
Pulling the Curtain on Airport Security [pdf] - vesche
http://xs-sniper.com/blackhat2014/BH2014-Billy-Rios.pdf
======
corford
Lots of people are posting highlighting how pointless airport security is
given the ease with which a terrorist can bypass it by e.g. blowing himself up
in the security line, targeting buses or shopping malls, making weapons from
stuff bought "air side" etc.

As this hasn't been happening (despite how easy it would be for a terrorist to
do), the only logical conclusion I draw is that the entire terrorist threat is
so unbelievably overblown it doesn't warrant even thinking about when it comes
to evaluating personal safety. I mean, how can it not be, given how easy it
would be for a terrorist to just stroll in to an airport departures hall with
a jacket bomb and detonate himself yet the closest we've seen to this is one
lunatic failing to ignite some powder in his shoes and another idiot burning
his crotch.

I think the real answer is that you can probably count the number of truly
dangerous terrorists in the world on two hands. The rest of the current crop
are nothing more than brainwashed amateurs who spend their time wreaking havoc
and misery in isolated parts of the world that no normal person would ever
have occasion to set foot in. This article from the FT makes a similar point:
[http://www.ft.com/intl/cms/s/0/ee2a8412-2923-11e4-9d5d-00144...](http://www.ft.com/intl/cms/s/0/ee2a8412-2923-11e4-9d5d-00144feabdc0.html?siteedition=intl#axzz3B1XsaAw5)

If I was a black man in the US I'd be much more afraid of looking at a cop the
wrong way than being caught up in a terrorist outrage.

~~~
clarkmoody
I completely agree with your first two paragraphs, but you lost me on the
second half of your comment.

The TSA's response to attempted attacks has been to clamp down on the rest of
us _after the fact_ : shoes off, no liquids. This tells us that the
intelligence gathering effort was not reflected in the airport security
measures. They lock down those attack vectors to prevent "me too" attacks, but
there haven't been any. Yet, the security gymnastics routine has not gotten
lighter for the average traveler.

Where I disagree:

 _> no normal person would ever have occasion to set foot in_

You just dismissed a chunk of humanity as non-"normal" along with their
homeland. Yes, Westerners have rare occasion to visit some of the places where
terrorists breed and train. But the world contains more than Westerners,
doesn't it?

 _> If I was a black man in the US I'd be much more afraid of looking at a cop
the wrong way than being caught up in a terrorist outrage._

You are making the same mistake we're talking about with airport security: you
are blowing a few highly-publicized events _way_ out of proportion.

Here[1] is some 2011 data from the FBI highlighting homicide victim/offender
race & sex. Compare that to this report[2] from the Bureau of Justice
Statistics showing arrest-related deaths from 2003-2009. (I know different
years, etc, sorry) From that data, it looks like blacks kill way more blacks
(and whites kill more whites) than cops killing either race.

[1]: [http://www.fbi.gov/about-us/cjis/ucr/crime-in-
the-u.s/2011/c...](http://www.fbi.gov/about-us/cjis/ucr/crime-in-
the-u.s/2011/crime-in-the-u.s.-2011/tables/expanded-homicide-data-table-6)

[2]:
[http://www.bjs.gov/content/pub/pdf/ard0309st.pdf](http://www.bjs.gov/content/pub/pdf/ard0309st.pdf)

~~~
corford
Blacks, whites or cops killing blacks - whatever it is, it's more than
terrorists killing blacks.

I could have worded my other paragraph slightly better - what I meant was no
western person (since we're talking about potential for terrorist attacks on
westerners) would normally find themselves in the mountains of bora bora or
the war zones of syria/iraq. The only western people outside of UN, military
or diplomatic personnel you are likely to find in these parts are radical
young men from home who are living out a jihad fantasy.

------
idlewords
I wish there was a transcript to go with these slides, or some context. It
looks like an amazing talk.

One thing that jumped out at me right away is that the explosives sniffer is
also configured to detect narcotics, amphetamine and marijuana. Is this
standard procedure at American domestic airports?

~~~
tptacek
I wonder how the THC thing could possibly work. I opt out at every checkpoint,
and each time, they maximize body contact and then generate an input to those
machines. Wouldn't it go off for anyone who had smoked up earlier in the day,
or the preceding day? It seems like they'd be spending all their time doing
drug searches.

(Don't get me wrong: drug searches at TSA checkpoints are extremely alarming,
because TSA has been given a near all-access pass to mechanically searching
people).

Fun fact: if you do any welding before you get on a flight, there's a good
chance you'll set those things off.

~~~
GauntletWizard
I've literally spent a night putting on a fireworks show, gotten up and flown
the next day, and not set off the alarm. I've also at a different time been
completely clean, set off the alarm for gunpowder (I could see the screen),
and then had the TSA wave me through.

They don't know, they don't care, they don't do anything. Their sole purpose
is to make people more comfortable with invasive government overreach.

~~~
tombrossman
Similar experience here. I was at a party the evening before a flight and had
loads of rockets and small mortars stuffed in my cargo shorts, which we were
running around and shooting at each other (alcohol may have been involved).

Next morning at the airport was my first time seeing these machines. As the
machines doors opened and closed, jets of air puffing at the passengers ahead
of me, I wondered about the shorts which I still had on. I looked down at the
empty pockets and they were literally sparkling with gunpowder and other
residue from the fireworks the night before. 'Let's see what happens' was my
only thought and I felt a bit let down when I got through with no problem.

Edit: Shorts sparkling in the light with some kind of crystalline residue from
the fireworks, not sparkling like a lit sparkler, which would have been even
more impressive.

------
nikcub
I ended up finding a way to get cigarette lighters through with a 100% success
rate just by brute forcing it.

If you travel a lot and you're a smoker you'd know that the worst part is
getting off the flight, crawling through the airport at exit and then not
having a lighter because they took it off you at departure[1].

No penalty for being caught with a lighter, so I kept leaving lighters in my
bag in different places deliberately to figure out how I could get one
through.

Solution turned out to be simple, and I hit it almost accidentally. I removed
the metal shield and then dropped the lighter into an inside pocket of my bag
that contains pens and loose coins.

Worked 100% of the time thereafter.

The scanners being blacklisting like a virus scanner means they have the same
problem, they can only identify known threats. Change the form of the threat
and you're through until they update and train their scanners again (both
human and machine).

The illusion of safety. I've since quit both smoking and flying frequently.

[1] I gave the TSA the idea of handing out lighters they have confiscated from
departing passengers to arriving passengers but they didn't buy into it.

~~~
MeinCrapf
You sure you didn't make that change around August, 2007?

[http://www.tsa.gov/traveler-information/lighters-and-
matches](http://www.tsa.gov/traveler-information/lighters-and-matches)

~~~
JoblessWonder
Is that an example of confirmation bias? "I finally moved it around and
tweaked it enough and that is what caused the success" instead of "the TSA
changed the rules?"

~~~
endersshadow
No; it's post hoc ergo propter hoc:
[http://en.wikipedia.org/wiki/Post_hoc_ergo_propter_hoc](http://en.wikipedia.org/wiki/Post_hoc_ergo_propter_hoc)

------
pmorici
Typical. Government organizations think IT security means having strongly
worded statements and reams of bureaucratic rules and procedures. If you look
closely though the strong words often aren't backed by any meaningful action.
In a government official's mind if the 50 page IT security document was filled
out and is on file that means the system is secure. It's all a big joke
really.

~~~
sleeping_pills
I don't think most of them would be that stupid. Just lazy. In a government
official's mind, if the 50 page IT security document was filled out then he
can't be held responsible when the shit hits the fan.

~~~
bedhead
It's both...it's a problem of incentives. The government guy aint getting
stock options or a real bonus or whatever for a job well done. And he's
probably close to impossible to fire if he does poorly. So what does he care?
And while this is a problem in itself, it also creates a self-selection
problem where good candidates don't want to work there in the first place.

------
BorisMelnik
"TSA has not audited these devices for even the most basic security issues"

This to me is the most troublesome aspect of this an entire ordeal. Any
security pen-testing firm with their wits about them could have discovered
these backdoors in a few simple audits.

The fact that he was able to find all of these is very worrisome to me. I can
only imagine what other bugs/backdoors are built in to these systems.

Does any of this security matter with the fact that you can build weapons
using airport giftshop items?

[http://www.wired.com/2013/12/terminal-
cornucopia/](http://www.wired.com/2013/12/terminal-cornucopia/)

~~~
MichaelApproved
The weapons in the video are not powerful enough to take down an airliner.
They'd likely harm a handful of people nearby or blow a small hole in the side
of the plane but not much more than that. A small hole in the side of the
plane would likely not cause it to crash.

Of course, I don't mean to be flippant with regards to the lives of people
close by but it's not a larger threat than someone doing this on the ground.
The biggest point of airport security is to keep the planes from falling out
of the sky or flown into buildings.

~~~
BorisMelnik
arguing for arguments sake: 9/11 happened with a box cutter

~~~
ufmace
Because passengers believed that the result of a hijacking was to land in a
third-world country and eventually be released after negotiation mostly
regarding things that have nothing to do with them.

Once the passengers believe that the result of a hijacking is to be flown into
the side of a national monument, you're gonna need a lot more than box cutters
to hold them back. As we saw before the 9/11 attacks were even completed.

------
stevefeinstein
If this isn't the answer, and I'm not asserting it is or isn't. What is, and
how do implement it. Or do you suggest if we scrap it all and go back to
1950's like airport security that the few incidents that are inevitable are an
acceptable risk? I don't know the answer, but I'd like to have the
conversation.

~~~
glenra
I do suggest we scrap it all and go back to the 1950s. Let people walk right
out to the gate to meet arrivals. Let people run through the airport right to
the gate without having to stand in a line at all. Even the level of security
we had _before_ 9/11 was misguided and caused more deaths than it saved.

Here's all we should do: leave security policy up to the airlines themselves.
Then there won't be the sort of _single points of failure_ we have now. If one
airline wants to reinforce the cockpit doors or arm the pilots they can just
_do_ that without getting permission from a central authority and making that
the new mandated standard. Get rid of one-size-fits-all security. Let
"convenient security" be just one more attribute that airline companies
compete to provide, along with "comfortable seating" and "frequent flights".

~~~
thaumasiotes
> I do suggest we scrap it all and go back to the 1950s. Let people walk right
> out to the gate to meet arrivals.

You could do this in the 90s. It still boggles my mind that someone thought it
should be stamped out.

~~~
ctdonath
Methinks he was referring to not what we think of now as the "gate" (the
extended building reaching to the plane), but in fact walking right out on the
tarmac.

~~~
glenra
Nah, I meant what we think of now as "gate". For instance, I remember going
out to meet people at the gate at SFO in the 1990s. I'm not quite old enough -
or perhaps didn't grow up in a small enough town? - to remember routinely
walking out on the tarmac to greet a plane.

------
nathannecro
Is there a video to go along with these slides? This is fascinating.

The diagram-heavy slides could certainly use some context.

~~~
uxp
It was a presentation at Blackhat 2014. The videos are released sometime
afterwards.

[https://www.blackhat.com/us-14/speakers/Billy-
Rios.html](https://www.blackhat.com/us-14/speakers/Billy-Rios.html)

------
jqm
About a year after 9/11 I flew from Phoenix to Corpus Christi Texas. I brought
a carry on case from work with me full of papers and (unknown to me) some
tools including a large folding knife, a smaller pocket knife, a leather man
and some screwdrivers. I honestly had completely forgot about the tools, they
were buried in the bottom of the case under papers (yes, my case was not very
organized).

So, I took the case carry through x-ray in Phoenix, then, during a layover in
Dallas I went outside the airport with the case, came back in through
security, re-boarded the airplane and proceeded to Corpus Christi where I
passed my vacation. After vacation, on the return flight to Phoenix, they
found the knives and tools at the small airport in Corpus Christi as I
attempted to board. I gave them to security and nothing came of it but I
didn't feel it wise to tell them that I had already been through two
checkpoints with the contraband. I realize things have probably tightened
further since then but still... I was a bit shocked. And I'm still thinking a
lot of the "security" at airports is for show.

------
bussiere
It makes laugh a lot, 9/11 happen because they used cutter.

Airport security will piss you off for a kid cissor.

But they will let you buy a glass bottle of alcohol in duty free.

That you can break properly and use as a weapon ...

Logic ...

~~~
farnsworth
Relevant - This guy built a bunch of weapons from things you can buy in
airport shops.

[http://www.dailymail.co.uk/news/article-2513362/Man-
builds-h...](http://www.dailymail.co.uk/news/article-2513362/Man-builds-
homemade-gun-items-purchased-airport-terminal-AFTER-security.html)

------
jtheory
I keep forgetting that this whole mess is still ongoing. The articles seem to
come in waves -- there'll be a new exposure of how useless the scanners are,
lots of noise around that, and sometimes articles about changes to actual
policy.

I actually had the impression that the silly Rapiscan (what a lovely name!)
scanners had been retired a year or two ago. Then this summer I went back to
the US (first time in several years!) and it was worse than ever. In the one
visit (involving 4 flights including my arrival to the US and departure from)
I twice had to turn down the millimeter wave scanner -- apparently having a
baby in a sling on my chest wasn't enough to exclude me -- and so I got to
experience (twice) the uncomfortable manual pat down process, including the
by-the-book warning that they're going to slide a hand up my inner thigh until
they meet "resistance".

On the other hand, I have some fairly ugly memories of arriving in JFK in the
past (and going through immigration difficulties), and the airport remains
horrible (their computer system went down for a half-hour while we waited to
pass immigration...), but the people working there were impressively kind,
especially to a family traveling with small children.

------
neil_s
Seems like the SFO Kronos has been taken offline since this disclosure.

------
jimktrains2
I still maintain that security checkpoints are the scariest places to be. So
many people gathered, huddled, around a small, politically sensitive area
outside the "secure" zone.

------
blantonl
"Pulling the Curtain on Airport Security" \- This article's title. Wow.

Almost all airport security is a theater... The TSA are simply the actors...

~~~
averill
Pulling the curtain on "ticketed passengers only" as the crown jewel of this
airport security theatre. Or as I call it the "TSA smoke and miroros/window
dressing security" show.

There is one security policy, which everyone should be aware of for the farce
it is and represents. It is the taking away of YOUR freedom of movement at
your airport. This useless waste of time and manpower of only allowing persons
with tickets past the security screening areas, known as "ticketed passengers
only". Don't be fooled, "ticketed passengers only" is NOT a security measure.
The following is only a partial list as to why this is a waste of time. I
know, I worked as a supervisor at a security checkpoint for five years, and
for the last 10 years have worked for a major airline.

There's the question of how our nations deal with the critical question of
preserving both a reasonable measure of safety with individual rights in
general. Striking a balance between feeling safe as opposed to being safe, and
being free at the same time, is the most tenuous security concern of all.
Averill Hecht Cheltenham, Pa. All comments are welcome. adhecht@comcast.net
Please speak-up,

------
warcode
The increasing amount of security is more terror than any real group could
hope to inflict. Technically the terrorists won.

------
est
search for 2323098716 you get this

[http://www.joecasaletto.com/joekronos/2012/605/4500_telnet/](http://www.joecasaletto.com/joekronos/2012/605/4500_telnet/)

------
joshfraser
expensive security theater

