Hacker News new | past | comments | ask | show | jobs | submit login
Stranded Jet Skier Breaches Multimillion Dollar Security System At JFK Airport (npr.org)
169 points by JumpCrisscross on Aug 20, 2012 | hide | past | web | favorite | 115 comments



What would sane people do? A simple alarm(1) would have sent a patrol car out to investigate. A wet tired man would have been brought to the airport infirmary where a few questions would have been asked verifying his story while he was checked for hypothermia. The truly paranoid might have sent a coast guard boat out to get the jet-ski, further confirming his story (and hooray, getting him his wallet back). He's home for dinner with a story to tell.

Honestly now, how many Americans think that this isn't the way this should have happened? How in the hell did we get this far off course? It sounds from the story that the thing they're most upset about is missing an opportunity to lock down the whole airport while they dressed up as storm troopers and traipsed about in their armored doohickeys pretending to save the world. I think we're voting on all the wrong stuff this November.

(1) ...That works because we've had that technology since 1947.


At these airports we've lost the human caring, the human service-related element that makes America great. - I think that there's no demonstrable security value for the majority of these projects, and since 2001 we've allowed the defense industry to ingrain top-heavy industrialized defense projects into our daily American life - militarizing America. Along the way we've lost some of our true values and this doesn't make us a better, safer country. Where's the article about saving a stranded man and helping reunite him with his family?

The possibility that they would have locked down a major airport, stranding thousands of travelers and generating millions of dollars in lost revenues would have been a true farce. How many armed guards could you hire, trained to HELP as well as protect, for the cost of a $100 Million lemon defense system? At least we would be helping solve the unemployment problem, rather than pumping countless millions into the coffers of international defense companies like Raytheon.


Then they'd have a legitimate reason to fine him millions of dollars for being lost and stranded.


A simple alarm(1) would have sent a patrol car out to investigate.

Sorry, but no. They're covering miles of outdoor perimeter. The problem is that there are very few technologies that can reliably detect things like people, while ignoring things like various animals (or heat from jet engines, etc.).


Ported Coaxial Cable Sensor (or leaky cable) has been around for a very long time(1) and was quite reliable even before the advent of computerized DSP to help with detection.

(1)I think you could buy them commercially at least as early as the 70's


Buried coax and fiber detection systems tend to rank in the bottom 1/3rd of overall reliability (just above the systems that try to detect fence movement and tension changes).

In fact, I rarely hear of new deployments considering these technologies (though I'm sure there are plenty of them, as the companies are still in business).


> there are very few technologies that can reliably detect things like people, while ignoring things like various animals (or heat from jet engines, etc.).

If a 100MM taxpayer funded system can't tell the difference between a jet engine heat output and a person's heat signature, then someone should be criminally liable for defrauding us.

And as far as differentiating a deer from a human, it should have detected the moving object, sent the images to a person sitting in front of a computer, and he/she could have classified the object.


First off, the 100MM was a total expenditure across several airports, for multiple aspects of their security systems. It was not all spent on the fence perimeter system at JFK.

JFK is a complex airport, I'm not aware of the specific length of the perimeter they are covering there, but it's likely between 8 and 15 miles of perimeter fence line. You need something with a high degree of reliability and false alarm immunity to make this work. This is especially true because the fact is that the probability of a real terrorist incursion is pretty low. So, the guards aren't going to stay actively engaged with reviewing alarms for very long if essentially 99.9% of what they see are all false alarm/no-action events.


I don't know when they erected this security system, but shouldn't this be a much smaller problem now with the progress in image processing? Put up a bunch of cameras and let humans weed out the false positives?


This system is/was actually using video analytics as part of the overall strategy.

Video analytics can be very reliable, but you can't rely on humans to weed out the false positives very effectively. I've heard of (heard of, as in been involved in replacing them) video analytics systems that generated hundreds of false alarms per night on similar sized deployments. Any human operator is going to quickly become immune to the alerts when they happen at that rate.


A similar thing happend in Australia, when a man got off a boat on Sydney harbour wharf belonging to the Prime Ministers residence rather than a public one. He was dressed in camo style pants and had to climb a wall into the compound to get off the wharf.

Nothing much happened to him, as the Prime Minister was not there at the time.

http://www.smh.com.au/news/national/kirribillis-accidental-i...


  > Immediately there should have been an armed response. Heavy weapons,
  > armored cars to the area that the perimeter was breached. The
  > airport should have been locked down.
I realize the need to protect the security of the airport, but "heavy weapons" and "armored cars?" Someone watch a little too much Die Hard 2? If a terrorist (or terrorist group) wants to breach airport security, I have a hard time believing they will be storming the airport with artillery and automatic weapons.


They don't even need to "protect the security of the airport" to the extent of stopping lost people from wandering in. Because they can't totally lock it down, so they should assume sometimes (and this is extremely rare) people will wander in, just like anywhere else in the world. It's not a maximum security prison. Will they establish a mine field with robotically controlled laser beams next that fries any wayward dog that happens onto the runway?

Arresting the guy is a crime against humanity, and shows the complete lack of moral authority or common sense held by the various paranoid autocratic and senseless state and federal agencies within the US.

The guy making the comment about a military response involving armored cars and heavy weapons is completely insane and should be removed from his position. He is a danger to the public.


The guy making the comment about a military response involving armored cars and heavy weapons is completely insane and should be removed from his position. He is a danger to the public.

It appears he was already fired, some allegations about fabricating evidence. He's a private investigator now.

http://articles.nydailynews.com/2003-04-02/news/18218527_1_m...

http://casaleassociates.com/


Wow that's really interesting and now I'm confused. So in 2003 Casale is fired for being a lying dirty cop, and in 2012, he is commenting to the AP about the jetski case calling for a military response against lost jetskiers, but in what authority? The way the article presents it he seems to have something to do with the story, but perhaps he is just a random person the journalist has decided to quote for no particular reason?


He wasn't an ordinary cop, he was a high-ranking "deputy director of security for counterterrorism" in NYC.


Wow, nice find. Interesting (and damning) background.


Huh, interesting that NPR, bastion of journalistic integrity that it is, would bother publishing the words of this horrible hack.

</sarcasm>


Arresting the guy is fine, he was in an airport without authorisation. However, there is a big difference between informing a non-resisting person they are under arrest and leading them to the car, and throwing that person on the floor, putting a knee in their spine, screaming their rights into the back of their head and then having to go for a discreet wank afterwards to calm down.

I wonder which technique was deployed here? (The article actually doesn't give it away, but I'd be willing to bet...)


  > Arresting the guy is a crime against humanity

  > The guy [...] is completely insane and should
  > be removed from his position. He is a danger to
  > the public.
Hyperbole much?

  > Arresting the guy is a crime against humanity, and shows
  > the complete lack of moral authority or common sense
  > held by the various paranoid autocratic and senseless
  > state and federal agencies within the US.
1. He was likely charged by local police without the involvement of State or Federal authorities.

2. The charges will never stick, even if they decide to push them through the system (and if they do, I'd like to see a campaign against all of those involved in that decision -- e.g. prosecutor, attorney general, etc).

3. The guy lost his ID,etc when his jet ski sunk, so it's understandable that he was at least initially arrested.

  > The guy making the comment about a military response
  > involving armored cars and heavy weapons is completely
  > insane and should be removed from his position. He is a
  > danger to the public.
1. Armored cars make sense (even for a single intruder) if you're expecting a suicide bomber. That said, I don't think it's reasonble to expect a person with a bomb strapped to them every time there is a breach at the airport.

2. The 'heavy weapons' and 'armored cars' bit is likely a justification for the police presence there. If they aren't flashy the few times that they're needed, then the public won't be reminded of why they are there. If that's really the case, it's a bunch of political posturing BS that is wasting taxpayer money.


Can a suicide bomber do significantly more damage at an airport than on city streets? A hijacked airplane won't make it off the ground, and if the bomber is on the ground, what's the big deal? You can't prevent suicide bombings from happening everywhere, so it makes sense to focus the effort on where the damage would be particularly bad (e.g. 1 WTC). A bomb at the airport on the ground doesn't seem worse than Times Square.


Personally, I don't think that we should worry about lone suicide bombers unless it becomes an issue. Israel is justified in considering lone suicide bombers in their security planning, the US... not so much.

Also, it's a matter of practicality/trade-offs. A lot of airports are isolated, and it takes less money to secure an airport perimeter than it does to secure (using your example) Times Square. There is a middle ground. The attitude doesn't have to be "we can't protect everything from suicide bombers, therefore we should attempt to protect nothing."


"Because they can't totally lock it down, so they should assume sometimes (and this is extremely rare) people will wander in"

According to the article there is a one hundred million dollar security system in place that is supposed to prevent people from just wandering in. That system failed in a public and embarassing way.


There was also a fence, older technology but apparently it was a bigger hurdle than the million dollar system


It's interesting that they bothered to put up an 8ft fence but not line it with razor wire. Barring wire cutters, I doubt this guy would have gotten over.


Well, you're right, razor wire would cost a few tens of thousands for the 10 miles or so, and would be effective in stopping the casual intruder, meaning more attention could be focused on those that do get in.

The hundred million dollar electronic security system is likely part of this - obviously there is no need for razor wire (or guns held by pilots in cockpits, something many pilots want) since the electronic system from the defense contractor that costs tens or hundreds of millions will save the day.


Moreover, any sort of active assault on an airport by terrorists presumably defeats their actual goal--sneaking something or someone onto a plane.

Even if they manage to fight their way into the airport, planes would be grounded and outside forces alerted before the attackers could do anything useful.


  > "I have a hard time believing they will be storming the airport 
  > with artillery and automatic weapons."
Me too. I have hard time believing anyone is storming the gates of any place with artillery.


Considering the billions spent on "national security".

Considering all of the privacy violated in the name of airport security.

Considering that it's considered okay to fly across the world to and assault someone's house in an armed chopper because they may have been accessory to copyright infringement.

I don't think an armored car is too much to ask when someone actually could have terrorized an airport with no resistance.


  > Considering that it's considered okay to fly
  > across the world to and assault someone's house
  > in an armed chopper because they may have been
  > accessory to copyright infringement.
Kim Dotcom was arrested by NZ authorities at the request of the US government so far as I understand it. Do you have something to point to US government agents flying an assault helicopter to NZ to participate in the arrest of Kim Dotcom?



"FBI members were present" at an operation undertaken by NZ officials, using NZ-owned equipment. I'm failing to see where the US performed a tactical strike on Kim Dotcom.

The parent post to mine implies that the arrest of Kim Dotcom was akin to the assassination of Osama bin Laden (i.e. the US flew a US-owned helicopter manned by US Navy Seals into a foreign country to assault the compound of a foreign national).


So when the US hires someone to do grunt work for them then it's not an US operation anymore?


If the US says "please arrest this man, and send him to us" and the New Zealand government says, "sure we'll do that." How does the arrest of the person by the NZ government become a "US operation?"

Are you claiming that the US led the assault and had full operational command? Are you claiming that the US made the decision for the NZ government? Are you claiming that money changed hands somewhere?

Do you have proof of anything beyond, "This is a shocking turn of events, and I don't like it?"

Here are a number of other posibilities:

1. The NZ authorities don't have a lot of experience with assaulting a multi-million dollar compound to make an arrest.

2. The NZ authorities saw this as an excuse to perform a paramilitary operation.

3. The NZ authorities saw this as an excuse to justify the budget for their 'toys.'

4. The NZ government did this favor expecting to be able to ask the US for a favor later.

...etc...


Paramilitary operations imply quite a bit of paperwork. That doesn't just happen at a whim. Especially not on a multi-million dollar compound at the risk of legal backlash.

If NZ wanted an excuse to walk their toys then there's never a shortage of drug dealers and other obvious targets with better publicity.

Why would they go ballistic over bagging an overweight computer-fraudster?

There is no plausible explanation other than somebody demanding special effects.


Who cares if someone is demanding special effects? They had the option to say no, and run the arrest in a normal way. The US making demands/requests was probably a convenient excuse for them, IMO.


They could have said 'no.'


Native english speaker here:

1. The FBI flew across the world to NZ. 2. They performed an assault on the Dotcom house with an armed chopper.

Not saying that you are wrong, but the posters sentence was textually correct.


  > 1. The FBI flew across the world to NZ. 2. They
  > performed an assault on the Dotcom house with an
  > armed chopper.
I find these statements disingenuous though. This makes it sound like the FBI led an FBI assault on the Dotcom property using FBI property. The reality is:

1. The FBI (+ other US government offices) convinced the NZ government to arrest Kim Dotcom.

2. It's unclear if the decision to make this arrest so over-the-top was made independently by the NZ officials or influenced by the US.

3. The FBI were there at the assault, but everything that I've read states that the assault team were NZ authorities. The reality is that the FBI were probably there as observers (seeing as this arrest was being made to extradite Kim Dotcom to the US).

It amounts to "Hey, can you arrest this guy for us and can we be there to watch the arrest?"

This may or may not be excusable depending on your persuasion, but attempting to say that the "US assaulted Kim Dotcom with an armed helicopter" is horribly misleading. It draws up images of some US cowboy operation where a bunch of FBI agents piled into an assault chopper, flew to NZ, and just started attacking the Dotcom compound out of nowhere (possibly unloading heavy machine guns and missiles on the compound... it is an 'assault helicopter' after all).


The Port Authority told ABC it's undertaking a fast review of Castillo's breach and will find out how the perimeter detection system, built by defense contractor Raytheon "could be improved."

Oh, I know this one. It could be upgraded to actually detect intruders. I'm a taxpayer. I want a freakin' refund. I don't want a "congressional review" or "hearings". It didn't work. Give the money back.


I'm curious how similar this perimeter detection system is to the ones rolled out by the U.S. Army about its bases, or DoS for U.S. embassies.


I'd imagine the Army relies, to a fair extent, on the tried and trusted technique of using people as a detection system. Watchtowers and patrols and the suchlike.


As someone said, that method would be much cheaper for the airport and would help solve the unemployment problem in the U.S.

However, I guess it doesn't sound so nice in the "tough stance against terrorism" as a "state of the art" defense system.


Just have to market it as a "military-grade intrusion detection system" or something.


I have one, it is called a dog.


They're pretty good for perimeter patrol, the Uruguayan military uses them, it's not a bad suggestion at all.


The state-side bases I have been to have been protected by physical layers only. The outer layer which goes around the whole base would have the usual barbed wire top and those big poles to prevent people just ramming their car right through the fence. This layer usually has a dirt road on the inside where the security forces routinely cruise the perimeter looking for evidence of tampering etc. If there are electronic detection mechanisms in use, it isn't apparent. The gates through this layer is guarded by men/women with automatic weapons, trucks, road spikes and a secondary wall they can raise up 100m in base in case someone just tries driving past the guard. Then any sensitive buildings within the base are usually guarded by a second layer of barbed wire fences. The perimeter of this layer is usually well within sight of more armed guards with trucks. Then getting into buildings within this compound involves more cameras, badges, codes, but probably most importantly: the regular people who work there take security pretty seriously and have no problem confronting people that look or act suspicious or don't have a badge, etc. It may not be as technologically advanced as this system described in the article but its probably far cheaper and far more effective.


I like that the port authority police union rep is complaining about the quality of the security system. Does he think that the port authority police can just sit on their asses because the security system is going to do their jobs for them? The man was wearing gear designed specifically for high visibility, and nobody saw him.

Also, are there really no exemptions to trespassing laws to account for emergency situations like this? It seems that if you're stranded at sea you shouldn't have to find a public beach to get out of the water.


> Also, are there really no exemptions to trespassing laws to account for emergency situations like this? It seems that if you're stranded at sea you shouldn't have to find a public beach to get out of the water.

In a perfect world, he would've been detected, units would've been dispatched to receive him, and he would've cleared port authority by explaining himself.

In actuality, security was notified far past the point when he actually could've caused some real trouble, and in a move of double reverse CYA, security took the hardest line possible on the guy, as though it would somehow undo some of their complete incompetence.


If you click through to the NYPost article, it mentions that he didn't have any ID or anything on him:

  “All his IDs, his money, his car keys — they’re all gone.
  They sunk with the jet ski,” Cowan said.
I can see them initially arresting him for trespass, but after the matter is sorted out, I would expect them to drop the charges. If they keep pushing for them, it doesn't make any sense (other than in a "you embarrassed us, and now you'll pay" sort of way).


In a perfect world I think he would have been prevented from breaching the perimeter and they would have detected the failed attempt to breach the perimeter.


In a perfect world, there'd be no need for security services.


Or airports.


Um, I think he was complaining because he wants to highlight the failures of a system that is in direct competition with the members of his union. I would imagine that the automated system was put in place under the guise of "doing the police union members jobs for them."


This is supported by this paragraph:

  The episode has brought out an angry Port Authority
  police union, whose chief told the Post JFK's electronic
  surveillance system "is an expensive piece of junk with
  no value as a security deterrent."


Or people saw him and he looked like an airport worker because of the high visibility jacket ?


Probably the saddest part of this article:

> Meanwhile, they've beefed up water patrols around the airport and are policing the perimeter.

So the response to their non-response of the non-terrorist breach of security is to respond with overwhelming security to no actual threat. Do they really think they're fooling anyone with this security theater?


I was just going to post the same line from the article.

There's no evidence presented in the article that there's an actual security threat.

There's ample evidence posted in the article that Castillo presented no threat.

There are undoubtedly plenty of other avenues by which airport security could be breached. Most likely by securing access as a contractor through one of the various service providers to the airport -- including potentially as a security provider. By comparison, among the largest threats to NATO forces in Afghanistan presently are "green on blue" attacks by Afgan police/army forces.

The emperor continues to have no clothes. This is no longer security theater, it's a security pole dance.


If a user on your website accidentally finds an exploit that could let him steal your user database but he didn't mean to and didn't do anything with it... do you a.) Say "well he wasn't a real threat, back to the TV" or b.) Prevent anyone else from getting in the same way?

I agree with the general hatred of security theatre, but given what it is they obviously had to be seen to fix the hole rather than just leave it wide open where any terrorist could get through it.


>If a user on your website accidentally finds an exploit that could let him steal your user database but he didn't mean to and didn't do anything with it... do you a.) Say "well he wasn't a real threat, back to the TV" or b.) Prevent anyone else from getting in the same way?

This line of logic is going the exact wrong way. In the case of a website, there are known exploiters out there stealing data and money continuously. If you have a hole it will be found and exploited with near 100% certainty. Further, fixing your hole doesn't hurt anyone and usually doesn't even inconvenience them.

Airport "security", on the other hand, is against a threat that never seems to materialize [1] and is massively inconvenient to everyone who uses the system. This sort of thing is just shadow chasing. "Oh noes! If terrorists could somehow weaponize rats, they would be able to utilize the sewer system! We better spend billions to lock down the sewers, ASAP!". This hole has been open for how long? And yet, no terrorist attacks. It's not worth investing the resources it would take to fill the hole because statistically there's no reason to believe it will ever be exploited by a terrorist.

[1] Relative to internet attacks, which are constant, terrorist attacks against the US are statistically non-existent. There are probably more cyber attacks on US websites in a single day than terrorist attacks committed on US soil in its entire history.


> This hole has been open for how long? And yet, no terrorist attacks.

Typically when a website is hacked it isn't because they opened up a vulnerability the day before, it too has been around a while before anyone malicious found it.

The rest of your argument is all about the general security theatre situation, where yes, I agree they are going over the top against very little threat. My point was that, given this policy, they had two choices here - either close the security hole ASAP, or say "to be honest, this whole security thing's a bit of a joke, let's all go home".


Or option 3: "we know we should've known a guy had made it onto the Tarmac before he made it all the way to the terminals. There's obviously something wrong there. But there's no need to worry about ze terrorists storming airport beach fronts, so heavily armed response is probably overkill. It'd be a little difficult to miss something like that."


flyinRyan's response was excellent and I refer to it out of agreement.

I'll add on top of his points:

- Online security presents a different threat model, in that your front door is immediately accessible to the entire world. Meatspace targets are inherently limited by geography and local access. Theoretical attacks on Internet infrastructure are far more likely to become actual attacks, once recognized, and automated patrolling for vulnerabilities is commonplace.

- By contrast, a massed, armed assault on any given piece of infrastructure requires planning, materiel, and forces. Outside of active combat / conflict regions (Iraq, Afghanistan, areas of the Middle East, Pakistan, India, and disrupted regions in Africa), the ability to effectively organize and marshal even a very small force (2-12 persons) has had a very low success rate. 9/11 was carried out by 20 persons, one of whom was intercepted (and several of whom were subject to surveillance and really should have been caught, see the Minnesota FBI offices investigations of Moussaoui). London's July 7, 2005 bombings were carried out by 4 individuals against a very soft target (52 deaths, ~700 casualties). The Madrid March 11, 2004 bombings, also against a soft target, (191 dead, 2050 injured) resulted in 29 arrests.

In the US an UK, since 9/11 (and excepting the 7/7 London attacks), there have been a smattering of incidents labeled "terrorist", of which most in the US were letter or pipe bomb, or single gunman mass shootings. Several plots (most consisting of 1-2 persons) were discovered and thwarted in early planning stages, presumably through communications surveillance. Several (the underwear bomber, two New York City car bombing attempts) reached execution but failed to succeed. And a few odd one-offs (small plane flown into a Texas office building).

In the UK, the bulk of incidents were domestic terrorism related to IRA splinter groups.

What you're proposing is a vast expenditure to address a potential, but in all evidence low-likelihood security hole, by a means that's much less effective than broader preemptive measures (comms intercepts, infiltration) or mitigating responses, while a target-rich environment full of far softer targets (other transport systems, schools, movie theaters, religious centers) which are being actively exploited remain.

It's a very, very poor resource allocation strategy.

It's also one that pits billions of dollars of response to thousands of terrorist planning, for no effective change in outcome.

They win.


Well, now that the flaws of their security system is exposed to the whole world, they can't sit on their ass and be like 'Yeah, come and breach while you can'.


Aren't they supposed to wait for the first Tuesday of the month to patch all of their security holes though? ;-)


We live in the land where the person with the most vivid, explicit nightmare gets the most money and power.

The key take away is that there are plenty of holes like this all over the place. Yet none of those holes have been exploited...


Slightly off-topic but as an international, this seems very heavy handed to be charged with criminal tresspass just for seeking help, which for anyone other than this athletic and fit swimmer could have been life-threatening.

Is this a "felony" charge in the US and would it stick?

Anyway, I imagine this will make it to Schneier's list as the latest piece on security theater...


Even if it's technically illegal, no jury in the country would actually convict him, so probably no charges will be pressed and he'll be released.

As somebody else said, having him arrested at all was probably an over reaction for him making them look stupid.


"Immediately there should have been an armed response. Heavy weapons, armored cars to the area that the perimeter was breached. The airport should have been locked down."

Even if this were a legitimate attack, isn't this sort of response a bit overkill? I have trouble thinking of a threat to a large airport on US soil requiring "heavy weapons" and "armored cars" as a response.


I think heavy weapons is a relative term, I think he probably meant assault rifles not M240 Bravos.

Any and all passenger screening would be worthless if you could just walk on the tarmac and have access to the planes fuselage and or fuel tankers.


Any and all passenger screening would be worthless

It already is, because the system leaks information that would make it trivial to find a way to sneak guns/bombs/etc. onto a plane. All you need is a sufficient number of people willing to go to jail (and actual terrorists are willing to die for their cause). You just keep throwing different approaches to packaging/disguising your bomb/gun/whatever at the TSA checkpoints until you find a reliably repeatable mechanism. Game over.

It gets better though... you could cut down on your search costs by taking advantage of the fact that - at some airports -the screens the X-Ray machine techs are reading, are sometimes (such as O'Hare, Terminal 3, last Friday night) aimed so that anybody inside the secure area can see them. So, just send somebody through, and have them film a chunk of TSA screening with a cellphone camera, and send it back. Once you know what the TSA goons are seeing, it should help you figure out how to craft a package that won't attract their attention.

Never mind that there are about a zillion other ways to get a package into the secure area of an airport, which don't involve going through security screening. Like, pay off a TSA agent (how much do they make, again?), or an airplane mechanic, or somebody else who has access to the inner workings of the airport.


Actually, I'm just as concerned about standing amongst masses of other people waiting to go through security screening, as I am about a ninja baine character. There have been occasions where there have been more than a planes worth of passengers massed together pre security check. You can't catch every scenario.


You are "just as concerned"? If we learned anything from 9/11 isn't it that control of a plane is a significant force multiplier?

PS I did not get lucky with google and ninja baine. Is that some new hipster meme?


Well, the ninja baine reference was an admittedly weak attempt at alliteration. Due in the main to having recently seen the last Batman film.

The mention of my concern refers to the subjective feeling I have about personal safety only. That is simply because risk has in fact been greatly reduced beyond the gate, but in many airports around the world, not before that point.

As to not catching all scenarios, I know a spook who trains in the fight against bad guys, and he got through a number of security checks before being pulled up in transit at a US airport with something standard issue. He forgot he had it in his carry on.

I'm aware of the potential of breaches. However, terrorist acts are often designed with a view to terrorising. This leads me to a different calculation of probabilities.

Events like this one are problematic because they can have an affect on public confidence. I may be wrong, but I think that might be just as much a consideration as failure of purpose in this situation.


    > the ninja baine reference was an admittedly
    > weak attempt at alliteration
I think you might mean "Bane" [1] and "allusion".

[1]: http://en.wikipedia.org/wiki/Bane_(comics)


Thanks. The spelling I never knew, and I often get confused on the other two.


> If we learned anything from 9/11 isn't it that control of a plane is a significant force multiplier?

If we learned anything from 9/11 it's "they're going to crash this into a building, might as well take them on - there's 100 of us, they can't shoot us all before we get to them.


Sure, but you do you need assault rifles and armored cars to stop one man that is trespassing on the tarmac?


Imagine for a moment that instead of this gentleman, a terrorist with a RPG came ashore instead with the intention of shooting down a large jetliner (or two or three). I think that's the real horror of this situation. A man who did not have any ill-will and -every- intention of being caught so he could find help, was not seen until he approached a worker on the tarmac.


Imagine a terrorist with an RPG walking into the front door of an airport and firing upon the security checkpoint. Or shooting down a large jetliner from the side of the highway next to the airport.

You can't make security policy decisions based on hypothetical horror stories alone. If you don't balance fear with reason you end up with ridiculously expensive policies that do absolutely nothing to increase safety.


> Imagine a terrorist with an RPG walking into the front door of an airport and firing upon the security checkpoint.

Exactly! I've seen 500+ people at security checkpoints at Chicago O'Hare. A couple people with AK-47s could likely kill far more people than a shoe bomb on a plane.

That this sort of thing hasn't happened seems an indication of just how impotent Al Qaeda is these days.


As soon as any airport is attacked like that imagine the new security fun we'll get.

Responses like car searches coming into the airport with guns pointed at you and other things that will make our current wait on getting to an airplane look like a distant dream. And picking people up at the airport will become more painful than a dentist visit.


How impotent it always was.


You're watching too many movies. As long as we are imagining, why not imagine a team of terrorists paratrooping on to the tarmac armed with nuclear bombs, and a vial of smallpox virus genetically modified to be exceptionally virulent? Or that the president is secretly controlled by aliens and has introduced an agent into the water supply that will sterilize all humans, allowing a non-violent takeover of the planet by 'them'.


Well RPGs are cheap and easy to get, the stuff you mentioned isn't.


No, the real horror of this situation is thinking like yours in positions of responsibility. For what reason would we expect a terrorist to swim up on the beach with an RPG (James Bond style) and start blasting planes? Is this a scenario worth considering? Is it worth spending money on?


This just demonstrated a proof of concept that 26/11 mumbai style attack is possible on U.S soil. That is a very,very dangerous thing.


Coordinated attacks have always been possible on US soil and have been made even more so by the response to 9/11 (e.g. big group of people piled together in front of every security line). It's not a "very, very dangerous thing". There is always something that is vulnerable, and yet no one has exploited this yet. Has this world-wide cabal of highly advanced terrorists someone missed this vulnerability that I noticed the first time I flew after 9/11?

India has a history of terrorist attacks from islamic extremists (largely originating in pakistan). The US has no such history.


A Mumbai-style attack will always be possible, on any soil. It's not possible to secure entire cities of millions of people against a handful of people with rifles and grenades.


It's already worthless. People who handle baggage sometimes steal luggage. This implies the screening is lax enough that they can get good out. How likely is it that there's no way for them to get something in if they wanted to?


* This implies the screening is lax enough that they can get good out.*

It also implies that these people are dishonest and could probably be bought for a not-overly-large investment. Why even try to smuggle your bomb through the TSA checkpoint when you can have a TSA agent hand deliver it to you?


That hardly follows. They don't care all that much about what you take out, as it has theoretically already been screened and generally isn't a security threat if you're removing it from at-risk facility.


Overkill? Things are proceeding exactly according to plan. Unfortunately, Osama Ben Laden's plan.

Not to imply that the jet skier was a terrorist - he wasn't - but that the action of AlQaeda is in the over-reaction to any "terror threat", real or imagined, by the US.

"All that we have to do is to send two mujahedin to the furthest point East to raise a piece of cloth on which is written al-Qaeda, in order to make the generals race there to cause America to suffer human, economic, and political losses without their achieving for it anything of note other than some benefits for their private companies.

This is in addition to our having experience in using guerrilla warfare and the war of attrition to fight tyrannical superpowers, as we, alongside the mujahedin, bled Russia for ten years, until it went bankrupt and was forced to withdraw in defeat... So we are continuing this policy in bleeding America to the point of bankruptcy."

From OBL speech, full text at http://www.worldpress.org/Americas/1964.cfm


The word "security" is starting to sound like newspeak.

Ironically few people oppose reasonable measures, yet even in a post-911 world of extreme paranoia, we find that many of the overwrought systems so urgently put in place are worthless.

Most notably the TSA has been proven to be worthless, in spite of having wasted billions of dollars worth of productive time and on track to waste billions more.

It's unfortunate that these things are run by the government. We're getting the prison food version of security and it's horrible.


> It's unfortunate that these things are run by the government. We're getting the prison food version of security and it's horrible.

Amusing that you're mentioning prisons, that precisely come as a nice example of things going awry after government handed back management to private contractors. The same thing applies to disasters such as Blackwater military activities in Iraq, etc.


I think you are attempting to argue that in fact my complaint is against so-called "privatization".

My complaint here is about the corruption of government. And yes, corrupt officials arrange deals with "private" firms that exist only to get such deals and which hire retired officials as lobbyists, etc.

In the prison example, corruption exists across the arbitrary public/private line that you are drawing. In California, the prison guards union is a lobbying group that supports criminalizing nearly anything, in hopes that stricter laws will lead to more inmates and more job security for guards.


I wish they would open a parallel set of airports that had no security at all. Just police for typical "don't openly display firearms", etc. I bet the incidents of terrorism would, at most, be the same in both systems. But I bet most people on the security-less one would enjoy flying more.


I would pay extra to fly at the no-security airport. I miss the days when you could walk right out to the gate with your friends who are leaving until it's time for them to board the plane. When you would be there at the gate when your grandparents or grandkids arrive so they can see you the minute they get off the plane and you can help them with their carry-on bags.

Oh, and getting at the airport a half hour before the flight leaves, but still making the flight. I miss that the most. :-)


So something seems off to me. Where were/are the friends.

I don't go Jet-skiing with friends, but I would imagine that thing to do isn't to abandon-ski, swim to shore, climb a fence, walk a couple of miles. Surely his friends should have noticed at some point that he was missing.


Wondering the same thing. I read the article 3 times trying to figure out where the friends where during this fiasco.


I know of some people that like to go canoeing / on a kayak alone. One of my brothers has gone windsurfing alone.

I guess this guy went Jet-Skiing alone? I wouldn't do it, but as mentioned, several people like water sports enough to do them on their own.


I believe the article specifically states that he was jet skiing with friends...


You're right:

" he was out jet skiing with friends on an inlet near the airport and had a mishap"

"Casillo’s adventure began at a Rosedale watering hole, where he was hanging out with friends when they decided to go out racing their watercraft.

But Casillo’s ride broke down in the dark waters of Jamaica Bay at around 7:45 p.m. — and his pals didn’t notice they had left Casillo behind.

With his craft taking on water, he called Cowan in a panic. “He said, ‘I’m stuck!’ and told me to call his friend Albert to come out and tow him in,” Cowan, 28, recalled. But help didn’t come, and the stranded Casillo swam three miles toward the only thing he could see — the lights of Runway 4-Left, which sticks out into the bay.

Read more: http://www.nypost.com/p/news/local/queens/beach_of_security_... "


I'd guess they'd all been drinking.


I hated crimlaw and I dropped out of law school. But isn't there an affirmative defense for emergency/neccessity? I think there was in NY but I have no recollection for federal criminal proceedings. Can anyone that passed the bar comment?


  > isn't there an affirmative defense for emergency/neccessity?
I can't imagine that any jury, no matter how conservative or FUD-driven they may be would ever convict this guy.

Put him in a court room, have any half decent lawyer explain the situation, and the prosecutor would say... that he should have just drowned?

There's definitely no real case here--I would imagine that the charges are standing only because the "security" team is dumbfounded by its own failure.


Are you a lawyer?

Respectfully, my question was not really about the emotional response of the jury. I'm curious if there is an affirmative defense for neccessity/duress/emergency/whatever in federal criminal court.


I'm not a lawyer, and no disrespect was inferred :)

I did, however, take several criminal justice courses. Although I have no particular familiarity with New York law, the affirmative defense of "necessity" does indeed appear to be supported in that state (according to a brief Google search).

My original response was not meant to derail the conversation, only to point out that I highly doubt any prosecutor would let the case get anywhere near a court room in the first place.


I agree NY has the affirmative defense. I am curious about federal court.


All too often I don't think the security contractors ever believe anyone will try to break into these places.


Isn't the normal attitude with contracts like this is do as little work as possible to satisfy the requirements checklist and get paid as soon as possible? And then charge even more to come back and fix it later when it doesn't work as originally envisioned?


Hey contrarians - the guy walked accross two runways and had to shoulder-tap a baggage loader to make his presence known.

I don't think NPR is unreasonable to be shocked at the lapse in security despite their colorful language.


I thought the important part was: "wearing his bright yellow life vest". What kind of clothing does (JFK) airport personnel wear?


Perhaps the time is past that airport stories are Hacker News material? Is it because somebody "hacks" themselves into an airport? Otherwise I strongly suspect the "Liars & Outliers" book by Bruce Schneier covers all relevant aspects of airport security.


Security being broken in theory is all well and good, but theory and practice, while theoretically the same, are practically, extremely dissimilar.

At this point most "bad security" articles regarding airports have been of the "TSA fails to..." variety, not "Perimeter security doesn't actually exist" variety. Point being: most people seem to assume that perimeter security is sufficient.

Further, by analogy: It is like saying "guys, we have this input checking thing covered, read 'smashing the stack', while discussing XSS.




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: