SecurityInfoWatch.com Blogs

Greetings SIW readers,

I joined SecurityInfoWatch.com in May as the new assistant editor of the Web site. In my time thus far at SIW, I have spent a good deal of my time learning about the different markets within the security industry and trying to find and post the news stories that are of interest to you the reader.

I have also had the opportunity to write several features stories over the last several months and have started a regular series of “At the Frontline” pieces, which cover the different challenges security directors in the industry face. You can expect to see more “At the Frontline” stories in the coming weeks.

I’m also pleased to see that many of you have taken the opportunity to read my feature story on copper theft, as it has been one of our most read stories for several weeks running. Having covered crime as a reporter for a daily newspaper before joining SIW, I saw firsthand just how big of an issue that this has become for law enforcement and the utility industry.  Hopefully, as advances continue in remote surveillance technology, metal theft will become more of nuisance than an epidemic.  

In closing my first blog post, I look forward to continuing to bring you the stories that you as security professionals depend on and invite you to e-mail me ideas for features or other news stories that you would like to read about on the site. Thanks!

-Joel Griffin

From Miami television new channel 10: “Commissioner Josephus Eggelletion Jr. is proposing a county ordinance that will require retail businesses to provide, operate and maintain a security camera video surveillance system to protect customers walking to and from the parking lot.” [full article from Local10.com]

So surveillance protects people walking to-and-from parking lots? Well, maybe not, but here’s a list of things that actually help people move safely from a retailer’s door to their own car door:

1) good visibility to their vehicle (i.e., not having to walk through an alley and around the building)

2) exceptional parking lot lighting

3) clean area allowing an easy path, even when carrying shopping bags

4) non-allowance of loitering

5) parking lot patrols by guards (or store employees who can collect shopping carts)

I’m not opposed to adding surveillance cameras that can view a parking lot, but that camera isn’t likely to be noticed by the customer. Sure, it could be useful for after-the-fact prosecution if it captured a really good image (only likely during the day, and yes, we’ve seen how most parking lot surveillance cameras look after dusk, and it’s not good), but the key is to keep people safe so that we don’t have to go back and review surveillance footage.

If you’re going to add surveillance cameras, don’t think you can get away with just one standard camera and a wide-angle lens. Wal-Mart smartly uses a number of cameras; they seem to recognize that parking lots can’t be covered by a single camera (admittedly, there parking lots are usually a wee bit larger than most retailers’ lots, but you get the point).

If you’ve got other tips on how to keep retail parking lots safe, please add them as a comment for our readers and for retail business owners to see. Thanks!

-Geoff

DefCon is an interesting inverse to the standard security conference. Instead of hearing stories about “how we kept the bad guys out,” you hear the stories of “how we let ourselves in.” Not that they’re necessarily the bad guys any more — since some hackers at DefCon use the conference to publicly humiliate companies and technology developers into improving their security.

This most recent DefCon was held August 8-10, at the Riviera Hotel and Casino in Las Vegas, and if you’re just hearing about DefCon, let me say that this is a hacker’s show. Show organizers even are known to encourage their attendees to hack the conference’s electronic access badge. Even so, government security pros (read: bureau and agency guys and gals) are known to attend to stay up-to-date on what they’ll be faced with.

One thing that has been happening a little more each year is that the hacking community recognized that not only could they hack electronic security, but also that traditional physical security devices could fall to the hands of their hacks as well.

Much like recent DefCons, at this year’s DefCon 16 lock picking was taught — presumably because it’s easier to perform IT hacks inside a facility than it would be from “outside”. One of the hackers apparently was also showing off a skill on how to pick Medeco locks using simply a picture of the key and some disposable plastic (old credit cards or plastic from the Shrinky Dinks children’s toy); the same hacker was known for showing how to bump locks, even so-called unbumpable locks.

Gale Johnson, an accomplished locksmith and editor-in-chief of Locksmith Ledger, provided me insight into what really was being shown at DefCon in terms of the lock picking:

“Mechanical locks depend on a singular-shaped operating key. I have a comparator machine and have measured the factory specs. for over 2000 different types of keys. This information is not a secret and is available from multiple sources. Therefore, if you can obtain a picture of an operating key, obviously someone with the factory specs can possibly originate a working key. This is true of any mechanical key. The discovery in Las Vegas is no discovery at all.”

Thanks, Gale, for giving us a quick run-down of this so-called hack. We also posted a story on the SIW homepage about other tactics to get into buildings being proposed at DefCon 16. What’s clear is that hacking isn’t just for Microsoft anymore.

-Geoff

Lesson for alarm companies: get your technicians’ shirts back before you let ‘em go. Otherwise, who knows where your company’s good name will wind up… maybe with a former employee as he robs a safe? Yep, it happens….

[Please note, the website/newspaper’s headline is wrong — it really should say something like “Former alarm tech hits safe at check cashing firm”. From what the story says, he wasn’t a former employee of the check-cashing business; he was an employee of the alarm firm.]

http://www.sun-sentinel.com/community/news/boyntonbeach/sfl-flglrobbery0813bbfaug13,0,7308116.story

-Geoff

Really quick, here’s a story that came onto my radar this morning about a school bus that had a surveillance camera. What the thief/joy-rider didn’t know is that it was a wireless security camera that continued to transmits images while he toured the Georgia countryside in a stolen school bus.

Read the original story: http://www.nbc30.com/news/17119243/detail.html

-Geoff

In the spirt of the start of the Olympics, I thought it would be curious to mention on the blog that CCTV has an entirely different meaning in China than it does in the U.S. CCTV in China stands for China Central Television, the government-run TV and propaganda station of the Chinese Communist Party. In terms of open circuits (as opposed to closed circuit television), the CCTV.com website for China Central Television will be providing live video of the Olympics streamed over the Web.

China Central Television, incidentally, is building a massive new headquarters which is scheduled to open next year. You can bet they’ll have CCTV (as we know it; surveilance cameras instead of broadcast cameras) as part of their security measures.

-Geoff

Congress has introduced legislation that would make “Organized Retail Crime” a federal offense. This is good news as current state laws only address ORC as an individual state issue. Frequently ORC cases encompasses thefts from multiple states making it extremely difficult to procesute the offenders.

This legislation will also go a long way in addressing e-fenceing and put a crimp in the on-line sales of stolen property. On-line sellers would need to show that they have taken steps to insure that stolen property is not being sold on the internet. The bill would also allow retailers to sue on-line auction sites who sell their stolen merchandise. 

There is a current discussion taking place on the SecurityInfoWatch forums - join in.

From the National Retail Federation -  

Washington, July 15, 2008 – The National Retail Federation welcomed today’s introduction of legislation that would make organized retail crime a federal offense in an attempt to stop a growing problem that costs retailers and consumers as much as $30 billion a year and threatens public safety through the sale of tainted goods.

“The introduction of this bill shows that Congress realizes organized retail crime is more than just shoplifting,” NRF Vice President for Loss Prevention Joseph LaRocca said. “Organized retail crime is a large and growing national issue with dollar losses bigger than robbery, larceny, burglary and auto theft combined. It also threatens public health and safety when thieves tamper with items like baby formula or over-the-counter medications before offering them for sale. This legislation will make organized retail crime part of our federal criminal statutes, and give law enforcement officers and prosecutors the tools they need to put these criminals behind bars.”

“A significant portion of this bill deals with on-line fencing of stolen goods,” LaRocca said. “On-line auctions and other markets on the Internet provide a Wild West environment where thieves can re-sell stolen property to customers on a national or even international level with virtually no questions asked. Requiring Internet marketplaces to live up to their responsibility to block the sale of obviously stolen merchandise is not unreasonable. We’ve seen from this week’s ruling on the sale of counterfeit goods that current laws are not adequate to police these sites. It’s time for Congress to bring on-line crime under control.”

H.R. 6491, the Organized Retail Crime Act of 2008 was introduced today by Representative Brad Ellsworth, D-Ind., with Representative Jim Jordan, R-Ohio, as the lead co-sponsor. The bill would define organized retail crime as “the acquiring of retail merchandise by illegal means for the purpose of reselling the items” and make such activity – including transportation, sale or receipt of stolen retail goods, – a federal crime.

Among other provisions, sale of stolen or counterfeit gift cards, or items with faked Universal Product Codes or Radio Frequency Identification chips would be considered fraud. Those found guilty of committing or facilitating organized retail crimes would be subject to appropriate existing fines, prison terms and forfeiture, and the legislation would require the U.S. Sentencing Commission to review its guidelines for cases involving such crimes.

The bill would also establish that operation of on-line marketplaces such as auction sites can be considered “facilitation” of organized retail crime unless the operator can show that specific steps had been taken to ensure that goods being sold were not obtained by theft or fraud. Site operators would be required to “expeditiously” investigate complaints that stolen items are being sold, maintain records of the names and physical addresses of high-volume sellers, and require high-volume sellers to either post that information along with merchandise offerings or make it available upon request to any business with a reasonable suspicion about the merchandise.

Operators of on-line marketplaces could also be sued by any business whose stolen goods were sold. Retailers lose between $15 and $30 billion to organized retail crime each year, according to the FBI and retail loss prevention experts. The figure compares to the $18 billion for robbery, larceny, burglary and auto theft combined reported by the FBI Uniform Crime Report.

In addition, a record 85 percent of retailers reported that they were victims of organized retail crime in the past year, according to NRF’s annual survey on the issue.
Organized retail crime rings typically target everyday consumer products that are in high demand and easy to steal such as infant formula, razor blades, batteries, analgesics, cosmetics and gift cards. More expensive products such as DVDs, CDs, video games, designer clothing and electronics are also highly prized. Once stolen, the goods are resold at pawn shops, flea markets, swap meets and the Internet. The thefts force retailers to increase prices to cover the losses, and threaten public health when crime rings tamper with items such as infant formula or medication by extending expiration dates or repackaging and relabeling the items.

The National Retail Federation is the world’s largest retail trade association, with membership that comprises all retail formats and channels of distribution including department, specialty, discount, catalog, Internet, independent stores, chain restaurants, drug stores and grocery stores as well as the industry’s key trading partners of retail goods and services. NRF represents an industry with more than 1.6 million U.S. retail companies, more than 25 million employees - about one in five American workers - and 2007 sales of $4.5 trillion. As the industry umbrella group, NRF also represents over 100 state, national and international retail associations. Source: NRF

- Curtis Baillie - Security Consulting Strategies, LLC

On first glance, this may be the dumbest idea I’ve yet to hear about in terms of municipal/city surveillance projects:

http://www.securityinfowatch.com/online/CCTV–and–Surveillance/Adopt-a-security-camera-for-$30K/16741SIW427

Think about it this way:

Who wants to look at a security camera with a flashing police light? That’s exactly where you advertisement would be, and everyone is going to instinctively turn their eyes and face away from that point. And for all the libertarian people who associate police cameras with a police state, your company just was associated with the trampling of liberties. It can’t get much worse…

 Back to the drawing boards for funding ideas, folks!

-Geoff

P.S. I believe the TSA tried this; they wanted to sell ads on their gray bins that you use at airport security checkpoints. That went over about as well as you trying to get a big bottle of water through their X-ray machines.

Last few times I’ve had to fly, I’ve mentioned to my fellow travelers as we undressed in the security checkpoint: “why don’t we all just fly naked?” Don’t get me wrong. I believe in security and will do anything I can to help avert a terrorist act or the works of a malcontent or wrong-doer.

So now it seems we are nearly flying naked. O’Hare International Airport will soon unveil new security scanners that are in essense a full body scan. Think Superman and his X-ray vision. The image generated shows the skeletal outline of the body–so there’s nothing that can be missed or hidden, even in the most unobvious body cavity parts.

The system, manufactured by L3 and called ProVision, is a “virtual strip search” according to the July 20 edition of The Chicago Tribune. It uses millimeter wave technology and antennas which rotate around the person, emitting beams of radio frequency energy toward the body. These millimeter waves bounce off the body and back to the receivers which record the waves that are used to construct 3D images. Screeners, located in a remote location, thank God, analyze the images for weapons or contraband. The faces on the images are blurred and those images are then deleted. 

 The images show breasts and butts and other anatomical features to identify possible hidden objects. The American Civil Liberties Union is already hooting and hollering. (BTW, travelers can opt out of the scanner for a good old fashioned hand-frisk.) The alternative–fly without clothing.   

Many of our readers had heard about TSA’s effort to implement self-sorting security lines to speed things up. The idea is much like skiing, where the dare devils can run the black diamonds, the regular skiers who are still improving jump on the “blue square” trails, and the beginners stick to the bunny slopes and the “green circle” runs.

I finally had a chance to experience how effective these self-sorting lanes could work for airport security, where they are organized as such: Expert traveler (black diamond), Casual traveler (blue square), and Families & Special Assistance (green circle).

I have to say, I think it’s an interesting idea. One of the big things that Kip Hawley is promoting is a more relaxed TSA security checkpoint experience. By that, he doesn’t mean relaxed security procedures, but a relaxed experience for the persons waiting in line.

John Gillie at the Tacoma News Tribune (Tacoma, Wash.) did a great interview with Hawley this week, and the first part of their interview summed up what the overall “TSA experience” is being focused on:

“It’s about increasing the calmness. If I yell out, “OK, everybody get your bags out. Take your shoes off,” then you’re increasing the level of tension. So cut out that. Talk to people. Engage with them. If you have a more confident presence, it works. The black diamond lanes like you have here have already calmed down the checkpoints. You have happier passengers. You have happier officers. We’ve actually improved our officers’ attendance at airports where we have the black diamond lanes.” — Kip Hawley, as told to The (Tacoma, Wash.) News Tribune (see full article)

So, now having experienced the self-sorting lanes, I can say that I do think there is an initial relaxation that occurs. Being someone that writes about security, and who travels often and who travels light, I jumped straight into the Black Diamond/Expert Traveler lane, ready to buzz through security and pick out a good suspense thriller novel to read on my flight back home. I was, admittedly, instantly relaxed … right up until the point that I realized the expert lane wasn’t filled with road warriors who spend more time in airports than at home. In fact, as I looked forward, I saw a half dozen strollers ahead of me, a number of people dragging two carry-ons, a family of non-English speakers who kept staring at their tickets and a number of other oddities for a so-called expert traveler line.

With five serpentine rows ahead of me until we could reach the X-ray machines, I got time to look over to the Casual Traveler and Familes & Special Assistance lines off to our left. The mix of persons in those lines was virtually identical to the black diamond side of the TSA checkpoint. And with five serpentine rows until the X-ray machines, I also had a chance to compare line “throughput”. As it was, the speeds were virually identical.

After 20 minutes of shuffling through the route to the X-ray machines, here is what I’ve learned about the self-sorting lanes: People are going to self-sort themselves into whatever appears to be the shortest lane. That’s a truism, regardless of whether they are an expert traveler, a casual traveler, or traveling as “families & special assistance.” There’s a beauty in the fact that we self-sort to the shortest lane possible, because it reminds me of the equality and egalitarian ideals that this nation was founded upon.

So, why don’t we just get rid of the ski-slope-style classification from the TSA security checkpoint and just recognize that everyone wants through as fast as they can, not just the road warriors who are only carrying a laptop bag?

And as far as relaxing the entire process, I might recommend everyone just bring their iPod or a book they can read in the line. Soon enough, you’ll be at the front of the line where your bag will be scanned and you’ll be pulled aside to enjoy a full body-cavity search.

-Geoff