Yes, there was a viable liquid bomb plot

Jury gives bomb makers benefit of doubt on target


So the verdicts are in - or not in. The "liquid bomb" plot trial is at least on hold, possibly finished altogether.

A British jury has decided that three men are guilty of conspiracy to murder and cause explosions, but refused to convict them of conspiring to blow up airliners in flight. A further four men have pled guilty to conspiring to cause a public nuisance, and the jury declined to convict them on murder or blowing-up-aircraft charges. These other four were never charged with conspiracy to cause explosions, never having been conclusively linked to bomb manufacture. A further defendant was found not guilty on all charges.

A lot of people will see these verdicts as proof that the "liquid bomb" airliner plot was never feasible. Sure, some of the accused were planning to cause explosions - they have admitted as much, saying they intended to let off a small bomb inside a Heathrow terminal as a political statement. But they say they never wanted to wreck planes in flight, killing innocents by the hundred. As they hadn't booked any tickets when they were arrested, a sufficiency of jury members believed they deserved the benefit of the doubt. The prosecution failed to show that their bombs were definitely intended for use aboard airliners.

Could the bombs have done that job, in fact?

The answer, unusually, is yes. The three convicted bombmakers - unlike other UK-based terrorists seen recently - had everything ready to assemble devices which would have had a good chance of getting through airport security as it then was. These devices would then have had enough power to at the very least severely damage a big jet.

There was no intention, as was first suggested, to mix up big charges of TATP in airliner lavatories, which would indeed have been impractical and foolish. Rather, the bombs' main charges would have consisted of a fairly safe, fairly inert liquid prepared before ever going to the airport - specifically hydrogen peroxide and Tang, put inside plastic drinks bottles with seals unbroken.

The men planned to keep the main charges separate from the detonators until just before explosion time, like good professionals. Concentrating hydrogen peroxide to a useful level from the stuff they sell for emblondening your hair is mildly hazardous, but only mildly - it won't detonate on its own. Once made and mixed, sealed up in a reasonably good pressure container like a plastic drinks bottle, it is acceptably stable. It'd take you a few tries to get the proportions right - just as it did the government boffins working for the prosecution, and Dr Sidney Alford working for Channel 4 - but once you know the recipe you can get reliable results. Carrying this sort of stuff about is no more dangerous than carrying a similar bottle of petrol: not something you'd make a lifelong habit of, but fine for a combat operation.

The detonators would have consisted of AA battery cases, emptied out and filled with hexamethylenetriperoxidediamine - HMTD. The bombmakers had hollowed-out batteries ready, and all the ingredients for making HMTD. Unlike the liquid main charges, the detonators - just like proper military ones - would explode properly if subjected to a good jolt of electricity or heat, not merely burn. They might also, just like military dets, go off merely from a sharp knock or other disrespect. That's why detonators are kept small, and why you don't put them in contact with the main charge until the last minute.

The bombers' special HMTD-filled batteries would also have contained flashbulb filaments. The intention was to connect these to the flash circuits of a normal camera, well able to deliver a sudden strong pulse of electricity. The camera could also be used to carry the modified battery/det through security.

A very alert airport baggage-scanner operator might spot the modified battery - it would look somewhat different from a normal one under X-ray - but it would be partly concealed by several others and by the case and circuitry of the camera, plus any other metallic items in the bag. The main shape of it - the outer metal case - would look right. The X-ray operator would have to be almost superhuman in alertness and skill to notice it.

Making HMTD and carrying it about is no joke. But, under this plan, you only ever handle small amounts. If you take basic precautions, an accident won't lose you your eyes or hands; won't destroy your car; won't even give you away unless it happens unluckily during the last part of the operation, in the airport or the aircraft.

A sensible bombmaker would always handle a small HMTD det using tongs or something (just as a sensible man doesn't let his fingers touch a normal det any more than he has to, and absolutely never encloses one in his hand). He would always avert his gaze, or wear industrial safety goggles. That way, if the HMTD went off spontaneously, he would get off with no more than superficial injuries and hearing damage.

The forensic-explosives boffins at Fort Halstead prefer to use a robot to handle HMTD, in fact - but they work with explosives every day, and they want to retire uninjured with faculties intact. A man who only has to handle explosives once, and who reckons to die doing so, wouldn't need any robot, nor even any tongs and safety goggles like the backstreet bomb maker. There's always a chance that HMTD will decide to go off for no good reason at all, but it's not that big a chance. Your correspondent, indeed, has heard tales of British policemen nonchalantly driving huge amounts of HMTD - several pounds, enough to destroy a car or gut a building - to Fort Halstead on the motorway back in the pre 9/11 era; only to have the receiving boffins turn pale and hastily evacuate the reception area on being handed the stuff.

Broader topics


Other stories you might like

  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading
  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • 1Password's Insights tool to help admins monitor users' security practices
    Find the clown who chose 'password' as a password and make things right

    1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.

    Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

    "We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.

    Continue reading
  • Cisco EVP: We need to lift everyone above the cybersecurity poverty line
    It's going to become a human-rights issue, Jeetu Patel tells The Register

    RSA Conference Exclusive Establishing some level of cybersecurity measures across all organizations will soon reach human-rights issue status, according to Jeetu Patel, Cisco EVP for security and collaboration.

    "It's our civic duty to ensure that everyone below the security poverty line has a level of safety, because it's gonna eventually get to be a human-rights issue," Patel told The Register, in an exclusive interview ahead of his RSA Conference keynote. 

    "This is critical infrastructure — financial services, health care, transportation — services like your water supply, your power grid, all of those things can stop in an instant if there's a breach," he said. 

    Continue reading

Biting the hand that feeds IT © 1998–2022