How DefCon spooked the spooks

Right about the same time as I was standing cross-legged on the wrong side of an electronic door lock that stood right between a liter of consumed soda and the nearest porcelain bowl at the FBI's Sacramento CART facility, the wizzes at DefCon were snatching the "keys to the throne" right out of the wallets of passing Feds.

Thus far, all of the Federal facilities I have visited relied heavily on some mixture electronic combination lock, wireless keycard, and biometric security devices. In my own experience, I have observed agents from other facilities use their keycards to move into and about the buildings. (Fortunately, one of them came along just in time.) As a not-insignificant annual contributor to the Federal budget, I am--to be sure--glad to see that the latest security measures are in place. However, as evidenced by a security-awareness demonstration at this year's DefCon convention in Las Vegas, "latest" does not always equal "greatest".

Representatives from Aperture Labs in Great Britain mated an RFID reader to a web camera and placed them in plain view of show-goers. As attendees passed the table, they were scanned for RFID data. Any data captured was stored on an SD card along with a picture of its owner. In attendance were members of various law enforcement agencies, both identified and incognito. Once Aperture Labs revealed details of the experiment at a panel presentation, Federal agents (at least the ones willing to admit the affiliation) were understandably unamused.

Though the SD card was subsequently destroyed, “It takes a few milliseconds to read [a chip] and, depending on what equipment I’ve got, doing the cloning can take a minute,” said Adam Laurie, co-director of Aperature Labs. “I could literally do it on the fly.”

National security and public safety concerns aside, similar chips are now mandatory in all new U.S. Passports, and have already been widely circulated in the form of major credit cards.

Read more @ Wired (http://www.wired.com/threatlevel/2009/08/fed-rfid/)

About Jeff M. Fischbach

Jeff Michael Fischbach is founder and President of SecondWave Information Systems (SecondWave.com), a consulting firm specializing in Forensic Technology. Since 1994, he has served as a board member and technology adviser to numerous professional organizations and corporations. Mr. Fischbach has been engaged as a litigation consultant and Forensic Examiner, offering expert advice and oversight on matters involving intellectual property, computers, information systems, satellite, tracking and wireless communications technologies. He has advised law enforcement, foreign government representatives, judges, lawyers and the press.