Many questions remain regarding the March 7 disappearance of Malaysia Airlines flight 370. This is quite understandable because it is highly unusual for a modern airliner to crash suddenly without an emergency call or some other indication of a problem. Several things could have caused such an accident: a mechanical problem like the fuel tank explosion aboard TWA flight 800 in 1996, a small mechanical issue and fatal pilot error like in Air France 447 in 2009, an intentional attack like in Pan Am flight 103, or simply bad weather. If the airliner did indeed crash into the sea, it may be some time before investigators are able to determine the cause of the incident.
As investigators scramble for clues, many people focused on the fact that two of the passengers on the flight appear to have been traveling on passports previously reported stolen — meaning imposters, rather than the true owners of the passports, were on the flight. In and of itself, this is not positive proof that terrorism caused the disappearance of the flight. Passport fraud is a very common crime committed for a variety of reasons. Indeed, reports now seem to indicate that the two men were Iranian citizens seeking asylum in Europe.
While passports have been in existence for centuries now, since the early 1900s passports have become necessary for international travel as a way to identify and control who is entering or departing a country. But ever since such requirements were put into place, some have sought to elude such controls for any number of reasons. Passport fraud has always been a staple of espionage tradecraft, and it is frequently practiced by a host of other criminals including human traffickers, drug smugglers, arms merchants, money launderers, fugitives and pedophiles. While terrorist suspects frequently use passport fraud, only a very small percentage of the people who commit passport fraud do so for the purpose of terrorism.
Early passports were fairly simple and therefore easily counterfeited or altered. Many did not even have photos attached, so it was quite easy to travel on someone else’s passport without having to alter it. Registers of lost or stolen passports — and indeed registers of legitimately issued passports — were not integrated and had to be hand-searched. This made it very easy to travel on fraudulent documents without being caught.
In response to rampant document fraud, countries began to incorporate security features into their passports (and visas) to make them more difficult to counterfeit or alter. However, even as these measures were first put into place, passport databases were still rudimentary, and it was not possible for a check at a border post to determine if a passport had been legitimately issued, much less lost or stolen. It was also still possible to travel on counterfeit documents that were able to replicate many of the early security features.
In the 1960s and 1970s, governments began to institute increasingly sophisticated security features such as watermarks, microprinting and tamper-resistant security films to cover photos and data pages. In the 1980s, they began to make machine-readable passports and visas that were easily scannable digitally and checked against databases. More recently, governments have begun to embed high-tech security features such as RFID chips inside passports. The RFID chip contains a photo of the passport holder and information about the passport. This has made it much more difficult for people to substitute the photos on genuine passports with their own photos, although RFID chips can still be hacked and altered.
The advent of passport databases
But beyond these security features, one of the greatest obstacles to passport fraud today is the institution of integrated databases that can flag lost or stolen passport numbers and determine if the biographic information in a passport matches that in the database. This forced even high-end document counterfeiters, such as intelligence agencies, to have to clone an existing passport (to match one already appearing in the database) rather than create a counterfeit with a unique number not in the database or a name that does not match the number it is assigned to.
Passports have always been a valuable commodity because they provided document vendors with stock to alter or clone. Traditionally, these passports were either stolen by thieves or purchased from their holders in exchange for drugs, sex or money. However, the advent of integrated passport databases made stolen passports less useful for entry into countries with good passport databases that can flag stolen passports. There are still some countries in which airport points of entry are computerized but some land and sea borders are not. Stolen passports or medium-grade counterfeit passports can still be used in such places, especially if accompanied by a small bribe.
But in the current day, with sophisticated passports and integrated databases containing not only passport information but also biometric information such as fingerprints, it is becoming increasingly difficult to enter the United States or a European country on a photo-substituted or counterfeit passport. One way that document vendors have adjusted to this is by finding people who will provide their passports for use without reporting them as stolen. We have seen this happen in Israel, where Jewish citizens of other countries have given the government of Israel their passports to use for intelligence purposes. These passports can then either be cloned (a clone is a high-quality counterfeit in which even the RFID chip has been duplicated with the biometric information of the new holder) or used by people who closely resemble the person to whom the passport was originally issued.
Sophisticated document vendors have implemented this same tactic. They have created large international networks to obtain genuine passports inside their country of origin by paying people such as petty criminals and drug addicts to obtain passports even though they have no plans to travel overseas. In this manner, they can obtain large libraries of passports. When a client requests a passport from them, they are able to check through the library and find a passport with a photograph resembling the customer. With some minor adjustments such as hair color, facial hair or glasses, they are then able to adjust their customer’s appearance to match the photograph on the passport even more closely. Such a high-end impostor passport will cost tens of thousands of dollars. But not all impostor cases are high-end.
During my career as a Diplomatic Security Service special agent, I investigated some impostor passport fraud cases in which the attempts to look like the passport holder were actually quite comical. For example, I had one case in which an 18-year-old Guatemalan with no facial hair donned a false mustache in an attempt to pass himself off as a 60-year-old gray-haired, mustachioed Caucasian American.
Coming back to the Malaysia Airlines case, it is not at all unusual for there to be two individuals on a flight out of Kuala Lumpur travelling on fraudulent documents. Places like Bangkok and Hong Kong have been document vendor havens for many decades, and fraudulent documents are not hard to obtain in Asia. Furthermore, there are many who want to travel from Asia to Europe for criminal purposes like espionage or drug trafficking or for human smuggling, apparently as is the case here. The Malaysia Airlines disappearance has temporarily cast a media spotlight on passport fraud, but long after that attention slips away to other matters, passport fraud will continue.
Republishing by The Manila Times of this Security Weekly article is with the express permission of Stratfor.