6/27/2002: Fake cop car

NYC readers will already have seen this: the NY Post wrote an article yesterday, describing how they were able to rent a Crown Vic and dress it exactly as a cop car for less than $2000.

Not only did they tell us that they did it, but they told us how, with explicit instructions of what was needed and where they got it.

Here's a question, then: is there risk in stories like this? Oddly enough, it's a question that's familiar to anyone involved in the open source movement.

A recent study showed that the open-source Linux operating system is "as secure as" Windows-based server OSes. Anyone at all can get, examine, even modify the Linux system's code, while Windows' code is more-or-less in the hands of Microsoft employees only. Some say this makes the Linux system less secure, because hackers and crackers can find weaknesses and exploit them. Others say that it makes the system much MORE secure, because everyone can find such weaknesses and FIX them.

By broadcasting the detailed instructions for how to copy an official car, for how to build a dirty bomb, for what it would take to break through the wall of a nuclear reactor, which places are being heavily guarded, etc. does the media make the country more secure, or less secure?

All I can say is, "know your enemy." One argument we heard after 9/11 (that we're not heearing quite so much any more) is that we couldn't have prevented that kind of airplane attack because we couldn't have imagined anybody would do it. If you can imagine that somebody can fake a police car, and not only do it but do it easily and cheaply, then you're more likely to be able to defend against it. If this kind of story gets covered up, people never consider that the car stopping them might be a fake.

I've always considered the computer thing about the source code to be specious. Any modern computer setup must be designed so that it is secure even if somebody knows how it works. Even if the source code is not available, if somebody wants (for example) to crack Windows NT, they can get a copy and rip it apart trying to figure out vulnerabilities before trying a real attack on a real target. What kind of system isn't safe if the source code is exposed? One where the source includes passwords? (I gather this is kind of what happened with deCSS, the thing to decode video from DVDs... a particularly slack implementation of a software DVD player left some encryption keys out in plaintext.)

It wouldn't have mattered if the keys weren't out in plaintext; I've cracked schemes where they weren't; eventually the program has to decrypt and use them. One who controls the hardware can crack the software.

There were apparently two separate hacks of CSS, one which used the weakness in the XIng player, one which did not. And since then, there has been a practical cryptanalytic "break" meaning you don't even need the keys.


As for the police car; well, it's hardly news that you can dress up a Crown Vic to look like a cop car. I guess the only interesting thing is the price. The only mildly difficult part would be duplicating the shield, and large format printers which can print on plastic make that less of a problem.

they have fake cops too

In Phoenix a few years back we had a few instances of "SWAT" raids on drug houses that turned out to be bogus.

Seems some tough guys dressed in cop outfits invaded known drug houses, confiscated the drugs, money, and guns, and took off. They knew the victims would be less likely to take on a SWAT team than a rival gang.

I don't know if they went the full distance of having fake vehicles too, I suspect they did not.