Threat Intelligence Blog

Posted August 25, 2016

Locations open to the public are often prime targets for terror attacks. Recently, the news has been rife with stories of terror attacks[1], many of which have taken place at airports. Although airports are known to have heightened security, there are still certain areas that are exploited by terrorists because they are soft targets – ones that are easier to attack and offer higher operational success. Throughout this blog we will explore how physical and cyber security vulnerabilities at airports make them opportune targets for terror attacks.

For example, this past June, gunmen armed with automatic weapons and explosive vests staged a coordinated attack on the Atatürk Airport in Istanbul, Turkey. In 90 seconds, the terrorist attack killed more than 40 people and wounded more than 230. Similarly, on March 22, 2016, terrorists in Brussels coordinated three separate attacks, two of which took place at the Brussels Airport in Zaventem.

Physical attacks on airports, combined with recent cyber incidents like Delta Airlines’[2] system crashing and the two cyber attacks directed against Vietnam’s airport[3], highlight that even with enhanced security measures, airports can be soft targets for attacks.

Soft Targets Are Easy To Exploit

Soft targets are often public locations that lack proper security screening of individuals and vehicles. This can include shopping malls, movie theaters, hotels, and airport terminals. Because of these lowered security measures, threat actors can effectively gather intelligence on their targets almost undetected, as well as enter a premises with weapons and explosives, or park vehicle borne explosive devices in close proximity of the target, when they are ready to attack.

Many soft targets have multiple entrances and exits, which allows direct access from streets or subway stations. They typically have areas to unload passengers and their belongings close to the target site perimeter and/or offer parking lots located in close proximity to the venue. Additionally, these sites frequently lack visible security guards and detailed screenings prior to entry to deter visitors with malicious intentions. Often times, security guards are soft targets themselves because they lack the training and proper equipment to respond to a terrorist attack.

Why Airports Are Opportune Soft Targets

While smuggling weapons and bombs onto airplanes has become harder since the September 11 terrorist attacks in the U.S., crowded airport concourses around ticket counters and security checkpoints are still vulnerable to attack. Governments are grappling with this issue because as they add more sophisticated detection equipment and add more thorough security processes, the number of soft targets grows due to increased concentration of people who have yet to go through these checkpoints.

This is a problem U.S. airports are currently dealing with, especially since the Transportation Security Administration (TSA) boosted security measures at many major U.S. airports. This includes the deployment of Visible Intermodal Prevention and Response (VIPR) teams — heavily armed officers, clad in body armor, who sometimes conduct random security sweeps and searches of public areas. As a result, there is increased crowding in public areas. In fact, the TSA recently received intense public criticism over long lines at airports across the United States. At times, the wait for security screening stretched to more than three hours and well outside the traditional screening area where most law enforcement is stationed. These increased security lines could be considered prime soft targets for an attacker looking to maximize casualties and effect.

Terrorists have shown resiliency in evading physical security by attacking before any screening takes place. Demonstrating the depth of this problem, Atatürk airport security is known for being extremely well organized, thorough, and universally considered having one of the most robust security operations in the world. However, the first explosion in the attack took advantage of a soft target and occurred at the entrance x-ray machine. In the ensuing chaos, another bomber entered the hall before being shot and subsequently detonating his suicide vest. A third bomber descended a level to the exit of the arrivals area, at the car park, before detonating his explosive vest. The second and third terrorists were trying to attack people fleeing the initial explosion.

Cyber Security Vulnerabilities at Airports

Depending on the intent of the attacker, airports continue to be soft targets for cyber attacks largely because there are so many possible points of access and very few security mechanisms designed around them. The airport cyber security ecosystem is a complex array of public and private networks, each potentially providing a viable attack vector for hostile actors seeking to steal personal or financial information, disrupt network services, or launch destructive attacks against the network. Credentialing and Document management systems, e-enabled aircraft systems, network-enabled baggage systems, radar systems, and airline reservation systems are all susceptible to being exploited by actors.

One perpetual cyber security weakness is the free Wi-Fi services offered at some terminals. Many of these networks are not secured, allowing hostile actors to eavesdrop on your computer to gain personal information, financial information, or proprietary information. According to the Federal Bureau of Investigation[4], hackers will employ a bogus but legitimate-looking Wi-Fi network with a strong signal in a Wi-Fi hotpot. Once devices connect to that network, the data on the device – information, user ID, passwords, credit card numbers – are now accessible to the hackers. What’s more, they can direct you to phony websites, and record your keystrokes.

Even those leveraging a virtual private network (VPN) when on a public hot spot are not guaranteed safety. The VPN cannot connect until you connect to the Internet[5], and the VPN connection is not instantaneous, allowing a brief window of opportunity for bad guys to act. This may only amount to a matter of seconds, but that’s ample time to expose valuable information like logon credentials.

Physical and Cyber Security Recommendations

Less crowding could be critical to reducing casualties in a terrorist attack. In places under constant threat, like Baghdad or Kabul, Afghanistan, and Israel, security checkpoints begin miles from the terminal and include myriad scans, checks, and bomb-sniffing dogs. With security checks spread over a wider area, long lines are unusual at these airports.

While it may be impossible for airports to prevent every attack, a more visible law enforcement presence can serve as a deterrent. Airports and government officials need to find ways to establish and maintain robust physical security while also limiting the soft targets that is a byproduct of increased security.

Additionally, while it may be difficult to protect all digital assets, airports need to start devising and implementing risk-based security strategies that reduce their exposure from a cyber perspective.

Next week, we’ll explore how businesses can detect and prevent future physical attacks by leveraging cyber security. To learn more about physical security for your organization, download our white paper, “Physical Security Threat Landscape: Recent Trends and 2016 Outlook.”

Contact us to learn how the LookingGlass Special Investigations Unit can help with your organization’s physical security needs.

By: Hans Mathias Moeller and Marc Larson, LookingGlass SIU, and Emilio Iasiello, LookingGlass CTIG


Additional Posts

Weekly Phishing Report: August 29, 2016

PHISHING REPORT: TOP TARGETS Week of August 21 – August 27, 2016 For the first time in months, ...

Weekly Threat Intelligence Brief: August 23, 2016

This weekly brief highlights the latest threat intelligence news to provide insight into the latest ...