Badges?....Badges?....We don't need no stinkin badges!!....

Here's an article from Bruce Schneier's blog which further illustrates why I hate the blanket acceptance of anyone's "credentials" and entrusting access solely into the hands of an inexperienced guard force who is only used to seeing the real thing and not actual forgeries.

The authors bought a bunch of fake badges:

Between November 2009 and March 2010, undercover investigators were able to purchase nearly perfect counterfeit badges for all of the Department of Defense's military criminal investigative organizations to include the Army Criminal Investigation Command (Army CID), Naval Criminal Investigative Service (NCIS), Air Force Office of Special Investigations (AFOSI), and the Marine Corps Criminal Investigation Division (USMC CID). Also, purchased was the badge for the Defense Criminal Investigative Service (DCIS).

Also available for purchase were counterfeit badges of 42 other federal law enforcement agencies including the Federal Bureau of Investigation (FBI), Drug Enforcement Administration (DEA), Alcohol, Tobacco and Firearms (ATF), Secret Service, and the US Marshals Service.

Of the other federal law enforcement agency badges available, the investigators found exact reproductions of the badges issued to Federal Air Marshals, Transportation Security Administration (TSA) Screeners, TSA Inspectors, and Special Agents of the TSA Office of Inspector General.

Average price: $60.

Then, they tried using them:

During the period of January to June 2010, undercover investigators utilized fraudulent badges and credentials of the DoD's military criminal investigative organizations to penetrate the security at: 6 military installations; 2 federal courthouses; and 3 state buildings in the New York and New Jersey area.

[...]

Once being granted access to the military installation or federal facility, the investigators proceeded to areas that were designed as "Restricted Area" or "Authorized Personnel Only" and were able to wander around without being challenged by employees or security personnel. On one military installation, investigators were able to go to the police station and request local background checks on several fictitious names. All that was required was displaying the fraudulent badge and credentials to a police officer working the communications desk.

The authors didn't try it getting through airport security, but they mentioned a 2000 GAO report where investigators did:

The investigation found that investigators were 100% successful in penetrating 19 federal sites and 2 commercial airports by claiming to be law enforcement officers and entering the facilities unchecked by security where they could have carried weapons, listening devices, explosives, chemical/biological agents and other such materials.

Websites are listed in the report, if you want to buy your own fake badge and carry a gun onto an airplane.

I've written about this general problem before:

When faced with a badge, most people assume it's legitimate. And even if they wanted to verify the badge, there's no real way for them to do so.

The only solution, if this counts as one, is to move to real-time verification. A credit card used to be a credential; it gave the bearer certain privileges. But the problem of forged and stolen credit cards was so pervasive that the industry moved to a system where now the card is mostly a pointer to a database. Your passport, when you present it to the customs official in your home country, is basically the same thing. I'd like to be able to photograph a law-enforcement badge with my camera, send it to some police website, and get back a real-time verification -- with picture -- that the officer is legit.

Of course, that opens up an entire new set of database security issues, but I think they're more manageable than what we have now.

Name a price and you too can smuggle stuff on board JetBlue....

Wow....This story from a SeattlePi.com blogger is too crazy for me to even tell....Too bad it's true...So here you go:

Although millions of dollars are spent on airline security each year in the United States, it only took $100.00 for a JetBlue ticket agent to allow a unknown package to go onto a flight, coming from an unknown person.

On November 19, the Transportation Security Administration (TSA) was at Charlotte Douglas Airport testing out JetBlue’s security. Their goal was to try and get an unaccompanied package onto a flight headed to Boston and unfortunately, they succeeded. An undercover TSA agent told a JetBlue ticket agent that he needed to get a package to Boston that day and would pay the agent $100.00 for helping. The agent took the $100, put it in his pocket and proceeded to follow the unknown person’s instructions. The ticket agent chose a passenger’s name at random, which just happened to be an unaccompanied minor, and the package went through the screening process with no problems. Although the package was harmless, the TSA pulled the package just before being loaded onto the aircraft.

“That’s really alarming,” Anthony Amore, a former high-ranking TSA official at Logan Airport told a local Boston CBS station. “When you have multiple layers in place you hope that they all stand in the way of a terrorist or someone who wishes us harm. In this instance, many of the layers were cast aside and we were left with this one layer of checked baggage screening.”

When the local station asked the TSA for a comment, they were told, “While we cannot comment on the specifics of an open investigation, TSA can assure travelers that, like checked baggage, every package tendered at the airline counter is screened for explosives.” JetBlue confirmed that they are “fully cooperating with the TSA’s investigation” and “the involved crew member is no longer employed at JetBlue.”

I do not share this story to cause additional security-related fear, nor do I want to “teach the terrorists” how to commit crimes against passengers. I share it, since I think it shows how spending so much money on the front door of airline security and so little attention on the back is a big mistake. Although JetBlue is partly to blame for training issues, this could have happened with almost any airline. They just happened to have a bad-seed-employee in the wrong place at the wrong time. Currently, the TSA is not talking about how often they conduct these sorts of tests and how often they get a package through.

Sadly, this story is just one of many that place many questions on back-door airport security. At the same exact airport, just a few days earlier, a teenager was able to sneak onto the airport secured area, illegally board a US Airways aircraft without being caught (unfortunately, he died en-route). There is also the story of the pilot who pointed out that airport security workers could by-pass security and caused him a lot of grief. Similar stories keep popping up and I have a feeling more will continue to do so. As passengers continue to give up their freedoms and are willing to put up with many annoyances to fly, while at the same time seeing how porous the security is behind the scenes, people will take note and demand for change.

Columbians discover another "narco-sub"....

The Associated Press, through Azcentral.com, reports the Columbians have discovered another "narco-sub" capable of reaching Mexico. So far they believe it can carry 8 tons of dope and has fully air-conditioned cabin. it can dive to 9 feet and has an 8 foot periscope. The level of sophistication with these subs is beginning to grow. I'm curious as to what they use for navigation and depth gauges. I'm sure communication is done from the surface. I can imagine how dangerous the voyage is at night going through dense jungle waterways and canals. At times, you have to admire the ingenuity that goes into something like this to further profit a criminal enterprise. Capitalism.....