Placebo bomb detectors

January 22nd, 2010 at 23:56 UTC by Markus Kuhn

A few days ago, BBC2’s Newsnight approached me to have a look inside what might have been some kind of smartcard, but had long been suspected to be part of a simple-minded and dangerous fraud that may already have cost lives.

Background: The Iraqi army (among others) has bought for millions of pounds ADE651 devices, which according to the vendor’s website can detect almost any substance of interest to the military (explosives, banknotes, drugs, etc.) even kilometres away. The devices contain no power source (“powered by the user’s static electricity”, no battery), resemble very much a dowsing rod, and generally leave much to be desired regarding a plausible operating principle or performance in repeatable double-blind trials. There are several such military dowsing rods on the market. The ADE651 distinguishes itself by being “programmable” with a plastic card that can be inserted into the unit to select the substance to be detected. Having already established that the card reader end was just an empty box, the BBC team wanted to know whether there is anything inside these programming cards.

They provided me with a few sample cards, which when held against a bright light showed in the centre the outline of what might be a loop antenna, similar to those used in RFID tags designed for short-wave frequencies.

I opened some of these cards by first heating them on a 60 °C hotplate to soften the glue that keeps the two layers of the laminate together and then slowly cut them apart from all sides, parallel to the card surface, using a sharp utility knife. About 16 mm from the centre of the cards, I encountered instead of glue an inserted 32 mm x 32 mm large paper sticker, and the card layers fell apart there easily. This paper sticker looked very much like it was designed to be used as part of an RF electronic article surveillance system, which is attached to goods in high-street shops and raises an alarm at sensors near the exit door if the tag hasn’t been deactivated at the till. Several observations confirmed this:

  • The barcode looked very similar to the UPC one used by scanner tills in shops, but it was misaligned, the check digit of the number (048572 020000) was incorrect, the prefix of the number had been chosen such that it was not assigned to any country in UPC, and the barcode didn’t even match the number. All this suggests that the barcode is just carefully designed camouflage, to hide the real purpose of these stickers when used in shops, without the risk of being accidentally recognized at a checkout scanner. A member of the Newsnight team even found in a Currys shop an item with a security tag that had the exact same 8-digit number under the fake barcode.
  • I cut away the remaining card plastic and used solvent (white spirit, ~80 °C) to dissolve the glue underneath the sticker. After a short time, the sticker paper with the barcode separated and revealed underneath a laminate of aluminium foil and transparent plastic foil. The aluminium was shaped into a coil. The coil centre had been folded out to form two plates of a capacitor. This was clearly meant to be a simple LC resonator, shaped exactly like the ones that RF electronic article surveillance systems near shop doors detect.
  • I first used my fingers to find any hints of a semiconductor chip or other electronic component in the laminate, and could not feel any. To be completely sure that there was no chance of there being any semiconductor chip inside that I might have missed, I left the laminate overnight at room-temperature soaking in white spirit, such the remaining glue dissolved and all layers of the laminate came apart easily and completely. Another careful inspection of all surfaces and the solvent showed again no trace of any form of semiconductor device or other integrated circuit than the capacitor and coil formed by the aluminium foil.

All this left me very confident that the sticker was indeed a security label with fake barcode that had no capacity to be programmed with any other information than being deactivated at a shop till by a strong RF field (which shorts out the capacitor by breaking down the foil dielectric). There is no way in which this device could be programmed to distinguish the many different substances that the ADE651 manufacturer claimed it could, not to mention that any useful interaction with such an LC circuit would require a transmitter antenna, a power source, and lots of other components that the ADE651 appears to lack. And, to state the obvious, there is no way in which an anti-theft RF tag, like I found in these cards, could be able to help in detecting explosive substances such as TNT (as the Arabic letters on the card had claimed). I strongly suspect that these tags have been chosen because they are the cheapest and most easily available items that look vaguely electronic and are flat enough to fit inside a plastic card.

See the BBC News coverage and the BBC2 Newsnight programme on 22 January 2009, 22:30 for the full story.

Entry filed under: Hardware & signals, News coverage, Security economics

11 comments Add your own

  • 1. Zygmunt Lozinski  |  January 23rd, 2010 at 01:43 UTC

    The BBC World Service News [01:00 GMT Sat 23 Jan 2010] is reporting the arrest of Mr McCormick on fraud charges.

    UK newspapers The Guardian, Independent, Daily Mail and Times are also reporting the arrest on their web sites.

    Boss who sold bomb detectors to Iraq arrested over fraud, The Guardian, 23 Jan 2010

    Head of bomb detector company arrested in fraud investigation, The Independent, 23 Jan 2010, attributing Markus’ quote from the BBC story to Sidney Alford.

    Bomb detection firm head arrested for fraud over claims device sent to Iraq were useless, The Daily Mail, 23 Jan 2010. Quotes Markus Kuhn.

    Head of ATSC bomb detector company arrested on suspicion of fraud, The Times, 23 Jan 2010.

  • 2. saar  |  January 23rd, 2010 at 17:12 UTC

    The Amazing Randi sets the record straight following McCormick’s arrest…

    http://www.randi.org/site/index.php/swift-blog/844-randi-responds-to-the-arrest-of-james-mccormick.html

  • 3. gerhard  |  January 24th, 2010 at 00:37 UTC

    General in charge seems to have strongly endorsed this device at one stage…

    http://www.nytimes.com/2009/11/04/world/middleeast/04sensors.html

  • 4. Turing's Machine  |  January 24th, 2010 at 15:43 UTC

    well done guy’s.

    cool i knew i had seen your selves before.

    but there still seems to be rubbish float around about that report mainly people seem to think those resonant circuit things are RFID.

    any fool pull something like that apart can see it a capacitor.

    hell you can even fool those type of security systems with a piece of coiled wire.

    (hehe had some fun with that i can tell yer)

    why the arlm bells did start ring when they made a clame about static electrity is beyond on me.

    Even someone with basic electronic knollage woul knows how sensitive they are.

    what’s more puzzling is why this guy was taken seriously.

  • 5. Nicholas Bohm  |  January 24th, 2010 at 16:19 UTC

    This is reminiscent of George De La Warr’s “black box” from the 1950s. I heard him speak about it, and he was very convincing although no doubt speaking utter tosh.

    See http://www.answers.com/topic/earl-de-la-warr under “Occultism & Parapsychology”.

    Not much in the world seems new, especially gullibility.

  • 6. now_here  |  January 25th, 2010 at 08:26 UTC

    hmm, looks like all their sites are down:

    http://www.ade651.com/
    http://www.prosec.com/Adds/ADE_651.mpg
    http://www.atscltd.co.uk/

  • 7. Steven J. Murdoch  |  January 25th, 2010 at 10:57 UTC

    Readers outside of the UK may be interested in the YouTube version of the video: http://www.youtube.com/watch?v=rQMwXo1SSVo

  • 8. Clive Robinson  |  January 26th, 2010 at 16:53 UTC

    Steve,

    A simple question for you,

    Why did you not GDO it and have a look at the power spectrum?

    It would have told you immediatly if there where any semiconductor junctions etc attached to the coil.

    Also RFID’s generaly show up not just on the resonance but also because they take significant load (to charge their little PSU cap).

    Also once upon a time most but not all RFID’s transmited a “blind signal” on sufficient power being available. Such signals are usually seen as modulation on the carrier etc.

    Mind you sitting over beakers full of hot solvent might be a fun way to spend an afternoon if you have a fume cupboard. Even more fun if you don’t ;)

  • 9. Clive Robinson  |  January 26th, 2010 at 17:37 UTC

    To answer the question of how come they got away with it is actualy quite easy.

    If you assume it was a con from the outset then the customers where “marks”. All usefull “marks” have failings vanity etc etc in much the same way the Emp got his new coat etc.

    The simple fact is those who make purchasing choices for Governments usually did not get where they are by being technicaly sophisticated but by playing polotics in one way or another. Surprisingly being effectivly “minor con artists” makes them very suseptable to more acomplished con artists.

    As the person running the con you need credability and a handy set of analagies to things people only vaguly understand.

    Dowsing is perfect for that virtually everybody has heard of it in one form or another so give it some “Quantum Spin up”, chuck in a few book refrences to the likes of Roger Penrose, Seth Lloyd etc and you have instant scientific credability.

    The thing is people want to belive in the super natural be it ESP, Dowsing, Ghosts or Gods.

    You just provide a way to channel their belifes…

    As for dowsing I keep an open mind and open eye for it. Sadly there is a limited amount of scientific information / investigation so it is at best fringe, which makes for fun reading.

    That being said you can spin up a bit of a theory about it,

    In essence it is said to be like a “gut reaction” that is a way for the subconcious mind to break through to the contious mind via a bio-feedback mechanisum.

    Thus you concentrate on the dowsing rods, which occupies your concious mind whilst your periferal visson keeps feeding your subcontious mind to pattern match etc. This works the same way the hind brain that responds to movment so you “run up a tree before you actualy see danger”.

    The argument goes on that people see “subliminal details” that the concious mind filters out. Thus slight differences in crop heights and colour indicating buried objects etc (this later part is true as aerial photography and plant ash spectroscopy have shown if you know how to look then buried objects do effect crops).

    The argument goes on that “local knowledge” and “previous experiance” are paramount as they have educated the hind brain etc which patern matches to what it has learnt. The difficult bit is for it to get it’s message across to the concious mind.

    You then have the obvious learning asspect you see with people with mechanical items such as push bikes and cars.

    Now you can see this effect in progress with a device not to similar in operation to a gold leaf electroscope. what you need is two cupro-nickle spheres with additional rare earth elements. They magneto achostic nature of such spheres makes them susceptable to certain alternating magnetic fields. However they need to be screend from other fields such as alternating preasure waves propergating across the spheres. On method to reduce this effect is to use an organic pouch made of the dermis of certain mamailian creatures.

    So if you want to buy a pair of brass balls in a skin ball bag I’m sure I can find you some 8)

  • 10. chris  |  March 21st, 2010 at 11:45 UTC

    Another rip-off version, … this time from Germany ;-)

    http://www.hazard-detection.com/

    They claim that THEIR device works … of course … LOL

  • 11. Markus Kuhn  |  December 13th, 2011 at 12:32 UTC

    Dale W. Murray from Sandia National Laboratories presented a paper Unproven screening devices threaten the lives of police and military at the 2010 IEEE International Carnahan Conference on Security Technology (ICCST), providing more information on the history of these devices.

Leave a Comment

Required

Required, hidden

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe to the comments via RSS Feed


Calendar

January 2010
M T W T F S S
« Dec   Feb »
 123
45678910
11121314151617
18192021222324
25262728293031