I’ve wondered about guilloches (the Wikipedia spelling “guillochés”, with an accent, can’t be right, as the E is silent) before. As I understand it, their use as a counterforgery measures comes from the fact that printing plates are made by engraving metal. In the case of guilloches, the burin that cuts the grooves is controlled by a spirograph-like mechanism that contains several interacting wheels, and even slight differences in the sizes of these wheels will lead to noticeably different patterns in the end result.
That all sounds well, and I don’t know how easy or difficult it is, mathematically, to reverse-engineer the exact set-up of the wheels from the resulting pattern (which is what a forger would need to do). I have noticed, however, that guilloches are used much less nowadays than they used to; and even where they are used, I think it’s more as a decorative pattern, and a patterm which in people’s perception is intuitively linked to banknotes or negotiable instruments - that is why you will, for instance, often see them on advertising coupons and the like, because the use of guilloches creates the impression of a valuable document. But to my knowledge, as a serious security tool they’re outdated. If they weren’t, I would expect to see them much more on banknotes than one does contemporaneously.
Once the forgery is produced via some variation of photography, being able to recreate the wheel-driven engraving process is no longer necessary. All that’s necessary is to be able to detect and reproduce the shape of the resulting lines at sufficient resolution to avoid visible pixelation.
Which reminds me of this:
The best way to defeat an opponent’s defenses (whatever they may be) is not via frontal assault. It’s by bypassing those defenses altogether. Successful attackers are always “thinking outside the box”.
I expect that the spy movie stuff still holds up ok, but not as seamlessly as it might have in the past. There are still lots of uses of a fake passport that aren’t going to be validated by a database hit. You still want to be able to get a hotel room or a rental car, and you need real-looking id for that, but even in the most advanced countries, there are small operations that don’t have networked computerized systems for logging customers.
I think we can assume that the stash of passports has a valid travel history that the spy knows. It could be generated semi-tediously by using the passport to travel to the safehouse and then leaving it there, or by the safehouse existing in the issuing country (or if it’s Europe, in any Schengen Area country). This might be a little tedious, but if the passports are cover identities used for normal spy stuff and not just bug-out contingencies, then it’ll just be normal operational procedure to give them travel histories.
There are also still lots of countries and (I think even in developed countries) ports of entry that don’t scan passports, so all you have to do for those is fake a stamp.
How many teeth can you realistically fit onto a single gear? Just do a brute-force search of every combination of gear sizes (gear size being defined as the number of teeth), until you find the one that matches.
I think you underestimate the total number of possible combinations.
Just for a start, “gear size being defined as the number of teeth”, I don’t think so. There’s absolute size, too. You might produce an identical shape of curve, but 25% smaller.
OK, once you get the identical shape of curve, but 25% smaller, you just scale everything up 33%. That’s so easy that I didn’t think it even merited mentioning.
The heck with the spirograph argument - photograph the original and you have a perfect copy. Old banknotes used to have this micro-engraved print on the theory that few people had the tech to reproduce it - but with modern photography techniques, and unlimited budget, it is not difficult to reproduce. The more interesting technique nowadays is variations in colour inking instead of solid colours. Also, holographic inserts, etc. None of these are insurmountable for countries that probably make their own similar documents. We can do micron-sized lithography for integrated circuit chip making, I’m sure barely visible type is nothing difficult.
Recall that the Germans in WWII thought they could destabilize British currency by printing and dropping 5-pount notes (the money that is, they weren’t heavy). They produced notes indistinguishable from the real ones - but failed because the British people simply picked them up and turned them in.
It’d take me a few days of work, which is more effort than I’m willing to put in without pay, on a triviality like that. But it’s well within reach of a government to pay someone for a few days of work, especially since the person they’d be paying would be much more skilled and experienced in this sort of thing than I, and hence could do it quicker.
That would be because most people wouldn’t normally see a five pound note. They would have trouble spending it in most shops anyway - Once it became known that there were forgeries about, it would be impossible. I doubt that many Americans in the 1940s saw a $100 bill either.
I guess it depends what the the currency was worth - what was a typical weekly wage at the time?
When I was a kid, about 1964 I think, I found a $10 bill in the ditch along the road. That would be like $100 today, going by the fact that minimum wage at the time was less than $1 and now it’s over $10 in most provinces. OTOH, $10 bills were pretty common in the 60’s. We just don’t use currency for most large purchases nowadays. (The Saturday matinee was 25 cents, I was astounded that Mutiny on the Bounty when it came out back then was 75 cents children’s admission; what’s a first-run movie cost today? A bottle of Coke had just gone from 10 cents to 12 cents, including the two-cent bottle deposit. And that’s 1963, twenty years after WWII.)
I’m not an expert, but I believe that most of the keyfob-type authentication things are (as far as we know) beyond anyone’s ability to duplicate. (There are some implementations that can maybe be duplicated if you have physical access to them for many hours, and there may be other vulnerabilities we don’t know about in particular models, etc. but the main point stands). A human can’t look at one and know it’s the one issued to John Smith, but a computer could.
Where I live (South Australia) the state government has taken to issuing digital versions of licenses and ids. So drivers licences, proof of age, certain professions. I’m sure they are not unique in this.
The neat trick is that the licences are displayed on a smartphone app which can verify a license. If you have a license and want to have it validated, you show the app screen to the person that wants to validate the license. The app screen show you license details, and a barcode. The barcode is generated by a central database the app connects to, and is good for 30 seconds or one enquiry. The other person uses the same app running on their phone to scan your screen, it interrogates the same database, and gets confirmation that the presented license or ID is good.
Defeating this aspect is not going to be trivial, and assuming that solid enough end-to-end encryption is used when making a validation enquiry, basically impossible to spoof.
The weakness is in the mechanism used by the license holder to validate with the backend server. Breaking password protection would enable access to a license. Still not counterfeiting of a license, but misuse of a real one.
So this probably comes as close to being impossible to create a counterfeit ID with as is needed, and has been in general use here for a few years.
The other weakness is that not everyone accepts the digital ID. One of the more ridiculous ones is the post office. The postal service is a federally owned business, and they are not playing ball with the state based initiative. So I still keep my physical drivers licence in my wallet.
Lacking internet bank transfers, cash was then a common way of transferring money. I know that my ancestor thought that $100 bills were a normal thing, and everything he thought was normal was rooted in the 1930s.
One of the wikileaks cache was a training manual for CIA covert activities and it said as far as passports were concerned, they were used to get into third countries, not the country of ostensible passport issue.
Let’s say, Agent A, of Country B, needs to get into Country C. So instead of using a fake passport of Country C, he will use one of Country D, since citizens of Country D get less scrutiny and the chances of being caught are much less.
One thing I think everyone is missing including in @Francis_Vaughan excellent post is that unlike more forgers, Intelligence agencies, and other organizations serving nation-states know exactly how certain security features operate and the procedures expected to be used.
For instance, an intelligence agency needing access to the US knows both what US passports security features are and what the standard checks at borders enatil.
Plus the identity only needs to be good enough to withstand the expected scrutiny. A US passport good enough to defeat FBI counterintelligence? Ok that might be difficult. Past the Customs guys at JFK? Childs play.
Yup. And if you look at it, most forms of identification are based upon a superstructure of other earlier identification, ones which are less secure. For instance, a passport is based on a birth certificate. Having a super-duper secure passport does not help you much if it’s based on an easily forged birth certificate. Why bother making fake passports for your agents when you can secure fake birth certificates for them and apply for and get a honest to goodness real passport.
Agree. That example was certainly a staple of crime/espionage fiction until fairly recently. But maybe not much longer.
What has probably changed in the last 20-ish years for most major countries, is the degree to which other ancillary info is looked at. E.g. If I present a forged birth certificate from the 1950s as evidence to get a US passport today, they’ll do some poking around in open source and in government databases. If I’m claiming to have been a US resident the last 60-some years and I’m simply invisible in every one of those databases, my application is going to get more extensive scrutiny.
Whereas back in e.g. 1970 or 1950, some clerk would look at the birth certificate and if regular on its face, would type up a shiny passport, glue on the applicant’s picture, and hand it to the applicant.
Operation Bernhard. Note that while the original plan of the Nazis was indeed to drop counterfeit pound notes above the UK, they didn’t actually end up doing so; rather, they used these notes to buy black market goods and to finance clandestine operations of German spies abroad.
Yes, absolutely. Of course, identity theft is a much more sophisticated and prevalent crime today. These days the Russians can just steal some schlubs identity for your agents. Since most people discover identity theft only when it affects them adversely, for instance, their back account gets cleared out, the FSB just ensure that the agent and the actual person never interact.