Forged credentials and security

March 2006 News & Events

Verifying credentials is a difficult task. Here is a real story about that very problem: (see full story at http://www.suntimes.com/output/news/cst-nws-fake08.html)

When Frank Coco pulled over a 24-year-old carpenter for driving erratically on Interstate 55, Coco was furious. Coco was driving his white Chevy Caprice with flashing lights and had to race in front of the young man and slam on his brakes to force him to stop.

Coco flashed his badge and shouted at the driver, Joe Lilja: "I am a cop and when I tell you to pull over, you pull over, you -----!"

Coco punched Lilja in the face and tried to drag him out of his car.

But Lilja was not resisting arrest. He was not even sure what he had done wrong.

It was only after Lilja sped off to escape - leading Coco on a tyre-squealing, 90-mph chase through the southwest suburbs - that Lilja learned the truth.

Coco was not a cop at all, he was a criminal.

There is no obvious way to solve this. This is some of what I wrote in Beyond Fear:

Authentication systems suffer when they are rarely used and when people are not trained to use them.

Imagine you are on an aeroplane, and Man A starts attacking a flight attendant. Man B jumps out of his seat, announces that he is a sky marshal, and that he is taking control of the flight and the attacker. (Presumably, the rest of the plane has subdued Man A by now.) Man C then stands up and says: "Do not believe Man B. He is not a sky marshal. He is one of Man A's cohorts. I am really the sky marshal."

What do you do? You could ask Man B for his sky marshal identification card, but how do you know what an authentic one looks like? If sky marshals travel completely incognito, perhaps neither the pilots nor the flight attendants know what a sky marshal identification card looks like. It does not matter if the identification card is hard to forge if the person authenticating the credential does not have any idea what a real card looks like.

Many authentication systems are even more informal. When someone knocks on your door wearing an electric company uniform, you assume she is there to read the meter. Similarly with deliverymen, service workers, and parking lot attendants. When I return my rental car, I do not think twice about giving the keys to someone wearing the correct colour uniform. And how often do people inspect a police officer's badge? The potential for intimidation makes this security system even less effective.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Pentagon appointed as Milestone distributor
Elvey Security Technologies News & Events Surveillance
Milestone Systems appointed Pentagon Distribution (an Elvey Group company within the Hudaco Group of Companies) as a distributor. XProtect’s open architecture means no lock-in and the ability to customise the connected video solution that will accomplish the job.

Read more...
Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

Read more...
SAIDSA achieves ISO 9001 certification
SAIDSA(SA Intruder Detection Services Association) Associations News & Events Training & Education
The South African Intruder Detection Services Association (SAIDSA) has announced that it has achieved ISO 9001:2015 certification. This milestone reflects its commitment to quality management and excellence in the security services industry.

Read more...
Detecting humans within vehicles without opening the doors
Flow Systems News & Events Security Services & Risk Management
Flow Systems has introduced its new product, which detects humans trying to hide within a vehicle, truck, or container. Vehicles will be searched once they have stopped before one of Flow Systems' access control boom barriers.

Read more...
Fluss launches the next wave of IoT solutions
IoT & Automation Access Control & Identity Management News & Events
Fluss has announced its newest IoT product; Fluss+ continues to allow users to manage access from anywhere globally and brings with it all the advantages of Wi-Fi connectivity.

Read more...
A standards-based, app approach to risk assessments
Security Services & Risk Management News & Events
[Sponsored] Risk-IO is web-based and designed to consolidate and guide risk managers through the whole risk process. In this article, SMART Security Solutions asks Zulu Consulting to tell us more about Risk-IO and how it came to be.

Read more...
SMART speakers: Uncovering the hidden S in ESG
SMART Security Solutions News & Events
Chris Galvin from the International Code of Conduct Association speaks about the role of responsible security in sustainable business practice.

Read more...
SMART speakers: Bomb threat management protocols
SMART Security Solutions News & Events
Jimmy Roodt, an explosives expert from Gauntlet Security Solutions, will speak on bomb threat protocols, the lack thereof, and why your fire emergency protocols are not an acceptable substitute.

Read more...
AP Sensing
News & Events
AP Sensing is a leading German provider of distributed fibre optic sensing solutions for monitoring critical infrastructure.

Read more...
Gemini Automation Systems
News & Events
Step into the future of home security and convenience with Gemini Automation Systems at Securex 2024, where it will unveil its latest innovations.

Read more...