Forged credentials and security

March 2006 News & Events

Verifying credentials is a difficult task. Here is a real story about that very problem: (see full story at http://www.suntimes.com/output/news/cst-nws-fake08.html)

When Frank Coco pulled over a 24-year-old carpenter for driving erratically on Interstate 55, Coco was furious. Coco was driving his white Chevy Caprice with flashing lights and had to race in front of the young man and slam on his brakes to force him to stop.

Coco flashed his badge and shouted at the driver, Joe Lilja: "I am a cop and when I tell you to pull over, you pull over, you -----!"

Coco punched Lilja in the face and tried to drag him out of his car.

But Lilja was not resisting arrest. He was not even sure what he had done wrong.

It was only after Lilja sped off to escape - leading Coco on a tyre-squealing, 90-mph chase through the southwest suburbs - that Lilja learned the truth.

Coco was not a cop at all, he was a criminal.

There is no obvious way to solve this. This is some of what I wrote in Beyond Fear:

Authentication systems suffer when they are rarely used and when people are not trained to use them.

Imagine you are on an aeroplane, and Man A starts attacking a flight attendant. Man B jumps out of his seat, announces that he is a sky marshal, and that he is taking control of the flight and the attacker. (Presumably, the rest of the plane has subdued Man A by now.) Man C then stands up and says: "Do not believe Man B. He is not a sky marshal. He is one of Man A's cohorts. I am really the sky marshal."

What do you do? You could ask Man B for his sky marshal identification card, but how do you know what an authentic one looks like? If sky marshals travel completely incognito, perhaps neither the pilots nor the flight attendants know what a sky marshal identification card looks like. It does not matter if the identification card is hard to forge if the person authenticating the credential does not have any idea what a real card looks like.

Many authentication systems are even more informal. When someone knocks on your door wearing an electric company uniform, you assume she is there to read the meter. Similarly with deliverymen, service workers, and parking lot attendants. When I return my rental car, I do not think twice about giving the keys to someone wearing the correct colour uniform. And how often do people inspect a police officer's badge? The potential for intimidation makes this security system even less effective.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Helping South African university students and staff to stay safe
News & Events
Buzzer is a free mobile app that allows users to quickly and easily report incidents of crime, violence, or harassment to campus security and other relevant authorities.

Read more...
Tech developments lead hologram growth in 2024
News & Events Security Services & Risk Management
Micro-lenses, micro-mirrors and plasmonics are among the rapidly-emerging optical devices that have evolved on the back of holographic and diffractive technologies, and are seen as part of the natural evolution of optical science by R&D teams.

Read more...
Trellix detects collaboration by cybercriminals and nation states
News & Events Information Security
Trellix has released The CyberThreat Report: November 2023 from its Advanced Research Centre, highlighting new programming languages in malware development, adoption of malicious GenAI, and acceleration of geopolitical threat activity.

Read more...
People are craving connection
News & Events
As 2023 nears its close, global security manufacturer Gallagher Security is sharing key observations from some of the year’s biggest industry events, chief among them the rising importance of community building these events facilitate.

Read more...
ePSiRA online system
PSiRA (Private Security Ind. Regulatory Authority) News & Events
[Sponsored] As part of the digitisation of the security industry, the Private Security Industry Regulatory Authority (PSiRA) introduced the ePSiRA online system, which allows clients to transact online.

Read more...
New generation of cyber-focused controllers
Gallagher News & Events Access Control & Identity Management Products & Solutions
The C7000 gives users an opportunity to leverage their hardware and firmware to build a platform designed to catapult their organisation into the future, with cybersecurity baked in from inception.

Read more...
New T&A terminal features revolutionary AI technology
Suprema News & Events Access Control & Identity Management AI & Data Analytics
Suprema has launched BioStation 2a, the world’s first deep learning-based fingerprint recognition solution, providing powerful access control features and an improved ability to extract templates from low-quality fingerprints.

Read more...
South African Cyber Risk Survey 2023
News & Events
Aon South Africa has released its 2023 Cyber Risk Survey for South Africa, providing insights on current trends in cyber risk governance practices being deployed by South African companies in various market segments.

Read more...
Africa Online Safety Fund announces grant winners
News & Events Information Security
The Africa Online Safety Fund (AOSF) has announced the winners of this year’s grants; among them are five organisations operating in South Africa to educate people about online risks.

Read more...
From the editor's desk: Convergence is real
Technews Publishing News & Events
      SMART Security Solutions has been talking about convergence for a long time; in other words, the intersection and even integration between the physical and information security worlds. Before writing ...

Read more...