In 2003, the unthinkable happened at Belgium's Antwerp Diamond Center. Thieves broke into its reputedly impenetrable vault and made off with hundreds of millions of dollars' worth of diamonds, gold, cash and other valuables.
Through years of meticulous planning, they got past police officers less than 200 feet away, access controls into the building, a combination-and-key-lock vault door, a magnetic seal on the vault door and motion, infrared, light and seismic detectors within the vault.
The Antwerp Diamond Center theft and other sophisticated, high-value heists show that motivated criminals can find ways to overcome every obstacle between them and their targets. Can the Energy and Defense departments, responsible for analyzing, designing and implementing complex systems to protect vital national security assets, learn from security failures in the banking, art and jewelry worlds?
Sandia National Laboratories systems analyst Jarret Lafleur set out two years ago to answer that question. "There are many insights to be gained from studying high-value heists and related crimes that could be applied to Sandia's work in physical security," he said. "Our work focuses on securing nuclear materials and other assets. Those kinds of attacks and threats are extremely rare, which is good, but give us very little historical information to draw upon."
Lafleur, Luke Purvis, manager of Sandia's National Security Systems Analysis group, and Alex Roesler, manager of the Assurance Technologies and Assessments group, published the research in a report "The Perfect Heist: Recipes from Around the World" (SAND 2014-1790), which details 23 crimes, their categorization and lessons learned. Lafleur also presented the "The Perfect Heist" to numerous audiences.
Compiling the crimes
Lafleur found there hadn't been a comprehensive study of sophisticated and high-value heists in more than two decades. "When we dug into the details, we found several areas worthy of further study that could inform our approach to physical security," he said. "Two examples are the roles of insiders in successful heists and the ways that redundancy in a security system can affect the behavior of humans in the loop."
Using public information sources, Lafleur chose 23 worldwide heists that occurred in the past three decades, notable for the value of assets stolen, innovation and complexity. Those include the Vastberga Helicopter Heist (Sweden, 2009) in which thieves descended from a helicopter into a cash depot by smashing through a skylight; the Isabella Stewart Gardner Museum Art Heist (United States, 1990) where burglars posed as police officers to deceive and subdue museum guards; and the Securitas Cash Depot Heist (Britain, 2006) that saw robbers abduct the manager, his wife and their child to force him to let them into the depot and provide key details about its security.
Lafleur, Purvis, and Roesler compiled the results in a Heist Methods and Characteristics Database. They analyzed the results qualitatively and quantitatively to describe the range and diversity of criminal methods and identify characteristics that are common or uncommon in such high-value heists. The analysis focused on seven areas: defeated security measures and devices; deception methods; timing and target selection; weapons employed; resources and risk acceptance; insiders; and failures and mistakes.
Deception, patience are common ingredients
While methods and implementation of the heists varied greatly, there were common factors. At least one form of deception was used in 21 of the heists, ranging from impersonating law enforcement to use of decoy vehicles to concealing surveillance equipment. Insiders—willing, unwitting and coerced—played a role in the majority of cases. The Antwerp Diamond Center's building manager even provided blueprints to the heist mastermind, thinking he was just another tenant.
"I learned from this study that these thieves have a lot of patience. Most spent months and even years planning. They were very deliberate in how they defeated security measures and those methods were often very low-tech, like using hair spray to disable infrared sensors," said Lafleur. "In most of these heists, multiple security measures were defeated."
Another finding is that weapons aren't needed to steal a lot of money. Four of the top five heists, in terms of value, were weaponless.
Explore further: Expert wants to help nab Russian password thieves
More information: The complete report is available online: prod.sandia.gov/techlib/access-control.cgi/2014/141790.pdf