SecurityInfoWatch.com Blogs

I received an email this morning that was written by the hazardous materials coordinator for a large Southeastern city’s fire department. Here’s his note:

“We have received information about a mailer that has been sent out nationwide to select business and individuals.  The mailer contains two aspirin, that when processed through the mail system becomes crushed and leads to ‘white powder’ type event upon opening.  The company that has sent this out is a network company called ‘Intellinet’.  The mailer contains advertising that pertains to assistance with networking issues and uses the aspirin as key on ‘Networking Headaches’.” 

Heads in some company’s marketing department are going to roll (It’s not clear which Intellinet this is; if you Google the company name, you’ll find out that it’s a widely used brand by a number of companies, mostly all in the IT space). You’d think that with all the recent information about the Ricin case in the news, this wouldn’t have slipped by in our post-9/11 world. Let’s hope there were very few of these mailers and that first responder, safety and security departments recognize this as just marketing-gone-bad.

P.S. This is all unofficial, passed-along-by-first-responders type of information. I’ve been unable to debunk it like the good folks at Snopes do on so many common email myths. It seems plausible enough, and actually sounds like a good marketing ploy until you think about how well two aspirin would survive a trip through the mail.

-Geoff

 As the newest addition to the team of Security Dealer & Integrator magazine, I am realizing just how big an industry the security market is. In the past month as assistant editor of SD&I, my main focus, besides the essential editorial tasks that need to be done, has been in researching the industry and understanding the terminology that my surrounding peers toss back and forth amonst each other. Don’t get me wrong-coming from a background of writing about industrial topics, as in the cranes and lifts we see on the roads during construction workzones, I came onboard with an understanding and skill-set in technical writing. But lets face it, cranes and lifts are definitely not in the same boat as CCTV systems, open-platform software and wireless technology. The ironic part about this whole transition? I am a former security guard who now is the one writing about the industry that I have partly experienced.

In the past month, I have already had the opportunity to write a story for our September issue on security guard services. With the end of the year closing in on us, I am already working on some upcoming stories for our October, November and December issues that I am hoping will give you more insight as to what new updates and happenings are occuring in the security industry.

In signing off on my first blog post, I welcome you to contact me with your ideas and suggestions as I create a place for myself amongst you experts in this market.

Thank you!

~ Natalia Kosk ~

Greetings SIW readers,

I joined SecurityInfoWatch.com in May as the new assistant editor of the Web site. In my time thus far at SIW, I have spent a good deal of my time learning about the different markets within the security industry and trying to find and post the news stories that are of interest to you the reader.

I have also had the opportunity to write several features stories over the last several months and have started a regular series of “At the Frontline” pieces, which cover the different challenges security directors in the industry face. You can expect to see more “At the Frontline” stories in the coming weeks.

I’m also pleased to see that many of you have taken the opportunity to read my feature story on copper theft, as it has been one of our most read stories for several weeks running. Having covered crime as a reporter for a daily newspaper before joining SIW, I saw firsthand just how big of an issue that this has become for law enforcement and the utility industry.  Hopefully, as advances continue in remote surveillance technology, metal theft will become more of nuisance than an epidemic.  

In closing my first blog post, I look forward to continuing to bring you the stories that you as security professionals depend on and invite you to e-mail me ideas for features or other news stories that you would like to read about on the site. Thanks!

-Joel Griffin

From Miami television new channel 10: “Commissioner Josephus Eggelletion Jr. is proposing a county ordinance that will require retail businesses to provide, operate and maintain a security camera video surveillance system to protect customers walking to and from the parking lot.” [full article from Local10.com]

So surveillance protects people walking to-and-from parking lots? Well, maybe not, but here’s a list of things that actually help people move safely from a retailer’s door to their own car door:

1) good visibility to their vehicle (i.e., not having to walk through an alley and around the building)

2) exceptional parking lot lighting

3) clean area allowing an easy path, even when carrying shopping bags

4) non-allowance of loitering

5) parking lot patrols by guards (or store employees who can collect shopping carts)

I’m not opposed to adding surveillance cameras that can view a parking lot, but that camera isn’t likely to be noticed by the customer. Sure, it could be useful for after-the-fact prosecution if it captured a really good image (only likely during the day, and yes, we’ve seen how most parking lot surveillance cameras look after dusk, and it’s not good), but the key is to keep people safe so that we don’t have to go back and review surveillance footage.

If you’re going to add surveillance cameras, don’t think you can get away with just one standard camera and a wide-angle lens. Wal-Mart smartly uses a number of cameras; they seem to recognize that parking lots can’t be covered by a single camera (admittedly, there parking lots are usually a wee bit larger than most retailers’ lots, but you get the point).

If you’ve got other tips on how to keep retail parking lots safe, please add them as a comment for our readers and for retail business owners to see. Thanks!

-Geoff

DefCon is an interesting inverse to the standard security conference. Instead of hearing stories about “how we kept the bad guys out,” you hear the stories of “how we let ourselves in.” Not that they’re necessarily the bad guys any more — since some hackers at DefCon use the conference to publicly humiliate companies and technology developers into improving their security.

This most recent DefCon was held August 8-10, at the Riviera Hotel and Casino in Las Vegas, and if you’re just hearing about DefCon, let me say that this is a hacker’s show. Show organizers even are known to encourage their attendees to hack the conference’s electronic access badge. Even so, government security pros (read: bureau and agency guys and gals) are known to attend to stay up-to-date on what they’ll be faced with.

One thing that has been happening a little more each year is that the hacking community recognized that not only could they hack electronic security, but also that traditional physical security devices could fall to the hands of their hacks as well.

Much like recent DefCons, at this year’s DefCon 16 lock picking was taught — presumably because it’s easier to perform IT hacks inside a facility than it would be from “outside”. One of the hackers apparently was also showing off a skill on how to pick Medeco locks using simply a picture of the key and some disposable plastic (old credit cards or plastic from the Shrinky Dinks children’s toy); the same hacker was known for showing how to bump locks, even so-called unbumpable locks.

Gale Johnson, an accomplished locksmith and editor-in-chief of Locksmith Ledger, provided me insight into what really was being shown at DefCon in terms of the lock picking:

“Mechanical locks depend on a singular-shaped operating key. I have a comparator machine and have measured the factory specs. for over 2000 different types of keys. This information is not a secret and is available from multiple sources. Therefore, if you can obtain a picture of an operating key, obviously someone with the factory specs can possibly originate a working key. This is true of any mechanical key. The discovery in Las Vegas is no discovery at all.”

Thanks, Gale, for giving us a quick run-down of this so-called hack. We also posted a story on the SIW homepage about other tactics to get into buildings being proposed at DefCon 16. What’s clear is that hacking isn’t just for Microsoft anymore.

-Geoff

Lesson for alarm companies: get your technicians’ shirts back before you let ‘em go. Otherwise, who knows where your company’s good name will wind up… maybe with a former employee as he robs a safe? Yep, it happens….

[Please note, the website/newspaper’s headline is wrong — it really should say something like “Former alarm tech hits safe at check cashing firm”. From what the story says, he wasn’t a former employee of the check-cashing business; he was an employee of the alarm firm.]

http://www.sun-sentinel.com/community/news/boyntonbeach/sfl-flglrobbery0813bbfaug13,0,7308116.story

-Geoff

Really quick, here’s a story that came onto my radar this morning about a school bus that had a surveillance camera. What the thief/joy-rider didn’t know is that it was a wireless security camera that continued to transmits images while he toured the Georgia countryside in a stolen school bus.

Read the original story: http://www.nbc30.com/news/17119243/detail.html

-Geoff

In the spirt of the start of the Olympics, I thought it would be curious to mention on the blog that CCTV has an entirely different meaning in China than it does in the U.S. CCTV in China stands for China Central Television, the government-run TV and propaganda station of the Chinese Communist Party. In terms of open circuits (as opposed to closed circuit television), the CCTV.com website for China Central Television will be providing live video of the Olympics streamed over the Web.

China Central Television, incidentally, is building a massive new headquarters which is scheduled to open next year. You can bet they’ll have CCTV (as we know it; surveilance cameras instead of broadcast cameras) as part of their security measures.

-Geoff

Congress has introduced legislation that would make “Organized Retail Crime” a federal offense. This is good news as current state laws only address ORC as an individual state issue. Frequently ORC cases encompasses thefts from multiple states making it extremely difficult to procesute the offenders.

This legislation will also go a long way in addressing e-fenceing and put a crimp in the on-line sales of stolen property. On-line sellers would need to show that they have taken steps to insure that stolen property is not being sold on the internet. The bill would also allow retailers to sue on-line auction sites who sell their stolen merchandise. 

There is a current discussion taking place on the SecurityInfoWatch forums - join in.

From the National Retail Federation -  

Washington, July 15, 2008 – The National Retail Federation welcomed today’s introduction of legislation that would make organized retail crime a federal offense in an attempt to stop a growing problem that costs retailers and consumers as much as $30 billion a year and threatens public safety through the sale of tainted goods.

“The introduction of this bill shows that Congress realizes organized retail crime is more than just shoplifting,” NRF Vice President for Loss Prevention Joseph LaRocca said. “Organized retail crime is a large and growing national issue with dollar losses bigger than robbery, larceny, burglary and auto theft combined. It also threatens public health and safety when thieves tamper with items like baby formula or over-the-counter medications before offering them for sale. This legislation will make organized retail crime part of our federal criminal statutes, and give law enforcement officers and prosecutors the tools they need to put these criminals behind bars.”

“A significant portion of this bill deals with on-line fencing of stolen goods,” LaRocca said. “On-line auctions and other markets on the Internet provide a Wild West environment where thieves can re-sell stolen property to customers on a national or even international level with virtually no questions asked. Requiring Internet marketplaces to live up to their responsibility to block the sale of obviously stolen merchandise is not unreasonable. We’ve seen from this week’s ruling on the sale of counterfeit goods that current laws are not adequate to police these sites. It’s time for Congress to bring on-line crime under control.”

H.R. 6491, the Organized Retail Crime Act of 2008 was introduced today by Representative Brad Ellsworth, D-Ind., with Representative Jim Jordan, R-Ohio, as the lead co-sponsor. The bill would define organized retail crime as “the acquiring of retail merchandise by illegal means for the purpose of reselling the items” and make such activity – including transportation, sale or receipt of stolen retail goods, – a federal crime.

Among other provisions, sale of stolen or counterfeit gift cards, or items with faked Universal Product Codes or Radio Frequency Identification chips would be considered fraud. Those found guilty of committing or facilitating organized retail crimes would be subject to appropriate existing fines, prison terms and forfeiture, and the legislation would require the U.S. Sentencing Commission to review its guidelines for cases involving such crimes.

The bill would also establish that operation of on-line marketplaces such as auction sites can be considered “facilitation” of organized retail crime unless the operator can show that specific steps had been taken to ensure that goods being sold were not obtained by theft or fraud. Site operators would be required to “expeditiously” investigate complaints that stolen items are being sold, maintain records of the names and physical addresses of high-volume sellers, and require high-volume sellers to either post that information along with merchandise offerings or make it available upon request to any business with a reasonable suspicion about the merchandise.

Operators of on-line marketplaces could also be sued by any business whose stolen goods were sold. Retailers lose between $15 and $30 billion to organized retail crime each year, according to the FBI and retail loss prevention experts. The figure compares to the $18 billion for robbery, larceny, burglary and auto theft combined reported by the FBI Uniform Crime Report.

In addition, a record 85 percent of retailers reported that they were victims of organized retail crime in the past year, according to NRF’s annual survey on the issue.
Organized retail crime rings typically target everyday consumer products that are in high demand and easy to steal such as infant formula, razor blades, batteries, analgesics, cosmetics and gift cards. More expensive products such as DVDs, CDs, video games, designer clothing and electronics are also highly prized. Once stolen, the goods are resold at pawn shops, flea markets, swap meets and the Internet. The thefts force retailers to increase prices to cover the losses, and threaten public health when crime rings tamper with items such as infant formula or medication by extending expiration dates or repackaging and relabeling the items.

The National Retail Federation is the world’s largest retail trade association, with membership that comprises all retail formats and channels of distribution including department, specialty, discount, catalog, Internet, independent stores, chain restaurants, drug stores and grocery stores as well as the industry’s key trading partners of retail goods and services. NRF represents an industry with more than 1.6 million U.S. retail companies, more than 25 million employees - about one in five American workers - and 2007 sales of $4.5 trillion. As the industry umbrella group, NRF also represents over 100 state, national and international retail associations. Source: NRF

- Curtis Baillie - Security Consulting Strategies, LLC

On first glance, this may be the dumbest idea I’ve yet to hear about in terms of municipal/city surveillance projects:

http://www.securityinfowatch.com/online/CCTV–and–Surveillance/Adopt-a-security-camera-for-$30K/16741SIW427

Think about it this way:

Who wants to look at a security camera with a flashing police light? That’s exactly where you advertisement would be, and everyone is going to instinctively turn their eyes and face away from that point. And for all the libertarian people who associate police cameras with a police state, your company just was associated with the trampling of liberties. It can’t get much worse…

 Back to the drawing boards for funding ideas, folks!

-Geoff

P.S. I believe the TSA tried this; they wanted to sell ads on their gray bins that you use at airport security checkpoints. That went over about as well as you trying to get a big bottle of water through their X-ray machines.