenanigans can best be described as acts of peaceful civil disobedience. What’s laughable is the claim that the mentioned organizations haven’t caused problems for law enforcement agencies. If a law enforcement agency; all of which are already armed with squad cards, rifles, handguns, pepper spray, batons, and other weapons; are currently having problem with anti-government organizations then a Bearcat isn’t going to change anything. Bearcats, although impressive looking, aren’t likely to intimidate individuals who oppose the state if the current implements held by police agencies haven’t.

I doubt this application has anything to do with the Free Staters, Occupiers, or any other anti-state organization. The Concord police department want more toys because they’re jealous that everybody else has them. What’s worrisome is that police agencies with new toys always feel the need to use them, which is how innocent people get hurt or killed. I’m sure the application will go through and the Concord police will have a shiny Bearcat to call their own but, for the sake of everybody’s safety, I really hope it doesn’t.

Nothing Changes Through Politics

A lot of anger was created when Edward Snowden revealed that the National Security Agency (NSA) was actively spying on every American. If one believed in the political system they would likely be lead to believe that a majority of senators would move to shutdown the NSA’s Stasi-esque activities. Once again those individuals have been proven wrong:

In a 205-217 vote, lawmakers rejected an effort to restrict the National Security Agency’s (NSA) ability to collect electronic information.

What should be taken away from this vote is that no meaningful change can be achieved through the political system. The United States like to sell itself as the land of the free and the home of the brave, but there is nothing less free than widespread surveillance and nothing more cowardly than hiding behind a bully, in this case the state, in the hopes he will beat up anybody who may pose a threat to you. This vote merely reinforced the fact that the United States is the land of the subservient and home of the fearful.

Fortunately, there are other options. Instead of relying on a bunch of politicians to grant you freedom from Big Brother you can make use of currently available technologies to make yourself free immediately.

Malware: A Convenient Excuse to Upgrade Hardware

Many of you have probably heard about the Economic Development Administration’s (EDA) act of outright destroying perfectly functional hardware because of malware infections:

The Economic Development Administration (EDA) is an agency in the Department of Commerce that promotes economic development in regions of the US suffering slow growth, low employment, and other economic problems. In December 2011, the Department of Homeland Security notified both the EDA and the National Oceanic and Atmospheric Administration (NOAA) that there was a possible malware infection within the two agencies’ systems.

[…]

EDA’s CIO, fearing that the agency was under attack from a nation-state, insisted instead on a policy of physical destruction. The EDA destroyed not only (uninfected) desktop computers but also printers, cameras, keyboards, and even mice. The destruction only stopped—sparing $3 million of equipment—because the agency had run out of money to pay for destroying the hardware.

The total cost to the taxpayer of this incident was $2.7 million: $823,000 went to the security contractor for its investigation and advice, $1,061,000 for the acquisition of temporary infrastructure (requisitioned from the Census Bureau), $4,300 to destroy $170,500 in IT equipment, and $688,000 paid to contractors to assist in development of a long-term response. Full recovery took close to a year.

The full grim story was detailed in the Department of Commerce audit released last month, subsequently reported by Federal News Radio.

Most of the people I’ve talked to about this story have written it off as ineptitude on behalf of the EDA’s leadership, specifically laughing about how poorly they understood technology. Even though I tend to attribute buffoonery to stupidity instead of malice in this case I think the leadership of the EDA knew exactly what they were doing. They were looking for a way to justify upgrading their equipment.

Computer technology advances quickly and hardware that his a mere two years old is already out of date. If you’re the leadership of a massive government bureaucracy looking to have the latest and greatest technology at hand what can you do? You can exploit the first tragedy that arises! The agency had enough foresight to hire a security contractor who likely informed it that there was no reason to replace any hardware. Yes the agency replaced a great deal of hardware. In all likelihood the EDA’s leadership knew there was no reason to do so but went forward with the plan anyways because they knew they could write off their act of destruction and simple ignorance. Everybody knows accountability is dead within the state after all.

Demands to Expand the Surveillance State Arrive on Schedule

I said the first thing the state would grab for after the bombings in Boston were more surveillance powers. As if on queue a Republican from New York is using Monday’s tragedy to demand more cameras to spy on the general populace:

ANDREA MITCHELL, MSNBC: Congressman, briefly, do you think that this will lead to more cameras? I know it’s controversial, there are privacy issues. Boston does have a lot of cameras. European cities, led by London, have the most. Are Americans going to have to get used to more surveillance on a daily basis?

REP. PETER KING (R-NY): I think we do because I think privacy involves being in a private location. Being out in the street is not an expectation of privacy. Anyone can look at you, can see you, can watch what you’re doing. A camera just makes it more sophisticated, but it’s no different from your neighbor looking out the window at you or a police officer looking at you walking down the street.

So, I do think we need more cameras.

Surveillance powers are always the first thing the state grabs for after a tragedy. It’s a fairly safe thing to demand because the general population often view more state surveillance powers are rather benign. Another benefit of surveillance powers is that it expands the state’s watch without having to expand the number of people employed by the state to any notable extent, which keeps more money in the hands of the politicians. Before you know it we’ll be emulating London’s Big Brother situation.

Prediction Time

Yesterday explosives were detonated at the finish line of the Boston Marathon and a fire broke out at the John F. Kennedy Library. The news cycle will likely consist of wall-to-wall coverage of this event until Friday. During that coverage many speculations and accusations of who is at fault for the explosions will be made. The New York Post is already running with the standard schtick that the perpetrator was a brown person from the Middle East. In all likelihood the war mongers will emulate the Post’s direction and blame the act of an extremist Muslim brown person with ties to al-Qaeda while the Southern Poverty Law Center will blame the act on extremist right-wing Christian white people with ties to to the Ku Klux Klan and several neo-Nazi organizations. For all we know the explosives were set off by a Federal Bureau of Investigations (FBI) created terrorist after somebody in ordinance accidentally supplied real bombs instead of the usual fake bombs (that’s called snark, it’s not a serious accusation). In the end it will probably take some time to determine who the culprit was but that won’t stop the state from immediately exploiting the tragedy to justify another power grab.

Here are my predictions of what is to come. First the state will grab for more surveillance powers, as it always does after a tragedy. That means the recent opposition to the Cyber Intelligence Sharing and Protection Act (CISPA) will vanish. CISPA will be pushed through under the auspices of ensuring a tragedy like this never happens again. The Transportation Security Administration’s (TSA) high speed low drag Visible Intermodal Prevention and Response (VIPR) teams will be present at every high profile sporting event, not just events that take place in expensive stadiums. VIPR teams aren’t the only thing we’re likely to see at sporting events in the future, I’ll bet good money that restrictions against domestic drone usage will be loosened. The state’s eyes in the sky will probably be patrolling metropolitan areas with notable frequency. Additional powers will also be claimed by the federal government for its war on foreign and domestic terrorists.

In summary we’re in for the same shit as usual. If there’s one thing the state never lets go to waste it’s a tragedy.

The ATF is Emulating the FBI’s Tactic of Creating Criminals

The Federal Bureau of Investigations (FBI) has a long, proud history of creating terrorists and “stopping” them. Somebody in the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) must have been paying attention during some inter-agency meeting because they are now emulating the FBI’s tactics:

ATF agents running an undercover storefront in Milwaukee used a brain-damaged man with a low IQ to set up gun and drug deals, paying him in cigarettes, merchandise and money, according to federal documents obtained by the Journal Sentinel.

For more than six months, federal agents relied on Chauncey Wright to promote “Fearless Distributing” by handing out fliers as he rode his bike around town recommending the store to friends, family and strangers, according to federal prosecutors and family members.

Wright, unaware that the store was an undercover operation being run by agents with the U.S. Bureau of Alcohol, Tobacco, Firearms and Explosives, also stocked shelves with shoes, clothing, drug paraphernalia and auto parts, according to his family.

Once authorities shut down the operation, they charged the 28-year-old man with federal gun and drug counts.

[…]

Wright’s IQ measures in the 50s, about half of a normal IQ, according to those familiar with him. Wright’s score is classified as mildly or moderately disabled, depending on the IQ scale used.

Congratulations go to the brave agents of the ATF who managed to capture this most dastardly of criminals! If it wasn’t for the ATF this man would… likely have done nothing illegal. This tactic of creating criminals works well because there are a lot of people out there who make easy prey for smooth talkers. When you look at the history of the FBI’s creation of terrorists you find that the people they recruited, armed, and “stopped” are usually dull witted. In this case the ATF recruited a man who’s IQ measures around 50 (the average IQ is 100).

Were I a tasked with capturing criminals to obtain funding for my agency, suffering a lack of criminals or an inability to capture them, and a complete psychopath I would likely use the same tactic as well. When agency funding is tied to the number of criminals they capture higher ups are eventually going to opt to create criminals in order to justify their demands for more funding.

Prisons Don’t Work

I’ve stated the reasons I oppose prisons as a form of punishment before but didn’t mention one of the biggest problems with the incarceration system. Prisons are very expensive facilities because, in order to work, they need to prevent prisoners from escaping. Preventing an intelligent and creative creature from escaping is impossible because every system developed to prevent escape will eventually be bypassed:

Two inmates have made a daring escape from a prison in Canada by climbing up a rope into a hovering helicopter.

In order to prevent helicopter escapes prisons will have to either install anti-air defense systems or cage over the top of the facility. Both options are expensive and will simply delay the inevitable escape of future prisoners.

Terrorist Food Trucks

Thanks to Bruce Schneier’s blog I now know that the Department of Homeland Security (DHS) has gone off the deep end:

Public Intelligence recently posted a Powerpoint presentation from the NYC fire department (FDNY) discussing the unique safety issues mobile food trucks present. Along with some actual concerns (many food trucks use propane and/or gasoline-powered generators to cook; some *gasp* aren’t properly licensed food vendors), the presenter decided to toss in some DHS speculation on yet another way terrorists might be killing us in the near future.

That’s right. Instead of serving up a quick hot meal, these food trucks will be serving up death, and lots of it! Under the heading “Terrorist Implications,” the FDNY lists the exact reasons we should be concerned, most of which begin with the word “high.”

I hope you’re afraid of food trucks now because they may actually be terrorists in disguise! This is another case of the state creating fear to justify itself.

Not an Entirely Bad Thing

I seems the Transportation Security Administration (TSA) are unable to detect loaded firearms:

After reports of two loaded guns making it past airport screeners and on to passenger flights this week, one congressman says “hundreds” of prohibited items get past screeners every day, a situation he calls “intolerable.”

In one of the incidents last week, Transportation Security Administration screeners allowed a New Orleans Hornets executive to board a plane from New Orleans to Newark, N.J., with a loaded handgun in his baggage.

[…]

Just one day earlier in Orlando, TSA officers missed another loaded gun. This time, a firefighter had mistakenly left the gun in her purse and carried it right through security screening and on to her plane. The firefighter realized on her own what had happened and alerted authorities.

This isn’t an entirely bad things mind you. If would be hijackers knew that travelers could be armed they would probably be less inclined to make an attempt to take the plane. Unfortunately this news is being treated almost exclusively as a bad thing because people who lack imaginations don’t see the upside of armed travelers.