If I wanted to blow up an airplane, and was willing to lose my life in the process, I’d pack plastic explosives into a working laptop, and use the battery to power a detonator.
The thought first occurred to me years ago, during the heightened security measures following the first Iraq War, while traveling with my not so aptly named Mac Portable. This thing was huge and cavernous (its brick of a battery alone weighed over two pounds), with plenty of room for hiding contraband.
Security screeners at the time generally required that you turn on your computer to prove it worked, but since the Mac Portable could boot from a RAM disk, one could accomplish this simple task with both the hard drive and the floppy drive removed. I probably could’ve hid a pistol inside a functioning Mac Portable, and still had room for more than enough C-4 to bring down an airplane.
The same would be true of any full size modern laptop, especially now that TSA no longer checks that they’re functional. Just remove much of the guts, fill the space with C-4, connect a detonator to the battery, and with a little tinkering you’ve got yourself a pretty damn powerful bomb. And if it doesn’t detonate, at least you don’t set your crotch on fire in the process.
I suppose one might get caught at security by one of those chemical sensing machines or a bomb sniffing dog, but what are the chances of that? I’ve flown dozens of times since 9/11 and I think I’ve had my carry-on items swabbed exactly once. Besides, if Umar Farouk Abdulmutallab could carry common explosives through security by stuffing them down his pants, I like my odds.
Of course, I don’t want to blow up an airplane, but if a nonviolent guy like me can imagine creative ways to do so, I’m guessing a motivated terrorist could be just as innovative. Which brings me to my point.
One could build a powerful explosive device into even a functioning laptop… so, are we going to ban travelers from carrying on computers? Likewise, I bet I could fit a couple of pounds of C-4 into a hollowed out copy of Twilight, or stuffed within a foot-long hoagie. Are we going to ban books and sandwiches as well? All carry-on items? Puffy sweaters? Cargo pants?
Of course not. That would be silly. As are most of the new TSA rules issued in the wake of the undie bomber’s unsuccessful terrorist attack. I mean, do you feel any safer having you and your fellow passengers confined to your seats for the final hour of a flight, especially knowing that it was your fellow passengers who subdued and disarmed Abdulmutallab?
We’ve already spent hundreds of billions of dollars attempting to make us safer from terrorism, some of the money well spent, but much of it not. At some point, we need to make a rational cost benefit analysis that assesses the true risk to the American people, and addresses it accordingly. For example, over the past decade, the odds of an airline passenger being killed in a terrorist attack have been about one in 10,408,947. The odds of being struck by lightning are one in 500,000.
Once again, I like those odds.
Security professionals as well as many involved in the airline industry have said on any number of occasions that much of what the TSA does is security theater, in other words just for show.
I do find it interesting that this would-be bomber flew through Amsterdam which is said to have the most effective security of any major airport in the world.
And won’t it be funny when the Feds visit Goldy’s house and drag him away squealing and shrieking into a van….LOL
Amen, Brother Goldy.
The whole business is silly. It would be a joke, except that it’s cost us billions (trillions probably) and we ended up with an American version of the KGB* and the fucking Patriot Act outrage.
*Soviet acronym roughly translated as “Kommittee for State Security”
Mark1 @2,
I know your fantasy is to have all those who disagree with you brutalized by a police state. Fortunately, we don’t live in that country.
@4:
No, but proposing such disgusting ideas is inappropriate. Be careful there old friend.
It was pointed out in this morning’s Dead Trees Gazette that in the wake of recent events, the TSA is deliberately varying security procedures and keeping mum about what they might do next, specifically to throw the bad guys off.
Why bother with plastic explosives? There have been plenty of laptops made in the last few years with batteries that blow up on their own.
Mark1 @5,
You’ve got it exactly backwards. Discussing and revealing security holes should make them that much easier to close. That’s what makes open source software so much more secure.
One of the biggest lines of bullshit from 9/11 was the notion that nobody could have imagined flying airplanes into buildings. Of course we could have imagined it, and of course people did. We just did nothing to prevent it.
Now passengers know not to cooperate with hijackers, and that they themselves might be needed to subdue a terrorist. That, plus securing the cockpit door, is what has made air travel safer since 9/11.
How about a risk management strategy via altering our government’s foriegn policy directives (like not screwing around in the affairs of other countries), since there is no possible way to screen passengers or cargo adequately without shutting down the entire logistics chain and crippling the economy for cheap plastic shit and tourism?
Umm, I’m pretty sure this is why they x-ray your laptop on the way through security.
Seems this has all been playing out while Sen. Jim DeMint (R-14th Century) has been holding up Obama’s appointment to head TSA. This individual, who, amazingly enough, holds bona fide credentials as an expert on counterterrorism (and also happens to be black), is being criticized by the Senator because he might–oh, the horror!–allow TSA employees to organize. Apparently for the moment he thinks unions are a greater threat to our country than Islamic extremists. Meanwhile his pal John Mica from Florida is blabbering about how DHS, whose organization is basically still the same as it was under Bush, is “bloated with bureaucracy” and pushing for a Congressional “review”. (Read that “haul everyone into hearings and interfere with them doing their jobs”.)
Republican==traitor.
Wow! A Mac Portable. Those beasts had a massive lead-acid battery and cost as much as a Buick.
The only way to deal with terrorism is to have a robust ElAl style screening system and learn to roll with the few punches that get through.
Jon @10,
Yeah, I thought about that, but how much different would C-4 look on the x-ray machine than the li-ion polymer batteries Apple already shapes to the form of its devices? Swap out the hard drive and the disk drive for some C-4, and throw in a couple pieces of metal shielding to simulate the parts that were removed, and I don’t have much confidence that your run of the mill TSA screener is going to notice the difference.
Hi Goldy.
There’s no way to defend against every conceivable attack. I think it’s a testament to the strength of basic human decency that everything that could go wrong generally doesn’t.
I’d be okay with the TSA procedures if they functioned like the Border Patrol. They ask you a bunch of stupid questions to pressure you to see how you respond. But the TSA’s unskilled temp workers are nothing like the trained, professional Border Patrol.
We’ve wasted so much money on crap. Why couldn’t we waste a fraction of that on better TSA personnel and putting more US Marshals on flights?
I already know the answer. The same reason the CIA and NSA spend money on satellites and other high tech, while not funding the effective human intelligence operations.
Chris @ 1
One of my favorite terms.
ArtFart @ 6
The reason, by default or by design, is so no one can judge if the TSA is doing a good job.
Security through obscurity is no security at all.
The best security systems are the utterly transparent ones.
Ambiguous rules ruthlessly enforced empowers the bureaucracy and punishes honest people. The bad guys will always find the holes. Which is why all this emphasis on physical measures is counterproductive: it creates a false sense of security, leaving us more vulnerable than before.
Only three things have made air travel safer against terrorism. Deadbolt the cockpit door. Passengers now know to clobber anyone who gets out of line. Use psychology to rattle people’s cages, just to see how they respond.
Yesterday I flew from Burbank to Seatac.
There was no line; when I went thru there was only three of us coming through. Nothing really different from previous times with the exception that I was padded down (told it was because I was wearing a bulky sweater) and told to take all liquids/ toiletries out of my luggage (maybe they were just bored since it was so slow).
I had no problems getting through security. Inside my bag there was a disposable razor but that went through undetected (had forgottened it).
On the flight, nothing seemed different. I didn’t hear anything about not getting into our bags during the last hour of flight. During the last hour I walked to the rear and used the bathroom. Other people did the same.
The true purpose of airport security is to divert taxpayer monies into private coffers with the least expenditure of money on the part of the ‘private contractor’.
R. Sen. de Mint accurately expressed the Reps. real concern that the security personell might unionize to improve their wages and working conditions.
As AF pointed out @11, we still do not have the TSA chief Obama wanted to appoint. You know, the person who would reorganize them, reorient their mission, obtain funding for modernization, and change it from the clown show that the Bush crime family organized into an effective 21st century counter-terrorist organization.
And then there was the Republican Party who this year tried to block funding for the TSA.
And let’s ALSO not forget that the Bush administration released two of the four al Qaeda leaders allegedly behind this plot to blow up the jet from the Guantanamo prison in November 2007.
And also (again), Abdulmutallab obtained his entry visa from the Bush administration.
I wouldn’t blame Bush for this incident, which may well have been unavoidable. And personally I think that amateurish, badly planned, and poorly executed minor incidents such as this pose no existential threat to the US. But if Obama or Clinton had released the aforementioned planners or given him a visa, what might we be hearing from the current crop of superheated GOP idiots today?
#14 “here’s no way to defend against every conceivable attack. I think it’s a testament to the strength of basic human decency that everything that could go wrong generally doesn’t.”
Amen. If someone REALLY wants to do something bad, it’s very hard to stop them…most especially if they’re willing to risk their life to do it. Why DON’T we have random suicide bombers going off in malls in central Iowa all the time? Because you can’t buy/get/ explosives in the U.S.? Or because you can’t enter a mall in Iowa without a body screening? Of course not. There just aren’t THAT many crazy people in the world. Remember that naughty Muslim who tried to blow up a plane last week was TURNED IN by his Muslim parents. Thankfully his parents didn’t “hate freedom”(tm)…as most people don’t. But with 6 billion people, it only takes a handful to cause something horrible.
P.S. Whoever choose NOT to put last weeks idiot bomber on a no-fly list should be fired. Just like the CIA knowing about all the 9/11 hijackers in the country and not telling anyone because they just wanted to “watch them”…yikes. Come on guys. This is what the no-fly list is FOR…right?
A fellow I work with frequently used to be a Republican, but now loudly complains about the security proceedures now in place. We might dismiss him as a disgruntled passenger, but he’s not. He’s a licensed customs broker.
He laughs at the “known shipper” policy instituted during the Bush administration to ensure that cargo loaded on aircraft is safe without further inspection. It is based upon the freight forwarder requiring it’s customer (the shipper) to fill out a form certifying that he/she knows the contents of the shipment, and nothing illegal or dangerous is being transported.
So we can sit back comfortably assured that no terrorist is going to ship dangerous cargo by ship or airline into the U.S., because at the port of departure they would have to sign a form – which would obviously force them to cancel their plans!
That being said, I think perhaps we should avoid publicizing every idea we come up with. It’s not professional terrorists I’m worried about, they probably already have worked on similar plans – maybe it’s been thwarted by proceedures we don’t know about.
What I worry about is the amateur who might be cruising the internet for ideas.
Besides, if TSA thinks this is a remote possibility, they might very well ban laptops from airplanes, regardless of the inconvenience this causes. It’s easier for them to inconvenience passengers than it is to actually develop effective security proceedures.
@18
Nice catch.
rhp @ 21
Now there’s a tough dilemma.
Our intuition says we shouldn’t talk about the bad stuff.
But reason and experience say we must.
This debate has been long settled by computer security folks.
I’ve had this discussion with many people regarding the security of the voting machines. The vendors (including Microsoft) say that talking about the exploits reduces security.
The counter argument is that smart money (banks, NSA) only trust security systems that have been publicly vetted.
There may be some cases where security through obscurity is appropriate. But I don’t know of any examples.
There would be societal benefits to having an open discussion. Humans are notoriously bad at assessing risk, especially given incomplete information.
This ignorance allows corporate media and right wing propagandists to use every outrage to stoke fear and stampede people to act against their own self-interest.
By talking about problems frankly, we could inform people, and maybe reduce the hysteria, maybe save ourselves some money and effort.
The way Republicans manipulate people was beatifully illustrated in a little trick that Jimmy Kimmel and Adam Corolla played on some women in a S. CA shopping mall.
They set up a booth with a sign overhead saying ‘End Women Suffrage’ — sign petition. As you can imagine, most women were eagar to sign the petition that would end all the needless suffrage.
One younger, clearly college educated young woman was trying to tell them NOT to sign the petition. “Can’t you see that he’s making fun of you?”, she asked.
Apparently not, since they gave her a dirty look and signed the petition anyway.
@17, @22 With this in mind, if one were a conspiracy theorist, one might be tempted to connect the dots and ponder whether preventing Obama’s appointes to go to work might help conceal how many people there are in the mid-level hierarchy of DHS/TSA who were hired via some equivalent of the “Monica test” by which the Bush Gang worked to populate the hierarchy of the Justice Department.
If one were to carry that line of reasoning a bit further, might said functionaries still act on their loyalty to party rather than country and let a few nearly (but not quite) harmless “amateurs” fall through the cracks, when there wasn’t anything else happening in a given week for the AM radio/Fox talking heads to prattle about?
To borrow a phrase from Goldy, I’m just sayin’…
Man this FartyArt has lost it even more…
Who has been pushing for the release of these terrorist fools from Gitmo? Who has been saying we need to try them in civilian courts? Who has been claiming we need to close Gitmo?
[] Democratics
[] ACLU working for the Democratics
[] Code Pink working for the Democratics
[] HA Libtardo Fools working for the Democratics
[] All of the above
No rebuttal, just the same old tiresome and infantile namecalling. I see why they call him “Stupes”. So fitting.
Hey, @26, you left out Soros and Akorn.
Airplane vs. wireless mouse
Supposedly a wireless mouse almost caused an airplane crash. Cell phones, radios, televisions and GPS devices are prohibited from use at any time on a plane. Laptops and video games are not allowed during takeoff and landing. However you’re allowed to bring them on board.
Airplane travel has continually become more and more miserable.
People don’t react to perceived threats rationally. They worry about the spectacular rather than the likely.
For example, Sharks kill something like 3 people a year. About 300 people a year are killed by deer related incidents in the US alone.
But we never never have “Deer Week” on Cable.
You want to make a big impact in air travel safety? Enforce random and frequent drug and alcohol screening for cab drivers.
“Only one carry on? No electronics for the first hour of flight? I wish that, just once, some terrorist would try something that you can only foil by upgrading the passengers to first class and giving them free drinks.”
Bruce Schneier
Jason @ 23: Well, one of the differences is that a software security failure results in inconvenience and perhaps the loss of money, but an airline security failure results in a loss of life.
Having regular opportunities to see aircraft being built in the factory and completed aircraft on the flight line, I’m probably aware of some vulnerabilities, and some security precautions, which aren’t readily known to the general public. For one thing, I already know what items are on an airplane that I can use to thwart an attempted hijacking, and where they are located. but that knowledge would be pretty useless if it was commonly known.
Personally, I’d rather keep it that way, but I’m willing to acknowledge that reasonable men/women can differ on this issue.
If I were a terrorist, I’d be looking at the fact only 1% of cargo containers are screened for radiation. The Busheviks believed giving tax breaks to billionaires was higher priority than worrying about what might be in the thousands of metal boxes that are deposited on docks in our major cities every working day.
@32: But that would be bad for business! (snark)
Goldy @ 8 – you hit the nail on the head. The only way this security farce is going to be fixed is through discussions just like this that shine a light on on our numerous security vulnerabilities. And after we talk about airplanes, can we also talk the woefully inadequate protection of our ports, water supply, power grid, etc.
And yes, puffy sweaters should be banned.
rhp60033 @ 31: actually these days a computer security failure can result directly or indirectly in a loss of life. This is one reason there is concern about cyber-terrorism.
Just because you don’t rely on security through obscurity doesn’t mean there aren’t aspects of your security that are obscure. Everything from the exact procedures and protections in place in a particular installation to passwords which are in fact “security through obscurity”.
But I’m with Jason here, so much of what passes for security in the transportation world is ineffective makework done mostly for show.
@32
Thankfully nukes are something terrorists seem to still have a hard time getting a hold of.
But the ports are quite the sieve, I wonder how much heroin or coke comes in via big metal boxes.
Goldy — some of the statistics you cite are like comparing apples to oranges.
The chance of a passenger dying from a terrorist attack during a single airline flight, averaged over a 10 year period, may indeed be one in 10,408,947. That means, during a typical flight (anywhere from one to four hours), the chance of dying during that brief period are less than one out of ten million.
The statistics on lightning involve a far different time frame. About 60 people a year die from lightning in the USA. Over 10 years, about 600 die. We have a little over 300 million people. So during a ten year period (about 87,660 hours), about 1 out of 500,000 people in the USA die from lightning.
But if you want to look at a four hour period of time (equivalent to a longer airline flight), then only 1 out of 10,957,500,000 people are killed by lightning in an average 4 hour period.
So, during a typical four hour airline flight, you have 1 chance out of 10 million to die from terrorism. If you decided not to fly, your chance of being killed by lightning during this same period would be only 1 out of 10 billion.
So, hour for hour, airline terrorism is 1,000 times more dangerous than lightning.
Chris @ 35
We’re probably on the same page, but I just want to clarify:
Yea. Security still requires secrets. Like passwords. “Security through obscurity” refers to using undocumented methods, procedures, etc. to guard your secrets.
rhp @ 31
I’ve been thinking about this. I assume the bad guys already know.
The goal of an effective security system is that it works despite everyone knowing its details.
The risk of keeping the counter measures secret, but they’re not, is when you go to use it, you discover too late that the bad guys already planned a counter.
I’m not advocating broadcasting every single vulnerability.
The opposite to “security through obscurity” is two things.
First is peer review by experts. Everyone in the obscurity camp claims their security system is super special, uncrackable, proprietary, trade secrets, whatever. That’s never the case.
Even if your implementation copies a security system from a textbook verbatim, it still needs to be reviewed by experts. Context or an unplanned variable can moot the whole effort. Because there are so many ways to get it wrong and very hard to get it right.
Second is telling everyone where the bright line is. As in “cross this line and you will be shot dead.” Or “you may not travel have any liquids whatsoever.” People need clarity. Both the security enforcers and the people effected.
Judgment defeats security systems. If a system requires judgment (hmmm, is that 3 ounces or 3.1?), then that rule is worse than useless and should be eliminated.
I know this has been mentioned before, but I feel compelled to repeat it.
This Nigerian dude had the opportunity to attempt his attack because the existing security protocols weren’t followed. If I understand correctly, he was on a no fly list.
We don’t need more rules. We need existing rules enforced.
RR @ 32
I’ve wondered why the radioactive contamination scenario hasn’t happened. Some medical waste accidentally got loose in Brazil (1987) and it caused all sorts of problems. There must be some inhibitor. Maybe because radioactivity is easy to fingerprint, so there’s no way to get away with that kind of attack.
Or maybe illegal dumping of radioactive contamination is way too profitable. Like the mob does in the coastal waters of Somalia. No amount of Geiger counters installed at ports will help protect us from dumping.
There’s also all that depleted uranium we’ve been distributing across Iraq in the form of millions of little bullet sized chucks. We created a country sized super fund site. I’m sure they’re grateful.
It’s a good thing terrorists haven’t thought to put melamine in our baby formula, lead in our paint, sulfur in our drywall, counterfeit pharmaceuticals, etc. Oh wait…
I say it jokingly, but we don’t bother to protect ourselves from obvious threats today.
How many other scandals are waiting to uncovered?