Wednesday, February 16, 2011

Badges?....Badges?....We don't need no stinkin badges!!....

Here's an article from Bruce Schneier's blog which further illustrates why I hate the blanket acceptance of anyone's "credentials" and entrusting access solely into the hands of an inexperienced guard force who is only used to seeing the real thing and not actual forgeries.

The authors bought a bunch of fake badges:

Between November 2009 and March 2010, undercover investigators were able to purchase nearly perfect counterfeit badges for all of the Department of Defense's military criminal investigative organizations to include the Army Criminal Investigation Command (Army CID), Naval Criminal Investigative Service (NCIS), Air Force Office of Special Investigations (AFOSI), and the Marine Corps Criminal Investigation Division (USMC CID). Also, purchased was the badge for the Defense Criminal Investigative Service (DCIS).

Also available for purchase were counterfeit badges of 42 other federal law enforcement agencies including the Federal Bureau of Investigation (FBI), Drug Enforcement Administration (DEA), Alcohol, Tobacco and Firearms (ATF), Secret Service, and the US Marshals Service.

Of the other federal law enforcement agency badges available, the investigators found exact reproductions of the badges issued to Federal Air Marshals, Transportation Security Administration (TSA) Screeners, TSA Inspectors, and Special Agents of the TSA Office of Inspector General.

Average price: $60.

Then, they tried using them:

During the period of January to June 2010, undercover investigators utilized fraudulent badges and credentials of the DoD's military criminal investigative organizations to penetrate the security at: 6 military installations; 2 federal courthouses; and 3 state buildings in the New York and New Jersey area.


Once being granted access to the military installation or federal facility, the investigators proceeded to areas that were designed as "Restricted Area" or "Authorized Personnel Only" and were able to wander around without being challenged by employees or security personnel. On one military installation, investigators were able to go to the police station and request local background checks on several fictitious names. All that was required was displaying the fraudulent badge and credentials to a police officer working the communications desk.

The authors didn't try it getting through airport security, but they mentioned a 2000 GAO report where investigators did:

The investigation found that investigators were 100% successful in penetrating 19 federal sites and 2 commercial airports by claiming to be law enforcement officers and entering the facilities unchecked by security where they could have carried weapons, listening devices, explosives, chemical/biological agents and other such materials.

Websites are listed in the report, if you want to buy your own fake badge and carry a gun onto an airplane.

I've written about this general problem before:

When faced with a badge, most people assume it's legitimate. And even if they wanted to verify the badge, there's no real way for them to do so.

The only solution, if this counts as one, is to move to real-time verification. A credit card used to be a credential; it gave the bearer certain privileges. But the problem of forged and stolen credit cards was so pervasive that the industry moved to a system where now the card is mostly a pointer to a database. Your passport, when you present it to the customs official in your home country, is basically the same thing. I'd like to be able to photograph a law-enforcement badge with my camera, send it to some police website, and get back a real-time verification -- with picture -- that the officer is legit.

Of course, that opens up an entire new set of database security issues, but I think they're more manageable than what we have now.

Name a price and you too can smuggle stuff on board JetBlue....

Wow....This story from a blogger is too crazy for me to even tell....Too bad it's true...So here you go:

Although millions of dollars are spent on airline security each year in the United States, it only took $100.00 for a JetBlue ticket agent to allow a unknown package to go onto a flight, coming from an unknown person.

On November 19, the Transportation Security Administration (TSA) was at Charlotte Douglas Airport testing out JetBlue’s security. Their goal was to try and get an unaccompanied package onto a flight headed to Boston and unfortunately, they succeeded. An undercover TSA agent told a JetBlue ticket agent that he needed to get a package to Boston that day and would pay the agent $100.00 for helping. The agent took the $100, put it in his pocket and proceeded to follow the unknown person’s instructions. The ticket agent chose a passenger’s name at random, which just happened to be an unaccompanied minor, and the package went through the screening process with no problems. Although the package was harmless, the TSA pulled the package just before being loaded onto the aircraft.

“That’s really alarming,” Anthony Amore, a former high-ranking TSA official at Logan Airport told a local Boston CBS station. “When you have multiple layers in place you hope that they all stand in the way of a terrorist or someone who wishes us harm. In this instance, many of the layers were cast aside and we were left with this one layer of checked baggage screening.”

When the local station asked the TSA for a comment, they were told, “While we cannot comment on the specifics of an open investigation, TSA can assure travelers that, like checked baggage, every package tendered at the airline counter is screened for explosives.” JetBlue confirmed that they are “fully cooperating with the TSA’s investigation” and “the involved crew member is no longer employed at JetBlue.”

I do not share this story to cause additional security-related fear, nor do I want to “teach the terrorists” how to commit crimes against passengers. I share it, since I think it shows how spending so much money on the front door of airline security and so little attention on the back is a big mistake. Although JetBlue is partly to blame for training issues, this could have happened with almost any airline. They just happened to have a bad-seed-employee in the wrong place at the wrong time. Currently, the TSA is not talking about how often they conduct these sorts of tests and how often they get a package through.

Sadly, this story is just one of many that place many questions on back-door airport security. At the same exact airport, just a few days earlier, a teenager was able to sneak onto the airport secured area, illegally board a US Airways aircraft without being caught (unfortunately, he died en-route). There is also the story of the pilot who pointed out that airport security workers could by-pass security and caused him a lot of grief. Similar stories keep popping up and I have a feeling more will continue to do so. As passengers continue to give up their freedoms and are willing to put up with many annoyances to fly, while at the same time seeing how porous the security is behind the scenes, people will take note and demand for change.

Columbians discover another "narco-sub"....

A fully submersible drug-smuggling submarine has room for a crew of six and  has an air-conditioned interior.

The Associated Press, through, reports the Columbians have discovered another "narco-sub" capable of reaching Mexico. So far they believe it can carry 8 tons of dope and has fully air-conditioned cabin. it can dive to 9 feet and has an 8 foot periscope. The level of sophistication with these subs is beginning to grow. I'm curious as to what they use for navigation and depth gauges. I'm sure communication is done from the surface. I can imagine how dangerous the voyage is at night going through dense jungle waterways and canals. At times, you have to admire the ingenuity that goes into something like this to further profit a criminal enterprise. Capitalism.....

I knew those scratch games were rigged....Happy Drawings.....

Another great story from the folks at drawings.....

How to Pick a Winner

The first lottery Mohan Srivastava decoded was a tic-tac-toe game run by the Ontario Lottery in 2003. He was able to identify winning tickets with 90 percent accuracy. Here’s how it works.—J.L.


Look over the card. You’ll be hunting for so-called singletons—numbers on the visible tic-tac-toe grid that appear only once on the whole card.


Make a plot of the card, marking each cell with a number that indicates how many times the numeral in the cell occurs on the whole card. If, for example, a cell has a 26 in it and the number 26 occurs one other time somewhere on the card, mark that cell with a 2.


All the singletons will now be marked with a 1. If any of the singletons appear in a tic-tac-toethen the ticket is almost certainly a winner: The numbers in these cells will appear under the latex coating at the left side of the ticket. Keep the ticket.


Scratch off the latex. You’ve got a winner! Not surprisingly, after Srivastava alerted the Ontario Lottery to his technique, the game was pulled from stores.

The official explanation from the Ontario Lottery and Gaming Corporation is that the tic-tac-toe game suffered from a “design flaw.” According to Tony Bitonti, a senior manager of media relations at the Ontario Lottery, the printer of the game, Pollard Banknote, provided “written assurances” that “none of the other instant games it printed were impacted by this.” As a result, the Ontario Lottery continued to sell scratch tickets with baited hooks. The story of the broken game got little public attention. It was, however, cited in a 2007 investigative reportby the Ontario ombudsman, who was investigating retailer fraud.

You have to admire the British imagination....His only mistake was his "follow-through"....

This story is straight from the Daily Mail in the U.K.....It appears - well, you'll have to read it to believe it:

An immigration officer tried to rid himself of his wife by adding her name to a list of terrorist suspects.

He used his access to security databases to include his wife on a watch list of people banned from boarding flights into Britain because their presence in the country is 'not conducive to the public good'.

As a result the woman was unable for three years to return from Pakistan after travelling to the county to visit family.

The tampering went undetected until the immigration officer was selected for promotion and his wife name was found on the suspects' list during a vetting inquiry.

The Home Office confirmed today that the officer has been sacked for gross misconduct.

Not much else to say here but "Wow"....You can't teach this kind of "special"....

Thursday, February 10, 2011

A great article on vehicle barriers - Another reason why I love Security Management

Wednesday, February 9, 2011

Shoplifter Swipes A Schwinn

OMG....We've been ROBBED!!....

Just because you're the world's premier security convention doesn't mean you're exempt from thievery....LOL

You hired a thief!....How shocking....

How well do you know your employees? I'm not trying to scare you or anything but I do think it's important to ask. Most people feel fairly secure in knowing they've done the best they can do. If you're reading this, then you're probably running background checks on your applicants and taking preventative measures to weed out the insider threat. I found an article that purports 10 percent of all employees have lied about committing a crime or have failed to report one. Could it be because they don't value your product/brand as you do? Is it greed? Is it revenge? Who knows....People steal and if you're stuff is worth anything, then you will have people who will look for ways to take your stuff. What's your take?

Here's the article from

According to new research from G4S Secure Solutions, one in ten retail employees has committed a crime or failed to report a crime committed by colleagues against their employer in the last 12 months. Over 55,000 retail employees admit to stealing cash from the till and almost 31,000 have stolen cash from another area of the retail outlet such as a cash office, or petty cash box. Across the retail industry, cash losses account for around a third of internal fraud, a third of external fraud and a third of procedural fraud.

The most common crime committed by retail employees was consuming produce without paying for it, with an estimated 110,000 workers secretly stealing consumables. Over 55,000 retail employees admit to stealing cash from the till and almost 31,000 have stolen cash from another area of the retail outlet such as a cash office, or petty cash box.

The findings reveal that those working in the retail industry have also turned a blind eye to crimes being committed against their employer. Around 37,000 people say they have not reported a friend or family member deliberately putting weighed items through a self-scan checkout on a cheaper product code. Over 30,000 have turned a blind eye to friends or family failing to scan items at a self-scan checkout.

G4S research reveals almost 25,000 retail employees have falsified the quantity of goods being delivered in order to profit from the difference and a further 12,000 have taken goods while in transit to a warehouse or a shop floor. G4S is warning that a lack of security at loading bays and other points in the supply chain can prove extremely costly for retailers.

Across the retail industry cash losses account for around a third of internal fraud, a third of external fraud and a third of procedural fraud. A single note can be handled up to 16 times before it completes the cash cycle, so every time it gets handled there is the risk of temptation and fraud. G4S has developed a cash management solution, Cash360, for both the cash office and for the check-out that effectively eliminates this risk for the retailer.

Douglas Greenwell, Sales & Marketing Director, G4S Secure Solutions (UK), commented: “Retailers often have a very high staff turnover and recruit significant volumes of casual and temporary workers, so it is difficult for them to screen and vet all the people they employ effectively. Unfortunately, this means that a minority of employees in the industry are happy to take advantage of their employer either deliberately, or through being ignorant about the consequences.

“Retailers can take a number of steps to minimise shrinkage, from screening and vetting employees to using integrated security solutions throughout the supply chain such as Radio Frequency Identification (RFID) or employing manned security officers to act as a powerful deterrent to internal theft in-store.”

Adrian Beck, Head of the Department of Criminology at Leicester University, commented: "Theft within is a real issue for retailers, as employees take advantage of their position to divert goods from the supply chain or steal goods within the store environment. Employers need to find a balance between securing, tracking and monitoring their stock and revenues, while trusting employees to carry out their roles effectively and honestly.”

“If an employee perceives the risk of getting caught to be minimal for committing an offence, criminology studies demonstrate they will often be tempted to break the law. Retailers can make use of both manned security solutions and available technologies to reduce the risk of theft or merchandise diversion throughout the retail supply chain.”

The research also found that many retail employees had deliberately damaged goods or packaging and removed them from a store without paying for them and others pretended to pass goods through the checkout without taking payment for them.

G4S is warning that, while taken individually, many of these crimes result in low level financial losses, the cumulative effect is significant and can have a dramatic impact on retailers’ revenues. It believes there is a need for greater education and vigilance regarding theft by employees.

I've fallen and I can't get up!.....Video surveillance to the rescue!

Security Speaks does an excellent job this week of pointing out some of the other cost effective reasons why one should look to video surveillance to protect their business. The blog, created by my employer, uses a 2009 article to illustrate this point. The articles estimates the fraud industry costs businesses $30 billion dollars a year. It says most of these frauds are conducted at brick-and-mortar storefronts. Some cons are injury-related as illustrated by the video we have below. It's fascinating to see what ideas crooks use to get over on businesses. I can only imagine what the shrinkage was before video surveillance.

Tuesday, February 8, 2011

State Department employee shoots two armed robbers

Just read an interesting article about a sticky situation on Pakistan. Apparently a consular "employee" shot and killed two armed robbers and it has stoked some anti-American sentiments (go figure). AP reports the man's name is Raymond Davis whose "job" at State is unknown. Of course, the guys at State are asserting diplomatic immunity for Mr. Davis, but so far the Pakistani government has not released him even though these two men committed robberies minutes before their encounter with Mr. Davis. Given the aggressive pursuit of immunity for Davis, one of the two suspect's wives has committed suicide using rat poison, according to her doctor. She felt her husband's killer would never go on trial for his "crime".

Here's the article from AP regarding the report of Mr. Davis' arrest:

Although the U.S. Embassy has not said what position the man held at the consulate in Lahore, why he was armed or whether he qualifies for diplomatic immunity, the U.S. is claiming that the man holds immunity.

U.S. officials who spoke on condition of anonymity because the legal case is pending said the U.S. has asserted the man's immunity in discussions with Pakistan and sought access to the man by U.S. Embassy personnel. The U.S. is trying to free the man quickly, officials said.

Western diplomats travel with armed guards in many parts of Pakistan because of the risk of militant attack. Lahore has seen frequent terrorist bombings and shootings over the last two years, though the city's small expatriate population has not been directly targeted.

In a two-sentence statement, the U.S. Embassy confirmed that a consulate staffer "was involved in an incident yesterday that regrettably resulted in the loss of life." The U.S. was working with Pakistanis to "determine the facts and work toward a resolution," it said.

In the capital, Islamabad, and the city of Karachi, several dozen people burned U.S. flags and chanted slogans.

"Hang the U.S. spy, the killer of three Pakistanis," read one placard.

The issue of American diplomats or their security details carrying weapons inside Pakistan was a hot-button subject last year among certain politicians and sections of the media purportedly worried about the country's sovereignty. They were frequently presented as a threat to ordinary Pakistanis.

"The Americans feel they can kill any Pakistani that they want, because the blood of Pakistanis is cheap for the Americans," said Shireen Mazari, a prominent rightwing commentator.

Despite the sensitivities of the case, it seems unlikely either country will allow it to seriously affect ties because the relationship is vital for both. Washington needs Pakistan's support to stabilize Afghanistan and defeat al-Qaida, while Islamabad relies heavily on U.S. aid and diplomatic support.

Robbers on motorbikes pulling up alongside cars and holding them up is a common crime in Pakistani cities.

Americans and other foreigners have also been frequently targeted by Islamist militants in Pakistan.

In the northwestern city of Peshawar in 2008, gunmen shot and killed a U.S. aid worker as he drove to work. Suspected militants also opened fire on the vehicle of the top American diplomat in the city the same year, but she survived the attack.

Also Friday, a car bomb in northwest Pakistan killed five people and wounded 19.

The blast occurred in the Kohat tunnel, a busy thoroughfare that connects the main northwest city of Peshawar to southern Khyber Paktunkhwa, Punjab and Sind provinces, said police official Mujahid Khan.

Northwest Pakistan has witnessed numerous bombings over the past several years. Most are believed linked to al-Qaida and Taliban-led militant groups.

Mr. Davis is mentioned in subsequent regarding the widow's death and related news of the local furor surrounding the case:

LAHORE, Pakistan — The wife of a Pakistani man shot and killed by a U.S. official committed suicide by eating rat poison Sunday, explaining before she died that she was driven to act by fears the American would be freed without trial, a doctor said.

The U.S. has demanded Pakistani authorities release the American, saying he shot and killed two armed men in self-defense when they attempted to rob him as he drove his car in the eastern city of Lahore. He was arrested on Jan. 27, and the U.S. has said he has diplomatic immunity and is being illegally detained.

The shootings have stoked anti-American sentiment in Pakistan, feelings that could be further inflamed by Shumaila Kanwal's suicide. She died several hours after being rushed to a hospital, said Ali Naqi, the doctor in Faisalabad city who treated her.

"I do not expect any justice from this government," said Kanwal in a statement recorded by the doctor before she died. "That is why I want to kill myself."

Kanwal also spoke to reporters after arriving at the hospital, saying "I want blood for blood."

"The way my husband was shot, his killer should be shot in the same fashion," she said.

The case puts Pakistan's government in a difficult position. The government relies on the U.S. for billions of dollars in aid but is wary of being seen as doing Washington's bidding. The U.S. is widely unpopular in Pakistan, in part because of its undeclared campaign of drone missile strikes along the northwest border with Afghanistan.

The government could face charges of being an American lackey if it hands Raymond Davis over to the United States. But refusing to do so risks harming a relationship with a vital ally.

Pakistani officials have avoided definitive statements on Davis' level of diplomatic clearance and whether he qualifies for immunity.

Federal officials have said the decision on his fate is up to courts in Punjab province, where the shootings occurred. But provincial officials have said the federal government must decide whether Davis has immunity. The two governments are controlled by rival political parties, which has further complicated the case.

Besides the two men who were shot dead, a bystander was also killed when he was struck by an American car rushing to the scene to help Davis. Police have said they want to question the Americans suspected in that death as well.

Relatives of the men who were allegedly shot by Davis have participated in several protests in Lahore, including one Thursday outside the U.S. consulate where demonstrators shouted "Hang the American killer!"

Some commentators have tried to paint the two men as innocent Pakistanis rather than thieves who were attempting to rob Davis. But the U.S. Embassy has said the men had criminal backgrounds and had robbed money and valuables at gunpoint from a Pakistani citizen in the same area minutes before the shootings.

What are your thought? Kind of odd how a consular employee is found carrying a weapon particularly when most Foreign Service employees don't utilize weapons in the performance of official duties. Even more odd considering I can't imagine the department signing off on the arming of its "diplomatic" personnel. Hmmm.....I have a feeling there may be more than meets the eye with Mr. Davis.

Monday, February 7, 2011

It's about time television showed something cool.....

Egyptian Protest Headgear

While I can hardly fathom what it must be like in Cairo, the images below indicate just how "grassroots" the movement there really is.....It's amazing what people will do to improvise armor and other defenses when faced with a seemingly superior armed force.....These images come courtesy of Time Magazine....

Got your mind wrapped around a TSA contract?.....Hmmm....Think again

That's right, folks. The Transportation Security Administration is reconsidering their push to outsource some of it screening and inspection services at certain airports. As a matter of fact, the agency is reviewing all existing contracts as well. This affects 10,000 service contracts. This trend has been found throughout the Defense Department as well as it announced in 2009 plans to cut 33,000 contractor positions and replace many of them with civilian workers, and by last summer, had created about 16,000 new Defense civilian jobs through insourcing.

With regards to support and opposition to such a review, the Federal Times states:

House Transportation and Infrastructure Committee Chairman John Mica, R-Fla., a vocal supporter of privatizing airport screening, blasted Pistole's decision and said he plans to investigate TSA's move.

"It's unimaginable that TSA would suspend the most successfully performing passenger screening program we've had over the last decade," Mica said in a statement. "The agency should concentrate on cutting some of the more than 3,700 administrative personnel in Washington who concocted this decision, and reduce the army of TSA employees that has ballooned to more than 62,000. Nearly every positive security innovation since the beginning of TSA has come from the contractor screening program."

The American Federation of Government Employees and National Treasury Employees Union, which are both vying to represent more than 40,000 TSA screeners, celebrated the news.

"The nation is secure in the sense that the safety of our skies will not be left in the hands of the lowest-bidder contractor, as it was before 9/11," AFGE National President John Gage said. "We applaud Administrator Pistole for recognizing the value in a cohesive federalized screening system and work force."

What are your thoughts? Should the TSA continue its contractor expansion or keep its existing workforce?

About Us