August 26, 2004

Data corruption attack on terrorist no-fly list?

[Written for Dave Farber's list, in reaction to John Lewis and Edward Kennedy on no-fly list. But it didn't make the list cut]

There's been much discussion about how difficult it is for someone to get OFF the no-fly list. But, from the opposite direction, what are the controls to put a name ON the no-fly list? The evident lack of validation suggests a very simple data corruption attack which could use the list as a terrorist weapon itself.

The idea is simple: Take a low-level operative, perhaps one who has outlived his usefulness. Send him on a mission that is likely to get him captured. The key idea isn't the mission himself. Rather, have him carry phony "valuable intelligence" documents, with faked ID's in various alias, to get those names added to the no-fly list.

Using an alias of "George Walker Bush" is probably pushing things. But then again, I wouldn't have thought "Edward Kennedy" would have had such an effect. How many security agents do you think would look askance at a fake ID with the name "William Rehnquist"?

There are endless variations of this game, depending on where the names are gathered. One could do standard double-agent tricks, of feeding disinformation: "To my intelligence handlers: Be aware of a change in tactics - given the recent publicity about members of congress on the no-fly list, our terrorist cell has decided that future operations will be done with fake ID's in the names of prominent, but not household-word, government officials. Be especially alert for anyone traveling under the names "Karl Rove" or "Tom DeLay", they're likely to be potential terrorists ...".

While this is of course a very old idea in general, the potential usage of the no-fly list, by terrorists, for creative disruption, has probably been under-examined.

By Seth Finkelstein | posted in security | on August 26, 2004 11:59 PM (Infothought permalink) | Followups
Seth Finkelstein's Infothought blog (Wikipedia, Google, censorware, and an inside view of net-politics) - Syndicate site (subscribe, RSS)

Subscribe with Bloglines      Subscribe in NewsGator Online  Google Reader or Homepage


i am terribly sorry to be negative about this, but...

your observation assumes these are serious anti-terrorism efforts by serious people, and that's just not true.

while your concern would otherwise be valid, the overwhelming danger of the no-fly lists is punishing dissent and political opposition.

"tom delay" (of "i am the government") fame would be off the list in hours, edward kennedy (flawed statesman) lingers on the list for three weeks.

it is impossible for anyone who is not partisan to realize this is either purposeful or the work of idiots.

Posted by: sean broderick at August 28, 2004 02:05 PM