Burglars Foil Alarm Systems

Clever trick:

Their scheme: Cut a closed store's phone lines. Hang back while cops respond to the alarm. After officers fail to spot anything wrong and drive away, break into the store and spend as much time as they need to make off with a weekend's worth of cash.

And one I wrote about in Beyond Fear (page 56):

Attackers commonly force active failures specifically to cause a larger system to fail. Burglars cut an alarm wire at a warehouse and then retreat a safe distance. The police arrive and find nothing, decide that it's an active failure, and tell the warehouse owner to deal with it in the morning. Then, after the police leave, the burglars reappear and steal everything.

Posted on September 13, 2006 at 11:10 AM • 81 Comments

Comments

Israel TorresSeptember 13, 2006 11:38 AM

Shouldn't the system eventually adapt to foil the foilers? (Of course re-adapting to foil the foiling of the foilers in the first place...)

Israel Torres

RFCSeptember 13, 2006 11:43 AM

Shame on you, Bruce, for giving them this idea! Didn't you know that best security is to conceal security features from would-be attackers?!
:)

Mike SchiraldiSeptember 13, 2006 11:49 AM

How does the alarm work? The phone lines get cut, and then what -- how do the police get notified?

Is it just an audible alarm and/or flashing lights that a passing cruiser or pedistrian reports? Or does some electronic system detect that the phone line has been cut and notify the police automatically?

sidelobeSeptember 13, 2006 11:51 AM

One solution: cellular phone or WiFi-based alarm communication. Of course, that can be jammed.

We're just too used to technology failures and not very good at identifying critical systems. How many burglar alarm monitoring services provide for a backup person or system in the event of a primary system failure? What would they have to charge for that?

richSeptember 13, 2006 11:57 AM

That was the plot of the 1964 movie Topkapi. They used a boomerang to set off the laser detectors in a museum which was across the street from the palace. Eventually, after multiple alarms the regent had enough of being awoken so the alarm was turned off. The buglers then went to work.

GrahamSeptember 13, 2006 11:59 AM

This trick also appears in Ross Anderson's "Security Engineering", as "How to Steal a Painting (7)", chapter 10, page 215 in my edition - this predates "Beyond Fear" by some years. Bruce wrote the foreword for Ross' book, so maybe he got the idea from there ;-)

TanukiSeptember 13, 2006 12:21 PM

I'm familiar with another version involving motion-detector-based alarms, a {cat|bird} and an {open|broken} window. Whatever, the alarm gets turned off then the crims return for uninterrupted plunder.

nzrussSeptember 13, 2006 12:23 PM

When I lived in the UK, there was a similar scheme. Letter boxes were in the front door in our neighbourhood, and burglers would put a bird through setting off the alarm. This would continue while the home owner either figured out how the birds were getting in (they couldnt) and get sick of the complaints and turn off their alarm. It was reported that it only took two or three attempts to get the homeowner to turn off the alarm when they went out, leaving the house ready for the pickings...

cavemanSeptember 13, 2006 12:28 PM

Wireless systems still need power cords that can be cut. No need for fancy jamming. I suppose you could try adding battery and solar panels, but ultimately the device can just be smashed with a rock. I may be old fashioned, but I'd trust a system with wires a little more, because it seems to me like there's less to go wrong, and they're a bit more mature of a device.

Ron GageSeptember 13, 2006 12:48 PM

For those of you who haven't figured it out, this works because the dedicated alarm line is kept permanently off-hook or in a continual call to the alarm monitor center. When the call gets dropped, the alarm center notifies the police to check things out.

Electrically, this would be akin to a normally closed circuit. Cutting the wire opens the circuit and becomes the sense point.

Wireless (at least Cellular) wouldn't work because of the costs involved for airtime. Plus I think you would have a hard time convincing anyone that wireless is reliable enough to trust to an alarm circuit.

AnonymousSeptember 13, 2006 12:49 PM

A similar method to steal a car with an alarm: start walking by in the middle of the night and give the car a hard enough bump to set off the alarm. After a few nights of this, the owner will get tired of the regular false alarms and leave the car out with the alarm turned off, ready to be stolen.

Nobby NutsSeptember 13, 2006 12:53 PM

I've heard of that being done here in the UK on a larger scale by pouring something flammable into the roadside cable marshalling boxes and setting fire to them. After that the phones in an entire area would be out for quite some time while the box was rebuilt.

I can't put my hand to heart and say it definitely happened, but it sounds plausable, and it can't be beyond the wit of burglar.

Nobby NutsSeptember 13, 2006 12:56 PM

@Mike Schiraldi "How does the alarm work? The phone lines get cut, and then what -- how do the police get notified?"

Here in the UK the Redcare system that's used for alarm signalling on the phone line monitors the state of the line too and alarms at the monitoring station if the line breaks. I'd guess similar systems are used elsewhere.

LukeSeptember 13, 2006 1:09 PM

Bruce... A very old trick. I was a law enforcement officer in the mid eighties and there was a criminal ring that came to my town and used this exact technique. It is a social engineering trick, mainly. These guys (in the ring) got so bold as to do it to big named stores (won't mention any). They would repeatedly make the alarms go off (sometimes several times a night) for weeks, until law enforcement ignored it, and the store managers turned them off. In the end, I know of one big named stored who had a rental van full of high $$ items walked out of the store at 3 am in the morning.

MithrandirSeptember 13, 2006 2:11 PM

@Ron

Wireless would make a great backup system. You don't need to keep the line live all the time, just use it to signal the alarm when the sensors trigger, and the phone line is down. You could probably do it with a pre-paid plan, so you didn't have to pay for regular service.

Still could be jammed, but if you have the resources to cut arbitrary wires and jam radio, you can defeat any remote monitoring system on earth. On-site security is the only real remaining option.

Clive RobinsonSeptember 13, 2006 2:14 PM

This is just one of the reasons I argue that man is preferable to machines when it comes to security decisions although from the story the Police failed on this occasion (I suspect though the store owner/key holder would have been called so it was more likley their failing).

Attackers quickly find out the weeknesses of security systems and out evolve them (think CCTV systems that work initially then the Hoodies come in to carry on as before).

I know of one set of PC Memory&CPU thieves back in the last century who used to randomly trigger alarm systems over a considerable period of time. The Police the alarm company technicians and eventually the target organisation came to the conclusion that the alarm system had an unknown fault.

The night the thieves found that the alarm nolonger went off was the night the started carefully planning to rob the place.

The thieves where caught due to pure fluke a Police officer concluded that there was an insider involved, and noticed that a cleaning company appeared often in the victims list of contract staff. Apparently one of the employees of the cleaning company had previous and was investigated. Although they where not involved just by chance they knew one of the theives in the gang and apparently gave them up under questioning.

Joe BuckSeptember 13, 2006 2:21 PM

To Anonymous:

Everyone already ignores car alarms because of their huge false-positive rate. When I hear a car alarm go off at night I curse the owner for having a car alarm, I'm not particularly concerned about auto theft, because 99.9 times out of 100 it's an alarm malfunction.

averySeptember 13, 2006 2:50 PM

I want to see the interpretive dance explaining this scheme set to Prokofiev's Peter and the Wolf.

derfSeptember 13, 2006 2:58 PM

Security through obscurity actually works here. If your home doesn't look like it should be in Beverly Hills, and you don't drive a Ferarri, your home should do fine with a simple alarm. Just as malware writers prey primarily on Windows, criminals will go find the bigger targets with more obvious $$.

Gary in DCSeptember 13, 2006 3:05 PM

@Clive Robinson

Then again, humans can make big mistakes; cf the Isabella Stewart Gardner museum theft from 1990. Here, fake cops convinced the guards to open up the door.

In college, I worked overnight "guarding" a museum - the traveling exhibition sponsors insisted upon a human presence 24/7 - but I could neither go anywhere (the usual practice was alarms only) nor do anything even if something happened. Just got to sit there in a kind of weird environment from 7 to 7. Got paid well, at least, for playing my part in security theater. And watching the clubgoers make out on the loading dock (they didn't expect anyone to be there, I guess).

Then again, I wasn't trained, so who knows what I would have done if someone knocked (actually, my only instruction was: open the door for no one).

Which raises the broader point: creative malicious agents can typically take advantage of predictable defenses, or predictable responses to stimuli. The good news is that making responses creative/unpredictable only has to raise uncertainty to a level that malicious folks have too high a level of uncertainty to take the chance.

Here, one would hope that a good security company, rather than throwing up its hands "don't know why this is happening," would at least leave behind a low-budget backup security system after investigating a malfunction. That way the bad guys can't just walk in, and if the backup isn't predictable, they don't even know what to expect if they do.

milesSeptember 13, 2006 3:21 PM

Yet another variation (from short lived TV show Heist). Trip the alarm several times in one night to really give the good guys reason to beleive malfunction. Keep tripping until they no longer respond.

wkwillisSeptember 13, 2006 3:55 PM

You can contract with a security company for a security guard to stay on site till they fix the alarm. I've done store construction sites frequently where the alarm system wasn't functioning because they were rewiring.
If you don't spend the money, you don't get the security.

arctanckSeptember 13, 2006 4:09 PM

Old trick, not at all jazzy, but one that works. If a robber is not choosy, with a bit of patient, he can probably live on doing this kind of crime. So how do we fend off persistent robbers? I can see that even if nobody is poor, when basic needs for everyday living are taken care of, theft or robbery will still exist, but surely tackling poverty is the best way forward, to reducing crime?

Kevin DavidsonSeptember 13, 2006 4:12 PM

It would seem to me that if you had an alarm system "failure", that would be the time to go on your highest level of alert until you were assured that it was 100% functional again.

Aaron LuchkoSeptember 13, 2006 4:30 PM

I can think of one solution that would help against a large class of these attacks. If your alarm has been going off repeatedly (suggesting someone may be planning an attack of this kind) set the alarm to only activate after several minutes of being continually set off, ideally going off as a silent alarm. Not only do you have a better chance of catching them but once criminals become wise to this counter-measure many will stop with this class of attack.

JohnsonSeptember 13, 2006 5:10 PM

@arctanck
"surely tackling poverty is the best way forward, to reducing crime?"

If you are saying only poor people are criminals, you are quite misguided.

If you meant to say society should strive for equality, such that one person does not have more than another, Karl Marx had similar thoughts.

derfSeptember 13, 2006 5:20 PM

@Aaron Luchko

Your solution reminds me of a network management system problem. How many alarms or how long has an alarm been sounding before alerting?

Maybe there's a market to hook up openview to your security alarm.

phesslerSeptember 13, 2006 6:33 PM

@Kevin Davidson

ironically, the exact opposite happens. the victim disables the security, then acts as if the security still exists. its a common mistake that people make.

the evil overlord list has a perfect example of this: treat every monitoring failure as a full-scale attack. if you do that, you will fix and prevent monitoring failures. and the few that are triggered by attackers will be defended against.

Cecil TSeptember 13, 2006 7:09 PM

Some comments above mention wireless / cellular backup systems and ask if that would work or say it wouldn't. This technology does exist and it's not that expensive.

At work we have an alarm system where the alarm provider installed a cellular backup (the cost is included in the alarm monitoring, we don't pay any cell phone bill). Also most (if not all) alarm systems also have battery backup. So somebody would have to both cut the phone line and jam the cell phone signal (continuously) to prevent communications. And there would be nothing to "smash" to disable the alarm system unless you've already penetrated the building physically (at least 2 sets of locked doors in many cases).

Also note that the police aren't the only ones contacted - there is one or more company contacts that the alarm company calls. So somebody could physically stay at the premises until the problem is resolved.

So as usual, nothing is going to be perfect, but I would think a cellular backup is a very useful layer in preventing this type of attack.

RogerSeptember 13, 2006 7:27 PM

@rich:
> ...the regent had enough of being awoken so the alarm was turned off. The buglers then went to work.

So did the buglers manage to wake him up? 8^)

RogerSeptember 13, 2006 7:46 PM

The burglar alarm industry is interesting, because it illustrates the practical solutions arrived at by a mass-market, cost-pressured security industry that is constantly under assault by skilled opponents, and has been for more than a century now [1]. A lot of the attacks that amateurs come up with have actually been tried long ago, and there are already countermeasures in place.

Re doing this to a "big named store":
This denial of service type attack is effective against a small business because once the alarm is disabled, they have very few resources to fall back on. Basically the shopkeeper's only option is to sleep in the shop with a shotgun across his knees, which is a bit extreme unless you are confident that it really is an attack in progress. However for it to work against a large department store is inexcusable. On all large premises the SOP should be (and usually is) that if the alarms have to be disabled for any reason, a security guard is immediately hired and stationed there until service is restored. They also do this for things like, e.g. window breakage or defective locks, and there are security firms who specialise in providing guards at short notice for just such purposes.

Re putting a cat/bird inside:
Most (probably all) modern alarm systems are "zoned", with even the smallest domestic systems separating internal sensors (now often exclusively PIR) from perimeter sensors (e.g. reed switch, glass breakage detector), which are again separate from "24 hour zones" (mainly fire alarms, anti-tamper switches, and "panic buttons"). The usual reason is so that a custodian can be inside without completely disarming the system. However it also means that an (apparently) defective sensor can be switched out without disarming the whole system -- a fine example of defense in depth. The main problem at the moment with these sorts of systems is that the user interface (crammed onto the tiny little face of the control panel) makes programming a VCR look like child's play. However, they are getting better. Recent models for the domestic market simplify things into a couple of modes (e.g. "Away", "Home, Armed" and "Disarmed"), and enable one-button bypass of a faulty sensor.

In addition, more modern PIRs are capable of distinguishing between a human being and smaller animals such as a cat or dog. Not only does this reduce false alarms, but it means premises can be simultaneously protected by an alarm and a dog.

Re wireless alarm circuits:
Wireless alarm circuits are already quite common, although they are still too expensive for the cheaper domestic systems (adding perhaps $600 to the price tag). Generally they are an add-on option, i.e. it normally uses the dedicated phone line but automatically switches to a wireless system if the phone line is dead. Most that I have seen use GPRS. The advantage is that while GPRS is quite expensive per megabyte, you only pay for the data you send and the bandwidth requirements of a burglar alarm are tiny, just a few bytes per report. Some recent wireless modules send SMS messages instead. Another adavantage of either SMS or GPRS is that it is technically complex to jam a cell phone signal without shutting down all cell phone access in the area, something which would result in an immediate high alert.

Re attacking power lines, and physical destruction of alarms:
These attacks are so obvious it should not be any surprise that countermeasures have existed for decades. Every alarm system on the market today is either battery backed off the shelf, or at least includes it as a standard option. Some use packs of rechargeable Ni-Cd cells but 12 V SLA is more common. In typical modern units the off-the-shelf battery backing may be designed to last a little over 24 hrs. The optional modules allow you to add whatever capacity you see fit; a $50 SLA battery may last more than a fortnight.

Physical destruction is met with by a combination of three factors. Firstly, the alarm controller is within its own protected perimeter. Thus, it will already have raised an alert to the monitoring centre by the time the attacker reaches it. If that alert is immediately followed by the unit going dead, all the intruder has succeeded in doing is confirming that it is a real attack. However, destroying the controller might at least stop a local siren quickly, making it less likely that neighbours will respond. To defeat this, the siren does NOT stop when the controller goes dead, in fact the siren detects a dead controller as an alarm condition! Finally, the siren itself is usually self-powered, armoured, and mounted in an inaccessible location; thus destroying the siren--while not especially difficult--will likely take longer than just waiting for it to time out. Certainly any time the thieves spend attacking the siren would have been better spent stuffing their swags with loot and leggin' it.

Ability to detect the phone line being cut is also a pretty standard feature.

Re destroying phone access over a wide area to facilitate burglary:
This actually happened in a neighbourhood where I grew up, long enough ago that cell phones were still pretty rare. The thieves knew of a poorly secured access pit at a local branch exchange, and took to it with a chainsaw, severing thousands of phone lines. (Later repair costs were immense.) However the police inspector on duty was a reasonably bright chap who instantly figured out what this meant, and responded by flooding the area with every available foot and car patrol, on instructions to assist citizens reporting fires and medical emergenices, as well as to keep an eye open for burglaries. One officer saw a blue light flash for a few seconds at a business premises, the flying squad pounced, and a gang of burglars was apprehended, complete with a rather blunt chainsaw with plastic and copper in its teeth.


____
1. In 1906 Mark Twain wrote an amusing essay about a rather defective burglar alarm; see
http://ths.gardenweb.com/twain/alarm/

RogerSeptember 13, 2006 8:30 PM

@Aaron Luchko, derf:

Exactly this sort of analysis already occurs with monitored alarms. It is fairly easy to tell the difference between a faulty sensor and a burglar when you can watch the trail of signal pulses as he moves from room to room! Thus, monitoring systems do largely defeat DoS attacks, or at least make them far more difficult.

If there is any doubt, a monitoring station also has the ability to simply phone the premises; this can easily distinguish between a burglar and a legitmate custodian who forgot to disarm the alarm. High end systems sometimes supplement that with CCTV (obviously not so popular for domestic alarm systems!)

However, that is why the current version of the attack involves cutting the phone lines. If there is no wireless backup, the monitoring station gets exactly one bit of information from a cut line, which makes it impossible to do a sophisticated analysis.

I think that phone line + monitoring + wireless backup almost completely defeats this sort of attack. So long as either of the comms channels is open, you can do a sophisticated analysis of the signals and thus distinguish between false alarms, harrasment alarms, and real attacks. On the other hand the odds of both signal paths accidentally failing simultaneously is so low that it can safely be assumed to be an attack.

@Professor Anderson:
> What struck me about this news item is that it's so downmarket. In the old days, this sort of trick tended to be used just by the highest grade of villain - the guys who robbed bank vaults and jewelry stores

Might it not simply be that more and more small businesses are getting monitored alarms? After all, the actual skills to mount the attack are not particularly sophisticated (these burglars apparently tried to identify the correct wires to cut, but it would be simpler and surer to just put a hatchet through the whole bundle).

In fact alarms are so common nowdays that to be a burglar you are either going to be restricted to low income dwellings, or else you will need some kind of attack on alarms (even if it be simple smash-and-grab).

Meanwhile, armed robbery is just as simple as it ever was so the law of unintended consequences says more people will get shot.

billswiftSeptember 13, 2006 9:15 PM

Steve Perry used this idea in his first novel, "The Man Who Never Missed" in the 80s. His character did it during a thunderstorm, so the alarm going off repeatedly was attributed to electrical interference.

arctanckSeptember 14, 2006 4:05 AM

@johnson:

Yup, in essense reducing the gap between the rich and the poor is what I meant. Thought about mentioning Marxism, but I'm a bit cautious. Raising everybody to a level where basic needs (maybe absolute minimum, so that people still have reason to work hard) are no longer an issue then it should help reduce crimes stemmed from desperate people. You are absolutely right that crimes are not all caused by poor people.

constellationSeptember 14, 2006 6:59 AM

Taken from
http://ireland-fun-facts.com/russborough-art.html

An incident in Ireland known as the Beit robbery is an example.

Then in 1986, a far larger robbery, at least in terms of value, was staged by Irish gangster Martin Cahill. Mr. Cahill was a brutal but “colorful��? character (according to several writers) who’s since been portrayed in three movies. He and accomplices cracked open a window at Russborough to set off the alarm. The gang hid in the bushes and watched the police arrive, take a look around and then leave, assuming they’d responded to a false alarm. With the coast clear, the thieves pounced. Cahill and friends made off with 18 paintings valued at more than $30 million.

Kees HuyserSeptember 14, 2006 9:26 AM

On october 10th 2006 a gang managed to sabotage a network station of KPN (a dutch telecom provider). This resulted in the failure of telephone, data and alarm systems of about 100 companies in the Trade Port West Industrial Area in Blerick (Venlo, the Netherlands). The burglars then made off with hundreds of thousands euro's worth of goods from the DHL depot in the IA.

http://www.nieuwnieuws.nl/archives/2006/09/... [in dutch]

TomInOhioSeptember 14, 2006 3:04 PM

About cutting the power line... that will trigger a notification to the monitoring center, and when the owner notices the power was cut, perhaps intentionally, it may cause more alarm than other techniques on here.
Secondly, I know that many alarms are installed with batteries. The last time I looked at one of the batteries it was the size of a motorcycle battery and could drive the alarm for most of a week.

Craig IngramSeptember 14, 2006 6:38 PM

I sent this along to my Dad, who works in the (physical) security industry and he said this is pretty common and exactly why they've been selling radio backup systems for years!

Little BuffaloSeptember 15, 2006 6:14 AM

The first time I heard of something like this was when I was a kid and saw the 1966 movie How to Steal a Million.

For those that don't know Audrey Hepburn hires a man she thinks is a burgler to steal a statue from a museum that her grandfather had forged.

The burgler comes up with the idea of using a boomerang like toy to constantly set off the electronic eye security system until the guards in the museum turn it off.

Funny movie.....Probably be banned now for giving ideas to terrorist......

JasonSeptember 15, 2006 8:25 AM

How do the cops identify keyholders?
I don't understand why someone couldn't set it off after gathering counterfeit identification to appear to be the keyholder. Either waylay the real keyholder or wait until he is out of town, then trigger the alarm, wait a few minutes elsewhere, then make a show of driving up pretending to be alerted by the alarm company. Thank the cops profusely, do a little engineering like ask them about false alarms, etc., then wait 'til they drive off to signal buddies parked a couple blocks away.

CliffSeptember 15, 2006 4:59 PM

@Jason
We'll assume your attacker has copied keys (or is using bumping). Major alarm companies (serving big box retailers) have a method to distinguish real codeholders. If the alarm goes off, it continues to go off until the code is input. The cops show up, wait for the manager. Manager opens store door, then has to turn off the alarm with a code. Managers are usually trained not to write down the code, thus 2-factor authentication.

@All
An interesting tidbit: For hold-up protection, all authorized code holders are given a card with a "security code". If Joe Robber is waiting outside the store at night, he forces the manager to disarm the alarm. This automatically sends a silent alarm to the monitoring company. They call the store to verify, which requires a big long code on a card in the manager's wallet. If Joe knows this, there's another safety measure. If you read off the code as written, that's an indication the manager is in trouble. The manager either leaves off, adds to, or modifies the code in some way when the monitoring company calls to prove things are okay.

I've worked Loss Prevention in a big box store, so I know most of the in-store physical security and anti-theft measures (and the ways around them). But one of the things that's securely designed is the alarm system.

jenysfm mingSeptember 24, 2006 11:01 PM

Dear Sirs:
Have a nice day!
We have the new version car alarm system.(GSM car alarm system)
Mobile phone control car alarm system is latest high-tech products
inosculate the GSM net digital mobile communication technology and car
alarm
system techonology.
Firstly,let me introduce our company to you.
This is Guangzhou Tianjian Co.,Ltd. Our company located at the
Guangzhou City of China. This is a hi-tech corporate in the line of
anti-theft alarm system’s R&D, design, manufacture and distribute
since1996.
We have experienced hi-tech R&D team composed of Doctors, masters and
undergraduates.
The process of our product adopted the SMT of Japan. We use the
strict ICT inspection to assure you that you can lay on us on about the
quality.
GSM car alarm system is our main products,
By now we have 3 type for choosing:
1��?Common type for any car using GSM car alarm system.
2��?A special one just for the car which had already install the car
alarm system. upgrade GSM car alarm system.
3��?Common type GSM car alarm system with remote start function by
control with the mobile.
functions characters:
GSM=one way car alarm + two-way car alarm + mobile control system to
control your car wherever you are in the world any place.Ⅰ��?Three
Channels to Control
1��? Remote control (arm/disarm/Open the tail tank)
2��? Phone control (arm/disarm, oil/power cut off, seek the car,
monitor)
3��? SMS control: (arm/disarm, oil/power cut off, seek the car)
Ⅱ��?Three Types Alarm
1��? Real siren alarm
2��? Call the owner alarm
3��? Send SMS to the owner alarm
Ⅲ��?Other Special Functions
1��? Central locking.
2��? Demolish the battery of the car, system give alarm by call.
3��? Whole course voice prompt.
4��? Anti-universal demoder.(set alarm by mobile, all kinds of remote
controls is void)

we hope our products and service benefit you.
Your early reply will be highly appreciated.
Best regards!


Yours sincerely Jason ming

Guangzhou Tianjian Co.,Ltd
Website:http://www.ejings.com
MSN:jenysfm@hotamil.com
E-mail:jenysfm@yahoo.com.cn

OfficerOctober 7, 2006 9:38 PM

Hi all
Very interesting.

I’ll screw things up even more.

First, some really good comments particularly Roger who hit the nail on the head.

I’ll comment on the refusal to attend as a result of repeated alarm activation first.

Responders usually have a fixed number of times that they will attend a premises in an armed cycle before refusing to go again.
Even private security will stop attending because the customer, who is being billed for each attendance, will instruct the alarm monitoring station to ignore any further events.
As has been pointed out protection against this risk is provided by the ability of modern systems to individually identify each detector to the monitoring station.

Problem one.

In a large number of cases the monitoring station has not been provided the zone information by the alarm installer.
This results in incomplete information being provided both to the client and the responder.
i.e. activation in the office area zone 5 rear door reed switch is identified as “activation office��?.
When it reoccurs an hour later it is not unusual for the client to instruct the monitoring station to ignore it.
When, an hour after that the offender enters the building causing activation’s:

Zone 5 rear door reed
Zone 4 Rear PIR
Zone 3 Centre PIR

The alarm monitoring station only decodes “activation office��? and has an instruction to ignore it.

This lack of information also leads to other problems that are exploited by smart burglars.

Problem two.

Shoving animals into a building.
This happens.
And unlike the scenario above, an animal will trip multiple detectors effectively forcing an ignore everything instruction.
The only defense is to ensure that the premises is secure at close of business.
The burglar cannot shove a cat through a window if it is secure.
Think seriously about having a security patrol check you premises after you close.
On average I would find 3 or 4 insecure doors and half a dozen insecure windows a night.

Problem three.

A lack of detectors.
Some cheap alarm installations fail to provide sufficient protection.
Often protection for a large area is provided by a single detector or a combination of detectors that can be worked around.

Example one. The office is protected by a single 360 passive infra red detector (detects motion).
This faults and has to be bypassed. Area now has no protection.
A local ***** noticing the alarm has activated three time in the last hour and suddenly stopped doing so after the third attendance by the security patrol, pops the door and sees what happens.
No alarm occurs.

Example two. The office is protected by a single 360 passive infra red detector (detects motion) “cross zoned��? with the PIR in the hallway to the warehouse.
Cross zoning is a false alarm prevention technology that requires two detectors to violate before an alarm is reported. There are not two detectors in the area.
It works brilliantly provided the alarm installer thought about it before enabling it.

Example three. Same as two but motion detector is cross zoned with another different type of detector in the area i.e. glass break detector.
Offender didn’t break the window, he removed it.

Access control systems.

If you are relying on an access control system to protect your premises make sure you are very well insured and have a plan in place to continue your business after arriving at work and discovering you have a totally empty building.
They will strip it.

Also ensure that you do not have any confidential information on site as persons working for your competitors will gain entry and copy it and you won’t know.
Well at least not until your business fails as you are unable to innovate because you competitor is always one step ahead of you.

Buy an intrusion detection system.

Continued

OfficerOctober 7, 2006 10:57 PM

Line cut burglaries

First.

These are at present relatively rare but tend to involve significant loss.

Available defenses.

Fixed line – this is a permanent landline connection to the alarm monitoring station.
Fixed line is expensive and can be worked around

Radio transmitter
Range from cheap to expensive.
Cheap versions are fairly easily interfered with.
Expensive trunked radio based systems are very secure.

Cellular systems

SMS transmitters. Reliable and cheap. Widely used in Europe.
Require very little installation time.
Usually have a limited transmission capability and are only intended as an emergency back up to a landline.

Cellular communicators.

Capable of transmitting all alarm signals using a cellular voice connection.
Expensive to purchase, install and operate. Can suffer from transmission problems due to connection quality or poor aerial installation.
Viable alternative to using a landline.

Internet protocol monitoring.

This is the security industry “new��? fix to the line cut problem.
By using an IP connection the alarm monitoring station is able to regularly poll the alarm panel and detect a line cut within minutes.
Appears to be targeted at the major loss burglaries that take extended periods of time.

Ok that’s the technology, now the practice.

Burglars do not cut a phone line and then enter the premises.
That would be very risky and they avoid risk like the plague.

They cut the phone line and then depart leaving a colleague nearby to watch for a responder.
If no response occurs they know the premises was solely dependent upon the landline to report an alarm condition and they can now safely clean the place out.

If a response does occur, they know that the premises has a wireless transmitter and should they subsequently enter the premises (after the responder has departed) a burglary event will be transmitted to the alarm monitoring station and responders will again attend.
Worse for the burglar, a burglary event following a phone line failure is the equivalent of a huge flashing neon “Place is being burgled��? sign to responders and will result in a huge response.
At present if a responder arrives the burglars go elsewhere.

Note. I have ignored fixed lines as the expensive of them means that only certain types of premises use them. The burglars know what has fixed lines and that due to the extreme risk factor a line fail will result in security or Police remaining on site until it is fixed.

The future (which has already arrived).

IP monitoring screws everything up.
At present if they cut a phone line and a response occurs the burglars know the alarm is still able to communicate with the monitoring station.
The introduction of the “magic fix��? IP monitoring changes this.
Because IP monitoring is still dependent upon a line (whether phone or fiber) it can be cut.
Yes, the monitoring station will become aware of the line cut as a result of a failed poll but the poll is initiated by the alarm monitoring station, not the alarm system in the premises.
As a result, ALL the alarm monitoring station can become aware of is that they alarm system is not responding to polls.

Yes, a responder will attend.
Yes, the burglars colleague will observe the response occurring.

No, the burglars will not go elsewhere.

The burglars have not established whether the alarm system is capable of communicating a subsequent burglary event to the alarm monitoring station.
All they have established is that somehow the alarm monitoring station became aware that the alarm system stopped communicating.
The burglar will wait for the responder to leave an then cause a burglary activation to see if the responder returns.
If he doesn’t, and if the premises is solely dependent on IP Monitoring meaning the alarm system cannot communicate with the alarm monitoring station, he won’t the burglars are in and strip the place.

As IP monitoring replaces conventional landline based monitoring over the next decade (big sales push coming to an area near you soon) the SOP of line cut burglaries will change and IP monitoring will be no more effective at preventing line cut burglaries than current landline based monitoring.

Note: Despite the claims of fixing the line cut problem it is very interesting that companies rolling out IP monitoring equipment are simultaneously introducing new SMS transmitters.
It is suspected that IP monitoring has much more to do with reducing costs for alarm monitoring stations(1000 phone line rentals at $100 a month each replaced by a couple of internet connections) and allowing free transfer of alarm data world wide (outsourcing) than risk reduction.

But there is even worse news.

The security industry is finally crawling into the 21st century with the introduction of automated dispatching systems.
At present often the longest delay between an alarm event occurring and a responder arriving at the premises is the time it takes for the alarm monitoring station to react to the notification of the alarm event.
Second is the delay caused by clients who insist the alarm monitoring station get their permission to respond a patrol.
The burglars are well aware of these delays and exploit them.
In particular they exploit them to repeatedly burgle the same premises.

The introduction of automated dispatch systems that can differentiate between alarm events likely to be a burglary and those likely to be false alarms (following a (usually) security patrol supervisor sitting the client down after the second, third, forth burglary, and explaining why ringing them first at 3am is really not a good idea) is completely eliminating these delays.

Companies using these systems can regularly have patrol cars at the client premises in less than three minutes of the alarm event occurring.
Not a lot of time to do a burglary. Worse, because patrols are mobile there is a real chance the nearest is just around the corner and he will be know the burglar broke the window 15 seconds after he did it and arrive just as he climbed through it.

The problem. Those companies that are now using automated dispatching have experienced a jump in the number of line cut burglaries.
The burglars have realized that the old, kick in the door grab stuff and split type burglary is too risky and the only safe way is to take out the phone line first, every time.

Line cuts are going to become the norm and worse luck people are only going to realize after spending $500 to upgrade their alarm system to IP monitoring that IP doesn’t solve the problem.
An then they’ll have to spend another $500 on an SMS or cell transmitter.

dennisDecember 28, 2006 1:38 PM

in some jurisdictions in the US, particularly NJ, the shop owner gets charged for anything over 2 false alarms by the local police for their response

gracieFebruary 6, 2007 2:30 AM

A cop after me breaks every security code I have on my alarm Brinks and breaks in just to move stuff and harrass how is he doing this?

kamikazealarmtechFebruary 7, 2007 12:38 AM

Reading this thread has been very amusing.
1st off I've been in the biz since 96' and have thought how can I make this installation defeatproof?
The answer is you can't.
The avialable technology used in the alarm industry in no way can be compared to computers or cellular phones; the assembled components have to..
1 - Must electronically work together in a large variety of environments with integrity
2 - have to utilize several hundred or miles of cabling (that little heathkit clapper you built in 8th grade industrial arts class pales in comparison for reliability and EMI interference and let's not talk about UL listing)
3 -Most electronics today have a planned failure date (your cell phone you have in your pocket isn't more than a 1-2 years old, why it is high tech but will just stop working) a properly installed alarm system will give you 12-15 years of service before upgrading to a new system (generally because of convenience features)
I've replaced 20 yr old systems that still worked great, on the otherhand a poorly installed/designed system is totaly worthless and I generally recommend a full reinstallation unless you like false alarms; my point is we are talking about a class of life safety equipment that serves a specific function, which leads me to a major point....the electronics are just 1 part of your security!!!
By having your building properly surveyed you will get rid of the physical attributes that make your building easy to break in.
ei...block up that window to the storeroom next to the back dimly lite loading dock, or plant thorny bushs in the landscaping near the front windows (remember criminals aren't only stupid they don't like to do a lot of work to steal!! otherwise they would just get real jobs! like doctors, lawyers and Enron CEO's and do it legally!)

The other parts include a good alarm company dedicated to customer service and who is available at 3am and helps the responder bypass the suspect zone whilst leaving the rest of the system enabled.

ip communications are actually extremely fast!! (under 100miliseconds) before step through the door the alarm has tranmitted around the world, but ip is susceptible to a data attack and isp shutdowns (which by the way can maintain connectivity via cable, telcom, wireless providers, cellular data or satellite uplink)
The biggest advantage is to back up your network structure with a UPS and poll multiple monitoring facilities every 30 seconds; any loss of phone lines can be transmitted over the backup IP solution before they jam the wireless and vise versa. The beauty of it is that the perpetrator doesn't know what is in place. oh yeah most good phone companies land the d-mark in a pbx/telcom equipment room, not hanging on the outside of the building like your house.
If all else fails Move to somewhere with less crime, business can't be that good.

secret shopperFebruary 27, 2007 2:21 PM

the phone line cut is the prefered choice
to burglary you can tell if it works in 30 min are less if they respond they will not come back they will move on the only way to detour the person is to have the cell back up if the person has jamming cap. ther is not much you can do to keep safe

SniperMarch 4, 2007 11:46 AM

Just stumbled across your site and very interesting it is to! Well done Bruce.
I notice this is an old thread but still seems to be active enough for comment.

Maybe the rules and regs are different here in the UK but it's a fact that police will not act on any alarm that is unconfirmed. ie. there needs to be dual and separate signalling back to the alarm receiving centre (ARC) confirming the original alarm.
Many years ago, well before the days of the original post, high value premises used to have a direct single link to the police and events like the one described were all too common. If the thieves couldn't find the telephone link, they simply put petrol down the nearest telephone manhole, set fire to it and took out everyone’s comms....After a while the police never bothered responding to the constant 'false' alarms and the premises were actually more at risk because of the alarm than without it....

Nowadays the security industry pretty much demands that the second path is radio and this is normally polled regularly by the ARC to make sure it's in constant contact. If it can't be contacted then this is investigated immediately.

Depending upon the alarm manufacturer's design, this second path can be via SMS, GPRS or dedicated data networks such as Vodafone's X25 Packet Radio Service (Paknet).

There are theoretical concerns with some of these technologies (eg. SMS should never (ever) be used for mission critical applications as there is no guarantee of delivery. Likewise, GPRS can potentially suffer in times of heavy voice traffic), but as the police will now only respond to an ARC's request (after all, they maintain and monitor the system), the original foiling problem of cutting the line has all but disappeared.
If someone is determined to gain access they will, regardless of the James Bond style security employed. The greatest risk for the majority is from the semi-skilled opportunists who think they have everything covered; having a monitored radio path for the second link means this element is pretty much fully protected.

With broadband in virtually every location IP is making an appearance within the security industry but mainly for remote monitoring of the unit, not for a secure path. Applications via 3G are still being developed but will surely make an appearance in the near future.

Hope this makes some sense, and thanks again for an interesting site - where's my Sunday afternoon gone to?!

daveApril 12, 2007 9:49 PM

fuck the alarm kick the doors off or smash the window grab you desirables and leave long before the police arrive

Dick in PRMay 6, 2007 2:22 PM

When a tow truck parks for the weekend and its own alarm malfunctions for three days and nights waiting to be turned off, what can local security do besides try to locate the owner?
CAn the hood latch be mechanically releasesd to get the the battery cable negative toground to shut it down?

Or is the hood latch locked inside?

JasonJuly 31, 2007 8:09 AM

The "trick" of cutting the phone line and waiting for the cops to arrive is almost irrelevent today. From the 1930's through the 1990's alarm companies leased dedicated phone lines from the local phone company, which transmitted a continuous voltage , or an audio tone from the alarm location to the alarm company's central station. When the line was cut by a burglar, the interruption of the tone or voltage would cause an alarm at the central station. With this old system, cutting the line, and coming back later might have worked, because it usually took the phone company 24 hours to repair the line.

Today, it is even easier to beat some alarm systems, because a large number of the mass marketed "free" alarm systems use a telephone dialer to dial the alarm messages to the central station. If the phone line is cut, the alarm will not dial anywhere.

There are more secure systems available, such as those sold by Guardcom and others, that use a cellular radio to signal the central staiton. The cellular method of alarm transmission has been around for years, but the cost of cellular systems has dropped dramatically in the past few months, and now there is no reason not to use a cellular alarm system.

aanonymyssSeptember 17, 2007 12:27 AM

i heard somthning that people are frying alarm systems even with cell backs by running a certain amount of amps through the telephone wires?? it sounds crazy but now a days anything is possible??

JohnNovember 12, 2007 11:05 PM

I think using the combination of a traditional alarm and video surveillance would reveal someone tampering or false alarms.

riflemanMarch 9, 2008 12:58 PM

Just getting into this. In our rural locale in the US the number of meth-addled wackos busting into homes when the folks go off to work (esaaily determined after just a day or so of observation) is growing in frequency all around us. The rural nature of our surrounds actually encourages the situation as the next-nearest farm home is perhaps 0.5km away. These "MH"s (meth-deads) are also potentially dangerous as their moral compass is off its gimballs, and they might just as likely smack you or your wife, who came home unexpectedly for lunch, upside her head with that jimmying crowbar they brought along. Frankly we don't even bother to lock the doors; it will just cause more damage to be paid for later.

Well, the cut phone line eliminates that idea. I have an inexpensive Radio shack system that utilizes various wireless sensors, and wondered also about installing one of the latest IR illuminated "game cameras" that Cabela's sporting goods sells, to silently photo the "perp". The cell-phone based call up is a great idea but frankly to pay the monthly fee for the possibility of an attack intervention, say, once in 5 - 10 years, isn't cost-effective. Doesn't anyone use the US (and Euro?) FRS radio system (these little handheld Motorola-type handies) to call someone somewhere? Or can the cell phone companies offer a per-call charge when/if the system is activated? Even if it were say $25/call it would be worth it, especially if the call goes out only if the various cross- checked inputs are received (motion plus trip plus???).
Why is there such a gap in the availability of such a simple system. We landed guys on the moon 25 years ago, furChrys-sake! Seems that there would be a great market for a logically simple system. Perhaps it wouldn't defeat a truly techno burglar, but for the MHs, it would certainly be effective in moving these guys down the road.

As an afterthought, seems that just a big old noisy high dB (150+?) siren in an inaccessible position and that doesn't go off until, say 3-5 min after the break-in, for maximum disruption, would work well?

Questions questions. Who has simple answers?

ArielApril 16, 2008 2:48 PM

Defense in depth is a must. Just an alarm system doesn't cut it. Windows and doors must be hardened. A good dog is handy. Etc. etc.

Smash and grab type perps will be dissuaded.

The real pros cannot easily be stopped. That's what insurance is for.

ardy June 19, 2008 4:43 AM

if a burglar cuts the phone line before the business owner activates the alarm, wouldnt the monitoring station detect the problem?

joyful:-)October 14, 2009 10:36 AM

Grt site, but line snipping is older than I,anyone educated on Jmn.signals on bckups? Please tell!!!

jomiDecember 2, 2009 6:34 AM

There are easy steps to follow in order to insure that the triggerd alarm reach the intended destination (monitored phoneline, backup cellular line, monitored ip and radio link, ups powerd system and the list goes on).
If cutting the phone line and power does the trick, you have been fooled, more serious security companies would ensure at least 3 differnt kinds of backup plans to make sure that the system would still be running, and the triggerd alarm would reasch it's destination.
Ad video analytics to the system, and you would get a much less freqvent false alarm ratio.

There are ways to stop even pros

ATMDecember 19, 2009 6:33 AM

I probably set the record for the most ATM machines ever taken, I also am close to the most safes taken or cracked. I have read some of the very interesting points made and will comment on several and let you see how I see it from the other side.

Security is a falseness that prevents crime.

A building has a valuable item that is the target. The building has an alarm a bump in the road. The valuable is in a safe. Two lines of security but what I have is no one expects me to be there. Playing field is even and I have time.

Bypass alarm with phone wires yes its outdated although I have had fake wires and I have had monitored wires.

Silent alarms and Siren alarms both are the same just takes longer to put some hedge clipers behind the horn box or rip it down in the building although no one outside ever hears these. The mercury switch is never set off on the outside horns with clippers or spray foam.

Cellular yes a scrambler takes those out so it is worthless.

Seen a few ham radio communicators but also bypassable.

Cable internet line easy and can be taken out.

Satelite is also easy.

Wheather plays a big role also and how it affects the communicators.

Now the safe you can freeze or burn or even pry.

I made a highly sensitive mic hooked it to a laptop and ran the sound through a spectrum analyser once works good on combo locks. Turns sound into graphical mesurment.

I have most of the blueprints to the alarms as well as specs and alarm companys prefs. I also have about all atm specs.


A few times on big jobs we watched the place found a lower level employee that opened called said we were the alarm company and got the pin and did the place with the pin provided by the employee that morning.

The only true way to be affective is to have a satelite perimitter from space or some thing of this nature. Pricy but effective whether permitting that is.


Anymore money in large amounts is electronic so you boys can take 5 on it and let the smarter criminals bypass the new age security. I worked at ibm and have backdoors to some billion dollar companys and some big finance institutions.


Look up early 90's in Iowa and surrounding states you will see my footprint.

ATM TheifDecember 19, 2009 6:39 AM

Also with cars the mircrowave sensors can be taken out with aluminum foil and cardboard placed on the windows. I also made a hack that runs through the freqs to open any garage door and disarm any car alarm. Security is a false sense of security for a man with a mind. Just think of the stuff I haven't said that will keep you really thinking.

jFebruary 17, 2010 8:34 AM

its a shame you dont live in my country! i could do with a fella who knows the stuff! couldve made some good money!

commonApril 8, 2010 4:29 PM

atm: id really like to hear more. it seems like your on a compleatly other level. ive been searching on line 4 info n nuthing i dont know.i consider my self to have avarage intelligence. but im the muscle behind the muscle. id like to hear more.

DavidAugust 5, 2012 12:49 AM

OK, I'll bite...

All these abstractly written fawning comments (@asheville computer just above being the most recent)...

Is this some kind of steganography? perhaps Bruce's blog is being used as a covert channel!

AnthonyApril 2, 2013 8:00 PM

what about the "mesh radio" to send signals to an arc it cannot be blocked in anyway if 1 path is blocked it finds another route it cannot be blocked or jammed at all its unbeatable by an intruder i have installed quiet a few for customers never any problems as it works of 230v and a battery back up able to support a radio up to 2 weeks independently.. the mesh is a back up to a hardwired phone line or gsm digi dialler its a sure fired way of ensuring all alarm signals are received and responded to another alternative is a remote cctv system where u can view images of intruder before he cuts the line because cameras can be set to motion detection once motion is detected a text/email can be sent to phone/laptop so intruders beware a shop/house owner can be alerted before an arc or police can be notified and be waiting for u to set off the false alarm signal around the corner with a nice round bat ready to plant it in your face you have been warned

flockamanApril 23, 2013 1:50 PM

Ok now can someone tell me how to cut off a commercial alarm ? If its possible.

flockamanApril 23, 2013 1:55 PM

Caint I just cut the wires to the main. Box with bolt cutters then take the back up battery out of the metal box& cut the phone line. Along with my cell. Scrambler.?

flockamanApril 23, 2013 2:36 PM

Caint they just cut the wires that go to the main metal box then take out the backup battery.

AaronJamesJuly 4, 2013 2:39 PM

In addition to light timers, a burglar deterrent CD or MP3 can be played to mimic home occupancy while the owner is away.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..