Deception, patience are common ingredients
While methods and implementation of the heists varied greatly, there were common factors. At least one form of deception was used in 21 of the heists, ranging from impersonating law enforcement to use of decoy vehicles to concealing surveillance equipment. Insiders — willing, unwitting and coerced — played a role in the majority of cases. The Antwerp Diamond Center’s building manager even provided blueprints to the heist mastermind, thinking he was just another tenant.
“I learned from this study that these thieves have a lot of patience. Most spent months and even years planning. They were very deliberate in how they defeated security measures and those methods were often very low-tech, like using hair spray to disable infrared sensors,” said Lafleur. “In most of these heists, multiple security measures were defeated.”
Another finding is that weapons aren’t needed to steal a lot of money. Four of the top five heists, in terms of value, were weaponless.
For obvious reasons, this report will have immense value for those out there that are in the business of countering this kind of crime. There is such a thing as the perfect heist, and this is an excellent study of those types of heists. I was particularly interested in the lessons learned aspect of the report.
In it, they listed 44 items of interest for security professionals. They also described the average successful criminal. Here is a snippet.
Several key lessons are identified in each focus area, and an overview of the commonalities and bounds of criminal team characteristics and capabilities is provided. In brief, the typical criminal is a 30-39 year old man and experienced career criminal who is native to the country whose valuables he is targeting. The typical on-scene criminal team consists of 2-8 accomplices, typically perpetrating the robbery as a single team, although breaking into multiple sub-teams is not uncommon. Use of weapons is typical but in many cases not required for success. Thieves are willing to devote substantial resources to planning, spending in some cases more than two years, hundreds of thousands of dollars, and procuring transportation for thousands of pounds of loot. Thieves are frequently thorough and innovative in their planning, developing security defeat methods that are physically simple but highly targeted toward vulnerabilities the thieves have identified in advance of the heist. In the identification and exploitation of these vulnerabilities, deceptions and insiders almost always play a role. Multiple insiders, unwillingly or willingly colluding, are not uncommon; and while insiders span a variety of origins and roles, by far the most common type is the coerced insider who unwillingly assists in the crime, often upon threat of losing his own life or the lives of his family members.
That is some serious patience and ‘know your enemy, know yourself’ stuff there. The use of insiders, willing or not, is also very interesting.
Now what this report did not include was the vast group of criminals that absolutely need to be studied in Russia, South Asia, East Asia and Australia. It would also be helpful for them to go older than the 1970’s, but at least they have a good smattering of successful modern day heists. Here is a quote.
This expansion might continue to track down details of thefts that commonly make published lists of top heists, or it might take the direction of purposefully widening the scope geographically (e.g., to include heists in Russia, South Asia, East Asia, and Australia) and temporally (e.g., to include heists prior to the 1970s, perhaps as far back as the early 1900s, or farther back to the 1800s or even 1700s) to ensure the representation of a greater diversity of criminal methods and techniques in the data.
Check it out and this thing is filled with the good stuff. –Matt
Read the report here.
Sandia report draws lessons learned from ‘perfect heists’ for national security
August 19, 2014
In 2003, the unthinkable happened at Belgium’s Antwerp Diamond Center. Thieves broke into its reputedly impenetrable vault and made off with hundreds of millions of dollars’ worth of diamonds, gold, cash and other valuables.
Through years of meticulous planning, they got past police officers less than 200 feet away, access controls into the building, a combination-and-key-lock vault door, a magnetic seal on the vault door and motion, infrared, light and seismic detectors within the vault.
The Antwerp Diamond Center theft and other sophisticated, high-value heists show that motivated criminals can find ways to overcome every obstacle between them and their targets. Can the Energy and Defense departments, responsible for analyzing, designing and implementing complex systems to protect vital national security assets, learn from security failures in the banking, art and jewelry worlds?
Sandia National Laboratories systems analyst Jarret Lafleur set out two years ago to answer that question. “There are many insights to be gained from studying high-value heists and related crimes that could be applied to Sandia’s work in physical security,” he said. “Our work focuses on securing nuclear materials and other assets. Those kinds of attacks and threats are extremely rare, which is good, but give us very little historical information to draw upon.”
Lafleur, Luke Purvis, manager of Sandia’s National Security Systems Analysis group, and Alex Roesler, manager of the Assurance Technologies and Assessments group, published the research in a report “The Perfect Heist: Recipes from Around the World” (SAND 2014-1790), which details 23 crimes, their categorization and lessons learned. Lafleur also presented the “The Perfect Heist” to numerous audiences.
Compiling the crimes
Lafleur found there hadn’t been a comprehensive study of sophisticated and high-value heists in more than two decades. “When we dug into the details, we found several areas worthy of further study that could inform our approach to physical security,” he said. “Two examples are the roles of insiders in successful heists and the ways that redundancy in a security system can affect the behavior of humans in the loop.”
Using public information sources, Lafleur chose 23 worldwide heists that occurred in the past three decades, notable for the value of assets stolen, innovation and complexity. Those include the Vastberga Helicopter Heist (Sweden, 2009) in which thieves descended from a helicopter into a cash depot by smashing through a skylight; the Isabella Stewart Gardner Museum Art Heist (United States, 1990) where burglars posed as police officers to deceive and subdue museum guards; and the Securitas Cash Depot Heist (Britain, 2006) that saw robbers abduct the manager, his wife and their child to force him to let them into the depot and provide key details about its security.
Lafleur, Purvis, and Roesler compiled the results in a Heist Methods and Characteristics Database. They analyzed the results qualitatively and quantitatively to describe the range and diversity of criminal methods and identify characteristics that are common or uncommon in such high-value heists. The analysis focused on seven areas: defeated security measures and devices; deception methods; timing and target selection; weapons employed; resources and risk acceptance; insiders; and failures and mistakes.
Deception, patience are common ingredients
While methods and implementation of the heists varied greatly, there were common factors. At least one form of deception was used in 21 of the heists, ranging from impersonating law enforcement to use of decoy vehicles to concealing surveillance equipment. Insiders — willing, unwitting and coerced — played a role in the majority of cases. The Antwerp Diamond Center’s building manager even provided blueprints to the heist mastermind, thinking he was just another tenant.
“I learned from this study that these thieves have a lot of patience. Most spent months and even years planning. They were very deliberate in how they defeated security measures and those methods were often very low-tech, like using hair spray to disable infrared sensors,” said Lafleur. “In most of these heists, multiple security measures were defeated.”
Another finding is that weapons aren’t needed to steal a lot of money. Four of the top five heists, in terms of value, were weaponless.
Story here.