|
Top-level
 In 2006, a gang of amateur chemists hatched a plan to synthesize explosives in an airplane toilet sink, scheming to smuggle in different reagents and precursors in their carry-on luggage, then making a bomb in the sky and taking down the plane and all its passengers. The "Hair Gel Bombers" were caught before the could try their scheme, but even if they had made it onto the plane, they would have failed. 7/ 29 comments
The fact that these guys failed utterly didn't have any impact on the dramaturges who ran the world's security theater. We're still having our liquids taken away at airport checkpoints. Why did we have to defend ourselves against imaginary attacks that had been proven not to work? Because "no price was too high to pay" in the War on Terror. 9/ As Schneier pointed out, this was obvious nonsense: there is a 100% effective, foolproof way to prevent *all* attacks on civilian aircraft. All we need to do is institute a 100% on ban on air travel. We didn't do that, because "no price is too high to pay" was always bullshit. Some prices are *obviously* too high to pay. 10/ Which is why we still get to keep our underwear on, even after Umar Farouk "Underwear Bomber" Abdulmutallab's failed 2009 attempt to blow up an airplane with a bomb he'd hidden in his Y-fronts: https://en.wikipedia.org/wiki/Umar_Farouk_Abdulmutallab 11/ It's why we aren't all getting a digital rectal exam every time we fly, despite the fact that hiding a bomb up your ass *actually works*, as proven by Abdullah "Asshole Bomber" al-Asiri, who blew his torso off with a rectally inserted bomb in 2009 in a bid to kill a Saudi official: https://en.wikipedia.org/wiki/Abdullah_al-Asiri Apparently, giving every flier a date with Doctor Jellyfinger is too high a price to pay for aviation safety, too. 12/ Now, theatrical productions can have very long runs (*The Mousetrap* ran in London for 70 years!), but eventually the curtain rings down on every stage. It's possible we're present for the closing performance of security theater. On September 17, the Israeli military assassinated 12 people in Lebanon and wounded 2,800 more by blowing up their pagers and two-way radios whose batteries had been gimmicked with pouches of PETN, a powerful explosive. 13/ This is a devastating attack, because we carry a *ton* of battery-equipped gadgets around with us, and most of them are networked and filled with programmable electronics, so they can be detonated based on a variety of circumstances - physical location, a specific time, or a remote signal. What's more, PETN-gimmicked batteries are super easy to make and effectively impossible to detect. 14/ In a breakdown published a few days after the attack, legendary hardware hacker Andrew "bunnie" Huang described the hellmouth that had just been opened: https://www.bunniestudios.com/blog/2024/turning-everyday-gadgets-into-bombs-is-a-bad-idea/ The battery in your phone, your laptop, your tablet, and your power-bank is a "lithium pouch battery." These are manufactured all over the world, and you don't need a large or sophisticated factory to make one. 15/ It would be effectively impossible to control the manufacture of these batteries. You can make batteries in "R&D quantities" for about $50,000. Alibaba will sell you a full, turnkey "pouch cell assembly line" for about $10,000. More reputable vendors want as little as $15,000. A pouch cell is composed of layers of "cathode and anode foils between a polymer separator that is folded many times." 16/ After a machine does this folding, the battery is laminated into a pouch made of aluminum foil, which is then cleaned up, labeled, and flushed into the global supply chain. To make a battery bomb, you mix PETN "with binders to create a screen-printed sheet" that's folded and inserted into the battery, in such a way as to produce a shaped charge that "concentrat[es] the shock wave in an area, effectively turning the case around the device into a small fragmentation grenade." 17/ Doing so will reduce the capacity of the battery by about 10% or less, which is within the normal variations we see in batteries. If you're worried about getting caught by someone who's measuring battery capacity, you can add an extra explosive sheet to the battery's interior, increasing the thickness of a 10-sheet battery by 10%, which is within the tolerance for normal swelling. 18/ Once the explosive is laminated inside its (carefully cleaned) aluminum pouch, there's no way to detect the chemical signature of the PETN. The pouch seals that all in. The PETN and other components of the battery are too similar to one another to be detected with X-ray fluorescence, and the multi-layer construction of a battery also foils attempts to peer inside it with Spatially Offset Raman Spectroscopy. 19/ According to bunnie, there are no ways to detect a battery bomb through visual inspection, surface analysis or X-rays. You can't spot it by measuring capacity or impedance with electromechanical impedance spectroscopy. You *could* spot it with a high-end CT scan - a half-million dollar machine that takes about 30 minutes for each scan. You *might* be able to spot it with ultrasound. 20/ Lithium batteries have "protection circuit modules" - a small circuit board with a chip that helps with the orderly functioning of the battery. To use one of these to detonate a PETN-equipped battery, you'd only have to make a small, board-level rewiring, which could deliver a charge via a "third wire" - the NTC temperature sensor that's standard in batteries. 21/ Bunnie gets into a lot more detail in his post. It's frankly terrifying, because it's hard to read this without concluding that, indeed, any battery in any gadget could actually be a powerful, undetectable bomb. What's more, supply chain security *sucks* and bunnie runs down several ways you could get these batteries into your target's gadget. 22/ These range from nefarious to brute simple: "buy a bunch of items from Amazon, swap out the batteries, restore the packaging and seals, and return the goods to the warehouse." Bunnie's point is that, having shown the world that battery bombs are possible, the Israelis have opened the hellmouth. They were the first ones to do this, but they won't be the last. We need to figure out something before "the front line of every conflict [is brought] into your pocket, purse or home." 23/ All of that is scary af, sure, but note what *hasn't* happened in the wake of an *extremely successful*, nearly impossible to defeat explosives attack that used small electronics of the same genus as the pocket rectangles virtually every air traveler boards a plane with. We've had *no* new security protocols instituted since September 17, likely because no one can think of anything that would work. 24/ Now, in the heady days when the security theater was selling out every performance and we were all standing in two-hour lines to take our shoes off, none of this would have mattered. The TSA's motto of "when in trouble, or in doubt, run in circles, scream and shout" would have come to the fore. 25/ We'd be forced to insert our phones into some grifter's nonfunctional billion-dollar PETN dousing-box, or TSA agents would be ordering us to turn on our phones and successfully play eleven rounds of Snake, or we'd be forced to lick our phones to prove that they weren't covered in poison. But today, we're keeping calm and carrying on. 26/ The fact that something awful exists is, well, *awful*, but if we don't know what to do about it, there's no sense in just doing *something*, irrespective of whether that will help. We could order everyone to leave their phones at home when they fly, but then no one would fly anymore, and obviously, no one seriously thinks "no price is too high" for safety. Some prices are just too high. 27/ I started thinking about all this last week, when I was in New Delhi to give a keynote for the annual meeting of the International Cooperative Alliance, which was jointly held with the UN as the inauguration of the UN International Year of Coops, with an address from UN Secretary General Antonio Guterres: 28/ When I arrived in New Delhi, my hosts were somewhat flustered because Indian Prime Minister Narendra Modi had just announced that he would give the opening keynote, which meant a lot of rescheduling and shuffling - but also a *lot* of security. I was told that the only things I could bring to the conference center the next day were my badge, my passport and my hotel room key. 29/ I couldn't bring a laptop, a phone or a spare battery. I couldn't even bring a pen ("they're worried about stabbings"). Modi - a lavishly corrupt authoritarian genocidier - has a lot of reasons to worry about his security. He has actual enemies who sometimes blow stuff up, and if one of them took him out, he wouldn't be the first Indian PM to die by assassination. 30/ But the speakers and delegates gathered in the hotel lobby the next morning, we were told that we *could* bring phones, after all. Because of course we could. You can't fly people from all over the world to India and then ask them to forego the device they use as translator, map, note-taker, personal diary, and credit card. Some prices are just too high. 31/ They took a *lot* of security measures. Everyone went through a metal detector, naturally. Then, we were sealed in the plenary room for more than an hour while the building was sealed off. Armed men were stationed all around the room, and the balcony outside the room was ringed with snipers: https://www.flickr.com/photos/doctorow/54165263130/ 32/ We were prohibited from leaving our seats from the time Modi entered the room until he left it again, despite the fact that the PM was never more than a few steps from the single most terrifying bodyguard I'd ever seen: https://www.flickr.com/photos/doctorow/54164805776/ 33/ And yet: the fact that we were less than two months out from an extremely successful, highly public demonstration of the weaponization of small batteries in personal electronics did not mean that we all had to leave our phones at the hotel. After that, I'm tempted to think that, just possibly, security theater's curtain has rung down and its long SRO run has come to an end. It's a small bright spot in a dark time, but I'll take it. eof/   @pluralistic Why not? The rituals that originally inspired people to coin the term "cargo cult" were aviation-related. |
Gregory's Server
Their liquid bomb recipe started with mixing a "piranha bath" - a mixture of sulfuric acid and hydrogen peroxide - that needs to be kept *extremely cold* for a *long* time, or it will turn into instantly lethal gas. If the liquid bomb plot had gone ahead, the near-certain outcome would have been the eventual discovery of an asphyxiated terrorist in the bathroom, lips blue and lungs burned away, face down in a shallow sink filled with melting ice-cubes:
https://en.wikipedia.org/wiki/2006_transatlantic_aircraft_plot
8/
Their liquid bomb recipe started with mixing a "piranha bath" - a mixture of sulfuric acid and hydrogen peroxide - that needs to be kept *extremely cold* for a *long* time, or it will turn into instantly lethal gas. If the liquid bomb plot had gone ahead, the near-certain outcome would have been the eventual discovery of an asphyxiated terrorist in the bathroom, lips blue and lungs burned away, face down in a shallow sink filled with melting ice-cubes: