Attackers Exploiting Security Procedures
In East Belfast, burglars called in a bomb threat. Residents evacuated their homes, and then the burglars proceeded to rob eight empty houses on the block.
I’ve written about this sort of thing before: sometimes security procedures themselves can be exploited by attackers. It was Step 4 of my “five-step process” from Beyond Fear (pages 14-15). A national ID card make identity theft more lucrative; forcing people to remove their laptops at airport security checkpoints makes laptop theft more common.
Moral: you can’t just focus on one threat. You need to look at the broad spectrum of threats, and pay attention to how security against one affects the others.
Joe Patterson • April 30, 2007 1:18 PM
Evacuating in response to a bomb threat isn’t really that bad an idea (IMHO). It is one of many ways a burglar could make sure you aren’t in your house. The problem is having a house that isn’t sufficiently resilient against burglars when there’s no one home. Prune that limb of the attack tree against your house, and it doesn’t do them any good to call in the bomb threat.
(of course, you can’t actually prune that limb completely, but you can modify the leaves sufficiently that it becomes too expensive a proposition for the reasonably expected return on burglary)