Security experts do not limit themselves to computers, they look at any complex security system and constantly look for ways it can be broken, then they publish the methods they find – and hopefully somebody else can then make the system better.
The lesson was learned after World War 2 when Turing cracked the ENIGMA machine’s crypto system and proved that keeping your security secret was a bad idea – because anybody can design a system he cannot beat, nobody can design one that a smarter person couldn’t beat. Make the details public, and let everybody try to break it – if nobody can – that is a secure system.
I’m not a professional security expert (as in, I don’t do it for a living, but I am trained in the field) – but I do have that mindset, I look into every system I encounter – trying to see how it could be beaten. Of course, I won’t use what I learn – but following the advice of Bruce Schneier, I do publish it. Schneier (who really is an expert, his books are considered the canonical works on computer security and crypto at universities) has also said that security is a field where talented amateurs rule. Well I hope I fall into the latter category anyway.
The post thus far was to explain my intentions in writing this. I do not want people to take weapons onto planes, I want the people whose job it is to stop them doing so to know the weakness I’ve spotted (of course, being a fairly regular traveler did help).
Now this method won’t let you take a gun onto a plane, but as 9/11 proved when nobody has any weapons – a simple weapon is all you need – and the weapon I could get onto a plane isn’t all that simple either. In fact, airplanes take special care to prevent giving it to you inadvertently (but they haven’t noticed how easy it is to get one on).
It is: a broken bottle.
Airplanes only serve drinks from plastic bottles to prevent the drinks cart from providing people with a potential weapon (or just a dangerous accident in turbulence) but until recently you could just walk onto a plane with a wine or liquor bottle which would be waved through security. When I went to France a few years back, I bought several bottles of genuine champagne in the champagne region, since taking pressurized champagne bottles into a low pressure cargo hold would be… stupid, I took them as hand luggage. These days that won’t work since the liquid rule would stop you taking those bottles through security.
But the liquid rule is meant to stop you bringing fuels for bombs – not bottles, and it’s easy to get around it.
Practically every airport in the world has shops in the departure lounges – on the other side of security. Most of them include liquor stores, you can buy a few bottles of whiskey there and walk onto the plane carrying a weapon that has prevailed in a million barfights – and when nobody else is armed – it’s all you need.
We’re just plain lucky no hijacker has figured that one out yet – but it gets worse, with enough ingenuity and basic knowledge of chemistry, bringing a bomb on board could use the same exploit. Now usually a bomb maker buys professional equipment including long range detonators or timers – so he can give himself the best possible chance of getting out of the way. If, however, your intention is to blow up a plane – chances are you are a suicide bomber – and you don’t really care about safety – just success.
Those same airport liquor stores will sell you alcohol, which by itself is a powerful accellerant. You don’t need a big bomb to blow up a plane, you just need one big enough to rupture the hull (or better yet – burn/blow the windows out) explosive decompression will do the rest.
But diluted alcohol is a very difficult thing to make a bomb with, it’s nice for boosting your braai fire, but it takes skill to make get it in the kind of compressed state where you have a shot at making it explode -and you need a lot of it. Luckily for our would-be plane-bomber right next to the liquor store is usually a beauty store, where you can buy haircare products (most of which contain much better accelerants than liquor) and even a whole collection of things in aerosol cans, we all know that aerosal cans contain flammable gas – heck we’ve all seen movie characters using them with a simple open flame to make a small flame thrower. What we often forget is that they can be much more dangerous than that. One quick and simple bomb, buy a dosen aerosol products, go to the lavatory, put them on a shelf, take one out and use it’s flamethrower capability to heat the others up – chances are they’ll explode within a minute or two. True you’ll trigger the smoke detector but taking down a door takes time – with a few small extra steps – you can ensure the success of your bomb – and that’s without any chemistry. Imagine what a skilled bombmaker could do with the huge selection of chemicals you can buy right in the lounge and walk onto a plane with ? I’m not even a gifted amateur in the field (I always sucked at chemistry) and I could come up with one that should pack enough punch to blow a hole through the hull.
In short, what is the point of having long queues to check us and our luggage for potentially dangerous stuff – if we then sell them to you on the other side to carry-on to your hearts content ? The only tricky bit is getting a source for an open flame – they usually don’t sell detonators in airport shops (at least, not the airports I’ve visited). Making a detonator is not that hard but it’s a tricky business and you will almost certainly need to do it beforehand and somehow disguise it (again quite doable) but it ups the risk and using a nice detonator for a made-on-the-spot bomb seems silly. You generally couldn’t take a cigarette lighter onto a plane, they show up on the metal scanners, but matches do not. I have in the past inadvertently walked onto airplanes with matches in my pocket that nobody ever saw. To make double sure, you could keep a box in your shoes – they are usually so small it’s not even uncomfortable and they won’t get flagged by security.
We tend to think that the way you beat complex security systems (like airport security) is by using complex and unforeseen technologies like carbon-fibre guns. In reality history has shown that this hardly ever happens – carbon-fibre guns do exist, but so far we cannot make carbon-fibre bullets and even when we can, they are hard to find, extremely expensive to buy and very hard to hide (guns have a very distinct shape).
Instead, almost every single hijacking or airplane bombing has not used some unforeseen high-tech weapon, they used low-tech weapons combined with a bit of ingenuity to get them on board – because when nobody else is armed, a simple weapon is all you need. That is the essence of my exploit – a way to get low-tech but powerful weaponry onto a plane by simply utilizing a flaw in the system. After you go through all that enormous security… you can walk into a shop, arm yourself to the teeth and walk onto the plane without ever being checked again.