What do Scheveningen, Rødgrød med Fløde and Lollapalooza have in common? They are shibboleths, a term with biblical roots. Websters defines shibboleth as “a use of language regarded as distinctive of a particular group.” Just as you begin to wonder if you’ve stumbled onto a Linguistics Blog, know also that a shibboleth can be used as a verification tool in the context of a security threat assessment. It was used as a test to distinguish Gileadites from Ephraimites at a Jordan River crossing (Judges 12:6). Here are some examples:
Scheveningen is a seaport town; a district of The Hague in the Netherlands. During World War II, Dutch border patrol guards would require travelers whom they suspected of being German spies to pronounce this name (link to listen: Scheveningen); something a native would have no trouble with but … even an advanced non-native Dutch speaker might not get just right.
Similarly, Rødgrød med Fløde – a delicious berry pudding Danish dessert – presents a real tongue twister that sounds like a whistling gargling mess to us non-Danes (link to listen: Rodgrød_med_fløde). Whereas a native Dane’s ear can easily identify one of its own.
The term Lollapalooza was likewise used during World War II by some U.S. soldiers in the Pacific to test potential enemy infiltrators, not only because the “L” sound does not exist in the Japanese language but because it’s a very American colloquialism with which even a well-prepared spy may not be familiar.
The value of the shibboleths are that both criminal and terrorist attacks often involve the adversary trying to pretend to be someone they are not. To avoid suspicion or capture, they need to blend in while conducting surveillance, collecting information, attempting infiltration and otherwise preparing their plot. Suspicious circumstances or behavior may draw a security officer’s attention to a person. But once a suspicion has been detected, how to determine its validity? Knowing how to test a given identify is a vital threat assessment tool.
The use of cover stories and many tools for detecting and testing them are covered in Chameleon’s newest offering: Principles of Proactive Security. This 3.5 hour interactive, video presentation takes you into the classroom to learn about the difference between risk and threat-based security, security systems that are proactive versus reactive, use of red teaming in quality assurance, mules, the criminal justice perspective on security, and much much more. Please link here for more information about this fantastic training.