Entries Tagged "guards"

Page 1 of 3

Keys to the Crown Jewels Stolen?

At least, that’s the story:

The locks at the Tower of London, home to the Crown Jewels, had to be
changed after a burglar broke in and stole keys.

The intruder scaled gates and took the keys from a sentry post.

Guards spotted him but couldn’t give chase as they are not allowed to leave their posts.

But the story has been removed from the Mirror’s website. This is the only other link I have. Anyone have any idea if this story is true or not?

ETA (11/14): According to this BBC article, keys for a restaurant, conference rooms, and an internal lock to the drawbridges were on the stolen key set, but the Crown Jewels were never at risk.

Posted on November 14, 2012 at 5:57 AMView Comments

Jeremy Clarkson on Security Guards

Nice essay:

Of course, we know why he’s really there. He’s really there so that if the bridge is destroyed by terrorists, the authorities can appear on the television news and say they had taken all possible precautions. Plus, if you employ a security guard, then I should imagine that your insurance premiums are going to be significantly lower.

This is probably why so many companies use security guards these days. It must be, because when it comes to preventing a crime, they are pretty much useless. No, really. If you are planning a heist, job one on the list of things to do is “take out the guard”. He is therefore not an impenetrable wall of steel; he’s just a nuisance.

And he’s not just a nuisance to the people planning to hit him on the head. He’s also a nuisance to the thousands of people who legitimately wish to enter or leave the building he’s supposed to be guarding.

At the office where I work, everyone is issued with laminated photo-ID cards that open all the barriers and doors. It is quite impossible to make any sort of progress unless you have such a thing about your person. But even so, every barrier and door is also guarded by a chap who, in a fight, would struggle to beat Christopher Robin. One looks like his heart would give out if you said “boo.” Another has a face that’s so grey that, in some lights, he appears to be slightly lilac. I cannot for the life of me work out what these people are supposed to achieve, apart from making the lives of normal people a little bit more difficult.

EDITED TO ADD (4/13): Another Clarkson essay, this one on security theater.

Posted on March 30, 2010 at 6:06 AM

Breaching the Secure Area in Airports

An unidentified man breached airport security at Newark Airport on Sunday, walking into the secured area through the exit, prompting the evacuation of a terminal and flight delays that continued into the next day. This isn’t common, but it happens regularly. The result is always the same, and it’s not obvious that fixing the problem is the right solution.

This kind of security breach is inevitable, simply because human guards are not perfect. Sometimes it’s someone going in through the out door, unnoticed by a bored guard. Sometimes it’s someone running through the checkpoint and getting lost in the crowd. Sometimes it’s an open door that should be locked. Amazing as it seems to frequent fliers, the perpetrator often doesn’t even know he did anything wrong.

Basically, whenever there is—or could be—an unscreened person lost within the secure area of an airport, there are two things the TSA can do. They can say “this isn’t a big deal,” and ignore it. Or they can evacuate everyone inside the secure area, search every nook and cranny—inside the large boxes of napkins at the fast food restaurant, above the false ceilings in the bathrooms, everywhere—looking for anyone hiding or anything anyone hid, and then rescreen everybody: causing delays of six, eight, twelve, or more hours. That’s it; those are the options. And there’s no way someone in charge will choose to ignore the risk; even if the odds of a terrorist exploit are minuscule, it’ll cost him his career if he’s wrong.

Several European airports have their security screening organized differently. At Schipol Airport in Amsterdam, for example, passengers are screened at the gates. This is more expensive and requires a substantially different airport design, but it does mean that if there is a security breach, only the gate has to be evacuated and searched, and the people rescreened.

American airports can do more to secure against this risk, but I’m reasonably sure it’s not worth it. We could double the guards to reduce the risk of inattentiveness, and redesign the airports to make this kind of thing less likely, but those are expensive solutions to an already rare problem. As much as I don’t like saying it, the smartest thing is probably to live with this occasional but major inconvenience.

This essay originally appeared on ThreatPost.com.

EDITED TO ADD (1/9): A first-person account of the chaos at Newark Airport, with observations and recommendations.

Posted on January 6, 2010 at 6:10 AMView Comments

Vatican Admits Perfect Security is Both Impossible and Undesirable

This is refreshing:

Father Lombardi said it was not realistic to think the Vatican could ensure 100% security for the Pope and that security guards appeared to have acted as quickly as possible.

It seems that they intervened at the earliest possible moment in a situation in which zero risk cannot be achieved,” he told the Associated Press news agency.

“People want to see him up close and he’s pleased to see them closely too. A zero risk doesn’t seem realistic in a situation in which there’s a direct rapport with the people.”

EDITED TO ADD (1/4): This is particularly enlightened in comparison to the fears that somehow the U.S. president was endangered by people sneaking into a dinner with him. Presidents meet and shake hands with uncleared random people all the time; the Secret Service knows how to deal with that sort of thing.

Posted on January 4, 2010 at 1:15 PMView Comments

"Security Theater in New York City"

For the U.N. General Assembly:

For those entranced by security theater, New York City is a sight to behold this week. A visit to one of the two centers of the action—the Waldorf Astoria, where the presidents of China, Russia, the Prime Ministers of Israel and the Palestinian Authority, and the President of the United States—are all staying. (Who gets the presidential suite? Our POTUS.) Getting to the Waldorf is a little intimidating, which is the point. Wade through the concrete barriers, the double-parked police cars, the NYPD mobile command post, a signals post, acreages of metal fencing, snipers, counter surveillance teams, FBI surveillance teams in street clothes, dodge traffic and a dignitary motorcade or two, and you’re right at the front door of the hotel. A Secret Service agent from the Midwest gestured dismissively when a reporter showed him a press credential. “You don’t need it. Just go in that door over there.”

At the door over there, another agent sent the reporter back to the first agent. The two agents—each from different field offices, no doubt—argued a bit over which of the Waldorf front doors they were going to let the general public in. Maybe the agents had just been “pushed”—or there was a shift change. In any event, the agents didn’t seem to mind when the reporter walked right past them. A standard magnetometer and x-ray screening later, and I was in the packed front lobby. African heads of state were just about to have a group lunch, and about three dozen members of the continental press corps awaited some arrivals. Some of the heads of state walked in through the front, tailed by a few of their own bodyguards and tired looking USSS agents.

Posted on October 2, 2009 at 12:23 PMView Comments

Swiss Security Problem: Storing Gold

Seems like the Swiss may be running out of secure gold storage. If this is true, it’s a real security issue. You can’t just store the stuff behind normal locks. Building secure gold storage takes time and money.

I am reminded of a related problem the EU had during the transition to the euro: where to store all the bills and coins before the switchover date. There wasn’t enough vault space in banks, because the vast majority of currency is in circulation. It’s a similar problem, although the EU banks could solve theirs with lots of guards, because it was only a temporary problem.

Posted on July 28, 2009 at 7:13 AMView Comments

Second SHB Workshop Liveblogging (5)

David Livingstone Smith moderated the fourth session, about (more or less) methodology.

Angela Sasse, University College London (suggested reading: The Compliance Budget: Managing Security Behaviour in Organisations; Human Vulnerabilities in Security Systems), has been working on usable security for over a dozen years. As part of a project called “Trust Economics,” she looked at whether people comply with security policies and why they either do or do not. She found that there is a limit to the amount of effort people will make to comply—this is less actual cost and more perceived cost. Strict and simple policies will be complied with more than permissive but complex policies. Compliance detection, and reward or punishment, also affect compliance. People justify noncompliance by “frequently made excuses.”

Bashar Nuseibeh, Open University (suggested reading: A Multi-Pronged Empirical Approach to Mobile Privacy Investigation; Security Requirements Engineering: A Framework for Representation and Analysis), talked about mobile phone security; specifically, Facebook privacy on mobile phones. He did something clever in his experiments. Because he wasn’t able to interview people at the moment they did something—he worked with mobile users—he asked them to provide a “memory phrase” that allowed him to effectively conduct detailed interviews at a later time. This worked very well, and resulted in all sorts of information about why people made privacy decisions at that earlier time.

James Pita, University of Southern California (suggested reading: Deployed ARMOR Protection: The Application of a Game Theoretic Model for Security at the Los Angeles International Airport), studies security personnel who have to guard a physical location. In his analysis, there are limited resources—guards, cameras, etc.—and a set of locations that need to be guarded. An example would be the Los Angeles airport, where a finite number of K-9 units need to guard eight terminals. His model uses a Stackelberg game to minimize predictability (otherwise, the adversary will learn it and exploit it) while maximizing security. There are complications—observational uncertainty and bounded rationally on the part of the attackers—which he tried to capture in his model.

Markus Jakobsson, Palo Alto Research Center (suggested reading: Male, late with your credit card payment, and like to speed? You will be phished!; Social Phishing; Love and Authentication; Quantifying the Security of Preference-Based Authentication), pointed out that auto insurers ask people if they smoke in order to get a feeling for whether they engage in high-risk behaviors. In his experiment, he selected 100 people who were the victim of online fraud and 100 people who were not. He then asked them to complete a survey about different physical risks such as mountain climbing and parachute jumping, financial risks such as buying stocks and real estate, and Internet risks such as visiting porn sites and using public wi-fi networks. He found significant correlation between different risks, but I didn’t see an overall pattern emerge. And in the discussion phase, several people had questions about the data. More analysis, and probably more data, is required. To be fair, he was still in the middle of his analysis.

Rachel Greenstadt, Drexel University (suggested reading: Practical Attacks Against Authorship Recognition Techniques (pre-print); Reinterpreting the Disclosure Debate for Web Infections), discussed ways in which humans and machines can collaborate in making security decisions. These decisions are hard for several reasons: because they are context dependent, require specialized knowledge, are dynamic, and require complex risk analysis. And humans and machines are good at different sorts of tasks. Machine-style authentication: This guy I’m standing next to knows Jake’s private key, so he must be Jake. Human-style authentication: This guy I’m standing next to looks like Jake and sounds like Jake, so he must be Jake. The trick is to design systems that get the best of these two authentication styles and not the worst. She described two experiments examining two decisions: should I log into this website (the phishing problem), and should I publish this anonymous essay or will my linguistic style betray me?

Mike Roe, Microsoft, talked about crime in online games, particularly in Second Life and Metaplace. There are four classes of people on online games: explorers, socializers, achievers, and griefers. Griefers try to annoy socializers in social worlds like Second Life, or annoy achievers in competitive worlds like World of Warcraft. Crime is not necessarily economic; criminals trying to steal money is much less of a problem in these games than people just trying to be annoying. In the question session, Dave Clark said that griefers are a constant, but economic fraud grows over time. I responded that the two types of attackers are different people, with different personality profiles. I also pointed out that there is another kind of attacker: achievers who use illegal mechanisms to assist themselves.

In the discussion, Peter Neumann pointed out that safety is an emergent property, and requires security, reliability, and survivability. Others weren’t so sure.

Adam Shostack’s liveblogging is here. Ross Anderson’s liveblogging is in his blog post’s comments. Matt Blaze’s audio is here.

Conference dinner tonight at Legal Seafoods. And four more sessions tomorrow.

Posted on June 11, 2009 at 4:50 PMView Comments

Security Idiocy Story

From the Dilbert blog:

They then said that I could not fill it out—my manager had to. I told them that my manager doesn’t work in the building, nor does anyone in my management chain. This posed a problem for the crack security team. At last, they formulated a brilliant solution to the problem. They told me that if I had grocery bag in my office I could put the laptop in it and everything would be okay . Of course, I don’t have grocery bags in my office. Who would? I did have a windbreaker, however. So I went up to my office, wrapped up the laptop in my windbreaker, and went back down.

People put in charge of implementing a security policy are more concerned with following the letter of the policy than they are about improving security. So even if what they do makes no sense—and they know it makes no sense—they have to do it in order to follow “policy.”

Posted on August 6, 2008 at 1:52 PMView Comments

Clever Museum Theft

Some expensive and impressive stuff was stolen from the University of British Columbia’s Museum of Anthropology:

A dozen pieces of gold jewelry designed by prominent Canadian artist Bill Reid were stolen from the museum sometime on May 23, along with three pieces of gold-plated Mexican jewelry. The pieces that were taken are estimated to be worth close to $2 million.

Of course, it’s not the museum’s fault:

But museum director Anthony Shelton said that elaborate computer program printouts have determined that the museum’s security system did not fail during the heist and that the construction of the building’s layout did not compromise security.

Um, isn’t having stuff get stolen the very definition of security failing? And does anyone have any idea how “elaborate computer program printouts” can determine that security didn’t fail? What in the world is this guy talking about?

A few days later, we learned that security did indeed fail:

Four hours before the break-in on May 23, two or three key surveillance cameras at the Museum of Anthropology mysteriously went off-line.

Around the same time, a caller claiming to be from the alarm company phoned campus security, telling them there was a problem with the system and to ignore any alarms that might go off.

Campus security fell for the ruse and ignored an automated computer alert sent to them, police sources told CBC News.

Meanwhile surveillance cameras that were still operating captured poor pictures of what was going on inside the museum because of a policy to turn the lights off at night.

Then, as the lone guard working overnight in the museum that night left for a smoke break, the thief or thieves broke in, wearing gas masks and spraying bear spray to slow down anyone who might stumble across them.

It’s a particular kind of security failure, but it’s definitely a failure.

Posted on June 6, 2008 at 5:04 AMView Comments

1 2 3

Sidebar photo of Bruce Schneier by Joe MacInnis.