Pages

Wednesday, March 24, 2010

Social Engineering and Profiling at Airports

So I flew in to the Orlando (MCO) airport yesterday returning from a trip to the UK. Without realizing it I was taking note of security procedures and mentally checking off items as I stood in line waiting my turn with the C & I official. Of course, I will not share potential security issues I saw in such an open forum.

As any good IT Security professional and CISSP worth her salt knows, IT security is not only about computer related items but also the physical and non technical “hacking” skills as well.

After having my bags scanned, x-rayed, and physically searched very thoroughly at least twice I might add, by UK airport security teams; then patted down at my exit point in the UK,all very politely of course, I was suitably comforted in the fact that, best efforts were being made to ensure the safety of my flight into the US...physical security professionals, you know what I mean.

Typically when I fly in to the US from the UK, I use one of the northern airports and I'm always amazed at the sense of welcome I feel when passing through customs. I will never forget the gentleman at La Guardia a few years ago when he simply stated “welcome home.”

Those two words had such a profound impact on me that I still feel the warmth to this day. Warmth and welcome that, those who spout negativity towards America, need to experience before passing judgment on the whole based on experiences with the few.

By now you are probably wondering what's the point in my title, well here is what happened.

Incident 1: As I walked out of the passport check area and proceeded to collect my checked bag, I noticed a civilian dressed lady, checking bags on the carousel and then placing them on the floor. No badge in view, nothing identifying her as an authorized individual, and I verified this in a casual and complete 360 around her person, as I wandered around the carousel looking for my bag.

If she was a traveler, the bags couldn't all belong to her as, there were 15 bags at my count that she handled prior to my walking around her person and she continued on without being stopped or questioned.
Was she not stopped or questioned based on her ethnicity as a traveler?, or was she an authorized employee , but one who forget her official identification and someone let her into this area because they knew her?
My take as a security professional – if she was an employee then, no ID badge, no entry ! if you forgot it, go home and retrieve it,else I will think you lost it and that, is a security breach ! In terms of ethnicity, a real security professional knows terrorists have no ethnicity and as such is trained to look for specifics. On the other hand a low level employee profiling for a power play...well we have all probably experienced this at one time or another.

Incident 2 : So I stood and waited for my bag. Eventually it arrived and I noticed it was partially opened. My immediate concern was for my IT security forensics research material. With my back to a wall,I leaned over to look in the bag. A few seconds later I heard footsteps approaching, looking up I saw two uniformed individuals about 10 feet away and closing toward me.

Not thinking anything of it, I mean why would I ? my immediate blood relatives are 8th generation American, with a lineage that's goes back before America's fight for independence in 1776. Over the years these relatives fought for America in several wars and do include currently alive US Army, Navy and Airforce veterans. I was wrong in my assumption that I was not the target of interest in this instance though.
Before you think further, let me state that I have no problem with anyone carrying out their job function as required,even if that means some inconvenience on my part. And the uniformed individuals were also not Caucasian nor Black,nor Asian. However one of the individuals could walk through a South American street as well as a Middle Eastern village without a second glance from locals.

This one I will refer to as Eddy and his associate as Peyna. Without identifying themselves,Eddy commenced a very bad imitation of a Wall Street Blues interrogation (what?! Anyone can steal uniforms and waltz into a building and pretend to be someone they are not see http://www.suntimes.com/news/transportation/900748,tsa041708.article and

Michael Boyd, an airline consultant asks, "if TSA can’t maintain security over their uniforms and ID badges, how well can they actually maintain security of the airports?” )

Eddy's first question “Where are you from?” my response “here,why?” His response “well you are well dressed in black”, huh?? my thought,since when was it suspicious to wear designer clothing,wasn't he trained in interogation..maybe he wasn't paying attention that day in class or was absent. I see well dressed people it all the time in Manhattanand the NY -EWR airports.My response “haven't you been to NYC and see how people dress? (Peyna broke a grin at this point).

Second question ,”where are you coming from,”my response, “the UK”, his response “are you sure?” my thought was according to my ticket and passport stamps it states so, and isn't there a clear and defined paper/digital trail of all my movements. I mean in London alone I counted 21 cameras within a 3 minute walk from the tube to a street exit. At this point I glanced over at the lady from the first incident above and guess what?, she is still rummaging around the suitcases and this guy wants to practice interrogation 101 on me. She could be stealing, removing content,smuggling or planting items in an unsuspecting passenger's belongings. She could be trying to create a distraction if she intends to, or was part of a a plan to carry out a more sinister act.

Third question “what do you do?” my response IT Security, Peyna scanned the area briefly,after seemingly assessing my threat level as zero within the first minute and just going with his partner's flow.

Fourth question “where is your office? My response was the major Florida city that our registered office is located. Eddy looked confused at this point and Peyna had to explain that that was indeed a town in Florida. What !!! This “officer” didn't know his state's geography and especially the existence of a major-minor city ?! As he was about to attempt a fifth question Peyna who appeared to have made his conclusion on me and seemingly had enough of the questions said something along the lines "that's o.k. now" and bade me farewell.

What were my issues you ask well here goes:
Fresh of a course on crime and investigations in the UK, I could not help but recall the 1000 times the retired head of one of Scotland Yard's division emphasized that, one must ensure a suspect or person of interest is notified that “anything they say can and will be held against them in a court of law.” Anyone of us who grew up or lived in America have heard this from a variety of different media.

What bugged me here:
Item one
- No verbal identification of who they were, no visible laminate or identification cards. There was a tiny name tag that anyone can buy at an office supply shop.
Item two
- I was not given the opportunity to identify myself (I do know I have the constitutional right to remain silent otherwise) nor was I advised of my rights before questioning.
Item three
- The attempt to bully and intimidate me on US soil no worse, by the very people who we pay (in taxes)to protect us, just because I was “dressed well”,rather than lounging in a ripped jeans,flip flops and t-shirt maybe?I'm certain that Eddy had no clue as to that incident that involved UK passports and an alleged and I repeat alleged Mossad operation
Item four
- These are the people that are supposed to keep our airports safe for us,I guess they target mild mannered travelers for practice but avoid potential trouble makers (Incident 1) until an event occurs, then it's the average traveler to pay the price. On the premise that they were officers, then, a competent officer such as Peyna would be severely handicapped in performing his duties when he has to pay attention to a loose cannon such as his partner.

In terms of interrogating passenger data, TSA should equip their people with crypto-enabled hand-helds which syncs with daily flight data, I mean with the amount of background checks,screening and biometric recordings I have been subject over the last 8 years, pushing a few buttons would have given them information on me up to possibly the type of tissues I purchase.
Equipment like this should expedite a random screen and free up eyes.

No comments:

Post a Comment