Biometrics Are Making Espionage Harder 104
schwit1 sends this story from Foreign Policy: In the age of iris scans and facial recognition software, biometrics experts like to point out: The eyes don't lie. And that has made tradecraft all the more difficult for U.S. spies. After billions of dollars of investment — largely by the U.S. government — the routine collection and analysis of fingerprints, iris scans, and facial images are helping to ferret out terrorists and immigration fraudsters all over the world. But it has also made it harder for undercover agents to remain anonymous.
Gone are the days of entering a country with a false passport and wearing a wig and a mustache to hide your true identity. Once an iris scan is on record, it becomes nearly impossible to evade detection. 'In the 21st century, you can't do any of that because of biometrics,' said retired Army Lt. Gen. Michael Flynn, the former director of the Defense Intelligence Agency.
Gone are the days of entering a country with a false passport and wearing a wig and a mustache to hide your true identity. Once an iris scan is on record, it becomes nearly impossible to evade detection. 'In the 21st century, you can't do any of that because of biometrics,' said retired Army Lt. Gen. Michael Flynn, the former director of the Defense Intelligence Agency.
So that means... (Score:1)
... the whiny bitches in the "Espionage" field in the US aren't using it to protect against non-US spies as well, right?
Re:So that means... (Score:5, Interesting)
So the contact lenses with the fake iris prints don't work?
No they don't. A real iris pulses slightly as your heart beats. A biometric sensor can detect that.
Re: (Score:3)
In reality, only rarely. Geeks like to claim that security benefits are overstated, but in their criticism, they often overstate the simplicity and ease with which it can be beaten. One item of faith for many geeks is the jelly fingerprint. Yet 15 years ago I encountered fingerprint scanners that would not be fooled by that, and it wasn't exactly cutting edge tech even back then. It used a combination of pattern, temperature, electric conductivity and pressure
Re:So that means... (Score:4, Insightful)
Re: (Score:3)
no, you just need to get to the guards, the person scannning, or whatever human element is between you and the system. All this techno wizardry is silly. humans are now, and will forever be the weakest link.
Re: (Score:3)
Which is likely exactly what this whole story is really about. It seems a likely bet that the NSA has hacked some key biometric databases and are looking to protect this hack for as long as possible with some military knob running around spreading PR=B$ about how secure biometrics are and how they can not get around it. These asshats would not admit the sky was blue unless they had a specific reason and advantage in doing so, otherwise they would continue try to obfuscate it's existence. So at a bet, a bun
fallback (Score:1)
I agree. I always think the opposite when a spy opens mouth :D
Possibly the fight has moved the playing field.
Somebody, somewhere has no eyes. Old people have worn out fingerprints. Because of this there's a way round it. And, of course the battle just moves to compromising the databases.
In a few years time we might find out more. Shame not to know now bit with spooks you just got to get used to curbing your curiousity all the time.
Simon Pheonix (Score:2)
He figured it out. [youtube.com]
Re: (Score:2)
I guarantee you that they'd barely need to anyway.
To my knowledge, nobody on this planet has an official record of my retina, and not of my fingerprint. Maybe "unofficially", as in they scooped it from something without my consent of knowledge, but I've travelled all over the world and never been required to give either.
I have a current driving licence, a current passport, etc. all the usual gubbins and have not once been required to give either of the above.
I'm sure someone will tell me some rubbish about
Re: (Score:2)
I have a current driving licence, a current passport, etc. all the usual gubbins and have not once been required to give either of the above.
I'm sure someone will tell me some rubbish about facial biometrics and the shape of my chin, etc. but I'm not at all convinced on that either and we all know what simple cosmetics can achieve in the cheapest of TV shows.
And I have a beard and need vision correction, so it's unlikely that they could easily pick me out by the shape of my jawline or my eyes as those arguably have changed with differing beard length and style, along with different eyeglasses from time to time.
Re: (Score:2)
Re: (Score:2)
Oh no you didn't. That beard is hot, particularly the way he doesn't trim it.
Re: (Score:2)
Re: (Score:2)
You're telling me that its SOP to use high-resolution 10-12 um cutoff wavelength thermal imaging for facial recognition?
Your tinfoil hat is showing.
Re: (Score:2)
"Passengers must have a biometric passport to use the system."
No different to the UK gates which have the same facility. But nobody is under any obligation to provide biometrics beyond a photo to get a passport. If you don't have a biometric passport (i.e. almost everybody), you have to use the normal channel and not the e-gate.
And I tell you precisely how any people I've ever seen walk through the e-gates at London Stansted, Gatwick or Heathrow (considered the world's busiest airport up until very recent
Re: (Score:2)
I used the biometric gates because it used to be a much shorter queue. Last time at Gatwick I was dismayed to see I actually had to queue, and most of my friends now have and use a biometric passport.
In my experience it's a minority, but nothing like 1 in 10,000. In the past couple of years the queues have gotten a lot busier.
Re: (Score:1)
I have a current driving licence, a current passport, etc. all the usual gubbins and have not once been required to give either of the above.
I find this assertion difficult to believe. Not saying it isn't true. Just find it difficult to believe
I would say that, at the very least, you have not visited the US in the last 10-20 years.
The EU? I find it _impossible_ to believe they don't collect _some_ biometric information on its citizens. Especially for an identity type document, say a drivers license, or a passport.
Jus' sayin'
Re: (Score:2)
I last visited the US in 2008.
I hold a full UK driving licence and have done since about the same time (I didn't drive until late in life).
I've held a full UK passport my entire life.
I freely travelled throughout Europe several times in the past few years and my girlfriend and I go to her home in Italy several times a year.
** Neither of us have ever given those biometrics to get the paperwork necessary.**
As I say, the closest is a photograph taken in a standard photo booth that they say is used for "facial
Re: (Score:2)
I don't know about you, but the Texas' DMV has my right thumb print. Granted that one is 15 years old, but more biometrics are collected than you think; especially in the US. Maybe THAT is the problem, US spooks can't operate properly because the US collected key biometrics and now other countries have the data. Other countries don't have the problem, since they did not collect the data in the first place...
Re: (Score:2)
I can guarantee you that they can get around rental and fingerprint scans.
It is this kind of miss-information, found in this article, that makes people and governments feel secure in their security measures... all while they are being taken advantage of and not knowing it until a decade later.
I didn't know Avis and Hertz were scanning anything...
Re: (Score:3)
Re: (Score:2)
Can you imagine the reaction when a TSA agent talked about having a great day at work once that new policy was implemented?
Re: (Score:2)
You can "get past" an iris scan with patterned contacts, but patterned contacts are also detectable. If they're enforcing a "no patterend contacts" rule, you're going to have a very hard time going undetected.
Contacts? (Score:3)
Re: (Score:1)
Re: (Score:2)
or maybe have special contacts that doesnt pass any light from behind them but reflects what you want and be able to pass as som
Re: (Score:2)
or maybe have special contacts that doesnt pass any light from behind them but reflects what you want and be able to pass as someone else
Uh... no.
A rigid non-moving pattern, either complete, or just a partial overlay would be pretty trivially detectable by equipment programmed to look for it. (or monitored by a human being).
https://www.youtube.com/watch?... [youtube.com]
The iris is much more alive and dynamic than a fingerprint. That said, sure, I guess an iris scanner, made by the lowest bidder, with no eye towards security despite being a security device could fail spectacularly; and be just as happy with a random marble or contact lens as an actual iri
Re: (Score:2)
As for retinal scans, I don't know of any places where they're in general use and I'm not familiar enough with the failure modes to know whether contacts would affect them.
Re: (Score:2)
I'm not seriously suggesting it just pointing out a flaw of biometrics due to people's bodies changing over time. Also that creepy movie plot point of taking someone's eye to fool the scanner isn't going to work without a heart pumping blood through it.
Re: (Score:1)
Genuine question as I have no expertise in this whatsoever...would crafted contact lenses help out here?
Excellent question. I was wondering the same thing.
I'd assume a technology that could read irises could be designed to detect contact lenses as well, and alert a human screener to their presence.
Also, I'd assume the contacts could not be entirely opaque for various reasons, so perhaps a technology could still read the irises beneath them?
Re: (Score:2)
Fighting immigration fraudsters? Really? (Score:3, Informative)
You don't say...
Nonsense! James O'Keefe has crossed the border masquarading as Osama bin Laden [youtube.com]. And thousands of serious "undocumented Americans" do that without even any attempts to disguise themselves — and do not encounter much molestation neither during nor after the act [cis.org].
TFA tells us, the technology to fight it is there. Now we just need the will to use it — instead we currently have a will not to [dailycaller.com].
Re:Fighting immigration fraudsters? Really? (Score:5, Interesting)
Re: (Score:2)
Are you claiming, the cited facts are not, actually, facts?
That O'Keefe has not, in fact, crossed the Southern border dressed like Osama bin Laden? Because if you aren't disputing the facts themselves, your quibbling over sources is a pathetic grasping at straws.
Yes, it is different in the sense, that there are other ways to commit immigration fraud. But every single person, who sn
Re: (Score:2)
Re: (Score:1)
The two ironies, the last being a rather massive one, is: 1.) US law enforcement isn't a part, in any fucking way, the US Military. 2.) US law enforcement has a legal and US Constitutional requirement to follow and respect US law and the US Constitution. As an important attachment to that requirement, law enforcement in the United States is required to disregard any illegal "orders", which is exactly what I was taught during education, and when I entered into the law enforcement field.
In short, Obama h
Re: (Score:2)
Nonsense! James O'Keefe has crossed the border masquarading as Osama bin Laden [youtube.com].
Translation: I base my world view on the authority of self-promoters who's career is based on deceiving people.
Re: (Score:2)
This is not about my (deeply flawed) person. Ad hominem much?
What's wrong with that? Police detectives deceive people all the time too, for just one example — it is part of their job.
Same goes for intelligence and counter-intelligence agencies. Deceiving your enemy is a good thing...
Re: (Score:2)
This is not about my (deeply flawed) person. Ad hominem much?
It's not Ad hominem to attack the integrity of your source if your evidence is based on their integrity.
What's wrong with that? Police detectives deceive people all the time too, for just one example — it is part of their job.
Same goes for intelligence and counter-intelligence agencies. Deceiving your enemy is a good thing...
Are you O'Keefe's enemy? Because he's lying to you.
Good detectives lie to criminals, good spies lie to enemy operatives. Bad detectives lie to courts, bad spies lie to your bosses.
James O'Keefe lies with his video, this has been shown repeatedly.
Re: (Score:2)
Except your attack was on me. You claimed, I base my world view on James O'Keefe.
This was a fantastic opportunity for you to provide a link, where the allegation, that O'Keefe crossed the border dressed like bin Laden, is convincingly disputed.
In other words, citations needed.
Re: (Score:1)
Except your attack was on me. You claimed, I base my world view on James O'Keefe.
Call it a bit of hyperbole. The point there wasn't to disprove your argument, I didn't even mention it. The point was to point out that James O'Keefe is an absolutely ridiculous person to cite.
This was a fantastic opportunity for you to provide a link, where the allegation, that O'Keefe crossed the border dressed like bin Laden, is convincingly disputed.
In other words, citations needed.
Perhaps if he were still credible. Either way the video and the implied argument are irrelevant. No one claims there aren't a lot of places where you can't just walk across the border, stupid mask or not, it's about the ability to insinuate yourself into secure positions that they're talking about.
Re: (Score:2)
Translation: I make bombastic claims out of the wrong orifice and weasel out, when asked for substantiation.
Well, when you ridiculed O'Keefe's claim, that it is possible, and called him a liar (without any evidence) you seemed to imply, that his claim was false, and it is not, in fact, possible to "just walk across the border". I mean, why would you call a claim "a lie", if you agree with
Re: (Score:2)
Translation: I make bombastic claims out of the wrong orifice and weasel out, when asked for substantiation.
Read his Wikipedia page [wikipedia.org]. He has a well documented history of misleading people with his videos. To be honest I only glanced at portions of the video as I really can't stand him. As for an actual debunking of whatever claims he made I'd be surprised if many people cared enough to do so anymore because no one takes him seriously.
No one claims there aren't a lot of places where you can't just walk across the border
Well, when you ridiculed O'Keefe's claim, that it is possible, and called him a liar (without any evidence) you seemed to imply, that his claim was false, and it is not, in fact, possible to "just walk across the border". I mean, why would you call a claim "a lie", if you agree with it?
But you are already demonstrated to be a weasel, so I don't really care, what you still have to say. Hop along.
I never said or meant to say that O'Keefe was lying in that specific video, and as for evidence that he's a liar in general some things are simply established fact.
What I meant to sa
Sorry, what? (Score:3, Informative)
Am I somehow supposed to feel bad that due to the extensive tracking by Big Brother of everything that we do that all of a sudden Big Brother is having a hard time of it?
Boo fucking hoo.
You assholes created this surveillance society. You don't get to bitch when the same fucking issues we all face suddenly bit you in your own ass.
That these clowns are now stepping in the pile of shit they helped to create is too fucking bad.
I predict... (Score:2)
a future black market in human irises.
"Hello, Mr. Yakamoto, welcome back to the Gap."
Re: (Score:2)
Re: (Score:2)
So the argument Snowden made it harder for the spies is really bullshit.
Because their own systems have made human spying impossible.
Oh come on. You are misrepresenting what they are saying. Human spying isn't impossible, it's just HARDER to do without getting noticed or having to do things in more difficult ways. Gone are the days you could just hop a commercial plane, use an alternate passport and pass though another country with little risk of being ID'ed. Now, you are more and more likely to be caught though biometrics if you are a spy.
You can still get into and out of countries unnoticed, it's just a lot harder to bypass all the
Re: (Score:2)
Mossad are alleged to have done exactly that with a group of people involved with an assassination in Dubai a couple of years back. A few countries were a bit annoyed at having their passports faked by that group.
Harder? Are you sure? (Score:5, Interesting)
Because it sounds like you're placing nearly absolute confidence in a solution where a back-end server storing biometric template data is one compromise away from being used to make all your efforts completely useless. Gone are the days when someone intent on espionage needed a wig and fake mustache; now they can compromise your back-end server, overwrite some template data, and become a whole other person that you firmly believe should be trusted and provided all kinds of privileged access.
What you've done is come up with a system where the good guys can't change the passwords, but the bad guys can. It's among the dumbest ideas ever.
GOOD! (Score:3)
the world needs fewer spies and more honest people.
Let the fun begin (Score:2)
http://s3.photobucket.com/user... [photobucket.com]
On the other hand (Score:2)
There are people that are pushing for systems to be accessible from just about anywhere (read Internet). We see countless headlines about systems (government and corp) getting hacked and most of us on /. realize the systems never should have been remotely accessible in the first place. Spies will be hackers or visa versa .. however you want to look at it.
Comment removed (Score:4, Interesting)
Re: (Score:2)
You are a bad country if you were doing it that way. Most spies are not registerd as such. They are people who have a job in an other country and do the spying on the side.
But they do use multiple identities. Grab a new ID and hop a border to a scientific conference, ditch the ID after you get back, and Mr. Bond the consular attache never left the country. Except that Mr. Bond and Dr. Science both happen to have the same...eyeballs? Hmm...
Re: (Score:2)
typical bullshit article (Score:3)
Wow, I can't believe this is even worthy of a post.
This is bullshit, just someone looking for more money.
First off the NSA is tapped into everything, they are already spying on all of us.
Second, the NSA can hack into any computers across the world that is storing the biometric data and change the data.
Third, you rarely have spies that no one knows about, and honestly, it's easy enough to make those. You can find someone in the twenties/thirties that have never worked for the government in anything, make some fake data about them, and suddenly have a new spy. If you keep going to the military or FBI, or those sort of people for spies then yes, it a lot easier to figure out.
Fourth, It's election years.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
First off the NSA is tapped into everything, they are already spying on all of us. Second, the NSA can hack into any computers across the world that is storing the biometric data and change the data. Third, you rarely have spies that no one knows about, and honestly, it's easy enough to make those.Fourth, It's election years.
First - No the NSA is NOT tapped into everything. Despite the mythology, the NSA is not omnipresent or clairvoyant. Believe it out not, they do have very practical limits both legally (which they apparently push the boundaries of) and the laws of physics (which try as they might, they cannot violate).
Second - The NSA does not have the ability to just break in and do what they want to any computer system in the world. They may have unparalleled LISTENING ability that makes them a formidable foe, but they
Re: (Score:1)
legally - oh you poor gullible fool.
that never stopped us in the 50s, or the 70s, or the 80s, or the 90s.
why do you think it stops us now?
Re: (Score:2)
legally - oh you poor gullible fool.
that never stopped us in the 50s, or the 70s, or the 80s, or the 90s.
why do you think it stops us now?
From the US prospective, the NSA has legal boundaries in US law. These boundaries do not include foreign or international law which the NSA routinely ignores in it's collection efforts.
My mention of "legal boundaries" was referring to the effect of US law on the NSA's activities. Yes, they sometimes push the boundaries in US law too, but the NSA is generally pretty careful when they do.
Re: (Score:1)
You keep believing that.
Those of us who have actually worked on intel collection will keep laughing at you, however.
Laws?
Riiiight.
Re: (Score:2)
One more time... US law? Not easily ignored by the NSA though sometimes they apparently do... People can go to JAIL for doing this, so when they are pushing the boundaries they do so carefully.
Foreign and international law? The NSA is laughing at most of these and ignoring the rest. When operating on foreign soil the NSA is pretty much it's own authority, especially in international territory.
If you KNOW that the NSA is violating US law, I suggest you report it though the proper channels because it need
Re: (Score:1)
I'm sure that's what you tell yourself.
But neither my father (precursor agency) nor myself (not saying more) would agree with your naive viewpoint.
Re: (Score:2)
I'm sure that's what you tell yourself.
But neither my father (precursor agency) nor myself (not saying more) would agree with your naive viewpoint.
Then report it though proper channels... Seriously, you have a way to stop this, do it. An no, I'm not saying pull a Snowden and dump classified data into the public. Blow the whistle it is your duty not to mention your moral obligation.
IMHO - You are just making this up. Nobody who was actually a part of what the NSA does would be posting critical things on Slashdot about breaking the law. You'd either be up to your ears in breaking the law and not want to chance drawing attention to it. No, your just m
Re:proper channels (Score:1)
You really haven't been paying attention, have you?
And you know it.
Re: (Score:1)
"why do you think it stops us now?"
because apparently, according to your post, it did in the 60s and the 00s?
It didn't.
I just have no personal observations from the 60s. And most people know it didn't stop anything in this century, or if they don't, they're clueless n00bZ.
Re: (Score:1)
try reading what I said elsewhere. My family has been involved since the founding of the USAF (my grandfather died on the steps of Congress after surviving yellow fever, scarlet fever, and many other things and serving with honor). And one can infer that his son and his grandson have done similar things.
n00b
Fake out IRIS and other biometrics? (Score:1)
Guess they'll have to do it the old-fashioned way. (Score:3)
I guess they'll have to do it the old-fashioned way, then: sleep with someone who knows the secrets.
In other words (Score:2)
Re: (Score:1)
Actually, we have bio-powered iris covering biofilms that do near field pictoral displays (patents at UW)
You sad deluded fools (Score:1)
You have no idea as to where the real vulnerabilities are, do you?
Sad, sad, pitiful fools.
Biometrics won't save you, physical measures won't do you no good
When the humint fails, ain't no place that's safe.
Now go back and learn proper tradecraft.
evading detection in the modern world (Score:2)
> Once an iris scan is on record, it becomes nearly impossible to evade detection.
Um, not really, just the techniques change. When you have a "foolproof" method of identity, (in this case where you compare some biometric data stored in a database somewhere,) the tendency is to believe the method of identity, without once considering that everything is predicated on the database being correct.
And so, instead of wearing a wig and affecting a different accent and different posture and style of walk and all
The tech works for everyone. (Score:2)
Police, politicians and the wealthy can be tracked (Score:2)
They can be identified and their locations revealed. You take the good with the bad.