Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Forged credentials and security

March 2006 News & Events

Bruce Schneier

Verifying credentials is a difficult task. Here is a real story about that very problem: (see full story at http://www.suntimes.com/output/news/cst-nws-fake08.html)

When Frank Coco pulled over a 24-year-old carpenter for driving erratically on Interstate 55, Coco was furious. Coco was driving his white Chevy Caprice with flashing lights and had to race in front of the young man and slam on his brakes to force him to stop.

Coco flashed his badge and shouted at the driver, Joe Lilja: "I am a cop and when I tell you to pull over, you pull over, you -----!"

Coco punched Lilja in the face and tried to drag him out of his car.

But Lilja was not resisting arrest. He was not even sure what he had done wrong.

It was only after Lilja sped off to escape - leading Coco on a tyre-squealing, 90-mph chase through the southwest suburbs - that Lilja learned the truth.

Coco was not a cop at all, he was a criminal.

There is no obvious way to solve this. This is some of what I wrote in Beyond Fear:

Authentication systems suffer when they are rarely used and when people are not trained to use them.

Imagine you are on an aeroplane, and Man A starts attacking a flight attendant. Man B jumps out of his seat, announces that he is a sky marshal, and that he is taking control of the flight and the attacker. (Presumably, the rest of the plane has subdued Man A by now.) Man C then stands up and says: "Do not believe Man B. He is not a sky marshal. He is one of Man A's cohorts. I am really the sky marshal."

What do you do? You could ask Man B for his sky marshal identification card, but how do you know what an authentic one looks like? If sky marshals travel completely incognito, perhaps neither the pilots nor the flight attendants know what a sky marshal identification card looks like. It does not matter if the identification card is hard to forge if the person authenticating the credential does not have any idea what a real card looks like.

Many authentication systems are even more informal. When someone knocks on your door wearing an electric company uniform, you assume she is there to read the meter. Similarly with deliverymen, service workers, and parking lot attendants. When I return my rental car, I do not think twice about giving the keys to someone wearing the correct colour uniform. And how often do people inspect a police officer's badge? The potential for intimidation makes this security system even less effective.





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Fire Ops SA Partners with Matrix
News & Events Fire & Safety Residential Estate (Industry)
Fire Ops SA, a South African private fire and rescue service, has announced its partnership with Matrix Vehicle Tracking to launch FireStop, providing Matrix and Beame clients with direct access to a dedicated professional private fire service.

Read more...
SABRIC Annual Crime Statistics 2024
News & Events Security Services & Risk Management Residential Estate (Industry)
SABRIC has released its Annual Crime Statistics for 2024, reflecting a significant decline in financial crime losses, but also warning of the growing threat posed by artificial intelligence (AI) in fraud schemes.

Read more...
Adding AI analytics to security monitoring
SEON South Africa News & Events Perimeter Security, Alarms & Intruder Detection Residential Estate (Industry) AI & Data Analytics
SEON has announced its latest integration with Refraime, an AI-powered video analytics platform designed to elevate CCTV surveillance through real-time object detection and intelligent alerting.

Read more...
Blue Security ranked best reaction team in KZN
News & Events Commercial (Industry)
Blue Security has been ranked the Best Reaction Team in KwaZulu-Natal following its outstanding performance at the SAIDSA Reaction Man Competition 2025, which took place on 25 September at the Ballito Defensive Sport Shooting Club.

Read more...
Sophos launches advisory services to deliver proactive cybersecurity resilience
Information Security News & Events
Sophos has launched a suite of penetration testing and application security services, designed to identify gaps in organisations’ security programs, which is informed by Sophos X-Ops Threat Intelligence and delivered by world-class experts.

Read more...
Why Securex matters more than ever
Securex South Africa News & Events Fire & Safety Facilities & Building Management
Visitors will observe the application of integrated security solutions, including AI-enhanced surveillance, cloud-based access control, cybersecurity tools, and perimeter protection within residential, commercial, logistics, and industrial environments

Read more...
SA’s private security industry receives multi-million USD investment
News & Events Security Services & Risk Management
South Africa's private security sector has attracted significant international attention, with the world’s largest tactical flashlight manufacturer, Nextorch, announcing a major investment in its local operations, Nextorch Africa.

Read more...
Kaspersky highlights biometric and signature risks
Information Security News & Events
AI has elevated phishing into a highly personalised threat. Large language models enable attackers to craft convincing emails, messages and websites that mimic legitimate sources, eliminating grammatical errors that once exposed scams.

Read more...
Keenfinity launches Radionix as new intrusion brand
Perimeter Security, Alarms & Intruder Detection News & Events
Keenfinity Group’s Intrusion & Access Business Unit has launched Radionix as its new brand for intrusion alarm systems, unlocking new potential and growth opportunities.

Read more...
From the editor's desk: Can it be October already?
Technews Publishing News & Events
Welcome to the final SMART Handbook of the year. In this issue, we focus on residential estate security, from the fence to the gate and beyond. We also review our Durban SMART Estate Security Conference, ...

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.