Hacker News new | comments | ask | show | jobs | submit login
Israel airport security stole my laptop (twitter.com)
124 points by boltzmannbrain 19 days ago | hide | past | web | favorite | 95 comments



Curbside security guard asked a couple basic questions ("How long were you in Israel? Where are you traveling to?"). The guard at the first security gate inside asked ~20 questions (4-8 is normal). I think answering that I'm a SW engineer to "What do you do for a living?" made her suspicious. I was then directed to a side security area where they searched my bags and discovered my laptop. A few guards then escorted me to a side room. Here there was one guard interrogating me on and off for ~2 hours. Just about any question I asked was met with "We can't tell you that." They confiscated my laptop b/c they had to "run more tests". I said several times I would wait for the tests, but they 'insisted' I leave. As soon as I was through security I went to Turkish airlines for help, but their immediate (read: scripted) response was "We do not deal with airport security."


What you experienced is not rare at all for travel through Israel. Answering that you're a SW engineer is not suspicious, it's how you answer that they're trained to look at. The questions are basically irrelevant. You and your equipment got flagged.

Once when I was boarding a plane to fly into TLV from Athens, I got about 200 questions in the space of 5 minutes, from 3 different people. When I mentioned who I used to work for, they asked me what that kind of work entailed, what did my office building look like, what city was it in, where was I living at that time, why was I living somewhere else, etc. I got the same questions multiple times, spaced apart.

They don't actually give a crap what my old office building looked like. They're looking for responses that appear delayed, evasive, made up.

After the questions I had to follow them to another room to have my bags meticulously inspected and scanned. They then checked my bags for me (breaking my zipper in the process - and no, the airline didn't do jack about it) and finally let me board. After I was on, they barged on and insisted some older passenger who had been sitting quietly leave the plane immediately while it was on the tarmac, and left.

Traveling through Israel is a pain in the ass.


I was there with Israel airport a few times. Almost every time I have company "letter" to "precheck" me with the airport security.

There was one time, the company missed issue me that letter. I had to go thru the 2 hours security hell which they inspected and questioned everything.

After that, I have decided that I would never go back to Israel again for biz or any other purposes. It is just not worth it.


It's also possible that Israel took the laptop because they knew where this person worked as a software engineer. Since processes like these enjoy opacity the outside is left to speculate.


>I was boarding a plane to fly into TLV from Athens

I think you mean the other way around. If you are being asked all these questions the flight was from TLV to Athens. Right?


No, it was Athens to TLV. I should mention that this was an El Al flight: https://en.wikipedia.org/wiki/El_Al#Airport_security_measure...

"El Al security procedures require that all passengers be interviewed individually prior to boarding, allowing El Al staff to identify possible security threats. Passengers are asked questions about their place of origin, the reason for their trip, their job or occupation, and whether they have packed their bags themselves. [...] Even at overseas airports, El Al security agents conduct all luggage searches personally, even if they are supervised by government or private security firms."

I've also faced heightened security traveling from TLV to other airports, featuring another barrage of questions and extra screening. But to their credit, they helped me skip some lines and get to the plane just before it left.


Israel has people on the ground around the world. Hard learned lesson after too many hijacked planes.



This wasn't an ElAl flight, so I don't understand why they care.


> They're looking for responses that appear delayed, evasive, made up

Exactly. AFIK I responded normally.

Not to mention someone actually doing something malicious with their computer probably wouldn't tell security they're a SW eng.


They know you work in advanced technology and stole it. Your work could be applied to military use.


> As soon as I was through security I went to Turkish airlines for help, but their immediate (read: scripted) response was "We do not deal with airport security."

Well isn't this true? I am sorry for your ordeal but there is nothing an airline can do with this matter. Have you tried contacting the airport itself?


Definitely not something the airline has anything to do with. I can complain to American about the TSA, but it’s going to do just as much as complaining to them about the price of the sandwich at Subway.


If you're taken away for too long, you may miss your flight. I'd hope that the airline would put you on the next one, despite them not having to do so.


What does that have to do with this situation?


It would be an airline providing what help they can for a situation that wasn't the passenger's fault


I just assume there must be 1000s, perhaps 10s of 1000s of people who answer "software engineer" in any given month.

None of this makes sense on the face of it. I wonder if you were connected to a network that was compromised and they tracked your computer? Also unlikely.

Do you think the last person you talked to was just having a bad day and as you got annoyed you triggered them and they took it on you?


Disclaimer: I've never traveled to or through Israel.

As others have referenced, Israeli airport security use profiling extensively. The questions that are asked are almost (but not quite) irrelevant - they are trained to gauge a person's reactions, their unconscious biological responses, etc.

It seems likely to me that what they keyed in on wasn't the author's questions, responses, or even their general attitude, but the overall resistance to having their laptop searched. The distinction between "I resent this process and need my laptop for work" and "If they take my laptop I'm going to be in trouble" is probably below the threshold of their training. I'd even say it's possible that the author's reaction to having their laptop confiscated was part of the profiling technique.

The fact that they let them continue on to their flight tells me that they didn't perceive them to be a security risk at the end of the process.


> The fact that they let them continue on to their flight tells me that they didn't perceive them to be a security risk at the end of the process.

I’m having a bit of trouble understanding the rationale allowing continued travel, but not allowing continued travel with the laptop. Can anyone here shed a bit of light on this?


Perhaps they cued in on their nervousness, decided that they weren't a threat, but also decided that their laptop might contain evidence of a crime (e.g., industrial espionage).


As you point out

> The distinction between "I resent this process and need my laptop for work" and "If they take my laptop I'm going to be in trouble" is probably below the threshold of their training.

And I agree with you. But 1000s of people must resent the process and need their laptops! If they picked up on that, they would have to confiscate laptops approaching 100% of the time they asked people questions about it.


I am sorry for what happened to you. I really am.

I heard before that Israeli security can be scary if they sense you went to either Palestinian areas or some of their flags get triggered. But no excuse for them to do what they do.

I hope you raising this issue help you get your laptop back.

I personally worry that they might take my laptop from me and install some spyware, so I try not to carry one, or if I do, travel with Chromebook. Whenever I can get away without carrying laptop, it is huge relief to just breeze through customs. Essentially excuses they have to talk to you are diminished and potential for some unpleasant interaction are greatly reduced.

I carry Kindle and if I have to Chromebook, life is much simpler. Friends borrow me their laptops if I have to do some work.

Again, sorry for what is happening to you, I can't even imagine how horrible you are feeling, hope for quick and positive resolution.


Thank you. It was an unfortunate learning lesson. Even if I do get my laptop back it won't be usable -- I have to assume they've gone through it and tampered somehow.


Chromebook + https://www.paperspace.com/ may be a solution


I know, you always think it is something it happens to other people. Chromebook FTW


Chromebooks won't work in China, where the Great Firewall blocks most Western cloud services.


They still work fine


Curbside questions? I haven't been for a few years but don't remember any of those, just the usual "I'm asking you this because I think someone may have planted a bomb in your luggage" inside the terminal. I haven't had anything approaching that level of interrogation (can you show me any evidence of what you've been working on) since my first trip in 2010 -- which was before my first Erez stamp (that's the border post before you go into Gaza).

Did you get a taxi to the airport, or dropped from a friend?


Taxi. I've traveled to Israel a few times now and the extra questioning seems standard.


Have you traveled to other Middle East countries previously?


Contact your embassy. They will solve it


Israel does profile based on the airline. It is a reasonably ( i would actually say very well ) known fact.


The #1 destination for passengers from Ben Gurion is Istanbul flown mostly by Turkish Airlines.

https://en.wikipedia.org/wiki/Ben_Gurion_Airport#Top_destina...

I assume they're very comfortable with Turkish Airlines at this point.


> I assume they're very comfortable with Turkish Airlines at this point.

Oh absolutely. That also means they are very good at identifying who does and who does not "fit" the standard profile of a regular flyer for that specific flight. OP tripped something.


Good luck with that, Airline can't do anything about that. Your next best bet is to reach out to the airport again, but this time through an embassy or consulate.


Wow, sounds like a real-life nightmare. What kind of questions did they ask you during that 2-hour interrogation?


It was more of the rapid-fire "where did you stay? what did you do your previous trips to Israel?", but also asking where I got the computer from, what I use it for, why I brought it to Israel, if anyone else touched it, etc.


I presume the first thing you did when you got your laptop back is to re-image it?


If your device has been out of your site, under the control of a well-funded government agency, and you believe that agency to be hostile then the device is compromised and the only thin you can do with it is sell it on to someone else or destroy it.


For Sale: Acme XYZ123 laptop with <specs>. Confiscated and returned by Israeli airport security. Great buy for counterintelligence agents or someone looking for a target for hardware compromise detection practice.*

* The security of the laptop, electronic devices in its vicinity, or the purchaser is not guaranteed.


I wonder if selling it on eBay with that description would increase or decrease its value.


Never got my laptop back.


That wouldn't necessarily remove everything evil that could potentially be done with it though.


I don't think he has received his laptop yet


Still no laptop, and no updates from Turkish Air nor the airport.


What is your goal in this publicity? On the surface, it seems like yet another dispute with unreasonable customer service and you are using the shame tactic to get your way.

This is airport security in Israel. It's not security theater. It's the real deal. There is something in this story that is missing. You may not know what it is, but those people are really good at their jobs. Was that really your laptop? Were all the files on it really yours? Were you really just there as a SW engineer? Did you really tell them the truth to all 20 questions?

You've claimed to spend time in the country. You know how it works. The people in security make good money and have access to tons of resources ... they don't want your laptop for fun or a side hustle. If you have a grievance against the Israeli government, there is due process there just like in the US. It works as well there as it does in the US. File a suit... the courts will sort this out. (Edit: You also would have received a claim ticket for confiscated property, just like in many US jurisdictions. Something is missing from this story.)

Publicity just makes you look like you are acting in bad faith.


if getting shaken down is part of the risk of flying through israel then it’s a public good to let others to know. this reflexive defensive crap is par for the course i suppose.


And in the U.S.

> A few months earlier in the same airport, a tech engineer returning from a business trip to London objected when a federal agent asked him to type his password into his laptop computer. "This laptop doesn't belong to me," he remembers protesting. "It belongs to my company." Eventually, he agreed to log on and stood by as the officer copied the Web sites he had visited, said the engineer, a U.S. citizen who spoke on the condition of anonymity for fear of calling attention to himself.

https://boingboing.net/2008/02/07/tsa-confiscating-lap.html

Except in Israel the threat is real, and the security guards are actually competent


so competent that they steal a developer's laptop, apparently!


They confiscated a laptop for some reason that the OP didn't report (and perhaps didn't know)


> There is something in this story that is missing. You may not know what it is

Completely agree here. Millions pass through TLV every year and don't have their laptops confiscated, something twigged their interest.

The question is why he was able to carry on flying


Yes this could have been worse, and is relatively minor compared to other mideast travel horror stories. Nonetheless I feel frustrated not only losing my computer and non-backed up materials, but because this occurs as I am helping an Israeli tech company by sharing my knowledge and expertise. There has been incredible outreach initiative in the AI research community as of late -- e.g., DL Indaba in Africa -- but this makes us feel unwanted. I will continue working with the Israeli startup, but from my office in SF.


> incredible outreach initiative in the AI research community as of late -- e.g., DL Indaba in Africa

Geez.

You are not "outreaching" some minority tribe here. You are selling your expertize for good money. Israel is the 2nd biggest VC market in the world (maybe 3rd after US, China?).

Sorry about your laptop though. There is current incredible outreach of Israelis to tourists who have had a bad experience while visiting.

We do our best !! Luckily your plane did not blow up.


>You are not "outreaching" some minority tribe here. You are selling your expertize for good money.

I guess it's a good thing he didn't say or even hint at either of those two ideas.

>We do our best !! Luckily your plane did not blow up.

Luck? The odds of your plane blowing up are exceedingly rare. He's also "lucky the earth wasn't blown up by an errant asteroid". To suggest the airport stealing his laptop (or ANYONE'S laptop) somehow prevented his plane or any other plane from blowing up is ludicrous. It's not even security theater, it's plain theft.


> Luckily your plane did not blow up.

He'd be lucky if his plane did blow up, since it's such a rare occurrence.


I believe that's what the word unlucky is for. Lucky is for positive rare occurrences, unlucky is for negative rare occurrences. I'll admit I have no clue what normal/average occurrences would then be.


Luckless.


This is a good argument for never taking any electronic devices outside your home region.

Even if you get your device back, after someone takes it behind the curtain and fiddles with it ... How can you be sure that they have not compromised it for its onward journey?


>This is a good argument for never taking any electronic devices outside your home region.

For most of us here in particular that's very silly as well as completely unrealistic, we need some level of electronics for our work even beyond that it makes many kinds of travel much more practical. However, what is worth considering (at least when traveling internationally) is to have specific dedicated travel electronics. One consequence of the end of Moore's Law and the flattening of the performance curves in PCs and now mobile devices as well is that older kit can still be perfectly serviceable for travel usage. I replaced my 4 year old notebook and 3 year old phone last year for example, but this time rather then sell the old ones (which aren't worth that much anyway) I just kept them and changed them into specific clean travel devices (and with the notebook in particular oriented around remote work for most stuff).

That kind of opsec was a lot more expensive and difficult at one point, but these days I think it's ever more practical and it reduces potential headaches and opportunities for screwups (by me) a lot. It's much easier to make sure nothing critical is on a device I wipe regularly and much easier to maintain compartmentalization with physical separation. If any of it ever was seized I'd still be bummed/irritated, it's still worth some money and on a practical level it'd mean I didn't have it for the rest of the trip (even if the rest is just "the flight home" and all I wanted was to read a bit). But nothing I couldn't just write off ever seeing again or that could cause me any trouble even if it was cracked.


I will preface this with saying i dont think stuff like this should happen, however in the DoD we are advised to never take a personal laptops (or phones) to a foreign country, only take a secondary laptop and ensure the hard disk is encrypted. Also keep as little information on the drive as possible.

Furthermore if a laptop (or other electronic device) is purchased in a foreign country either dont bring it back or bring it back and shred it.

I know this sounds extreme and expensive, but with cloud storage and cheap laptop's i cant imagine anyone travling to a foreign country not being able to have a secondary "disposable" machine with cloud backups (could be a challenge in say china, but if you are doing buisness in a country like that (government monitored and access restricted) you should have company policies in place already).


Agreed. Lesson learned.

As recommended elsewhere in these comments, I'll likely use Chromebook + https://www.paperspace.com/ in the future, and implement a travel policy for my team regarding what material can be taken where.


a) take simple phone or tablet or second hand laptop for traveling b) don't say software, security or other keywords in airports. c) enjoy your time abroad :D


This is particularly why I leave my good MacBook at home and depend on a decent Chromebook and a throwaway Gmail acct. I can use Citrix or an Amazon Workspace if I need something more secure. If I lose it or if it’s stolen, I’m out $200-400 instead of $1200 and my data.


Dang, I'll have to start considering something like this. And keep all my data on the cloud instead. :(


95% of what I do on my laptop (other than random web surfing) is hobby stuff that can go to Github.

That 5% (taxes, paperless office) happens on my MacBook.

So I’ve start to do the same thing: MacBook for US travel, $40 laptop for international travel.

Works great.


If you know how to secure a system, you could probably use owncloud or something like that too.


I was traveling through Istanbul and there were multiple tiers of security before reaching my plane. One of the checkpoints was run by private security, and they took my laptop out of my bag and asked me a ton of questions. They asked me to open my computer and log in so they can review data in my machine.

Lucky for me, my laptop was completely out of battery, so when they opened my MBP, all they saw was the red blinking battery symbol. They mumbled to each other under their breathes, handed me my laptop, and waved me through.


Wow they asked you to login? I have the Apple watch feature for auto-login, but took my watch off as soon as they grabbed my laptop.

Yes I went through several tiers of security as well, each with different organizations it seemed (airport, private, gov't).


Was there anything that prompted them to ask you to login? I travel through Istanbul a lot (being a native) and I often get asked to turn my laptop on (show the login screen and you are done) without any further questions. Just wondered.


Very lucky. AFAIK It's generally a requirement that a laptop have enough charge to at least reach a login screen.


Just a tangent: TLV is the most secure airport in the world though.[1] You wouldn't think the most secure airport is in the middle east but it is. Compare to Israelis' human approach, the billions dollars the U.S. spent by the corrupted TSA on invasive cancer causing body scanners and still have tons security breaches is a joke. The wikipedia page has a few reports explained in details why it works at TLV. Worth a read.

[1]: https://en.wikipedia.org/wiki/Ben_Gurion_Airport


> You wouldn't think the most secure airport is in the middle east but it is.

Yes, I would. I would expect the most secure airport in the world to be in a small country that has been at war with several of its neighbors within living memory. I would expect it to be a country that's technologically-sophisticated and well-funded. I would expect it to be in a country that has had issues with terrorism.

In other words, Israel is exactly where I would expect to find it.


Must've triggered something when they questioned you. Maybe you just made yourself non-Grata over there too by sharing this story.

At least they should have said, wait, let's clone it and here is your laptop back. Unless they suspected you of economic espionage or whatever and didn't you to have it with you. Either way, unless charged with a crime it's theft.


They murder medics, outside their border, among other Geneva code violations. I wouldn't hold my breath waiting for justice on a laptop "confiscation".


> Unless they suspected you of economic espionage...

This also may be a part of industrial espionage done by Israel.


Great point. His work may be of extreme value to Israel. And you can't argue with airport security


It's not theft because that would require Israeli law condemn the action. Given the kind of things they currently do at other border crossings, I wouldn't hold your breath on that one.


I thought that all sovereign nations had the authority to seize whatever they want at border crossings. I always travel with the assumption that all my belongings (on my person) are subject to confiscation.

This has two consequences: 1. I travel light and 2. If something doesn’t get seized that’s great news!


Do not take electronic devices with you when you leave your country. Use a burner instead. Counts for USA, China, Russia, and apparently also for Israel


Don't travel. Or use a disposable laptop when traveling. Something like the Thinkpad x240 is rather sturdy, small form factor, with perfect linux support. Shouldn't set you back more than ~150-200€.

Pull in whatever data you need after passing these risky checkpoints. Destroy the data again afterwards.


I suspect they intentionally regularly interrogate people who they know are innocent to train what a normal false positive acts like. that helps detect the true positives in contrast while training on true positives is difficult as they are quite rare. the interrogation strategy is just to impose a high level of stress on someone. i suspect a false positive will act very confused in contrast to someone who wants to hide something.

(with positive I refer to someone who is considered dangerous or an enemy)

having said that I went twice to Israel from Germany and coming back from Istanbul and never had issues. actually I find it quite exciting to experience the perfectly orchestrated security measures. obviously though also because I never got the tough treatment so far.


Good argument for taking a laptop that is basically a thin client to a VNC-over-SSH session.


if the thin client hardware is compromised you're back to square one


I don't think that was the point.

A thin client (super cheap 'disposable' laptop) and a beefy remote workstation will give you all the horsepower to do your work, but limit the financial damage if the laptop gets stolen by airport security bullies.


You can pick up a cheap Chromebook and install Linux on it. Works fine for me.


if people are breaking into your hotel room while you're not there to install rootkits in its bootloader, hardware keystroke loggers, or similar (google "evil maid attack"), you're probably the target of somebody with the capabilities of a nation-state intelligence agency. at which point all bets are off.


Breaking into a hotel room and installing a rootkit on a laptop does not require anywhere near that level of sophistication.

In many cases, obtaining a hotel room key requires only entry-level social engineering. How do I know? I've received keys for my own hotel rooms from the front desk with essentially no verification. Adding a rootkit to a laptop depends on how well-secured it is, but that's often little more effort than inserting a flash drive and rebooting it.

These things require the resources of an individual and skills that can be learned from a google search.


Breaking into a hotel room, and breaking into a hotel room without sufficient surveillance resources are two different things... Just off the top of my head, I can think of a few concerns. You'd need a rotating team of at least three persons to verify that the subject has left the hotel room, and isn't going somewhere for a very short time such as to the hotel laundry room, to a lobby snack bar, or such. You don't want to be surprised in the middle of installing a rootkit. Then you have to deal with the fact that the front desk staff might speak to the person later, like "Hey just checking your new key card worked OK?" "What new keycard?", alerting the person that something is fishy. You have to deal with the possibility that the person might have left a portable motion sensitive alarm stuck to the inside of the hotel room door, or a tiny camera somewhere in the room.

Lots of things can go wrong with this sort of plan. But it's not a one-person job.

You might have your rootkit totally prepared and ready to go, and find that the person has a sub-1-kilogram sized netbook/small laptop that they take with them literally everywhere they go, in a backpack, small bag, or purse.

You might have an attack prepared and get there to discover that the laptop has had its USB ports disabled in the BIOS, with a BIOS password set, and insufficient time to work around that.


You're describing the sort of operation a nation-state's intelligence services would plan, and I'm describing the sort of thing anyone from a crazy ex-lover to an unethical competitor might do.

Your scenario is obviously more likely to succeed and less likely to be detected, but mine works more often than not. Being sure I have not done anything to attract the attention of an intelligence agency is not sufficient to be sure nobody has gained physical access to my laptop and installed malware.


Which might very well be true as "software developer" is very vague. Same with security expert. Use the term "consultant" instead


Bootloader on an SD-card, a condom and lots of codeine


Have anybody got any good experience with self-encrypting drives(SED)? Something that will allow you to pull the ssd out of laptop and carry it through security separately, not worrying about contents getting spied on if seized?


This is crazy. Does anyone know how common this kind of thing is ? I don't know anything about airport security. How can some data on a laptop be so dangerous ?


I mean Stuxnet comes to mind:

https://en.wikipedia.org/wiki/Stuxnet

Of course all it takes is a malicious USB.





Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: