SANDIA RESEARCHERS Alex Roesler, left, Luke Purvis, and Jarret Lafleur, shown here inside a Bank of Italy vault in a historic Livermore building, studied 23 high-value heists that occurred in the last three decades for lessons learned that can be applied to designing complex security systems to protect vital national security assets. (Photo by Dino Vournas)
On Feb. 17, 2003, the unthinkable happened at Belgium’s Antwerp Diamond Center. Thieves broke into its reputedly impenetrable vault and made off with hundreds of millions of dollars’ worth of diamonds, gold, cash, and other valuables.
Through years of meticulous planning, they got past police officers less than 200 feet away, access controls into the building, a combination-and-key-lock vault door, a magnetic seal on the vault door, and motion, infrared, light, and seismic detectors in the vault.
The Antwerp Diamond Center theft and other sophisticated, high-value heists show that motivated criminals can find ways to overcome every obstacle between them and their targets. Can the Energy and Defense departments, responsible for analyzing, designing, and implementing complex systems to protect vital national security assets, learn from security failures in the banking, art, and jewelry worlds?
Sandia systems analyst Jarret Lafleur (8118) set out two years ago to answer that question. “There are many insights to be gained from studying high-value heists and related crimes that could be applied to Sandia’s work in physical security,” he says. “Our work focuses on securing nuclear materials and other assets. Those kinds of attacks and threats are extremely rare, which is good, but give us very little historical information to draw upon.”
Compiling the crimes
He found there hadn’t been a comprehensive study of sophisticated and high-value heists in more than two decades. “When we dug into the details, we found several areas worthy of further study that could inform our approach to physical security,” he says. “Two examples are the roles of insiders in successful heists and the ways that redundancy in a security system can affect the behavior of humans in the loop.”
Using public information sources, Jarret chose 23 worldwide heists that occurred in the past three decades, notable for the value of assets stolen, innovation, and complexity. The thieves used kidnapping, violence, and the threat of violence, insiders both coerced and willing, and many forms of deception. Other key ingredients were patience, innovation, and meticulous planning.
Notable cases Jarret looked at included the Vastberga Helicopter Heist (Sweden, 2009) in which thieves descended from a helicopter into a cash depot by smashing through a skylight; the Isabella Stewart Gardner Museum Art Heist (United States, 1990) where burglars posed as police officers to deceive and subdue museum guards; and the Securitas Cash Depot Heist (Britain, 2006) that saw robbers abduct the manager, his wife, and their child to force him to let them into the depot and provide key details about its security.
Jarret, working with Luke Purvis (8119), manager of Sandia’s National Security Systems Analysis group, and Alex Roesler (5627), manager of the Assurance Technologies and Assessments group, compiled the results in a Heist Methods and Characteristics Database. They analyzed the results qualitatively and quantitatively to describe the range and diversity of criminal methods and identify characteristics that are common or uncommon in such high-value heists. The analysis focused on seven areas: defeated security measures and devices; deception methods; timing and target selection; weapons employed; resources and risk acceptance; insiders; and failures and mistakes.
Jarret, Luke, and Alex published the research in a report “The Perfect Heist: Recipes from Around the World” [SAND 2014-1790], which details the 23 crimes, their categorization, and lessons learned. Jarret also presented the “The Perfect Heist” to numerous audiences.
Deception, patience are common ingredients
While methods and implementation of the heists varied greatly, there were common factors. At least one form of deception was used in 21 of the heists, ranging from impersonating law enforcement to use of decoy vehicles to concealing surveillance equipment. Insiders — willing, unwitting, and coerced — played a role in the majority of cases. The Antwerp Diamond Center’s building manager even provided blueprints to the heist mastermind, thinking he was just another tenant. Jarret continues to delve into the concept of the coerced insider with the help of interns from the Air Force and Naval academies.
“I learned from this study that these thieves have a lot of patience. Most spent months and even years planning. They were very deliberate in how they defeated security measures and those methods were often very low-tech, like using hair spray to disable infrared sensors,” says Jarret. “In most of these heists, multiple security measures were defeated.”
Another finding is that weapons aren’t needed to steal a lot of money. Four of the top five heists, in terms of value, were weaponless.