Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Theft Ring Targets Government Offices: Or, How Lax Security IS at Said Offices

with one comment

Theft Ring Targets Government Offices

On 16 June 2010, in Uncategorized, by admin
The Atlantic, 14 June 2010: As anyone who works at an office building with badge or fob access controls know, most people tend to let anyone follow them in who wears an identification tag and looks respectable — even if they don’t know the person. A psychologist could do experiments as to why people do this, even in the face of persistent and often posted warnings to the contrary.

A sophisticated cadre of criminals is using the badge-swiping culture of Northern Virginia to steal from office buildings there, including some that house sensitive government facilities. A series of thefts attributed to the group has triggered a joint investigation by the U.S. Secret Service, the Diplomatic Security Service and the Arlington County Police Department.

One of the buildings broken into included a State Department office that contained classified materials, although it is not clear whether the classified documents were the target.

According to a Defense Department memo, the thieves outfit themselves with laminated badges hung off lanyards. They loiter near building entrances that require card key or fob access and follow other employees in. “The thieves then enter unoccupied offices and steal property, especially cash and credit cards,” the memo says.

There are at least 100 buildings in Northern Virginia that include sensitive government facilities. A Pentagon official called it a “major counterintelligence problem.”

This little story says a lot more about the insecurity of those offices than it does about the “burglars” using social engineering to get into the buildings while open. Piggybacking and social engineering are old school and often work because people generally don’t want to cause a fuss and like to be helpful. In this case, these offices should already have robust security awareness programs that would get the workers to take a second look at a badge on someone they did not readily recognize. We are however, dealing with the government and often these folks are, well, clueless.

This story also shows you that the proper countermeasures are not in place at these facilities because they should be using proximity cards in areas that contain “classified” materials. Not to mention that these materials, by the sound of the memo and article were not secured within locked cabinets to prevent their easy access to start with. So, it all sounds rather bad really in my mind…

Ponder this.. If the thieves are doing this, what about the adversary?

CoB

Written by Krypt3ia

2010/06/16 at 19:22

One Response

Subscribe to comments with RSS.

  1. […] see, just yesterday I posted an article on the fact that there seemed to be a rash of physical intrusions and thefts at government buildings recently. Had the people at these offices been situationally aware, then perhaps they would have stopped […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: