The Story of the World's Largest Diamond Heist

Read the whole thing:

He took the elevator, descending two floors underground to a small, claustrophobic room–the vault antechamber. A 3-ton steel vault door dominated the far wall. It alone had six layers of security. There was a combination wheel with numbers from 0 to 99. To enter, four numbers had to be dialed, and the digits could be seen only through a small lens on the top of the wheel. There were 100 million possible combinations.

Power tools wouldn’t do the trick. The door was rated to withstand 12 hours of nonstop drilling. Of course, the first vibrations of a drill bit would set off the embedded seismic alarm anyway.

The door was monitored by a pair of abutting metal plates, one on the door itself and one on the wall just to the right. When armed, the plates formed a magnetic field. If the door were opened, the field would break, triggering an alarm. To disarm the field, a code had to be typed into a nearby keypad. Finally, the lock required an almost-impossible-to-duplicate foot-long key.

During business hours, the door was actually left open, leaving only a steel grate to prevent access. But Notarbartolo had no intention of muscling his way in when people were around and then shooting his way out. Any break-in would have to be done at night, after the guards had locked down the vault, emptied the building, and shuttered the entrances with steel roll-gates. During those quiet midnight hours, nobody patrolled the interior–the guards trusted their technological defenses.

Notarbartolo pressed a buzzer on the steel grate. A guard upstairs glanced at the videofeed, recognized Notarbartolo, and remotely unlocked the steel grate. Notarbartolo stepped inside the vault.

It was silent–he was surrounded by thick concrete walls. The place was outfitted with motion, heat, and light detectors. A security camera transmitted his movements to the guard station, and the feed was recorded on videotape. The safe-deposit boxes themselves were made of steel and copper and required a key and combination to open. Each box had 17,576 possible combinations.

Notarbartolo went through the motions of opening and closing his box and then walked out. The vault was one of the hardest targets he’d ever seen.

Definitely a movie plot.

Posted on March 12, 2009 at 6:36 AM81 Comments


Frank March 12, 2009 8:06 AM

Having been peripherally involved in the security system where I work, I couldn’t help notice that the featured three ton door was penetrated with the help of a simple, but critical design flaw.

The magnetic sensor, which is how the system determines if the door is open or closed, was able to be bypassed because it had been installed on the insecure side! This is a simple rookie mistake, that one of the most secure doors in the world (allegedly…) had dead wrong in its design. If the designers had simply put the magnet and switch on the secure side of the door, or (even better) used one integrated into the doorframe, the whole heist may have been stopped cold.

Wes P March 12, 2009 8:18 AM

“You lose focus in this game for one minute and somebody get’s hurt!” – Oceans 11

Paul March 12, 2009 8:52 AM

Nice story. It’s amazing how something deemed as impenetrable was so easily defeated by a resourceful thief. The magnetic sensor on the outside of the door and so easily unbolted was shocking like Frank said above. The fact that they could put a wireless camera inside the room to watch the guard input the combination and the key was also surprising. Just goes to show that even if you lock it away in a safe it still isn’t secure. =)

Clipper March 12, 2009 8:54 AM

So… many security errors here.

  • The antechamber should be a Faraday cage, preventing any wireless device to transmit out of it (e.g. to a nearby room with a semi-fake extinguisher).
  • Anything added/repaired should have been clearly examined after installation/maintenance (e.g. recessed light, extinguisher)
  • It is way too easy to access the vault. Balcony and stairs and you’re in ? That’s a huge vulnerability.
  • “The alarm went off only if it sensed both heat and motion”. How stupid is that, it’s much more difficult to block motion than temperature changes. There should have been two distinct devices for this, and an additional laser based carbon monoxyde detector.
  • No guards watching the live video feed during the night ? This is insanely arrogant.

  • I’m not commenting the “foot-long” key hanging in an insecure room a couple meters away from the vault door 🙂

  • A good electric pulse sabotage detector cannot be just bypassed with a short-circuit, as its resistance is measured. to short it, you have to use a specific resistance of unknown value, not just a wire.

And on the side of the bad guys too… dropping the stuff in the forest ? including invoices with names on it and DNA-full sandwiches ? No burning ? No sulfuric acid ? Common.

Baron Dave Romm March 12, 2009 8:58 AM

The vault combination was photographed. The guard cameras disabled by spray paint. The foot long key was left in a closet down the hall. Electronic alarms were bypassed.

They should have kept a dog.

Clipper March 12, 2009 8:59 AM

@Confused: you’re confused by what ? If it’s about MKotS, it just means MysticKnightoftheSea… If it’s about “Wow” it just means… huh… Wow 🙂

Sortkatt March 12, 2009 9:03 AM

Why was it easier to short circuit the alarm systems inside the vault rather than somewhere else in the building?

Glenn Willen March 12, 2009 9:07 AM

I’m not sure if Bruce calling this a “movie plot” is intended as a challenge to the truth of the story, but keep in mind that the only witness we have to most of it is not only the robber, but seems to be a particularly suave robber.

Conjecture: The whole thing was an inside job, and the story was made up. 🙂

jo123 March 12, 2009 9:29 AM

Check out the whole story on wired magazine’s site and I am told warner brothers have made a bid for the movie..

Werner March 12, 2009 9:31 AM

The blogged summary was a bit confusing, but the article has quite a bit of juicy content. Will read it when I get home tonight.

Anonymous Coward March 12, 2009 9:41 AM

From reading the vault description, it sounds like low-grade vault protection and security system. It actually looks like the one we kept the stationery in at my former place (a bank, with vast vaults for archives, disused and recycled as very large cupboards)
I’ve seen the details of a real bank vault, it is has more security than that, and less easily bypassed.

This one certainly doesn’t fit the bill for “the most secure vault on earth” at all. Sounds more like fifties-era vault with some cheap additional electronics to me.
Now, Antwerp diamantaires have relatively little incentive for real security, as the article suggests, as they have insurances…
And as even the police seems to find normal that most of the business is done on black markets, if it was an insurance scam, as it is claimed, an abnormal profit spike after the theft would not show on the watchers’ radar..

Though I must say I admired the heat/motion detection disabled by hairspray.

Angel one March 12, 2009 9:47 AM

That is a great story, and I’m glad I wasn’t the only one who thought of Ocean’s 11 while reading it. (For those of you only reading the blog quote – go read the whole article – it’s long but worth it). A couple of interesting things to note:
*The criminals only got 5 or 10 years in jail. For a theft of 100 million, plus mafia connections, that’s pretty light.
*This whole case only happened because the police in Brussels knew that something had happened in the Antwerp Diamond district, and then took a littering complaint very seriously. Communication amongst law enforcement is critically important.
*Watch your insiders too. If Notarbartolo hadn’t been able to disable the sensor, this never would have worked. The guard was too used to seeing Notarbartolo that he didn’t watch him. Maybe if thew guards rotated jobs more often so that they couldn’t get used to any given person and ignore them, this wouldn’t have happened.

Davi Ottenheimer March 12, 2009 9:55 AM

“police…took a littering complaint very seriously”

Actually, they did not take it seriously until the complaint said the words “Diamond Center envelopes”. Sloppy disposal and hard not to make the connection.

Frank March 12, 2009 10:37 AM

@Clipper, you’re right in principle about bypassing the sabotage detector for the alarms. Typically, the detection circuit requires a resistor be placed across the wires leading from the controller to the sensor. This allows the controller to detect either a line getting cut or shorted by watching for the change in resistance.

The catch (there’s always a catch, isn’t there?) is that the resistors are usually not an integral part of the sensor, but rather a separate device. This means that the sabotage circuit can catch an attack on the wire between the controller and the resistor, but not between the resistor and the sensor. Any portion of the wire between the resistor and sensor should, therefore, be physically protected – placed in conduit, or behind a concrete wall.

What most likely happened, then, is that for some reason, the resistors were installed too far away from the actual sensor, leaving a segment of unprotected and unmonitored wire that could be bypassed without the controller noticing. I’ve seen at least one case where contractors, given inadequate directions, installed the resistors in the same cabinet as the controller, rendering the detection circuit functional but useless.

Or, of course, some bozo could have just silenced a wiring fault alarm by turning the sabotage circuit off.

Clive Robinson March 12, 2009 10:44 AM

@ Clipper,

“- “The alarm went off only if it sensed both heat and motion”. How stupid is that, it’s much more difficult to block motion than temperature changes.”

Not true.

The microwave sensor runs between 10&11GHz (3cm band) in most cases and is easily stopped by an absorber of 1/16th of a wavelength or thicker.

It just so happens that you can by quite large rolls of “carbon loaded foam” used for storing electronic components (often jokingly called 100 Ohm Foam in the trade) this stuff stops both heat and microwaves very very effectivly…

If you want to give it a try why not get a 1ft Sq piece stick it on a bit of card and hold i at arms length and slowly aproach one of those combined alarms with the red green and yellow LEDs on it to see how easy it is to do.

I used to walk up very slowly to one of these sensors with just my hand stretched out without it fully triggering as a party trick at work just to show how usless they where.

They where designed to reduce the number of false alarms and as a result have become their own worst foe 😉

BF Skinner March 12, 2009 11:05 AM

I love caper films

Lessons learned.
Camera’s don’t prevent crime
Encrypt your access codes (faraday cage might have worked but the camera to a deaddrop recorder inside the cage still might have been possible)
Layers are only layers if the back each other up. These don’t sound like layers they sound like hurdles. They were discrete from each other. So they could be taken down one at a time.

Better? Concept. Build layers that are aware of each other’s state or are dependent on each other.

Clive Robinson March 12, 2009 11:12 AM

@ Sortkatt,

“Why was it easier to short circuit the alarm systems inside the vault rather than somewhere else in the building?”

Part of that has been answered by Frank above, but there is another reason.

To save money a lot of these units are wired in series and you never know if a false or half level sensor is included as a check.

Obviously the closer you are to the sensors the easier it is to know you have the right wires.

I suspect that the vault was built a considerable time ago and that getting wiring in and out is difficult and that there was only a single pair of wires (which might also account for the magnetic sensor being on the outside of the door). And it is again quite likley that none of the sensor wires in the valt was in an armourd conduit (why bother in an imbregnable box… 😉

Oh and the disadvantage of wiring sensors in series, if you know what you are doing at the junction box you can build a Whetston bridge to detect the value of resistance without putting a low enough value of resistance on the line to trip the alarm (they realy are very insensitive again due to false alarms).

I suspect that “Mr Charm” talked about a “specialy prepared length of wire” to the Journo because he did not ask or was not told what it actualy was (or the journo chose not to say).

It amazes me sometimes why we still use old resistive and other 100 year old technology for alarms…

Clive Robinson March 12, 2009 11:29 AM

I think the real story is the “impregnability myth”

Everybody belived the valt could not be breached due to it’s physical properties.

The myth developed a life of it’s own and nobody steped back and said “hang on is this realy true”

When somebody did they discovered that although the physical security was tough the alarms where not fit to guard a kiddies piggy bank.

The whole story revolved around two things,

1, Crap alarms / sensors.
2, Getting the door open.

The hanging up off the key was out and out stupidity at the very least it should have been kept with a guard in a locked strong box for which the guard did not have the key.

It was the myth that it was impregnable that made everybody lax in what they where doing.

That is the real story “if you think something is impossible then check your thinking”.

jay in antwerpen March 12, 2009 11:47 AM

And they did it the hard way. Here is the story of the thief that stole $28 million with a box of candy in 2007.

With a false name, he was a “trusted” person at the bank. So he was allowed into the safe with out an escort. Then, on Friday afternoon, he substituted a bag of rocks for a bag of diamonds.

Here is an article:

There are many articles about “Carlos Hector Flomenbaum”, the fake name of the thief.

Tangerine Blue March 12, 2009 12:00 PM

Wow, the arrogant bluster in these comments is the deepest BS I’ve heard since grade school.

“Simple rookie mistake”? “Low-grade vault protection”? “Not fit to guard a kiddies piggy bank”? How the hell do you guard your kids’ piggy banks?

It doesn’t really make you look smart to come up with countermeasures after you know what the attack was. In fact it makes you look like buffoons.

Joe March 12, 2009 12:34 PM

If the insurance scam is true, then getting these guys to do the job was the most impressive hack of all.

FP March 12, 2009 12:35 PM

Like the journalist, I have trouble believing the insurance fraud story.

If many diamond dealers had been “in” on the heist, someone would have talked sooner or later. Especially those who were solicited but didn’t want any part in it.

It’s hard to believe that all of them were corrupted without exception.

Frank March 12, 2009 12:46 PM

@Tangerine Blue: Uh, what makes you think that we “came up” with those countermeasures after reading this article? The two items that I talked about (door sensor magnet and resistor placement) are issues that we’ve been dealing with, and taking care to make sure they’re done right, for several years now.

Or are you implying that an organization that leaves the key to the safe in a nearby unlocked closet is incapable of making other screwups equally obvious to an expert in the relevant security domain?

Albatross March 12, 2009 12:49 PM

Actually, if Antwerp is running its operations like Wall Street was, then there may never have been more than $25 million in that vault, even if it was valued publicly at over $100 million…

Al March 12, 2009 1:42 PM

“……. and monitored by 63 video cameras.”

Coming from the UK I had to laugh at 63 cameras in the whole diamond district. The local UK chipshop/burger bar is monitored by more cameras than that 😉

Quercus March 12, 2009 1:59 PM

I also take this as an entertaining story, but not one that I’d rely on as true. For instance, if the mysterious sponsor was unfamiliar enough with the vault to need Mr Charm to take covert pictures of it, how did anyone know exactly where the alarm wires were? Remember the wires were above the ceiling, but the thieves knew exactly where to find them, in the dark.

My real question is– only five years for a multimillion dollar theft?

Annie Nomous March 12, 2009 2:29 PM

@Tangerine Blue
“How the hell do you guard your kids’ piggy banks?”:

Have you seen the beginning of Raiders of the Lost Arc?

Tangerine Blue March 12, 2009 2:43 PM

@Frank, the system was obviously one of the world’s harder systems to crack. The chorus of insults irked me, and my post was more caustic than I generally try to be.

I apologize for including your comment in the sample of insults that struck me as coming from buffoons. Your point was a good one, and I’m sure your savvy practice of putting sensors inside rather than outside predates your reading this article.

But I doubt the system designers were rookies.

It’s not quite fair for us who know how it was ultimately broken to diss the designers who had to prevent all possible attacks, and by any pre-breakin measure put together a formidable security system.

But it is fair to discuss what went wrong, and how to avoid their mistakes, so your comment was appropriate.

Frank March 12, 2009 2:47 PM

@Tangerine blue: you make an excellent point there – the system designers were almost certainly not rookies. Or, more exactly, we can expect that at least a few of them were highly experienced.

The fact that, even then, these simple mistakes were made shows that even experts have to guard against screwing up the basics.

Pat Cahalan March 12, 2009 2:52 PM

During those quiet midnight hours, nobody patrolled
the interior—the guards trusted their technological defenses.

There’s a real security hole, right there.

Interesting that a lack of human agency was a root cause that allowed defeat of the security system… and a human agent freakout is what led to the attackers getting caught anyway.

Human agents are a bitch, aren’t they?

Angel one March 12, 2009 2:55 PM

We’re all forgetting the most crucial mistake they made – Notarbartolo didn’t follow his mother’s edict to clean his plate and left crucial DNA evidence lying around. Who knew our mothers were so security conscious? 🙂

Andrew March 12, 2009 3:24 PM

How sad. The biggest bank robbery in this business (if it isn’t banks ripping off the government) is security consultants ripping off banks.

All of the correct pieces were in place (guards, cameras, alarms, physical keys, multiple layers). None of them were assembled correctly or with intelligent insight.

The devil is in the details. A number of small details, easy to fix, would have wrecked the team. The easiest would be an alarm buzzer at the security control point whenever any code is entered, valid or not. Next easiest would be putting the key in a similar, mildly locked buzzer box at the security control point. Putting the door sensor inside the vault is a little more expensive, but the classy way to do it is to put sensors on both sides of the door. (One goes off, one does not = ALARM!)

Putting the good stuff in the same vault with the day-to-day diamond exporters is another elementary error. This was effectively an insider attack for that reason alone.

SteveJ March 12, 2009 4:02 PM

@Quercus: “only five years for a multimillion dollar theft”

Madoff stole billions, and he’s looking at 20-150 years. So divide by a thousand, right? They should only have got a few weeks less good behaviour 😉

Scared March 12, 2009 4:08 PM

Speaking of Faraday cages:

“….an ordinary-looking red fire extinguisher was strapped to the wall. The extinguisher was fully functional, but a watertight compartment inside housed electronics that picked up and recorded the video signal.”

So they had their receiver in a liquid inside a steel bottle. Must be some pretty powerful RF transmitter they used…..

Clive Robinson March 12, 2009 4:39 PM

@ Tangerine blue,

“How the hell do you guard your kids’ piggy banks?”

As that appears to be a question based on my post I supose I should respond.

The technology as described in the article all had well known flaws back in the early 1980’s when I was designing the electronics for certain types of security instalations.

The fact that all the technology described was atleast twenty years out of date sugests that as I noted the physical security of the valt had given rise to a myth of invulnarability.

I suspect the alarms where only fitted at the request of an external entity like an issurance company or the police.

Those running the security relied to heavily on an outsourced alarm service who in all probability did not fit the alarms.

Why do I suspect this well it’s the “door magnetic alarm” you don’t fit them on the outside of a door unless you have no choice. This suggests the valt was not designed with such measures in mind and considerably predataed the alarms.

If the outsourced security company had known this in all likley hood they would have fitted other sensors.

The fact that the original system designers put cameras in covering the door area suggests that they where aware it was a vulnerability, but acceptable within certain constraints.

Unfortunatly for some reason the fact that you should not turn the light out was either lost on the vault owners or for some reason they ignored it.

There is however a lot more going on in the story than is actually talked about. For instance the bag of “rubbish” held video tape from the security cameras. Now ask yourself just how did “Mr Charm” and his friends get hold of it for “speedy” to throw all over the trees?

As you pointed out and Frank confirmed,

“the system designers were almost certainly not rookies.”

Unlike Frank I don’t think they made rookie mistakes.

I think they had to work with what they had and within a budget set by the vault owners, who as I said belived it to be physicaly impregnable so wanted the alarms very much on the cheep.

But even IF I’m wrong on that point, it does not change the fact that the vault owners where extreamly lax with what they did and how they went about their business.

It was they that alowed the lights to be turned out, it was they that alowed the key to be hung up in a closet and it was they that put the video recorders where Mr Charm and friends could take the tapes…

Give you three guesses who I think was to blaim?

Which begs the question did they deliberatly alow the situation so that a crime could take place and perhaps did they even organise it through a proxie?

Clive Robinson March 12, 2009 4:53 PM

@ Scared,

“So they had their receiver in a liquid inside a steel bottle. Must be some pretty powerful RF transmitter they used…..”

No not realy you can buy an appropriate camera from Swan Electronics in Australia for 50USD.

Yes it was in a steel bottle, but the bottle to be fully functional would have a hole in the top through which a fine wire antenna could be routed up under the (usually plastic) handel.

Also if you have a look at a lot of fire extinguishers you will see that infact the handel/nozel is not screwed directly into the metal bottle but into a plastic reducer that is screwed into the bottle. This eases maintanence on the fire extinguishers alowing them to be striped down and re assembled without damaging anything other than a very cheap plastic reducer.

This design means that the metal of the nozel unit is insulated from the bottle and there for could have been used as the antenna…

Karl Lembke March 12, 2009 5:06 PM

When I read through the article, I couldn’t help thinking it read like an episode of Mission Impossible. (The series, not the movies.)

There were minor holes in the security system that could easily have been fixed. The magnetic field plates on the secure side of the door, for example. (Even storing the key in the utility closet, a major security breach, turned out to be irrelevant.)

I think, as usual, the biggest hole was the human element.

[“In September 2002, a guard stepped up to the vault door and began to spin the combination wheel … a fingertip-sized video camera captured his every move… Nearby … an ordinary-looking red fire extinguisher was strapped to the wall…”]
Somebody planted the camera and the fire extinguisher. That somebody was not being observed at the time.
[“Notarbartolo was buzzed into the vault the next day … In his jacket pocket he carried a can of women’s hair spray. …. A security camera recorded his movements … but the guard had gotten used to [his] frequent visits and wasn’t paying attention.”]

Human error — the guards got used to the frequent visits and quit paying attention to what they were doing, even when they were doing things that compromised the integrity of the system.

Maybe, in an ideal world, there would be two guards watching, one old-timer who can be trusted to watch out for the interests of his employer, and one absolute newbie who hasn’t been lulled into ignoring recurring patterns. (The old timer would also keep an eye on the newbie.) You’d have to have a constant supply of new guards. Either rotate them through a huge number of facilities or draw on explorer scouts, police academy students, ROTC students, or similar pools of talent and enthusiasm.

But it seems that when it comes to security weaknesses, the biggest problems are located between the chair and the keyboard.

Technotron March 12, 2009 5:25 PM

This story has so many flaws that I would have thought it was fiction, had I not seen references to it, dating back to 2003, on various news sites. Here’s what I found intriguing:

(1) How did they get the fake fire extinguisher and video camera into the bank? How was it placed beyond the ceiling light and could still see the combination? How did this camera transmit videos from 2 floors underground, where my 850MHz GSM phone fails to work? and VHF/UHF TV can’t penetrate?

(2) My bank’s $40/year safe deposit vaults have 2 keys – I have one, my bank the other. When I walk into the vault, a banker accompanies me to help open/close the vault. The world’s biggest diamond vault didn’t have the same protection???

(3) The genius dialed the combination gleaned from the video — they didn’t have an electronic combination that changes each time??? Motel 6 has room locks that can’t be opened by a guest after they check out

(4) They entered well past midnight, climbing the ladder, overriding cameras etc., took ~3 minutes drill each lock and broke 109 boxes = 327 minutes or 5.5hrs of non-stop cranking with the drill… and they got out at 5:30AM??

(5) Heat sensor sprayed with hair spray would not only stop sensing body heat but also ambient heat. Wasn’t the sensor set up to sense malfunction?

(6) Diamond District with $3B of merchandise had no physical guards at night??

(7) None of the 63 cameras in the district caught any thing suspicious — when the gang broke in and came out?? Were these cameras unmonitored??

(8) Why didn’t Notarbartolo pour gas (or his woman’s hair spray) on the trash and burn it right there? Why collect it?

(9) Why would the Italian electronics expert criminal be handing out business cards to his partners?? Why didn’t they just have his phone# in their cell phones?

(10) Why did the Monster keep his sandwich grocery receipt? Most people throw it outside the store right away

(11) Why didn’t Notarbartolo’s son Marco TEXT HIM, if the phone was on silent mode? Also SMS usually has a separate sound control – so it would have also been heard

Scared March 12, 2009 5:52 PM

@Clive Robinson:

I think at least 50% of the whole story is made up. Why would they go through all that effort to hide a tiny receiver if they had access to the storage room somehow. That receiver would have to be quite small to fit through the opening in in the bottle (less than 1/2″?). How did it have enough memory to log at least 30 minutes of high definition video? (This camera would not only supply detailed pictures of the key but also the combination number in the small lens). I think a decent FLASH drive in 2003 had about 64M of memory, that’s less than a few minutes of standard video.

“To enter, four numbers had to be dialed, and the digits could be seen only through a small lens on the top of the wheel.”

You’d need to see that lens from straight ahead, wouldn’t you? No wait, wouldn’t it be blocked by the guy looking at the lens?

“When the guard finished dialing the combination, he inserted the vault’s key. The video camera recorded a sharp image of it before it disappeared inside the keyhole.”

You’d need to see that key from the side, wouldn’t you?

Jess Austin March 12, 2009 6:50 PM

@Technotron, I’ll give this a try:

(1) How did they get the fake fire extinguisher and video camera into the bank? How was it placed beyond the ceiling light and could still see the combination? How did this camera transmit videos from 2 floors underground, where my 850MHz GSM phone fails to work? and VHF/UHF TV can’t penetrate?

They may have had inside help. There may have been more than one light fixture, providing for a range of possible viewing angles. The actual antenna used may have been bigger than the fire extinguisher. If the first setup he used had transmission difficulties, presumably an electronics “genius” could figure something out, with different frequencies or more repeaters or something. If he couldn’t, they simply wouldn’t have robbed the bank.

(2) My bank’s $40/year safe deposit vaults have 2 keys – I have one, my bank the other. When I walk into the vault, a banker accompanies me to help open/close the vault. The world’s biggest diamond vault didn’t have the same protection???

You don’t have a key to the main vault door. The two-key scheme is used for the individual boxes. As you later acknowledge, they drilled the boxes.

(3) The genius dialed the combination gleaned from the video — they didn’t have an electronic combination that changes each time??? Motel 6 has room locks that can’t be opened by a guest after they check out

Perhaps they changed it once a week, but more likely, since it’s a mechanical lock, they only changed it rarely. Keep in mind that purely solid-state electronic locks have their own vulnerabilities.

(4) They entered well past midnight, climbing the ladder, overriding cameras etc., took ~3 minutes drill each lock and broke 109 boxes = 327 minutes or 5.5hrs of non-stop cranking with the drill… and they got out at 5:30AM??

They had four men inside; perhaps they thought to bring more than one drill.

(5) Heat sensor sprayed with hair spray would not only stop sensing body heat but also ambient heat. Wasn’t the sensor set up to sense malfunction?

A locked vault has no source or sink; prior to the thieves entrance the vault would not have had a gradient (actually this may be a reason to wait until well after business hours, although presumably no one wants false alarms for an hour after the vault gets locked every evening). After they covered the sensor up the gradient didn’t matter. In particular, it’s unlikely that the sensor itself could act as a heat sink.

(6) Diamond District with $3B of merchandise had no physical guards at night??

This does seem odd, although perhaps there were guards with predictable habits (like 95% of all security guards) and the thieves simply avoided them.

(7) None of the 63 cameras in the district caught any thing suspicious — when the gang broke in and came out?? Were these cameras unmonitored??

The building they broke into first may not have had a camera focused on its entrance. By the time they came out, it may have been too late to catch them and besides some people do get to work early. How many people would it take to diligently watch 63 camera feeds? Assuming 4 feeds per seat and 50% watches, about 30 plus 5 more for management? Is that a reasonable thing to expect? Do any security cameras (other than those at casinos) actually receive enough attention to catch a crime in progress?

(8) Why didn’t Notarbartolo pour gas (or his woman’s hair spray) on the trash and burn it right there? Why collect it?

Burn it where? In his car? In his house? On the street? Presumably there would be drawbacks to all of those locations. Had he driven alone, he would have disposed of the items properly.

(9) Why would the Italian electronics expert criminal be handing out business cards to his partners?? Why didn’t they just have his phone# in their cell phones?

In the absence of the other evidence this wouldn’t have amounted to much, although since the police had plenty of other evidence he probably shouldn’t have.

(10) Why did the Monster keep his sandwich grocery receipt? Most people throw it outside the store right away

Strange but not impossible to imagine.

(11) Why didn’t Notarbartolo’s son Marco TEXT HIM, if the phone was on silent mode? Also SMS usually has a separate sound control – so it would have also been heard

Most phones I’ve used can be made completely silent; this is probably what happened.


Greedo March 12, 2009 7:19 PM

I have to agree with Scared… This sounds like Notarbartolo was getting bored in prison and found a gullible reporter who was more than eager to accept his fable.

Tony H. March 12, 2009 7:28 PM

The lock has “100 million possible combinations”, but some low-level guard knows the right one? And has never been tempted to tell anyone?

The safe has an “embedded seismic alarm” that would detect drilling, but they had to mount the door switch on the outside?

And the “almost-impossible-to-duplicate foot-long key” was kept in the (unlocked?) janitor’s closet next to the safe door? And used by the same lone guard who knows the 100 million to one combination?


It’s a fun story, but “almost impossible to believe”.

Roboticus March 12, 2009 7:32 PM

Something I find very interesting is the gaurds beign used to him and not paying him as much attention as they otherwise would. At the liqour store where I work we have had 2 regular customers get caught shoplifiting in the past month or so. We usually don’t watch regulars who have been coming in for years because we are busy watching people we don’t know as well. 2 cashiers can’t watch everyone and do their job. Also gaurd duty is extremely boring. Stare at a monitor 40+ hours a week for months on end of nothing happening and the one time you look away someone gets something. I don’t see a good solution.

Mirror March 12, 2009 11:25 PM

How utterly ridiculous. The local Taco Bell has a safe with a time lock – and yet a vault holding hundreds of millions of dollars has only manually controlled interlocks on the doors?

Clive Robinson March 13, 2009 1:59 AM

@ Scared,

“I think at least 50% of the whole story is made up. Why would they go through all that effort to hide a tiny receiver if they had access to the storage room somehow. That receiver would have to be quite small to fit through the opening in in the bottle (less than 1/2″?). How did it have enough memory to log at least 30 minutes of high definition video?”

Personaly I think that there is a lot more behind the story than appears, and I also think the journo with held details as well.

But getting back to “getting the information ship in the bottle”. There is an assumption because a fire extiquisher is in a steel bottle if must be very high preasure in use. If you think about it the preasure involved is about the same or less as a garden hose…

So the simple solution is to take it apart empty the bottle and drill the base out of the bottle. Put the electronics in and epoxy glue a thickish plastic plate on the bottom and refill the extinquisher.

Now Mr Charm probably does not know anything more than “it’s in the extiquisher” not how it was done (that was the electronics bods job).

Me I would take a small working fire extinquisher and make an extension or bigger external container for it and put the electronics in there. It’s simple requires only moderate skill and requires only tools and bits that could be bought in any hardware and artists shop or even a car body work repair kit.

Most people never actually look at a fire extinquisher they just see a red cylinder with a black plastic handel on it hanging on the wall. Without looking can you tell me who makes the fire extinquisher closest to your desk at work?

How about when it was last checked or maintained?

How about what type it is (powder / co2 / water)? This question I would expect a switched on employee to know but 99% don’t which could shorten their life considerably.

As for storing the video back in 2000 Sony had 128Mbyte and bigger memory sticks the 1Gbyte IBM micro drive had been around for some time and laptop hard drives where close to the 100Gbyte level.

My concern would be power not storage capacity.

But as I have indicated earlier I don’t think Mr Charm was ever fuly in the loop. I suspect that somebody close to the vault owners was supplying information.

Ask yourself a simple question how come so many of the stones whre not there yet no information leaked out.

How about somebody who knew all about the vault, who owened which box and when they visited, had easy access and master keys for the valt boxes had already been down and helped them selves…

Clipper March 13, 2009 6:08 AM

@Frank: My understanding in that story was that there was no resistor at all on this cheap detector. Also, what’s the point of shorting it if they anyway covered it with black tape anyway ?

@Clive: You’re right. My point was, by sticking two detection methods in the same device with an “AND” gate, you allow a two-in-one sabotage which is a good deal 🙂

@Tangerine: Well, concerning our comments knowing what the attack was, most of these flaws seem obvious to many of us even in 2003. I don’t think the installers were rookies either but instead that they did a quick and cheap job because their customer wanted save money. But I agree that any professional can do stupid mistakes. Look at Notarbartolo, he has a life long experience of crime and wear gloves but leaves Diamond Center envelopes and DNA full sandwiches together in the nature ?

Anonymous March 13, 2009 6:39 AM

@Karl – “Human error — the guards got used to the frequent visits and quit paying attention to what they were doing, even when they were doing things that compromised the integrity of the system”

I’m not sure human error is the right term. Exploitable Human design flaw maybe. Humans have nervous systems that are prone to adaptation. Maintain the same level of stimulus and nuerons cease to fire.

This, to my mind, is what we get with the tic tac attack on an alarmed window. The theives shoot a tic tac at a warehouse window. It shatters against the window and sets off the alarm. Guards respond to the alarm. Find nothing and go away. Repeat. At some point the guards are going to figure that the false alarms/positives are meaningless and turn off the window alarm. Thieves come back shoot a tic tac, and hearing no alarm, have their signal to break in and clean the place out.

Guarding is THE MOST boring job on earth. It’s mostly standing there waiting for something to happen and it doesn’t. The brain wanders. And think about the kind of people you can get to do it for not a lot of money. (for a lot of money >I’D< stare at a dot on the wall for you)

Tim March 13, 2009 7:49 AM

Other than the security guards allowing daytime access by recognising customers faces on their CCTV, what really bugs me is that their specialist can duplicate an impossible-to-duplicate key from a video of it. Why can’t my locksmith copy my car key from the original such that it will open all the doors?

greg March 13, 2009 8:25 AM

We don’t need to use microwaves for motion sensors anymore. A plain old digital camera works rather well, and can work well in near infraread and or low lux situations. Then Compare frame to frame with a pretty easy to set threshold. Very hard to defeat.

Jason March 13, 2009 10:00 AM

The best stories are the ones that nobody’s telling, and this one is no exception.

The facts of the break-in here are pretty clear, but the puzzle is in the back-story. There are three possibilities:
A: The jewel thief was hired by a diamond dealer (or dealers) to break in, as part of their insurance scam. (the thief’s story)
B: The jewel thief was actually working for the Mafia.
C: The jewel thief acted on his own.

Which is it?

Some of you have noticed that parts of the story that don’t seem to hold together. Bruce talks a lot about “security theater”. Here we’ve probably got a bunch of “break-in theater”: parts of the story weren’t strictly necessary to get the diamonds, but were vital to protect the identity of someone with insider knowledge.

Cases in point: the hidden camera. How could it possibly work? How could it have been hidden without being noticed? It wasn’t. Maybe there was a camera, maybe there wasn’t, but its main purpose was to protect the guy who told the thieves the combination.

The fake key. How could you make a perfect duplicate key based on crappy video? Why was the Master of Keys never caught? Answer: there was no fake key. The inside man told the thieves where the real key was.

The alarm system wire. How could they know exactly where in the ceiling it was located, and how to disable it, based only on pictures taken of the inside of the vault? Answer: they didn’t have to actually disable the security system, they just had to make it look good.

The list goes on. These thieves had way too much inside knowledge, and some of the weirder parts of their story sound like an attempt to cover up for someone.

Let’s take as a given that the thief got heavy tips from someone else. Why didn’t the thief name names, and turn that person in exchange for a reduced sentence? Especially if, as the thief claims, the insider was a milktoast diamond-trader who double-crossed the thief and got away with an insurance scam? Why did the thief keep quiet?

Answer: because his information didn’t come from a diamond trader. It came from some people working for his cousin, the capo di capi of the Mafia. And if you’re working with the Mafia, you do not name names. Not if you want to live to the end of your prison term.

If you’re working for the Mafia, you don’t talk. You go to elaborate lengths to keep them out of the story, up to and including telling an elaborate Oceans 11 story to a wide-eyed Wired reporter to keep the true story from coming to light:

The Mafia used an inside man to steal 100 million in diamonds from a bank vault, and used a showy caper-movie break-in to conceal the inside job. The thieves in the story may have physically carried the diamonds out, but the true criminals remain at large.

Cybergibbons March 13, 2009 11:38 AM

The heist may be movie plot, but the security on this vault wasn’t.

There seems to have been numerous failings from the human perspective – the myth that the vault is impenetrable has been perpetuated and has changed the way people have handled security.

Was this myth known to be untrue by the owners and they just let it be? Or were they deluding themselves as well?

There’s a simple way to keep guards as an active part of a system – requiring human approval for steps. An example of which is manually opening the inner door of a mantrap.

However, from a technical viewpoint, the security is pretty poor. I doubt it would meet insurance requirements for a large bank vault.

A large part of the problem is that it is a shared access vault. This is always going to introduce problems.

Dual technology sensors (microwave and PIR) are fairly common in situations where false alarms are hugely inconvenient or highly likely. In a place which is guarded 24 hours however, they should not be used.

High security applications should always use PIR sensors with anti-masking technology. This means that anything placed in front of the sensor to block the view would trigger the alarm.

As has already been said, a timelock on the vault door would have gone a long way to preventing this. Most modern combination locks have contacts to connect to an alarm system for when they are unlocked (and quite frequently a duress switch as well).

I know for a fact that any of the large cash-in-transit depots across the UK has much higher security than this. The outer building has no unnecessary doors or windows. All the fire-doors are alarmed. Entry and exit requires someone to verifying you visually, then you will enter via a mantrap.

The vehicles coming and going will enter via a vehicle-trap. All the cash goes through secure exhange pods which are too small for a man to fit through. There are no doors at all into the facility from here.

The cash would then be unboxed and put onto pallettes. These would then be fed through another set of secure exhange pods. These are big enough for a person, so there are windows to confirm no-one is hidden. In some cases, carbon dioxide detectors can be used.

Finally you would be at the time-locked vault. You are in 3 layers of concentric walls inside a building. It would be very hard getting this far.

There’s a mixture of access control – tokens, biometrics and passcodes. At night, every door has reed-switches, and any door with an electronically controlled lock will be manually locked. These will be shunt locks so anything left unlocked would prevent the alarm from arming. Walls will have a combination of tape, internal wires, and vibration sensors. There will be PIRs in each room. The perimeter of the building will have break-beams to stop entry via the roof.

That is a secure building. The easiest way in, as had been proven, is by humans.

Thomas Damgaard March 13, 2009 12:12 PM

Some of you mention that this story is what inspired Oceans 11.
Maybe it is the other way around. Maybe the thief got inspired BY Oceans 11 when he made the story…

Dave S. March 13, 2009 12:21 PM

To jo123: I was wondering who told you that “warner brothers have made a bid for the movie”? What does that even mean? How do you bid on a movie? Are they buying from the story from Wired or Davis or the thieves or ?????

Frank March 13, 2009 6:56 PM

A few people have asked how they could have known exactly where to get at the sensor wires to disable them. My guess would be that in addition to the pictures take from the pen camera, they also managed to get their hands on a set of blueprints that included the wiring layout. The bit where they built up a mock vault to practice in would also strongly suggest they had plans.

Gee, I'm a Tree March 13, 2009 7:39 PM

@ Annie Nomous

Have you seen the beginning of Raiders of the Lost Arc?

And on a different tangent, have you heard the end of In Search of the Lost Chord?

Anon March 14, 2009 1:51 AM

Seconding Cybergibbons (and others), there must have been more corruption and less whizbang involved in getting in than Notarbartolo let on. No insurance scam.

The bit about a kid turning off the thief’s cellphone smells like hooey, though I’m not sure exactly what he’s covering up (he didn’t help his son?).

In retrospect, the center should have had guards 24/7 who keep each other honest, for cheap. And dude shoulda burned the bag, possibly gotten out of town sooner.

el chubbo March 14, 2009 2:09 AM

as with 80% of the breathless bubblegum stuck inside every issue of Wired, this story has some key pieces missing:

  1. if Nostradamus he was hired by someone else, who went out and got their own crew after Nozzie told him it was an impossible job, why would he hire the Noz to run the crew, when the guy had never worked with him as a thief?
  2. how did the spycam & the fake fire extinguisher get into the antechamber, which was constantly monitored?
  3. a magnetic field sensor on the OUTSIDE of a door, with exposed bolts? are you joking me? besides, why do you need to disable it, when you have the combo & the key that shuts it off? and who are these “authorities” who “later marveled at the ingenuity?” christ, hasn’t anyone ever put foil over a window magnet before? and those are on the INSIDE, so you have to use a glass cutter to get thru the window!
  4. a vault key in a storage room? i’m skeptical. but you know that no matter what really happened, the owners have nothing to gain by making any public statements about their security protocol.
  5. the Mouster is worried about the heat sensor, that they eventually covered with a styrofoam box? why not just use the same kind of polyester shield they used to get in the building, & just walk it up to the wall? you know, the shield they left upstairs covering the sensor where they broke in–even though the cops never figured out how they got in, and i guess nobody said “hey, what’s this polyester shield doing here?” oh, and an alarm that only responds to heat AND motion? puhleez. you can’t even buy those at Home Despot. you’d have to order a custom unit, one that was deliberately made less secure than one you can get at the hardware store.
  6. Mouse, an electronics expert, disabled the alarm by stripping the wires in the dark–very risky–and shorting them, instead of using a simple splice connector that any phone guy would know about, just like when you rewire a lamp and put that plug on the end of the wire that has prongs with spikes that you squeeze together to poke thru the wire insulation & make a connection. and if you were looking for a really good alarm system, to protect a place like this, wouldn’t you want one that tripped if it detected an abnormal impedance or capacitance, like a short that bypassed all the sensors? also, maybe concealing or locking the main point of electrical access for the whole system might be a good father & son project for a lazy sunday afternoon.
  7. the Keymaster, after displaying his wizardry by finding the hidden vault key [so we don’t know if the fake even worked], now decides it’s a good idea to invest 3 minutes drilling a safe-deposit lock, rather than picking it? okey dokey artichokey.
  8. how was Nozbert idling at the curb? what about the retractable cylinders that come out of the ground [presumably at night] to prevent vehicle access? and wouldn’t it be waaay smarter to pick the guys up from the abandoned warehouse on the other side of the courtyard?
  9. great idea to dispose of the trash! genius! so much better than using a shredder, dissolving the shredded paper in drano, mixing everything else with rancid leftovers, and throwing it in a dumpster behind a restaurant. extra bonus points for putting the invoice for the spycam in the same bag with all the crime scene evidence. hell, i’m not even a criminal, and i know better than that!

doesn’t it sound like there might be more to this story? for one thing, which makes more sense–outsiders casing the joint and hoping they figured out all the hidden security details, or an insider knowing the vulnerabilities and hiring thieves to exploit them? for another, it makes no sense that the vault security was so sloppy. no matter how cheap or lazy the owners were, wouldn’t they realize that their insurance wouldn’t pay off once it came out that the vault key was in the storage room, or if they didn’t discover that, that the whole alarm system was designed by retards? obviously not everyone has been caught yet, if ever.

PIR March 14, 2009 11:56 AM

Who built the mock up and where is it now? I totally believe the story of insiders using this crew to cover thier own tracks. These are the guys who got caught and they had done it. The insiders must have had blueprints to build that mockup. The story told to the wired guy just dosent add up. the mafia got taken by insiders. remember, there are not 6 degrees of separation between the diamond dealers and the mossad, who are known to have organized crime connections.
@frank, the story says that the insider had been a fence for the italian crew.

Spiny Norman March 15, 2009 12:35 PM

If we’re going to talk conspiracy theories, here is one: the price of diamonds is controlled by demand and by perceived supply.

Nothing could be more useful to the selllers of diamonds than stories of elaborate (and glamorous) plots to steal large amounts of diamonds. Such stories are bifunctional. They provide a dramatic illustration of what people are willing to to do get diamonds, and, in the case of a very large heist, they call into question the security of the diamond supply.

This case will provide far more than $25 M of advertising, and it will be subsidized by insurers, not by diamond sellers.

Peter March 16, 2009 2:04 PM

The local Taco Bell has a safe with a time lock…

The main threat for TB (and other fast food stores) would be robber holding a gun to the head of the manager. By delaying the opening of the safe for 15 minutes, and the robber never being sure that the duress code was entered, the robber has to wait for far longer than it takes for the police to arrive.

As for the other stupidities in installing stuff… I’ve worked for quite a few companies in my life and most managers want things done their way. Not the right way – their way. So it wouldn’t surprise me one whit that the experts were overrulled by the mismanagers.

how did … the fake fire extinguisher get into the antechamber, which was constantly monitored?

Fire extinguishers get recharged on a regular basis. One common office scam is for someone to show up at a different time, appear to recharge them and just replace the paper tags, billing the sucker company for a “service trip.” Very few office workers know who the approved servicer is. Very few companies have a sticker/sign near the extinguisher to say “only company X gets paid for servicing our extinguishers” (and they’re usually gas stations with extinguishers outside who’ve been burned by the scam before).

RH March 16, 2009 2:36 PM

As for the replica, it makes sense that they had an insider to make the replica. The only reason to have the camera work was to
-Check out that he’s willing to do dirty work
-Vet the model where they can

Roger March 24, 2009 3:58 PM

@Peter, Mirror:

The local Taco Bell has a safe with a time lock…

The main threat for TB (and other fast food stores) would be robber holding a gun to the head of the manager.

There are two types of time mechanism commonly used on safes: a time delay lock (invented in the 1920s) that doesn’t open until ~15 minutes after unlocked, and is intended to prevent armed hold-ups during business hours; and a time lock, invented in the 1870s, which can only be opened at a pre-defined time. For example, when locking up on a Friday night the time lock will be set so the lock cannot be opened before, say, 8 a.m. on Monday. Of course, you also require a key and a combination as well.

The time lock was intended to prevent the attack whereby bank officers or their families are kidnapped and tortured or threatened to open the safe (and usually the bank itself as well.) However the benefits of time locks are much greater: if a well designed locking system incorporates a time lock as well, it eliminates at one stroke almost all attacks on the locking logic; the only way to get in at a time when there is no-one else around is to defeat the vault’s physical armour.

Time locks have been pretty well universal on high security vaults since well before World War 2. In fact in my own country, because of their role in preventing “rubber hose cryptanalysis” it is regarded as an OH&S issue and an employer who handled large amounts of cash but whose safe did not have one, would be considered negligent.

It is astonishing that a vault holding $100 million in liquefiable assets would not have a time lock. Its absence is one of several clues that that this vault did not just have a couple of minor loopholes in its design; the whole organisation clearly had very poor attention to security.

Roger March 25, 2009 6:50 AM

I took the URL of this story and read it later — which inspired me to write a long, scathing essay and come back here to comment. Alas, I see that many posters have already covered a lot of my points, thereby saving you from my really, really long post! So in greatly truncated form:

1. I also noticed that the story given by Notarbartolo [hereinafter "N"] is riddled with anomalies, most of which concern the roles of "the King of Keys" and the supposed diamontaire conspiracists. The only major anomaly that no-one else has pointed out yet is that if N's story is completely correct, then the numbers don't stack up. If most diamontaires have only one safe deposit box (which is logical, as you could fit hundreds of kilos of diamonds in each box), and if conspirators' boxes normally hold an average value broadly similar to non-conspirators' boxes, then the conspiracy would have had to involve over 80 people, which is not plausible. You can get these numbers down slightly by assuming that the conspirators comprised a cartel of only the wealthiest and most succesful diamontaires, but to get them below, say, half a dozen people, they would each have to control 70 times as much diamond trade as the industry average. This creates numerous additional problems: a) no motive: these are guys dripping with success who stand to face total ruin from a highky risky venture which will at best increase their income by a tiny fraction of what they get by preserving the status quo; b) easy identification: if N's story is true, and the trade distribution really is skewed enough to make it make sense, there will be hundreds of people who can immediately and easily identify the people behind it; c) no means to profit: whether or not the police are happy, you can be sure the insurance companies will not close their investigation until they get every single one of their darn diamonds back. As part of their policies and relationships with diamontaires, it will be easy to audit their transactions. Which will make it nearly impossible for a small group of highly suspect conspirators to move this large volume of unaccountable stones, so they will be sold for a pittance and little profit can be realised.

Taken with the several other anomalies that others already pointed out, N’s diamontaire conspiracy story is clearly bunk. So why did he spin it, and why wait till now to do so? One possibility is that it may sow confusion and dissent among the ranks of the victims, which might help him if they were campaigning against him getting parole before revealing the location of the loot. That would explain why the story is being released now, when it surely didn’t take 6 years to cook it up and square it with his cronies. But it could also be diverting attention from the real “fifth man” by nominating a suspect who might have provided inside information, but is as different as possible from the real accomplice. If we look at the type of information the inside man seems to have provided, it actually looks a lot like a guard. And a guard would have far more motive for doing it, especially if employment conditions were bad, as I suspect they were (more on this later.)

So as others have concluded, I suspect there were only 3 men on the entry team, with N in the car outside, and the 5th man detected by cell phone records but not caught was in fact their inside man, who was more likely than not a guard. The whole baloney about a diamontaire conspiracy is to shake suspicion off the real fifth man because N still hopes to collect his cut, and maybe to rattle victims who are trying to pressure him in to giving back the loot.

2. While N tries to spin the story to display himself as a master criminal, in fact the whole gang seem to be comical blunderers. It is truly remarkable they got in at all, but of course, they didn't get away with it. Their most obvious screw up was the utterly inept garbage disposal, but there were numerous other points where they did the wrong thing and got away with it only by sheer luck, or perhaps inside assistance. I don't want to enumerate them for fear of giving advice to burglars, but one in particular is worth discussing. As has already been mentioned, when "the Monster" shorted the wires on the photosensor, this should have immediately tripped a line impedance monitor and activated the alarm. The fact it did not do so may be because it was a very cheap system that didn't have line impedance monitoring, or it may be because it was a faulty installation where the line terminating resistor was too close to the controller, or even missing.

Either way it doesn’t matter, the interesting point is that they took the very considerable risk even though the sensor was already defeated. This would seem to indicate one of two possibilities: either “the Genius” was a fool who didn’t really understand modern alarms, and happened to get lucky because his opponent was just as incompetent as himself; or else they had somehow found out that this sensor could be safely shorted. In large commercial systems, where the controller is completely separate from the keypads, you cannot reliably determine the presence of impedance monitoring by visual inspection of parts visible to the public. Thus to discover this flaw, it seems certain that someone told them. Now the other customers using the vault would not be privy to such details. The other options would be the alarm company, or the site guard force. In a well ordered system, even the guard force should not be privy to such technical details, which implicates the alarm company. But on a slack site with a poor security culture, the information may have found its way to a guard, and as we noted, a lot of the other signs point to a guard. Another possibility is that N had corrupt contacts both in the alarm company and in the guard force. If he was working alone such a coincidence would seem quite unlikely, but if he was indeed working for organised crime it is plausible.

3. Like several other commenters, I was astonished at just how slack security was at this high risk facility. However some people seem to think it was just a case of too many holes in the Swiss cheese lining up, or management errors overriding a basically sound design. I would like to emphasise that in fact the place seems to have had an endemically poor security culture. In every aspect we see abject violation of well-known techniques and even written standards: from basic design principles through to routine drills, almost nothing was done right. Rather than reiterating a lot of points that have already been made, I'll just highlight some points that show fundamental violation of well-understood principles:
  • Lack of time locks. As previously mentioned, time locks are such a good thing that they are almost universal on high security vaults, and failing to have them is understood as creating a severe personal danger to the key custodian. If you have a business model which absolutely requires short notice access at odd times, then you can do without time locks — but only if you replace them with a 24 hour armed guard presence, which is extremely expensive. There is no option ‘C’; having neither time locks nor continuous guarding is slack, unprofessional design that shows contempt for the safety of your staff and the security of the vault contents. (As the key custodian was apparently a low ranking guard, the lack of time locks may reflect a culture lacking respect and consideration for junior employees.)
  • Putting a vault two storeys underground is NOT a good design as it makes a low probability attack (tunnelling) only slightly harder but makes monitoring much harder. When vaults were extremely heavy, for structural reasons they would be put one storey underground, with the roof in a high visibility, high traffic area like the lobby. Modern vaults are made from tougher but lighter construction and so can be put on the ground floor or even in an elevated position, sited so all 6 surfaces are under constant observation. This makes slow covert attacks like tunnelling completely impossible. Putting the vault in a deep basement level suggests it was an inconvenience that had to be tucked away somewhere it didn’t intrude.
  • The most important goal of vault design (and secure storage in general) is to detect an attack in progress before the attackers commence breaching the main physical barrier. If you can achieve that you almost certainly win, since even the most violent attacks cannot move through the building, breach the barrier, collect the loot and leave faster than the response force arrives. Hence, it becomes apparent that the most important part of the vault isn’t its walls or doors, but the alarm design in the outer periphery of the secured area. These intruders needed to bypass only two cheap, moderate security sensors (a PIR and a window perimeter switch) to get from the street all the way to the vault door. That’s the level of security I expect in a coffee shop, not in a diamond vault!
  • As has already been mentioned, the described method of bypassing a sensor by shorting its wires will not work on most modern sensors that are better than budget grade, because it will immediately trigger the line impedance monitors. One commenter noted that even if you have line impedance monitors, they sometimes may not work if they have been installed incorrectly. Fair enough, but it still suggests that, similarly to the alarm sensors outside the vault, the inside ones are either very cheap models and/or sloppily installed. Combined with all else we have noted, and combined with the fact they had so few sensors (mostly using sensing technologies that are very cheap but relatively easy to defeat) continues to paint a picture of very poor security culture.
  • Their morning routine seems to have involved a solitary guard deactivating the alarm, unlocking and dialling the combination. This is outrageous. Even in tiny rural bank branches this is a two man job, and for high security it should be a three man job, with the key custodian rotating through a secret roster of trusted guard supervisors. Leaving it to one man is not only a serious security risk to the property of the vault users, but also endangers that man’s personal safety and family. This once again indicates not only that the whole site has a endemically poor security culture, but a poor treatment of their guard force, who might thereby be considered easier to corrupt.

There. Pretty darn long, but I assure you the original version was much worse!!

Clive Robinson March 25, 2009 6:11 PM

@ Roger,

“However some people seem to think it was just a case of too many holes in the Swiss cheese lining up, or management errors overriding a basically sound design. I would like to emphasise that in fact the place seems to have had an endemically poor security culture. In every aspect we see abject violation of well-known techniques”

Close but no cigar…

My personal belife based on the little evidence presented is that N was telling the truth about the empty pouches.

Also like you I don’t think there was a ring of dimond traders who conspired to defraud the insurance companies.

However the question remains how did N get his box in the vault in the first place?

Most vaults in high value commodity exchanges are reserved for “insiders” and no one else…

My feeling is there was an inside person and that they where either the vault owners or someone very close such as a senior manager.

A senior manager would not only be aware of all the security procedures (and therfore defects) but also who rented which box. He would also have access to the box “master keys”.

So would have had plenty of time after close of play for the day to go down to the vault go in and empty out the pouches in the boxes…

Another part of the story is that N was aproached by a dimond trader who knew he was a crook…

How did the “trader” even know about N let alone who he was and what his activities and conections where?

A senior manager would be in a position to know some and find out the rest of the details and pass it on to a fake trader.

Further the “traders” mockup would not have been possible from just photos.

Also from what N said the “trader” already had criminal connections and had found the genius and monster…

My view is that it was either a seniot manager or the vaults owners who made of with the missing diamonds. They would also be uniquley in a position to “move them on” without difficulty.

Jose October 6, 2009 1:32 PM

Hi. It’s been some time since the last post that I’m not sure if anyone is listening anymore.
I’ve just walked into this subject, and since I’ve seen many very well descriptions of the event here in your posts, I believe there are many of you who follow these stories pretty close.
I’d like to ask if any of you know whatever happened to that other robbery committed to the Diamond Centre in Belgium, one that was perpetrated by one Yehuda Mishali, aka, Carlos Flomenbaum. I don’t seem to get news about this event later than april, 2007, when they reported his brother to be captured.

Thanks in advance!!!

Roger January 19, 2010 1:54 AM

I had a look at the website of your book, and I have to say — I’m a little disappointed. As you would find from a quick read of the comments on this blog entry, most of the commenters here think that Notarbartolo’s version of the story was a load of baloney; that the heist was much less skilled than appeared at first glance (it was certainly not “flawless”); and that the crooks got as far as they did because the vault, far from being an impenetrable fortress, was actually quite poorly built and poorly managed.

Yet so far as I can tell from the excerpts and reviews on your site, you largely accept Notarbartolo’s story, and heap praise on both the impregnability of the vault and the extreme skill required to defeat it. If that is the case I’m going to have difficulty summoning any interest in buying the book just to read Notarbartolo’s waffle again.

Oh, and a small aside: your list of “World’s Ten Biggest Heists” suffers from not being inflation adjusted. For example in inflation adjusted terms the 1963 Great Train Robbery is somewhat larger than the Graff Diamonds and Northern Bank heists.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.