[I saw this on another list that I am on (and recommend) and I thought you all might be interested in reading this. - WK] ---------- Forwarded message ---------- Date: Sat, 16 Feb 2002 01:03:36 -0500 From: Steve Uhrig <steveat_private> To: tscm-lat_private Subject: [TSCM-L] Security? Huh! This is something I posted to a Minox list when we got off on a security tangent. LX = the model of Minox camera I carry always. If anyone attempts to do penetration studies like this, make CERTAIN the person who hired you is instantly available by telephone, AND you carry the original of a dated and signed authorization specifically detailing why you are there and that you are authorized to do anything or possess anything in fulfillment of your contract. You do not want to spend a day in the local lockup while you wait for your lawyer to track down your client. I can promise you no one else will care nor will the system care in the slightest about contacting your client or taking care of medical needs or anything like that. ==================== I did a penetration study of a government facility within the last several days (no clues when or where). They knew it was going down on that day, but not by whom. I had not been in the building in months. They made a big show of checking my boot heels for the metal taps which of course tripped the metal detector, my largish belt buckle, X-rayed my aluminum cane, completely missed my black LX as I wrapped it in what looked like a well used handkerchief in their little wicker basket and none of them would lower themselves to inspect it. That LX could have been my Case pocket knife or, God forbid, a box cutter or nail file. I had an empty leather holster for a small revolver plainly visible on my belt. They didn't make a single comment on it. If I see an empty holster on someone, I damn well want to know where the weapon is (and in my opinion the safest place for it generally is in the holster). I was going to tell them I had left it in my truck to avoid problems and see if they would admit they had no security in the parking garage nor ID of particular cars. Neither did anyone think to question my carry permit, none of which are valid in DC. After passing these heavy layers of security without incident, I went into the men's room on the first floor and lowered down through the window some string I had previously wrapped around my upper forearm. I had a confederate outside the building tie a pistol-shaped TV remote control to the line and I pulled it back up into the men's room. Previously I had placed a paper label on the remote saying 'this could have been a weapon'. I left it on the CSO's (Cognizant Security Officer's) desk. And I'm not even clever, neither was I slipping Fatimah a hundred bucks to conceal something for me. As an experiment, I did shaving cream several video cameras along my route, and in the hour or so I was in the building, no one bothered to inspect them. The shaving cream was very visible and the facility was in full swing. I dragged a trash can over and stood on it to shaving cream the one camera. Later in my after action report, the cameras merely had been written up to be checked the next day for proper operation by the technicians. I carried the can of shaving cream in my briefcase, and no one questioned that, which is suspicious considering I have a full beard. If I had really been trying to impress the place, I would have read the frequencies of their small area coverage (radio) repeater, and programmed a potent mobile radio in my van to jam coverage of their commo system. I am positive they had no backup, and the only frequency they had other than the repeater was talkaround on the repeater output, and in that building talkaround had no range. I also could have put out a decoy call of some sort and diverted the majority of security to the other end of the facility. I knew it would work and frankly it was not necessary to prove it. The door to the telephone closet was unlocked. I walked in and stole the SMDR report from the printer. I could, in seconds, have disabled all internal and external phone communications into and out of the facility. With a bit more effort I could have jammed their cell phones. It's all eyewash. Security is nonexistent. It's a bank vault door on a grass hut. Although I am not willing to do it as a pure experiment to prove a point, I am virtually certain I could arrange to gain access to a handgun inside the secured area of any public airport in the country. Federalizing security is a BIG mistake. Name one thing the government does properly and efficiently. There may be a few things where they are reasonably effective, like Secret Service dignitary protection, but certainly not efficient. Pay the contractors so they can afford to hire decent people, rework procurement so 250,000 hour a year contracts are not won and lost on a nickel an hour, mandate some training standards, equipment standards, and work out something like bonuses to the officers who have the minimum number of sick days in a quarter or a year, a substantial cash award to the shift with the lowest vehicle expenses. give the Captain on each shift a bunch of signed $50 checks he could hand out at his discretion to officers showing some pride in their appearance, attentiveness to their work and courtesy to visitors, etc. I could write a program like this on contract, we'd have reasonable security and it would be FAR cheaper than the federal government could pull it off. I could go on and on. But you don't want to hear it. Steve ******************************************************************* Steve Uhrig, SWS Security, Maryland (USA) Mfrs of electronic surveillance equip mailto:Steveat_private website http://www.swssec.com tel +1+410-879-4035, fax +1+410-836-1190 "In God we trust, all others we monitor" ******************************************************************* ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. =================================================== TSKS - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Feb 25 2002 - 03:59:03 PST