SCADA, Telematics & GPS Technologies

The Mumbai terrorists used an array of commercial technologies — from Blackberries to GPS navigators to anonymous e-mail accounts — to pull off their heinous attacks.

For years, terrorists and insurgents around the world have used off-the-shelf hardware and software to stay ahead of bigger, better-funded authorities. In 2007, former U.S. Central Command chief Gen. John Abizaid complained that, with their Radio Shack stockpile of communications gear, “this enemy is better networked than we are.” The strikes that killed at least 174 appears to be another example of how wired today’s “global guerrillas” can be.

As they approached Mumbai by boat, the terrorists “steered the vessel using GPS equipment,” according to the Daily Mail. A satellite phone was later found aboard.

Once the coordinated attacks began, the terrorists were on their cell phones constantly. They used BlackBerries “to monitor international reaction to the atrocities, and to check on the police response via the internet,” the Courier Mail reports.

The gunmen were able to trawl the internet for information after cable television feeds to the two luxury hotels and office block were cut by the authorities.

The men looked beyond the instant updates of the Indian media to find worldwide reaction to the events in Mumbai, and to keep abreast of the movements of the soldiers sent to stop them.

Outside of Leopold’s Cafe, “one of the gunmen seemed to be talking on a mobile phone even as he used his other hand to fire off rounds,” an eyewitness told The New York Times.

The terror group then took credit for the bloodshed with a series of e-mails to local media. They used a “remailer” service to mask their identities; earlier attacks were claimed from cyber cafes.

[Photo: AP; plugged in: CA, Giz]

A proposal by the Department of Homeland Security attempts to address one potential security problem with RFID-chipped passports, but leaves more obvious problems hanging fire.

In an effort to detect attempts to clone the data stored on RFID chips used on US Passport Cards, DHS on Wednesday announced that it is recommending that manufacturers supplying these RFID chips include a “unique identifier number,” or Tag Identifier (TID).

The TID would be used to ascertain when a chip’s data has been cloned, as one would do to create a fake passport. If two passports with the same identifier number turned up at the border, one of them could be deduced as fake. That number would actually be the second unique number in the chip, since all a passport’s RFID chip stores is a unique number that is indexed in a database. (Currently the chips hold one unique number and one generic manufacturer code; that generic code is the one that would be replaced with a TID.)

It’s an identification model that works reasonably well with mobile phones and automobiles, but an identity document is a different creature. Conceivably, the ID number might help to determine whether, for instance, a hacker intercepting the snail mail has waved a reader near a State Department envelope and picked off the data without having to open the envelope — with “contactless” technology, the envelope would not have to be opened. But the model may not help with other security issues RFID researchers, privacy activists, and anti-terrorism experts have flagged. (more…)

Industry insiders say critical infrastructure is not prepared for cyber attacks and recommend that asset owners and operators begin by taking five steps to enhance their security.

SAN JOSE, CA -  Secure Computing Corp., a leading enterprise gateway security company, announced the results of a study conducted during August and September 2008 in the U.S., Canada, and Europe. The study surveyed 199 international security experts and other “industry insiders” from utilities, oil and gas, financial services, government, telecommunications, transportation, and other critical infrastructure industries. Despite a growing body of legislation and regulation, more than half of these experts believed that most critical infrastructure continues to be vulnerable to cyber attack. Further, a majority of respondents said that major attacks have already begun or are likely to occur in the next 12 months.

“An attack on any one of these industries could cause widespread economic disruptions, major environmental disasters, loss of property, and even loss of life,” said Elan Winkler, Director of Critical Infrastructure Solutions for Secure Computing. “This study revealed that many critical infrastructure organizations are simply not ready for the cyber attacks which are coming soon.”

Rick Nicholson, Vice President of Research for Energy Insights, an IDC company, who authored a white paper based on the survey, added, “Most utility CIOs believe that their companies will be compliant with relevant standards, but still have a long way to go before being adequately prepared for all cyber attacks.”

In the study, respondents were asked to indicate the state of readiness for eight different industries. More than 50% of respondents believed that utilities, oil and gas, transportation, telecommunications, chemical, emergency services, and postal/shipping industries were not prepared. For some sectors, such as postal/shipping and transportation, as many as three out of four experts indicated that the infrastructure was not ready for attack. Only the financial services industry was considered prepared, although nearly 40% believed that even this sector was not ready to defend itself.

Survey participants were also asked which industry was the biggest target, which was the most vulnerable to attack, and which was the most detrimental if breached. The insiders picked the energy sector in all three cases, with 33% saying it was the biggest target, 30% saying it was the most vulnerable, and 42% saying it would be the most detrimental if attacked.

When asked to name the biggest bottleneck to improving cyber security, the largest number of experts (29%) pointed to the cost of security measures. Apathy was the second most likely to be selected as the primary bottleneck, with government bureaucracy and internal issues tying for third. (more…)

An Awarepoint white paper describes critical factors required to maximize your RFID system’s return on investment.

Real-time location systems (RTLSs) are an increasingly important strategic capability for a variety of business applications. RTLSs allow organizations to efficiently identify and track the location of supplies, personnel, equipment, and other items in real-time, as a cost-effective operational management tool.

With the success early adopters have had with RTLSs, the question is not whether to implement, but which technology is best suited for the many applications that can benefit from location awareness. An Awarepoint white paper, “Considering a Real-time Location System? First Consider the 5 Critical Success Factors,” can help maximize your return on investment and ensure long-term success of your RTLS investment.

“The implementation of RTLS technology should pay for itself as a result of shrinking the incidence of misplaced equipment, decreased rental costs, and increased utilization of equipment,” stated Jason Howe, CEO of Awarepoint Corp.

The five critical factors outlined in the white paper to obtain maximum benefit include:

• Enterprise-wide coverage—because assets and people move throughout your entire enterprise, to achieve maximum benefit, your RTLS deployment must cover every square inch of your enterprise.
• Location accuracy—to affect the highest impact for your strategic initiatives, room-level accuracy is a clear critical success factor.
• Installation and maintenance—a minimally invasive solution that does not compromise your existing IT network, does not interrupt daily business operations, and can be installed in days or weeks, is vital. Maintenance impact for hospital staff should be considered as well. It shouldn’t take a team of IT professionals to keep the system running.
• Interoperability—your RTLSs should be supported by standards-based technology and should offer an open application programming interface so that it’s capable of providing location and status data to both your end-users and to third-party applications.
• Low risk—you should partner with a vendor vested in your success. Look for a flexible business model that doesn’t require a large capital purchase or long-term contractual commitment, and allows you to easily expand assets as needed.

Added Howe, “In hospitals particularly, RTLSs can play an important role in automation of common tasks—improving operational efficiency, increasing patient flow, and enhancing patient safety. Knowing the location, status, and movement of equipment and people can be used to improve hospital business processes and asset utilization, reduce capital expense and rental costs, and improve staff productivity.”

The full white paper “Considering a Real-time Location System? First Consider the 5 Critical Success Factors” can be downloaded free off the company’s Web site.

AU Optronics Corp has unveiled a new LCD panel that doubles as a fingerprint scanner. Each pixel is equipped with 4 optical sensors, so a 320×240 screen would have a scanning resolution of 640×480. They have also experimented with different sensors, such as UV. You can see an LCD panel that detects and displays the UV index above. Why did they use a secondary display to show the data though?

Source: Gearlog

In this season of specters and spooks, what could be scarier than a steel-winged robotic spy plane shaped like a bat? The aptly named COM-BATis a six-inch surveillance device that is powered by solar, wind, and vibrations. The concept was conceived by the US military as a means to gather real-time data for soldiers, and the Army has awarded the University of Michigan College of Engineering a five year $10-million dollar grant to develop it. (more…)

Company Intamac has launched its broadband home monitoring products and services with WoonVeilig in The Netherlands. The BT Home Monitor VP1000 is easy to install DIY wireless security alarm and monitoring system. First of all it’s a security system. So, VP1000 includes a security panel and various wireless sensors: motion, smoke and flood detectors. The security panel offers a few pre-defined mode for the home security and possibility to connect to the broadband Internet to have access from everywhere. Additionally wireless D-Link IP cameras can be connected to the system to allow monitor you home.

The price of BT Home Monitor VP1000 including Main Control Panel, 2 Wireless Movement Detectors, Wireless Door Contact and Remote Keyfob is £115.99. Additionally consumer should pay £5 per month for the access to his online account and includes the cost of all outbound voice call, sms text message and e-mail notifications from our monitoring service. Additionally £2.5 should be paid for monitoring 4 IP cameras.

The new Intamac security system looks very similar to AlertMe but offers more useful features then it. However, AlertMe is based on standard home automation protocol ZigBee which is much better that using some proprietary unique one (I couldn’t find any information aboutVP1000 protocol). In any case, those two systems show a new tendency in the DIY home security and monitoring systems.

Source: HomeToys News

With millions of GPS-based navigation devices on the road today, it is time someone considered the question: What if there’s an attack on the GPS network itself?

Researchers at Virginia Tech and Cornell University spent more than a year building equipment that can transmit fake GPS signals capable of fooling receivers.

“GPS is woven into our technology infrastructure, just like the power grid or the water system,” said Paul Kintner, electrical and computer engineering professor and director of the Cornell GPS Laboratory in a statement. “If it were attacked, there would be a serious impact.”

GPS is a U.S. government-built navigation system of more than 30 satellites circling earth twice a day in specific orbits. The satellites transmit signals to receivers on land, sea and in air. Based on the signals received from the satellites, devices are able to triangulate their exact positions on the globe. But if those satellite signals were wrong — or were spoofed — a GPS device might come up with the wrong location based on the signals it was receiving.

The researchers started by programming a briefcase-size GPS receiver used in the research of the uppermost part of the Earth’s atmosphere, known as ionospheric research, to send out fake signals. The phony receiver was placed in the proximity of a navigation device, where it anticipated the signal being transmitted from the GPS satellite. Almost instantly, the reprogrammed receiver sent out a false signal that the GPS-based navigation device took for the real thing.

The experiments to show the vulnerability of GPS receivers to spoofing could help devise methods to guard against such attacks, says Brent Ledvina, an assistant professor of electrical and computer engineering at Virginia Tech, and will be detailed in a research paper to be released Thursday.

“It’s almost like someone nearby is spoofing your favorite radio station by transmitting at the same frequency but higher power fooling your receiver into believing it is getting the right station,” says Ledvina.

The idea of GPS receiver spoofing has already been considered by federal authorities. In a December 2003 report, the Department of Homeland Security detailed seven countermeasures including monitoring the absolute and relative GPS signal strength, monitoring the satellite identification codes and the number of signals received and checking the time intervals between the received signals to guard against spoofs.

Still those fall short and would not have successfully fended off the signals produced by a reprogrammed receiver, said the researchers.

Instead they have suggested a few countermeasures that involve both hardware and software changes. “We have two patent applications which include a software algorithm to help make changes to how receivers react to signals,” says Ledvina.

The other patent is around the spoofer tool used, he says. “The idea is to help government and other companies use it to potentially make better receivers,” says Ledvina.

Photo: NASA

Links: HomeLandSecurity, wired

Auto theft can be very dangerous and this is a car thief that should have thought twice before stealing a bait car in Washington State. Check out this dramatic video.

A bait car, also called a decoy car, is a vehicle used by a law enforcement agency to capture car thieves. The vehicles are specially modified, with features including GPS tracking, hidden cameras that record audio, video, time, and date, which can all be remotely monitored by police. A remote controlled immobiliser (known as a “kill” device in law enforcement jargon) is installed in the vehicle that allows police to disable the engine and lock the doors.

The car is filled with valuable items and then parked in a high-vehicle theft area. In some cases, the vehicle is simply left unlocked with the keys hanging from the ignition. When the car is stolen, officers are alerted, who then send the radio signal that shuts off power to the engine and locks the doors, preventing an escape. The practice does not violate entrapment laws, since suspects are not persuaded to steal the vehicle by any means other than its availability and their own motivation.

The concept and technology was first developed by Jason Cecchettini of Pegasus Technologies and was used by the Sacramento Police Department in 1996, using Sedans like the Toyota Camry, and sports cars, such as the Honda Prelude.

The bait car is a phenomenon in the study of criminal behavior since it offers a rare glimpse into the actions and reactions of suspects before, during and after the crime. Unlike other crimes caught on surveillance cameras, suspects, at least initially, believe and react as if the crime has been wholly successful, until the bait car is apprehended by law enforcement personnel.

The largest bait car fleet in North America is operated by the Integrated Municipal Provincial Auto Crime Team (IMPACT), based in Surrey, British Columbia. Surrey was designated the “car theft capital of North America” by the Royal Canadian Mounted Police in 2002. Their program was launched in 2004, and has contributed to a 10% drop in auto thefts since then.

A LoJack is a similar technology, in that it allows a vehicle to be remotely tracked if it is stolen. These are typically installed in police vehicles.

Bait cars can be used as part of a honey trap, a form of sting operation, in which criminals not known to the police are lured into exposing themselves. Unlike a sting operation that targets a known or suspected criminal, a honey trap establishes a general lure to attract unknown criminals.

Bait cars (and the stings they are used in) have been featured in numerous documentary or reality television programs, including COPS and World’s Wildest Police Videos. They are also the exclusive focus of a 2007 Court TV (now truTV) series simply titled Bait Car.

Links: News10, BaitCar, BSM Wireless

When engineers tackle a project that uses ZigBee communications they may get a surprise. Unlike point-to-point communications, ZigBee involves a network that can establish nodes, repeaters and complex mesh topologies. The proper test tools–often called “sniffers”–help engineers diagnose ZigBee-network problems that could otherwise turn into nightmares.

Microchip Technology includes the ZENA Wireless Network Analyzer with its PICDEM Z demonstration kit so engineers can see what goes on among ZigBee devices. The ZENA tool also can sniff and decode Microchip’s MiWi protocol that, like ZigBee, uses IEEE 802.15.4 radios. According to Steve Bible, an applications engineering manager at Microchip, ZENA time stamps packets and displays them in a graphical format. ”

The screen shows the destination and source addresses, the payload and the data,” explained Bible. “We add some color coding and provide data as hexadecimal values. Users also see a received signal strength indication, or RSSI–an uncalibrated relative value.”
…

“ZigBee and IEEE 802.15.4 technologies require a shift in how we analyze and manage ad-hoc wireless networks,” said Matt Perkins, VP of technology development at Awarepoint, a supplier of wireless asset-tracking systems. “An analyzer should take time-sliced snapshots of network traffic, ‘mine’ the traffic for metrics such as throughput, bottlenecks and end-to-end delays, and presents information in a concise graphical form.”

Source: Freaklabs