DHS deploys undercar Kraken tentacle-bombs

'Inspired by Spiderman and giant squid'


Contractors working for the US Department of Homeland Security (DHS) have developed an innovative remote controlled car-stopping landmine using technology inspired by giant squid, Spiderman and extending party squeakers.

The new tentacular vehicle trap is known as SQUID, for Safe Quick Undercarriage Immobilization Device. It is the brainchild of Martín Martínez, president of Arizona-based Engineering Science Analysis (ESA) Corporation. ESA developed the SQUID under the auspices of the DHS Science and Technology directorate small-biz programme.

"SQUID was inspired by a sea creature and a superhero," says Martínez. DHS S&T boffins see it as the answer to that age-old question:

"What if — like sea monsters of ancient lore — a trap could reach up from below to ensnare anything from a MINI Cooper to a Ford Expedition?"

The Spidey/cephalopod combo bomb comes in the form of a round canister about the size of a largeish pie or cake. A policeman or other minion of the state can lay it in the path of vehicle-mounted miscreants, terrorist suicide bombers, wouldbe huddled masses attempting to illegally live the American dream, etc.

Having retired to a safe distance clutching his SQUID remote, the copper arms the device. Half a second before the speeding malefactors pass over it, he triggers it. A gas cartridge similar to that in a car airbag fires, unrolling barbed straps in all directions using a design modelled on that of kids' party squeakers.

As the tyres pass over the straps, the barbs dig in and the straps wrap around the axles. Meanwhile a second charge, triggered by engine heat passing overhead, deploys "sticky tendrils" from the canister, now beneath the vehicle.

The tendrils ensnare the trailing ends of the wheel-barb straps, causing them to wrap around any central driveshaft in the case of rear-wheel-drive vehicles. The tendrils and straps then break away from the canister, leaving it in the road.

The straps tighten as the wheels keep turning, and the tendrils stretch, gradually absorbing the vehicle's kinetic energy and bringing it to a halt within 500 feet according to the DHS S&T people.

The SQUID is reckoned to be better than ordinary tyre-bursters as it brings a vehicle to a halt more surely and under control. It beats current elastic barriers, too, which can't stop the massive pickups and four-wheel-drives favoured by many American villains. However, the federal moto-kraken designers admit it still needs work.

"We must make it lighter," says Mark Kaczmarek, DHS Q-branch official in charge of the SQUID programme. "Also, more affordable, so it becomes the stopper of choice, regardless of budget."

There's more on the SQUID courtesy of the current edition of DHS inhouse journal S&T Snapshots here. ®


Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • India extends deadline for compliance with infosec logging rules by 90 days
    Helpfully announced extension on deadline day

    Updated India's Ministry of Electronics and Information Technology (MeitY) and the local Computer Emergency Response Team (CERT-In) have extended the deadline for compliance with the Cyber Security Directions introduced on April 28, which were due to take effect yesterday.

    The Directions require verbose logging of users' activities on VPNs and clouds, reporting of infosec incidents within six hours of detection - even for trivial things like unusual port scanning - exclusive use of Indian network time protocol servers, and many other burdensome requirements. The Directions were purported to improve the security of local organisations, and to give CERT-In information it could use to assess threats to India. Yet the Directions allowed incident reports to be sent by fax – good ol' fax – to CERT-In, which offered no evidence it operates or would build infrastructure capable of ingesting or analyzing the millions of incident reports it would be sent by compliant organizations.

    The Directions were roundly criticized by tech lobby groups that pointed out requirements such as compelling clouds to store logs of customers' activities was futile, since clouds don't log what goes on inside resources rented by their customers. VPN providers quit India and moved their servers offshore, citing the impossibility of storing user logs when their entire business model rests on not logging user activities. VPN operators going offshore means India's government is therefore less able to influence such outfits.

    Continue reading
  • Google battles bots, puts Workspace admins on alert
    No security alert fatigue here

    Google has added API security tools and Workspace (formerly G-Suite) admin alerts about potentially risky configuration changes such as super admin passwords resets.

    The API capabilities – aptly named "Advanced API Security" – are built on top of Apigee, the API management platform that the web giant bought for $625 million six years ago.

    As API data makes up an increasing amount of internet traffic – Cloudflare says more than 50 percent of all of the traffic it processes is API based, and it's growing twice as fast as traditional web traffic – API security becomes more important to enterprises. Malicious actors can use API calls to bypass network security measures and connect directly to backend systems or launch DDoS attacks.

    Continue reading

Biting the hand that feeds IT © 1998–2022