VIDEO: Elevator Hacking: From the Pit to the Penthouse by DeviantOllam

From the video’s description:

Throughout the history of hacker culture, elevators have played a key role. From the mystique of students at MIT taking late-night rides upon car tops (don’t do that, please!) to the work of modern pen testers who use elevators to bypass building security systems (it’s easier than you think!) these devices are often misunderstood and their full range of features and abilities go unexplored. This talk will be an in-depth explanation of how elevators work… allowing for greater understanding, system optimizing, and the subversion of security in many facilities. Those who attend will learn why an elevator is virtually no different than an unlocked staircase as far as building security is concerned!

While paying the bills as a security auditor and penetration testing consultant with his company, The CORE Group, Deviant Ollam is also member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. Deviant runs the Lockpicking Village with TOOOL at HOPE, DEFCON, ShmooCon, etc, and he has conducted physical security training sessions for Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the United States Military Academy at West Point, and the United States Naval Academy at Annapolis. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th.

Howard Payne is an elevator consultant from New York specializing in code compliance and accident investigations. He has logged over 9,000 hours examining car-tops, motor rooms, and hoistways in cases ranging from minor injuries to highly-publicized fatalities, and has contributed to forensic investigations that have been recognized by local, State, and Federal courts. Howard has appeared on national broadcast television making elevators do things they never should. When he’s not riding up and down high-rise hoistways, he moonlights as a drum and bass DJ and semi-professional gambler. His favorite direction is Up and his favorite elevator feature is riot mode.

Kenya Mall Shooting - Why It Went All Wrong & What We Can Do To Be Better

Yesterday, the New York City Police Department released a report from its SHIELD initiative about the Kenya mall shooting/terrorist attack. It was a pretty damning report to say the least. Before we talk about the report, let's talk about SHIELD is and why that's important to understand in the context of this report. SHIELD is the NYPD's homegrown information-sharing component with private sector security. It provides analysis on current and future threats. I've previously read some of SHIELD's reports. Some were good and some were typical of fusion center reports - some meat and some potatoes but not a full meal. This report was driven, in part, to go over what NYPD and private security could learn about what happened in Nairobi. There was plenty.

There were some startling revelations:

1. Kenyan police were VASTLY outgunned. The report states, "The typical Uniformed Kenyan Police Officer is not as well equipped as their western counterparts, typically only carrying a long gun, most commonly an AK-47 style rifle with a folding stock, loaded with a single 30 round magazine. They do not carry handguns, wear body armor, gun belts or have portable radios to communicate." Each of the terrorist were carrying 250 rounds of 7.62 mm ammunition. Lack of body armor and radios to communicate resulted in fratricide. More on that later.
2. Responding plainclothes officers were also outgunned and had no visible identification. Remember what I said about fratricide? From the report: "Very few of any of the plainclothes law enforcement first responders displayed any visible law enforcement identification such as a badge, arm band, ID card or  a raid jacket, making identification as “friend or foe” extremely difficult for other armed first responders."
3. Realizing the police were outgunned, Kenya made the incident response a military matter. That's as bad as it sounds. The report says, "Kenyan government officials decide to transfer the handling of this incident from the police to the military. A squad of Kenya Defense Forces KDF soldiers enters the mall and shortly afterwards, in a case of mistaken identity, the troops fired on the GSU-RC Tactical Team.They kill one police officer and wounding the tactical team commander. In the ensuing confusion both the police and military personnel pull out of the mall to tend to the casualties and re-group."
4. Responding military forces used an RPG-7 as a room clearing tool. I kid you not. And the destruction was insane. "It is reported that at some point during the day the Kenya Defense Forces decided to fire a high explosive anti-tank rocket (possibly a RPG-7 or an 84mm Recoilless Rifle) as part of their operation to neutralize the terrorists in the Nakumatt Super Market.The end result of this operation was a large fire and the partial collapse of the rear rooftop parking lot and two floors within the Nakumatt Super Market into the basement parking."
5. It is possible the terrorists escaped in part because the Kenyan security forces failed to secure a perimeter. It is rather elementary for the very first thing Western police do in these scenarios is to lock down the perimeter. No one comes in or out unless they can be positively identified as a "friendly". This credentialing occurs by checking IDs and only first admitting law enforcement and first responders to exit upon verification.
6. The mall employed unarmed officers who performed unsatisfactory "wand searches". This is irritating to say the least. Why? Unarmed officers are appropriate for certain environments and are the way to go in most environments. However, in high value targets, such as mass gathering locations in places like Kenya, I would have used an armed component. Armed officers are not only armed but can be equipped with radios and are usually uniformed. This makes identifying them for law enforcement somewhat easier. Also, armed officers can do things unarmed officers can't due to safety concerns such as locking down perimeters and evacuating victims.
7. Wand searches are weak. I dislike them with a passion. Why? Officers get tricked into believing a search was "good" because the wand didn't annunciate. This is all kinds of bad. A search should be thorough in high value targets. If you're going to employ officers and have them search, have them be thorough and do it without a wand. I would use the wand only in environments where I had other search mitigators in place such as backscatters or X-ray search devices.

So what does this attack teach us in the West?

1. The desire of terrorist groups to attack mass gathering locations is still very alive.
2. Places like malls should consider Kenya to be a warning. If you're in mall security, I highly suggest going over your active shooter plan and rehearsing it on a fairly regular basis with local police departments and simulated shooters. In these exercise, test not just your ability to minimize casualties but to also test your security apparatus under stress. This is best accomplished by "killing" responders, taking hostages, attempting escape, and causing confusion among responders. Get your people used to chaos in these scenarios.
3. Never do wand searches at high value targets and test your people regularly. I've gone over why I think wand searches are bad. So let's examine why you should test and train your searchers regularly. Searching is one of the most important yet often neglected security components. We usually pick rookies and the "lowest common denominator" to do this function because it's "easy". Doing good and thorough searches that you can go to sleep easy with at night are not easy. Searchers should be trained on subject "tells", physical characteristics of forbidden items by touch, sound, smell, and sight, the tools they can use to do searches better, etc. They should also be regularly "red-teamed" which is to say you should have a non-attributable person walk through security and see what they can get through. When they're done, they should report to management their findings.
   
   Here's a video I did on how I would search bags:
   
   
4. CCTV and analytics are EXTREMELY important to an active shooter scenario. There are several takeaways from what we learned about CCTV and the lack of analytics in Nairobi. First, CCTV coverage was spotty in some areas. Also, the CCTV coverage was easily identified and avoided by the terrorists. We also know while they had remote viewing capability, it was five miles away and more than likely not cross-fed into the police. While a CCTV monitor can't identify every threat, video analytics can alert them to suspicious activity. At the very least, consider it an option.
5. Garages and parking lots should be regularly patrolled. While there was a guard posted at the entrance of the garage, had a response element been closer by, they could have locked the exterior doors to the mall.
6. Train your employees on how to sound the alarm and IMMEDIATELY lock down their storefronts and secure customers. I would consider including them as a part of your active shooter training as well. Make that mandatory training for all storefront management and their trusted employees. I would include it in a leasing agreement if I had to.
7. Have a HIGHLY accessible public address system to sound the alarm.
8. Train local non-law enforcement responders on the need to "shoot, move, and communicate". Seriously, I can't stress this enough. There is a huge debate in the US surrounding concealed carry permit holders as responders. I'm okay with them responding, though I prefer they receive some training on  the need to identify themselves to law enforcement prior to responding via a phone call if time and circumstance permit.
9. Equip every security person and law enforcement officer with a radio.  If you want to avoid wasting your time clearing rooms that have already been cleared or fratricide, then you HAVE TO equip your responders with radios and share your frequencies with them.
10. Train your personnel on reporting formats like SALUTE. We've covered this before so I won't bore you with the details.
11. Train your security management personnel on casualty collection points, IED mitigation, cordons, perimeter searches, and periodic vulnerability assessments. These things can't be overstated in training. Trust me. You'll thank me for this later.

INTERVIEW: Guardly Offers Insight Into Indoor Positioning System and The Future Of Emergency Dispatch

I'm just going to put it out there. I love Guardly. After writing my last piece on the public safety mobile app, I decided to subscribe to the service. And to be honest, I'm blown away by it's user-friendly GUI, the depth of its coverage, how robust its emergency protocols are, and the overall potential it has for much greater deployment. So last week, when I saw that they developed a new feature for some of their college campus clients, I became quite curious and called Guardly to find out. Here's my interview with Guardly CEO, Joshua Sookman.

Josh, it's great to speak with you again. I love the product and I'm calling to find out about your latest development.

Scriven, it's great to hear from you. Well, we've been developing a new feature called Indoor Positioning System which will relay to emergency contacts and dispatchers where you are in much greater detail. By greater detail, I'm referring to your location inside a building.

Wow. Is that like GPS? If so, that sounds like an incredible development. 

Not quite. So here's how it works. We begin using the features that already exist in your phone to analyze certain data like WiFi connections and various radio frequencies to narrow down where you are.

How does that look to the dispatcher?

It works just like the original display but with added metadata. It can tell the dispatcher if you're in a specific room or the elevator shaft or a stairwell.  We use those radio frequencies and WiFi hotspots to do this. Each location in a building will have a different frequency signature. So that data can point to a specific location in the building. Basically, we want to take what used to be a 2D world and used augmented metadata to depict a 3D environment for the dispatcher. We believe doing this will decrease response times in getting help to you, as so much time is used in the initial moments of an emergency dispatch call to get this information out of the caller. Having that information available immediately, should reduce the time from call to dispatch.

Where is this available and on what platforms?

It's available only to select customers and is available on the Android OS.

So I've made no secret that I love Guardly and I see it as part of a greater movement in emergency management to decrease response times and provide better and more timely information to emergency responders. What are your feelings about such initiatives as Text to 911?

Great question. Honestly, I think it's a great step in the right direction. With it and services like guardly we should lesser response times. Again, the more information you get, no matter how you get it, is absolutely the key. An area of concern for us and those of us in emergency management is the potential for emotional stress and possible PTSD-related issues given the level of information dispatchers could be exposed to. As we expand what is capable from using all of the features mobile phones come with such as video and audio, there is a potential for having too much information exposure for those who may not be accustomed it.  We also believe services like Guardly are an evolution of technologies that have made things more "hyper-local" and personal. We believe, as these technologies grow and evolve, so will services like Guardly and the quality of information available to first responders.

Josh, as always, it has been great talking to you. I look forward to seeing more of what Guardly has in store for the public safety sector.

For more information on Guardly's Indoor Positioning System, see the link below:

https://www.guardly.com/solutions/technology/indoor-positioning-system

To read my review on Guardly, click on the link below.

http://blog.thesecuritydialogue.org/2012/12/review-guardly-will-change-what-you.html

To download Guardly, click here.

Lessons Learned By a Security Blogger Whose Office Had Been Burglarized

My office at 9:00 AM. I arrived to hear my office had been broken into over Super Bowl weekend.

There is a certain amount of irony one must acknowledge when his own office has been burglarized soon after posting articles talking about burglaries. Some would call it foreshadowing. I'll call it a great streak of luck. What? Yup. Good luck. Why? Mostly because of the lessons I learned. This wasn't my home office. It was the office where I work. Many times we prepare ourselves for the eventuality of being burglarized at home, but seldom do we think of our work. With that, we'll inherently learn lessons about issues we never considered.  So what did I learn?

1. You need an inventory of all the equipment they issued you at work. This inventory will be much like the inventory for your home but this should also encompass day when you were issued the equipment, number of items, serial numbers, and office responsible for accounting for the gear. Go through this list when you look for missing items.
2. Keep an inventory of personal belongings. Let me be clear: "Personal does not mean your lunch bowl". I'm talking about sentimental and expensive items like your iPad, laptop, DVD player, etc. See the lesson from above to consider what to annotate. You may want to keep this list at home or online. 
3. People will undoubtedly start to go crazy. Most people have never been the victim of a crime, so they often experience shock, sadness, and anger about being a victim. It happens and you could feel the same way. When you feel these emotions, remember people rob businesses and government agencies all the time. Sometimes, there is little you can do to prevent it except pay attention to what countermeasures failed you and which things worked. Then get to work and fix what's broken.
4. People will be tempted to play detective. Listen, it's great that you watched all of Perry Mason and Law and Order. However, you probably won't be able to solve this caper. Becoming distracted with how and why you were victimized, keeps you away from fixing what's broke with your security measures. Remember, the best thing you can do is give law enforcement exactly what they need (any video, scene protection, etc.) and think about what went wrong (did someone not lock a door, did someone not set the alarm, is this an inside job).
5. Protect the crime scene. The first thing people want to do when they hear they've been burglarized is find out what was taken. Sounds great. So you let them walk around and look inside drawers, open filing cabinets,turn on computers, etc.. You see no problem with this. Do me a favor - STOP your coworkers from entering the crime scene until law enforcement says they can. It'll impede operations but save the cops a lot of time in processing the scene.
6. Have a procedure in place. We have mechanisms for setting alarms and responding to false calls but no one ever has a procedure for an actual break-in. It's really simple. Write it out. Who needs to be notified? Who needs to know what? When do you need to call? Where should co-workers report for work? What's the impact on operations if the cops need inside? Who should have alarm codes? Who has a master key? What are your lost key procedures? Where are the list of emergency contacts for employees? The list could go infinitely. You get the idea, though. Make it simple, yet comprehensive.
7. Never assume it was anyone's fault other than the burglars? Seriously, don't be stupid and start blaming people for not setting the alarm. People forget things. The alarm code could be one thing. Let it go and work on who should be able to open and close your office. Opening and closing is a big responsibility. Ensure you're entrusting the code to someone who can deal with this added duty. Ensure the people you authorize are the only people allowed 24 hour access. Trust me. You'll thank me later.
8. After the burglary is not the best time to learn your security system sucks. Be intimately familiar with your system and monitoring station protocols. Don't assume anything with a monitoring station. Their procedures for validating the current security status of your facility could be incompatible to your facility. If your monitoring station calls the second floor about the security status of the third floor for which they have no discernible access, then this could very well be counterproductive.
9. If you share an office building with several other tenants, find out what the existing procedures are for lobby security after-hours. You may want to know why they leave the lobby unlocked during the weekend when no one is there. Just saying.
10. Cameras are WORTHLESS if you don't have someone monitoring them. The American population is in the neighborhood of 300 MILLION people give or take. You can catch these guys on tape and get them put in jail if the cops get them. Go ahead - pat yourself on the back. You did a great deed. Ask your security company what it costs to monitor your cameras. Now you have a 24 hour surveillance system that can track and notify authorities of a threat. If not, then you're giving cops video so they can maybe arrest the perpetrator who will more than likely sell what he took. Don't get me wrong - I LOVE cameras. But I HATE when people claim they "feel safer" because of the new cameras they got put in AFTER a burglary. 
11. Your window adjacent the door will get smashed. Remember what I said about concentrating on fixing crappy security measures? Get that fixed.

That's it for now. I would love to hear your war stories about being burglarized. Please post some of the comment section below.

INFOGRAPHIC: 5 of the World's Most Secure Vaults & Bunkers

Why It May Be Time For The Pakistani Police To Implement Fitness Standards (and some performance evaluations too)

A Pakistani police (with few extra KGs) pulls security outside a mosque during Eid. twitter.com/combatjourno/s…
— Mustafa Kazemi (@combatjourno) November 28, 2012

I have nothing further to say.....

The Power of Sound In Security

 

So, I don't have my hover-board nor my flying car. However, we have seen numerous technological feats within the security industry. Whether it be BRS Labs' use of artificial intelligence to "learn" and detect human behavior via CCTV feeds or the ever-changing world of biometrics, we have witnessed some very interesting and promising tech tools for the industry. Some of them we have featured here at The Security Dialogue.  The other day I came across the Twitter feed for Audio Analytics, a UK-based company which has developed a new dimension to the electronic security world.

Being the curious soul that I am, I contacted Audio Analytics about an interview to learn more about their products.  I spoke with Dr. Christopher Mitchell (PhD), Audio Analytics's CEO and Founder.  Going over his LinkedIn profile and other information I gathered from the Internet, I was drawn to Dr. Mitchell's extensive knowledge of sound information and signal processing.  He's received training at Harvard and a NCGE Fellow.  I digress.

Using audio in security applications is nothing new. Sonitrol was the first and remains the only company using audio as part of its monitoring service. So I asked what was the difference between what we've seen traditionally done with sound in our industry.  Dr. Mitchell replied, "Where Audio Analytic differs is that it does not capture a sound and then trigger an alarm at a monitoring station based on audio level for a human to interpret." Audio Analytic analyses the sound looking for specific sound pattern that can be used to raise an alert into an existing piece of security equipment such as a IP camera or VMS. The sound is looked at as data rather than as a recording or real-time stream of sound.

What surprised me about was the breadth of sound the software can detect.  Dr. Mitchell said it currently looks for sound in four categories - glass breaks, signs of aggression, car alarms, and gun shots. As you can imagine, glass breaks, gun shots, and car alarms didn't trigger as much interest as "aggression".  We've seen glass breaks and gun shot detection in various forms.  In law enforcement, ShotSpotter has become the latest in a growing use of sound analysis technologies.  When asked how they detect for "aggression", Dr. Mitchell stated they look for changes in pitch mostly and sounds attributed to aggressive behavior. Applications where you might see this deployed are lone workers, hospitals, convenience stores, and other places where any sign of aggressive behavior would need to be detected and mitigated as soon as possible.

Speaking of deployments, given the vast array of sounds Audio Analytic could possibly detect with applicable algorithms, it is not surprising to imagine the customers and applications extend far beyond the traditional security realm.  When pressed about this, Dr. Mitchell was quick to inform me they had been contacted by various entities who also recognize its potential and whose specific requests could not be discussed.

Knowing many of our customers are particularly liability conscious, I also inquired as to its implications to privacy. Mr. Mitchell explained the software "analyzes the sound as bits of data".  Therefore, there is not the ability within their software to "hear" the data being analyzed.  That capability would need to be addressed by a secondary piece of software or hardware.

Like all analytics, this is purely software that would need to be integrated with existing hardware designed to capture both sound and video. A company who has already integrated many of Audio Analytics' features is Next Level Security Systems an integrator offering a full suite of security services. NLSS' Gateway Security Platform provides "Audio Analytic with Glass Break Analytic and optional Gunshot, Aggression and Car Alarm packages", among a slew of other features. 

Overall, I am quite impressed with what I see being developed in analytics and Audio Analytic's software is no exception.  I can only imagine its applications and deployments as it continues to develop.  One of the greatest problems we face in security are false alarms.  Audio Analytic has the ability look deeper into the environments we protect and aid us in determining more accurately the difference between the benign and an actual threat.  Dr. Mitchell said it best, "In the security world, we have affection for silent movies".  Perhaps it's time we move on.  As I stated before with BRS Labs, I have seen the future and it's now.

INSTRUCTIONAL VIDEO: How to Conduct Effective Bag Searches

I've decided to finally post the video I made on how to properly conduct a bag search.  I wanted to do a video to highlight some areas I feel are commonly neglected during these kinds of searches.  Most seasoned professionals won't neccessarily need to watch this video but I do believe it provides a great overview of some of the basics.  This all came about from a search I was subjected to during a recent visit to an amusement park.

Here are some of the pics I promised during the presentation on which illustrate how much insight a proper light and probe can provide.

View of the "concealed carry" partition...The bag comes with a
"universal" holster.

View of a small exterior zipper.  Using the probe to push down
on the anterior nylon aids in revealing more.

View of what I affectionately called "a big gaping hole".  This
is the largest interior portion of the bag.  I have packed
cameras, wallets, books, diapers, etc. ALL in here before.

Here's another link  to the article that started it all:

http://blog.thesecuritydialogue.org/2011/09/nominee-for-worst-bag-check-is.html

Top 10 MORE Questions To Ask Your Prospective Alarm Company

Not too long ago, fresh out the military, I was an alarm system salesman.  It was a wonderful learning experience that taught me many things.  One of those lessons was "All security companies are not created equal."  People assume, like they do with all major purchases, the most popular or cheaper brand is in fact the better brand.  The majority of the time they learn this is not case.  So, I decided to post some questions for prospective customers to ask when they begin their search for a security company.  (Please note this doesn't just apply to alarm systems.  You can apply these questions to camera systems, access control, locks, etc.)

1. What areas will this alarm system not cover?  There is an implied belief among some customers that an alarm system protects their entire property.  Have you ever considered what would happen if someone broke into your neighbor's store and punched a hole in the drywall you share?  Do you have a sensor that will pick up the noise or vibration?  Chances are you don't.  The problem with modern security systems is they advertise exactly where you have coverage and where you don't.  Don't believe me?  Walk into a small storefront and notice how many infrared sensors you set off.
2. What's your apprehension rate in my area?  This is particularly important if you're in an area where burglaries happen a lot.  If someone breaks into nearby businesses who use the popular name brand security service without getting caught, should you be buying from them?
3. What's your response time to service issues?  What happens if some drunk rams his car into a nearby power pole and kills your alarm system?  Does your system have battery backup until service is restored?  If not, how soon can your company arrive to remedy the issue?
4. How much do you charge per service calls?  Some companies make a living by selling a crappy installation and billing you every time it breaks and they have to come out and fix it.  You want a company with a good reputation for service and who makes house calls on the cheap.
5. Can I cancel at anytime?  One of my first sales lead I had was a lady who was opening up a small Internet cafe.  She knew she had a need for the system but was concerned about our price and contract obligation.  The economy was rough and she, like many small business owners, didn't know if she would be in business for 5 days let alone 5 years.  Pick a company who is sympathetic to that.
6. Are you developing original product lines or selling me something made by the lowest bidder?  I can't tell you how many companies I see selling all sorts of "new groundbreaking technologies" that were developed by a previous competitor just marketed differently.  If they'll lie about the product's origins, they'll lie about anything.
7. Can I manage my account all in one place online?  Some of you aren't real tech savvy nor like to handle business online.  I totally understand that and encourage you to do what's comfortable for you.  However, if you like doing everything online as much as possible, inquire if they offer online account management.  If you're responsible for a large system and want to track multiple alarms or trouble alerts, it would be extremely helpful to have this capability.
8. What kind of redundancy do you have for your alarm centers?  Do they transfer alarm monitoring to another facility if the original is affected by natural disaster?  Wouldn't it be a shame if where your building is at there are sunny skies, but the alarm center which is another state several thousand miles away was hit by a blizzard with no power for weeks?  What happens to your alarms?
9. How much familiarization do your sales personnel get with the product?  Wouldn't you hate being sold a car the car dealer never drove?  How can someone tell you about the quality of their installation and service components if they've never seen them in action?  I would be highly impressed by any company who had new sales personnel going out on these calls with their experienced technicians.
10. What separates you from everyone else?  Most salesmen will attempt to answer this but usually fail.  Why?  Because they're focused on what their company told them makes them different.  If he or she gives you an honest answer such as "We charge a higher price", he's good to go because he'll follow up with "You get what you pay for in life.  If you want a free root canal, I could give it to you but you won't sleep easy.  We charge more because we're worth more.  We provide better service, a better product that we developed, and a commitment to protecting your business rain or shine.  It took you a while to build this business.  We want to ensure you have a while to enjoy it."

Red Alert!! Don't buy Sentex locks!!

Bruce Schneier, much hyped security-guru, writes in his blog to be wary of Sentex locks:

It has a master key:

Here's a fun little tip: You can open most Sentex key pad-access doors by typing in the following code:

***00000099#*

The first *** are to enter into the admin mode, 000000 (six zeroes) is the factory-default password, 99# opens the door, and * exits the admin mode (make sure you press this or the access box will be left in admin mode!)

Wow! This is why it is extremely important to properly vet ALL security appliances before installation. I used my "Google-fu" on a different device and got this little gem. You should check the vendor's web site to see if they have product manuals online. If they do, guess who also has the manual in their files. You get a 1, 000 points if you said "The Bad Guys".

Now, You Know Why I Have Issues With Doctors

Jacksonville Police are looking for a guy who's been posing as a doctor at Wolfson Children's Hospital. To make matters worse, the guy was seen walking in the operating room. Wow, talk about a lawsuit!

The man was stopped because he smelled of alcohol and proceeded to leave once he realized his cover was about to be blown.

The following is a bit disturbing:

Later that day, an employee found the black computer bag the man was seen carrying. The bag was under a car in the parking garage and contained everything the man was seen wearing in the surveillance video, including a badge from Shands-Jacksonville Medical Center with a picture of a young child that was cut out and taped on the badge.

“That in and of itself shows you that this persons possibly was up to something but maybe his attempt was foiled,” Jacksonville Sheriff’s Office spokesman Ken Jefferson said.

The last comment by the spokesman was a bit disturbing because usually people don't impersonate professionals like doctors if they're not up to something. So how did he get access? He used the usual items like a medical coat, a badge, a stethoscope and a clipboard. I swear i you need to get into building in the world all you need is a clipboard and an ID badge.

Social Engineering

Above is a presentation given at DEFCON 15 (world's largest hacker convention) on social engineering. Social engineering is the art of getting information and/or access via the exploitation of certain social norms and behavioral patterns. This can be done through causal conversation or cold calling a prospective mark. I HIGHLY recommend watching this video to get you started on learning about most thieves procure most of the details they need to get inside and steal your resources.

Book Review - The Art Of Deception

Well....I finally did it. I finally finished Kevin Mitnick's book, The Art Of Deception. This was perhaps one of the most compelling books I've read in a very long time. It covers ways into which many of our corporations and government agencies are vulnerable. It details what was once thought of as "old-school" techniques in which information thieves gain insight into the very workings of these organizations such as dumpster diving and pretexting.

The book is 352 pages of real-life examples of Mitnick's former operation and those of his former comrades. I particularly liked his ideas about how we can protect from these attacks. Some would think this would be an opportunity for Mitnick to brag and thumb his nose at his former adversary, the US government. But it isn't. It is certainly a guide into some very low-tech means in which these guys operate and exploit.

This book is a must-read for anybody who cares about security. I would suggest this for any reader who wants to protect themselves or their organizations. If you think you're not vulnerable, hire an outside firm to do a penetration test on your people not your systems and see where your vulnerabilities are. I can tell you from my experience, the best way to defend yourself is to protect your people. Your systems need people to operate and maintain them. If your folks fail to perform the basic due diligence when dealing with anyone seeking information or access (either physical or virtual) into your organization, then you better get them doing it ASAP. If you're in charge of security for any corporation, I HIGHLY suggest this book.

Another Incident at Heathrow

SkyNews is reporting a man was arrested after jumping a perimeter ence at Heathrow International Airport shortly after 2pm and was tackled by armed officers on the northern runway. The entire northern runway was shutdown while police handled the situation.

This comes just before the grand opening of the new terminal at Heathrow tomorrow. Guess who is supposed to be in attendance? Her Majesty, of course...This Heathrow's second big intrusion in the last two weeks. The last was by a group calling themselves "Plane Stupid". We've also covered their last two acts in previous blog posts along with a brief background report. It should be noted the group has denied any involvement.

The Apprehender

Have you ever been on-scene to arrest, detain, or escort an unruly individual from a facility? If you have, then you understand how fast things can go from good to bad. If your organization has a use-of-force policy, it usually places your verbal techniques at the very top. After verbal judo has failed, what do you have left? Depending on your situation, arm manipulation or wrist locks may be unavailable. Most officers/guards would probably be looking at their non-lethals and more than likely a baton.

There's a product out now called The Apprehender. It is quite unique with a U-shaped end where a wrist can be captured and locked into place like a handcuff. You, then, have the added benefit of leverage from the elongated torso of the device. It can also be used as a striking tool as well.

I would certainly look at taking this with me on a protest dispatch or maybe a house where I had a lot domestic violence calls or any other environment with highly combative subjects. This is also a tool in which a subject would have to be very good at taking away weapons. Normal, baton resistance techniques can't be applied due to the device's unique shape.

Some of the cons of having such a device are its size and liability. Its current size is 27" X 5" X 1.25". This is a longer-shaped baton. We're talking at least 6" above what the average officer/guard may carry. I know of departments who carry bigger. This isn't something you're wearing in the car either. You would have to store this in the trunk or elsewhere. If you've been in a police vehicle that was fully equipped, the you know how much space you have for extra stuff. If its too big officers may not carry it with them when they get out or they may just forget it.

You would certainly have to train every officer on its use and implementation. This should include modified striking techniques that would have to be reviewed by your department. Your department would also have to look at how the restraint functioned in conjunction with existing restraints. Nothing sucks worse than arresting some guy and realizing you're being sued for excessive force for applying too much leverage and breaking their wrists.

I welcome you to check out the video below and let me know what you think.


BLUtube is powered by PoliceOne.com

A Little Bit About Being Plane Stupid

Sorry, I couldn't resist the title. Earlier, I wrote a bit about the events that took place this week in the UK. Let's look at the group responsible for the Parliament actions - Plane Stupid.

According to The Guardian, "Plane Stupid was created three years ago after a group of anti-Iraq War protesters found common cause in the government's expansionist aviation policy.

The group conducts what are known as "direct action" operations. These require no overhead support and require no upper leadership approval when a target of opportunity has been discovered. Some of their ops have included the storming of the BAA's appearance at the transport select committee last November and chaining themselves to the gates of Farnborough airport – the main UK hub for private jets. 27-year-old Richard George is said to have co-founded the group with 34-year-old Greenpeace employee Graham Thompson in 2005.

The Guardian report also notes the group is made up of five members who are educated, middle class, and young. It operates on anarchist principles and describes itself as a "devolved network of autonomous groups" numbering around 150 dedicated activists. It has no designated leader and reaches all decisions by consensus.

Does this sound familiar? I'm beginning to see a lot of duplication when it comes to celluar structures of nonconformist organizations like this and others. What makes their statements about how they carried out the Westminster op so realistic is their age and education level. They're are all very smart and young enough. I bet at one point they even used student ID's to get past security. When protecting government institutions, we must look at all areas of vulnerabilities. This includes but does not exclude students and young people. If your too lackadaisical and think they're just kids, remember most of the 9/11 hijackers were all in this profile except they weren't white.

Big Ben, Heathrow, and Climate-Change Terorrists

Today, I read a news report from Great Britain's newspaper, The Guardian, which reminded me of all the times I said, "I'm sure glad I wasn't working yesterday." Ladies and gents, over the past few days, our great ally has been besieged by "climate-change terrorists." Okay, so I'm exaggerating a bit. But there were some serious security breaches both at Heathrow and at the Houses of Parliament.

Yesterday, five protesters from a group calling themselves "Plane Stupid" climbed atop the roof of the Houses of Parliament. The displayed two banners reading "No third runway" and "BAA HQ". Okay, I know there's a ton of speculation as to how this could have happened. Well, the police speculate they had an insider who provided them with access and who offered to store the signs. How else could they have gotten past security especially at Parliament? The protesters, of course, claim they brought the signs in past security and merely told the guards they were there to hear a debate on the floor. Either way it goes, somebody is in a lot of you-know-what.

According to SkyNews, Greenpeace protesters gained access to the roof of a Boeing 777 outside of Terminal 1 on Monday. For what? They were protesting Heathrow's planned expansion. For those who have traveled through Heathrow, you might agree climate change aside it could use the expansion. And maybe some maps and arrows that made sense. I digress. To say the least this was a major breach of security for an airport that has repeatedly been targeted by terrorists of all types to include Al-Qaeda and the IRA. Police and security units were able to respond and remove the protesters who posed no significant threat except to Heathrow's PR image. The protesters did carry signs which denounced the changed. It should be noted Virgin Airlines flew out of this same airport on the same day flying a bio-diesel jet which is supposed to reduce greenhouse gases from commuter jets.