Insider Threat: Thieves obtained detailed security plans to get inside

Here’s an interesting story about security and the insider threat: Hollywood-style caper in $80M theft obtained security plans to get inside  (New Jersey Star-Ledger)

According to the article, thieves were successful in breaking in to a number of high-risk warehouses all over the country because they knew exactly where the security vulnerabilities were and how to avoid the security systems in place.

Apparently via an insider or hacking (probably an insider; these guys don’t look like computer experts) they were able to obtain detailed security assessments that were made by ADT Security Systems “to show clients their points of vulnerability.”

And from the article:

. . . The civil complaint noted that the security assessment conducted by ADT for Eli Lilly showed the location of 13 cameras inside the warehouse and the grid coordinates on a floor plan for every motion detector, infrared beam, door contact and control panel within the security system. It showed every blind spot that made the building vulnerable to thieves.

“Anyone who got hold of that document would have had a road map to get in,” said Gilbert.

Just a month after the assessment was completed, the warehouse was hit and the thieves, after climbing to the top of the building, appear to have followed the road map precisely.

They crossed the entire length of the roof to arrive at a small area precisely located above the master control room, identified in the ADT assessment as inadequately monitored and requiring two additional cameras. It was the only point of entry in which burglars could avoid the security already in place, the lawsuit said.

They dropped down on ropes to the one location in the warehouse identified in security assessment as being invisible to detectors and surveillance cameras, and disabled the master controls for the security system. Then they disconnected the security system so it could not convey alerts to the ADT monitoring station. . . .  (Read the article)

The article also mentions that one of the thieves had been a self-employed alarm installer. Who knows if through this position he was able to recruit someone with access. Or a trusted insider recruited him to execute the thefts. Right now exactly how the thieves obtained these security plans has not been made public.

Who has access to your security systems plans and vulnerability assessments?


Threats are Out There