TSA Missed Boston Bomber Because His Name Was Misspelled In a Database 275
schwit1 sends this news from The Verge:
"Tamerlan Tsarnaev, the primary conspirator in the Boston Marathon bombing that killed three people, slipped through airport security because his name was misspelled in a database, according to a new Congressional report. The Russian intelligence agency warned U.S. authorities twice that Tsarnaev was a radical Islamist and potentially dangerous. As a result, Tsarnaev was entered into two U.S. government databases: the Terrorist Identities Datamart Environment and the Treasury Enforcement Communications System (TECS), an interagency border inspection database.
A special note was added to TECS in October of 2011 requiring a mandatory search and detention of Tsarnaev if he left the country. 'Detain isolated and immediately call the lookout duty officer,' the note reportedly said. 'Call is mandatory whether or not the officer believes there is an exact match.' 'Detain isolated and immediately call the lookout duty officer.' Unfortunately, Tsarnaev's name was not an exact match: it was misspelled by one letter. Whoever entered it in the database spelled it as 'Tsarnayev.' When Tsarnaev flew to Russia in January of 2012 on his way to terrorist training, the system was alerted but the mandatory detention was not triggered. Because officers did not realize Tsarnaev was a high-priority target, he was allowed to travel without questioning."
A special note was added to TECS in October of 2011 requiring a mandatory search and detention of Tsarnaev if he left the country. 'Detain isolated and immediately call the lookout duty officer,' the note reportedly said. 'Call is mandatory whether or not the officer believes there is an exact match.' 'Detain isolated and immediately call the lookout duty officer.' Unfortunately, Tsarnaev's name was not an exact match: it was misspelled by one letter. Whoever entered it in the database spelled it as 'Tsarnayev.' When Tsarnaev flew to Russia in January of 2012 on his way to terrorist training, the system was alerted but the mandatory detention was not triggered. Because officers did not realize Tsarnaev was a high-priority target, he was allowed to travel without questioning."
Helpful links for intelligence community devs (Score:5, Informative)
soundex [wikipedia.org]
Levenshtein distance [wikipedia.org]
Hamming distance [wikipedia.org]
More like this, can't be arsed to go looking them up, though. Those were three I knew off the cuff.
transliteration (Score:5, Informative)
I wrote anti-terrorist software for banks. (Score:5, Informative)
I've written about this before; I used to write financial software for a living, and one of the requirements for a US bank was to provide a mechanism to detect transactions by an unauthorized person.
In short, the govt. provides a list of bad people in a text file. One name per line, all upper case, like it came out of an old batch system. We then check to see if the sender or receiver of any transaction /EXACTLY/ matches that string, case insensitive. If it's an exact letter-for-letter match, there's a flag that's set and the transaction is delayed, but it appears to go through as normal(*). What happens after that is the bank's responsibility, but that's the whole of the complexity.
Whoever made the list usually has a few variants of spelling; OSAMA BIN LADEN or OMASA BIN LADEN or OSMA BIN LADEN, for example. But that's it. Just spelling your name slightly differently is enough to avoid the flag. We're literally not allowed to add anything else, like soundex matching or handling foreign letters.
This is ~probably~ also how the TSA no fly list works, and why you still hear about false positives from time to time. It's also probably how any security works until it's been around for 20 years and they hire a contracting company to make them really good software that does what they want, instead of what they think they want it to do.
It just takes a very long time for software designed by a legislative committee with no technical awareness to morph into something usable, but that's government for you.
* - most transactions are not sent out until the end-of-day reconciliation anyway, so it looks like it's accepted like most other transactions, probably in a 'pending' state in your online balance - unless you're paying for a wire transfer or something.
Re:More lies from the Republicans (Score:2, Informative)
"on his way to terrorist training"
Bullshit! I can't believe the Republicans are still sticking to that lie to try to scare the general public. That is a complete and utter lie. Besides the ones the CIA runs, there are no terrorist training camps. They're trying, and failing(!), to try to convince us that terrorists are a problem when the Republicans are the problem.
You are trying to be funny, right?
I know that to most of you, Republicans are responsible for everything from circles-that-can't-be-squared to bad breath, but really, I assure you that they didn't invent Muslim nutso bombers.
Not just misspelled, but misspelled *differently* (Score:5, Informative)
Neither "Tsarnaev" nor "Tsarnayev" is the correct spelling; the correct spelling is "ЦÐÑнÐÌÐÐ".
As another commenter mentioned, utility companies solved this problem decades ago with technology like Soundex. Our intelligence apparatus is apparently crippled by incompetence, laziness, haste, provincialism, or all of the above.
Re:I wrote anti-terrorist software for banks. (Score:5, Informative)
Yes.
It's no longer making the news, but for a while it was a nearly-daily occurrence. It's just not a big media draw anymore, unless it impacts a politician or famous entertainer.
Re:Helpful links for intelligence community devs (Score:2, Informative)
So, Mr oBama would have a Levenshtein distance of 1 with oSama then? Good job there.
If you were comparing only someone's first name to only someone else's last name, sure.
Re:It was not misspelled (Score:5, Informative)
The US is not some loser nation with massive budget restrictions upgrading from paper files to imported super computers in the 1970's.
The US is not some loser nation with massive budget restrictions trying to find staff with language skills in the 1950's.
This is not Korea or Vietnam in the 1950-60's where the US gov did have to play catch up.
The USA did great work tracking the KGB/GRU and others within the USA for many decades and that took spelling skills and complex shared database work.
The USA did great work tracking the KGB/GRU staff changes... and that took spelling and database work too.
If the USA is having issues with Russian names in a US gov database after 2000++ - someone has ensured a name is protected/free to travel.
Re:More lies from the Republicans (Score:2, Informative)
Excellent point. I don't know why you've been modded as a troll. GP sounds exactly like Newsnight's Will McAvoy (Jeff Daniels).. the Hollywood fantasy version of a conservative who is "fed up" with how "real" conservatives have no options because their party has been "hijacked" by nutjobs.
It is really transparent.
Re:More lies from the Republicans (Score:2, Informative)
You gotta love this rewrite of history. Let's go back to when the Soviet Union was invading Afghanistan shall we...
It was Saint Ronald Reagan in office who proclaimed those very same people who later did the attacks as "freedom fighters" worthy of illegally diverting funds for arms (look up Iran-Contra Scandal). Every republican loves to trot out that old red herring "Since 9/11 we haven't been attacked again." completely ignoring who was in power on 9/11, the anthrax attacks and the sniper attacks at the time. If the TSA was truly effective, then the underwear bomber, the shoe bomber and yes, even the 9/11 attackers themselves wouldn't have made their way onto those planes to begin with since everyone of them were supposedly on watch lists...
The TSA is, and always has been, nothing more than security theater. It is 100% reactionary to threats that either were successful or attempted. Someone tries to put explosives in their shoes, we all have to have our shoes off. Someone tries to get explosives in their underpants, we all have to go through invasive searches of our private parts. Someone uses a sharp object to cut the throats of flight personnel, they take away nail clippers because they can be sharp. It is rumored that explosives can be in liquid form so they ban all liquids, even unopened bottled water.
I will agree with you on one point though, it was a FULL Congress that passed the Homeland Security Act and the Patriot Act. It was the FULL Congress that renewed it too. So in that regard it was both parties that enabled this shit.