Sandia report draws lessons learned from 'perfect heists' for national security

Aug 19, 2014 by Patti Koning
Sandia National Laboratories managers Alex Roesler, left, and Luke Purvis, center, and systems analyst Jarret Lafleur shown inside a Bank of Italy vault in a historic Livermore, California, building, studied 23 high-value heists that occurred in the last three decades for lessons learned that can applied to designing complex security systems to protect vital national security assets. Credit: Dino Vournas

In 2003, the unthinkable happened at Belgium's Antwerp Diamond Center. Thieves broke into its reputedly impenetrable vault and made off with hundreds of millions of dollars' worth of diamonds, gold, cash and other valuables.

Through years of meticulous planning, they got past police officers less than 200 feet away, access controls into the building, a combination-and-key-lock vault door, a magnetic seal on the vault door and motion, infrared, light and seismic detectors within the vault.

The Antwerp Diamond Center theft and other sophisticated, high-value heists show that motivated criminals can find ways to overcome every obstacle between them and their targets. Can the Energy and Defense departments, responsible for analyzing, designing and implementing complex systems to protect vital national security assets, learn from security failures in the banking, art and jewelry worlds?

Sandia National Laboratories systems analyst Jarret Lafleur set out two years ago to answer that question. "There are many insights to be gained from studying high-value heists and related crimes that could be applied to Sandia's work in physical security," he said. "Our work focuses on securing nuclear materials and other assets. Those kinds of attacks and threats are extremely rare, which is good, but give us very little historical information to draw upon."

Lafleur, Luke Purvis, manager of Sandia's National Security Systems Analysis group, and Alex Roesler, manager of the Assurance Technologies and Assessments group, published the research in a report "The Perfect Heist: Recipes from Around the World" (SAND 2014-1790), which details 23 crimes, their categorization and lessons learned. Lafleur also presented the "The Perfect Heist" to numerous audiences.

Compiling the crimes

Lafleur found there hadn't been a comprehensive study of sophisticated and high-value heists in more than two decades. "When we dug into the details, we found several areas worthy of further study that could inform our approach to physical security," he said. "Two examples are the roles of insiders in successful heists and the ways that redundancy in a security system can affect the behavior of humans in the loop."

Using public information sources, Lafleur chose 23 worldwide heists that occurred in the past three decades, notable for the value of assets stolen, innovation and complexity. Those include the Vastberga Helicopter Heist (Sweden, 2009) in which thieves descended from a helicopter into a cash depot by smashing through a skylight; the Isabella Stewart Gardner Museum Art Heist (United States, 1990) where burglars posed as police officers to deceive and subdue museum guards; and the Securitas Cash Depot Heist (Britain, 2006) that saw robbers abduct the manager, his wife and their child to force him to let them into the depot and provide key details about its security.

Lafleur, Purvis, and Roesler compiled the results in a Heist Methods and Characteristics Database. They analyzed the results qualitatively and quantitatively to describe the range and diversity of criminal methods and identify characteristics that are common or uncommon in such high-value heists. The analysis focused on seven areas: defeated security measures and devices; deception methods; timing and target selection; weapons employed; resources and risk acceptance; insiders; and failures and mistakes.

Deception, patience are common ingredients

While methods and implementation of the heists varied greatly, there were common factors. At least one form of deception was used in 21 of the heists, ranging from impersonating law enforcement to use of decoy vehicles to concealing surveillance equipment. Insiders—willing, unwitting and coerced—played a role in the majority of cases. The Antwerp Diamond Center's building manager even provided blueprints to the heist mastermind, thinking he was just another tenant.

"I learned from this study that these thieves have a lot of patience. Most spent months and even years planning. They were very deliberate in how they defeated security measures and those methods were often very low-tech, like using hair spray to disable infrared sensors," said Lafleur. "In most of these heists, multiple were defeated."

Another finding is that weapons aren't needed to steal a lot of money. Four of the top five heists, in terms of value, were weaponless.

Explore further: Expert wants to help nab Russian password thieves

More information: The complete report is available online: prod.sandia.gov/techlib/access… .cgi/2014/141790.pdf

add to favorites email to friend print save as pdf

Related Stories

Expert wants to help nab Russian password thieves

Aug 06, 2014

The hackers are a tight knit group, 10 or 11. They live in a Russian town, and have real jobs. But in their down time, the cybercriminals have spent the past seven months gathering a hoard of personal data, ...

Prescription-drug heists on the rise

Mar 17, 2010

(AP) -- The $75 million heist at a pharmaceutical warehouse in Connecticut this week was just the most audacious example of a growing phenomenon: Thieves are stealing large quantities of prescription drugs ...

Security guard industry lacks standards, training

Jun 03, 2014

Despite playing a more important role in the wake of 9/11, the security guard industry remains plagued by inadequate training and standards in many states, indicates new research by Michigan State University criminologists.

UK police: Cyber crooks could have stolen millions

Sep 14, 2013

(AP)—A daring attempt to graft a rogue piece of hardware onto a computer at a London branch of Spanish bank Santander could have drained millions from its coffers, police said Friday, an indication of the potential for ...

Recommended for you

Timeline of the Sony Pictures Entertainment hack

1 hour ago

It's been four weeks since hackers calling themselves Guardians of Peace began their cyberterrorism campaign against Sony Pictures Entertainment. In that time thousands of executive emails and other documents ...

Second security clearance investigation contractor hacked

2 hours ago

Federal officials say the private files of 48,439 workers may have been compromised by a computer breach at government contractor KeyPoint Government Solutions Inc. The hacking incident is the second this year at a major ...

Sony emails show a studio ripe for hacking

13 hours ago

In the weeks before hackers broke into Sony Pictures Entertainment, the studio suffered significant technology outages it blamed on software flaws and incompetent technical staffers who weren't paying attention, ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.