SecurityInfoWatch.com Blogs

From Miami television new channel 10: “Commissioner Josephus Eggelletion Jr. is proposing a county ordinance that will require retail businesses to provide, operate and maintain a security camera video surveillance system to protect customers walking to and from the parking lot.” [full article from Local10.com]

So surveillance protects people walking to-and-from parking lots? Well, maybe not, but here’s a list of things that actually help people move safely from a retailer’s door to their own car door:

1) good visibility to their vehicle (i.e., not having to walk through an alley and around the building)

2) exceptional parking lot lighting

3) clean area allowing an easy path, even when carrying shopping bags

4) non-allowance of loitering

5) parking lot patrols by guards (or store employees who can collect shopping carts)

I’m not opposed to adding surveillance cameras that can view a parking lot, but that camera isn’t likely to be noticed by the customer. Sure, it could be useful for after-the-fact prosecution if it captured a really good image (only likely during the day, and yes, we’ve seen how most parking lot surveillance cameras look after dusk, and it’s not good), but the key is to keep people safe so that we don’t have to go back and review surveillance footage.

If you’re going to add surveillance cameras, don’t think you can get away with just one standard camera and a wide-angle lens. Wal-Mart smartly uses a number of cameras; they seem to recognize that parking lots can’t be covered by a single camera (admittedly, there parking lots are usually a wee bit larger than most retailers’ lots, but you get the point).

If you’ve got other tips on how to keep retail parking lots safe, please add them as a comment for our readers and for retail business owners to see. Thanks!

-Geoff

DefCon is an interesting inverse to the standard security conference. Instead of hearing stories about “how we kept the bad guys out,” you hear the stories of “how we let ourselves in.” Not that they’re necessarily the bad guys any more — since some hackers at DefCon use the conference to publicly humiliate companies and technology developers into improving their security.

This most recent DefCon was held August 8-10, at the Riviera Hotel and Casino in Las Vegas, and if you’re just hearing about DefCon, let me say that this is a hacker’s show. Show organizers even are known to encourage their attendees to hack the conference’s electronic access badge. Even so, government security pros (read: bureau and agency guys and gals) are known to attend to stay up-to-date on what they’ll be faced with.

One thing that has been happening a little more each year is that the hacking community recognized that not only could they hack electronic security, but also that traditional physical security devices could fall to the hands of their hacks as well.

Much like recent DefCons, at this year’s DefCon 16 lock picking was taught — presumably because it’s easier to perform IT hacks inside a facility than it would be from “outside”. One of the hackers apparently was also showing off a skill on how to pick Medeco locks using simply a picture of the key and some disposable plastic (old credit cards or plastic from the Shrinky Dinks children’s toy); the same hacker was known for showing how to bump locks, even so-called unbumpable locks.

Gale Johnson, an accomplished locksmith and editor-in-chief of Locksmith Ledger, provided me insight into what really was being shown at DefCon in terms of the lock picking:

“Mechanical locks depend on a singular-shaped operating key. I have a comparator machine and have measured the factory specs. for over 2000 different types of keys. This information is not a secret and is available from multiple sources. Therefore, if you can obtain a picture of an operating key, obviously someone with the factory specs can possibly originate a working key. This is true of any mechanical key. The discovery in Las Vegas is no discovery at all.”

Thanks, Gale, for giving us a quick run-down of this so-called hack. We also posted a story on the SIW homepage about other tactics to get into buildings being proposed at DefCon 16. What’s clear is that hacking isn’t just for Microsoft anymore.

-Geoff

Lesson for alarm companies: get your technicians’ shirts back before you let ‘em go. Otherwise, who knows where your company’s good name will wind up… maybe with a former employee as he robs a safe? Yep, it happens….

[Please note, the website/newspaper’s headline is wrong — it really should say something like “Former alarm tech hits safe at check cashing firm”. From what the story says, he wasn’t a former employee of the check-cashing business; he was an employee of the alarm firm.]

http://www.sun-sentinel.com/community/news/boyntonbeach/sfl-flglrobbery0813bbfaug13,0,7308116.story

-Geoff

Really quick, here’s a story that came onto my radar this morning about a school bus that had a surveillance camera. What the thief/joy-rider didn’t know is that it was a wireless security camera that continued to transmits images while he toured the Georgia countryside in a stolen school bus.

Read the original story: http://www.nbc30.com/news/17119243/detail.html

-Geoff

In the spirt of the start of the Olympics, I thought it would be curious to mention on the blog that CCTV has an entirely different meaning in China than it does in the U.S. CCTV in China stands for China Central Television, the government-run TV and propaganda station of the Chinese Communist Party. In terms of open circuits (as opposed to closed circuit television), the CCTV.com website for China Central Television will be providing live video of the Olympics streamed over the Web.

China Central Television, incidentally, is building a massive new headquarters which is scheduled to open next year. You can bet they’ll have CCTV (as we know it; surveilance cameras instead of broadcast cameras) as part of their security measures.

-Geoff

Congress has introduced legislation that would make “Organized Retail Crime” a federal offense. This is good news as current state laws only address ORC as an individual state issue. Frequently ORC cases encompasses thefts from multiple states making it extremely difficult to procesute the offenders.

This legislation will also go a long way in addressing e-fenceing and put a crimp in the on-line sales of stolen property. On-line sellers would need to show that they have taken steps to insure that stolen property is not being sold on the internet. The bill would also allow retailers to sue on-line auction sites who sell their stolen merchandise. 

There is a current discussion taking place on the SecurityInfoWatch forums - join in.

From the National Retail Federation -  

Washington, July 15, 2008 – The National Retail Federation welcomed today’s introduction of legislation that would make organized retail crime a federal offense in an attempt to stop a growing problem that costs retailers and consumers as much as $30 billion a year and threatens public safety through the sale of tainted goods.

“The introduction of this bill shows that Congress realizes organized retail crime is more than just shoplifting,” NRF Vice President for Loss Prevention Joseph LaRocca said. “Organized retail crime is a large and growing national issue with dollar losses bigger than robbery, larceny, burglary and auto theft combined. It also threatens public health and safety when thieves tamper with items like baby formula or over-the-counter medications before offering them for sale. This legislation will make organized retail crime part of our federal criminal statutes, and give law enforcement officers and prosecutors the tools they need to put these criminals behind bars.”

“A significant portion of this bill deals with on-line fencing of stolen goods,” LaRocca said. “On-line auctions and other markets on the Internet provide a Wild West environment where thieves can re-sell stolen property to customers on a national or even international level with virtually no questions asked. Requiring Internet marketplaces to live up to their responsibility to block the sale of obviously stolen merchandise is not unreasonable. We’ve seen from this week’s ruling on the sale of counterfeit goods that current laws are not adequate to police these sites. It’s time for Congress to bring on-line crime under control.”

H.R. 6491, the Organized Retail Crime Act of 2008 was introduced today by Representative Brad Ellsworth, D-Ind., with Representative Jim Jordan, R-Ohio, as the lead co-sponsor. The bill would define organized retail crime as “the acquiring of retail merchandise by illegal means for the purpose of reselling the items” and make such activity – including transportation, sale or receipt of stolen retail goods, – a federal crime.

Among other provisions, sale of stolen or counterfeit gift cards, or items with faked Universal Product Codes or Radio Frequency Identification chips would be considered fraud. Those found guilty of committing or facilitating organized retail crimes would be subject to appropriate existing fines, prison terms and forfeiture, and the legislation would require the U.S. Sentencing Commission to review its guidelines for cases involving such crimes.

The bill would also establish that operation of on-line marketplaces such as auction sites can be considered “facilitation” of organized retail crime unless the operator can show that specific steps had been taken to ensure that goods being sold were not obtained by theft or fraud. Site operators would be required to “expeditiously” investigate complaints that stolen items are being sold, maintain records of the names and physical addresses of high-volume sellers, and require high-volume sellers to either post that information along with merchandise offerings or make it available upon request to any business with a reasonable suspicion about the merchandise.

Operators of on-line marketplaces could also be sued by any business whose stolen goods were sold. Retailers lose between $15 and $30 billion to organized retail crime each year, according to the FBI and retail loss prevention experts. The figure compares to the $18 billion for robbery, larceny, burglary and auto theft combined reported by the FBI Uniform Crime Report.

In addition, a record 85 percent of retailers reported that they were victims of organized retail crime in the past year, according to NRF’s annual survey on the issue.
Organized retail crime rings typically target everyday consumer products that are in high demand and easy to steal such as infant formula, razor blades, batteries, analgesics, cosmetics and gift cards. More expensive products such as DVDs, CDs, video games, designer clothing and electronics are also highly prized. Once stolen, the goods are resold at pawn shops, flea markets, swap meets and the Internet. The thefts force retailers to increase prices to cover the losses, and threaten public health when crime rings tamper with items such as infant formula or medication by extending expiration dates or repackaging and relabeling the items.

The National Retail Federation is the world’s largest retail trade association, with membership that comprises all retail formats and channels of distribution including department, specialty, discount, catalog, Internet, independent stores, chain restaurants, drug stores and grocery stores as well as the industry’s key trading partners of retail goods and services. NRF represents an industry with more than 1.6 million U.S. retail companies, more than 25 million employees - about one in five American workers - and 2007 sales of $4.5 trillion. As the industry umbrella group, NRF also represents over 100 state, national and international retail associations. Source: NRF

- Curtis Baillie - Security Consulting Strategies, LLC