WiFi jammers against security cameras is such a 'duh' once you hear it. Wifi security cameras are so easy to beat with this. And unless you alarm on any downtime it leaves you fully vulnerable.
Security cameras should be wired PoE with local NVR + decoy NVR.
Wi-Fi conveniently enables x-ray vision (IEEE 802.11bf) through walls of home, making it easier for attackers to identify where valuables are stored, observe password keystrokes, etc. Any room with a safe should have EMF shielding.
> Prosecutors say the break-in is part of a larger issue in which so-called “burglary tourists” enter the United States .. they join sophisticated burglary rings that prey on luxury homes.. “They take advantage of the fact that most people don’t have window sensors or motion detectors on their second floors. They have WiFi jammers to stop the alarm company from being notified.. the stolen goods are often sold quickly and the money is sent back to the suspect’s home country. Most often, that’s Chile.
I spent over a decade working on security cameras and various NVR related applications. Hard wired cameras are more secure, BUT, if someone can get access to your network cable, it's not hard to inject packets and DOS out most UDP-based cameras.
Most large sites put their cameras on segregated networks, so it might not even be obvious to folks for a while.
I consider this to be an embarrassing property of modern networking. A network switch that tracks and enforces the mapping between addresses and ports, blocks spoofed packets, ensures fair allocation of DHCP leases, and enforces fair allocation of bandwidth out to be available out of the box from any credible vendor. None of this is conceptually difficult, and all the building blocks are available in somewhat standardized form. But for some reason, port security is an exotic enterprise-y set of features rather than something one can deploy out of the box.
Or an NVR deployment could use 802.1BR to isolate all the cameras.
I’m a firm believer in endpoint security — endpoints should not need to trust the network for authentication or authorization when communicating with each other. But the network really ought to be able to do its job despite attacks by rogue endpoints or someone compromising a single piece of network infrastructure, and the network’s job is to maintain reliable connectivity.
802.1BR would certainly help in that situation, but it adds management overhead. A large deployment of IP cameras brings with it a fair amount of IT overhead and the capabilities of most corporate IT departments (let alone the 'security department') can be challenged by even basic setups.
I've spent a lot of time handling support for big camera deploys and I was surprised by the number of customers who would bring their systems down by misconfiguring their own networks.
They are also often on switch with single uplink to the recorder so if cameras are connected with 1gig you could just flood recorder itself, downing every camera connected to it.
A friend did this - he hid the DVR in a space under his steps then took a cheap dead DVR, gutted it and shoved an RPi in to run Firefox and the DVR web UI. Even set it up in with a monitor and mouse on top. He left the old HDD in there for weight too.
One thing to think about though, he had a NAS box in his office next to the router on a table and I said, what if they take that thinking its the DVR? That is now under the steps too.
> Given that wires can also be cut, is that worth it given the extra cost to install?
Proper camera deployment includes redundancy in camera viewpoints. If you're cutting a camera's cable, I'm seeing you cut it from at least one other camera on property.
> Given that wires can also be cut, is that worth it given the extra cost to install?
First off if the wires can be reached the installation is a failure. My cameras are up high with all wiring well out of reach or in metal conduit. Getting near the wiring also means theives get closer to cameras setting of motion sensing algos wasting time and risk making a racket trying to climb up to disable them.
First, decoy recorders are extremely rare, and never really recommended. Most higher-end systems are using software on a PC for the video recording, not a little NVR appliance anyway. In that case your recorder can be any random PC, potentially even hidden in plain sight.
Real time offsite backups is usually not practical for reasons of upstream bandwidth limitations. A common camera can easily produce a bitstream of 2+Mbps. Get a dozen of those going, and you're bumping up against the upstream bandwidth limit of cable internet providers in the US. If you have the bandwidth for realtime offsite backups, then you can skip the on-site NVR/recorder and go with a full cloud solution like Eagle Eye (this will have a small onsite PC that acts as a buffer so that if you have a short outage of a few hours, or congestion, you don't lose video).
Maybe these kinds of things are more commona and practical in the kinds of facilities that the article is talking about?
Either way, in the city I live in most residences have 1gb up/down fiber connections. a real time offsite back up is trivial for anyone who wants to do that here.
They're even less common in those kinds of places (I've been involved in thousands of commercial video surveillance projects).
Internet connections have certainly become more robust in recent years, and cloud video storage is becoming more common, but I don't think it even makes up 1% of the market at this point. Offsite backups, remote storage, etc. are still the exception, not the rule.
Overall, the video surveillance market has many price sensitive customers. Redundancy means increased costs, it is not an easy sell, particularly when attacks on the video surveillance system/components are exceptionally rare in most cases.
Based on my experience, they'll immediately initiate a review of things. They might plug a couple of small holes if there is anything obvious. Then the process will drag on, and the sense of urgency and concern will start to get diluted as other newer issues come up in day to day operations. They might finally get some recommendations, and if those recommendations are huge, there won't be a budget. So it'll get put into next years budget request, reviewed in a few months, and then there is a 50/50 chance they get funding approval to do anything major.
During this, it will become apparent that this was an inside job, and the attackers had knowledge of the system, and thus most common hardening or mitigation procedures would be less effective against an informed attacker. Because of that, the feeling of a need to install the most robust systems with offsite backups will drop to near zero.
The article doesn't even state that the video system was in fact disabled, or that they were using wifi cameras at all. Obviously, the police are not disclosing many details, it is possible that they have video from the robbery and are simply not saying it.
Heck, even the cameras I bought my mom were PoE with in-situ SD cards for self-contained recording and NVR, with a cloud option. An armored car company holding zillions of dollars can't bother to secure itself with even 2009-level residential technology or wall/ceiling penetration sensors is an absolute case study in security theater.
Is always smart - use unique bright yellow (say) CAT cable to route from cameras to local storage .. and on the last leg route the real camera data to a hidden NVR behind a good false panel and "continue on" with fake yellow CAT to a decoy NVR in plain view.
It's a good feeling when robbers have visually followed the bright cables to the decoy storage and trashed the drives that don't have the idiots faces and other data stored in HiRes.
An old friend of mine installed many security systems, he was all about the deception too. He had these fake looking cameras, like you see for $10 with the fake clipped cable, except he hid real cameras in them. Worked on several occasions where we assume people scoped out the location and decided they were fakes.
That is a scenario that only happens in the movies.
Even is really low quality installs, there isn't much exposed cable, and it's going to go into a wall/floor/ceiling fairly quickly. Robbers are not following network cables around like some kind of map line.
> Robbers are not following network cables around like some kind of map line.
That's why matching cable from cameras [ ... disappears, reappears ... ] and into visible on office desk sacrifical anode NAS box works. They don't trace the cabling, they make assumptions based on matching colour. The 'trick' is to make sure the camera display screens cut out if the "fake" NAS goes down .. best to route to screen through sacrifical secondary storage.
> That is a scenario that only happens in the movies.
Here, in my part of the world, it's used by several contracters I'm aware of, in homes, shops, warehouses .. fake drives near camera display screens get destroyed in break ins more often than you realise - and more frequently in recent years.
Even in the US the Afroman raids show the police about to rip drives out of the security system .. if there'd been a decoy box | real time cloud backup there'd be more footage of the raid for his songs and court case.
I've been involved in video surveillance for the last 15ish years, in the US, UAE, Japan, UK, South Africa, South America, Caribbean, and elsewhere. What you're describing is exceedingly rare. Robbers are generally not spending much time on cameras and recorders unless the equipment is right out in the open, such as at a small store that puts the recorder near the cash register. Thieves are not following cables around, and installers are not adding time and expense to create these scavenger hunt decoy systems.
If you feel that you have a legitimate threat that might lead to attackers trying to disable your video system you would more commonly install better equipment. Cameras that are more covert, or are ruggedized/vandal proof, and installed out of reach. Installations that leave no exposed cables, PC-based video recorders that don't have branding or indications of what they are doing, etc.
> Even in the US the Afroman raids show the police about to rip drives out of the security system .. if there'd been a decoy box | real time cloud backup there'd be more footage of the raid for his songs and court case.
I think bigger problem is people that think they can do that in first place still being employed in police...
Singapore is simply the best security camera you can buy for you and your descendants. They will be bored (so will you) but will have energy because its not spent on fear. Safe houses, guns, these things are foreign concepts to many but especially to people living in a benevolent dictatorship countries.
Tito, René, Lee Kwan Yew, Park Chung Hee. Only two countries remain true to its art form.
For you, maybe. For your descendants? History suggests otherwise. Dictatorships are benevolent until they’re not, either because the current ruler gets wacky in the head or their successor has some fresh ideas about projecting power.
Again, we're presented with a story here from "Federal and local law enforcement officials". The story quickly follows up with "Officials and crime experts said the operation appears to have been highly sophisticated".
If you spend any time talking to law enforcement, the conversation inevitably goes to how dumb most criminals are. It is the position of law enforcement of course that criminals are only those who they apprehend. It is completely beyond the ability of them to understand that their could exist an entire sphere which they have no insight into at all.
This is not a stealthy crime. It is not seamless and has only a meager level of sophistication. This has been all over the news for a while now. If it was anything of those things, we would never even know it had happened.
> If you spend any time talking to law enforcement, the conversation inevitably goes to how dumb most criminals are.
This is because most criminals are actually incredibly dumb. Deal with them and you'll see it, too.
That said, some of them are pretty bright. Just like all of humanity, there are a spectrum of abilities found in the carceral population. However, they trend towards the lower end of the range of possibilities when it comes to innate intelligence.
> It is the position of law enforcement of course that criminals are only those who they apprehend. It is completely beyond the ability of them to understand that their could exist an entire sphere which they have no insight into at all.
I spend a lot of time talking to law enforcement as part of my day job, and my experience is nothing like yours. I would encourage you to expand your horizons (or not, whatever).
Easter weekend is arguably the best weekend to do something like this. It's not an actual holiday, so there are none of the normal precautions taken around bank holidays (bank vaults tend to have a lot of the money moved out around bank holidays), but much of your staff (and external forces, like cops) will be away outright or preoccupied.
It makes the entire thing far more seamless, and gives you a better window to get away with it.
The difference is that in the UK (where Hatton Gardens is), both Good Friday and Easter Monday are public/bank holidays.
At least in the UK, it's one of the few times that there are a guaranteed 4 days of closures, given that Christmas can fall on different days of the week each year.
In the UK both Christmas and the following day (Boxing day) are public holidays and the holidays will move to the next working days if they fall on the weekend. So this is the other time of year that can have 4 consecutive days of public holidays/closures.
That actually happened in real life too. Look up the North Hollywood bank shootout. I remember being at work watching it happen live on TV (I lived in LA at the time, but was not near the shootout, this was the era of live helicopter footage of everything).
I'm sure that more creative versions exist, but a very common way is the WiFi deauth attack.
The advantage is that it works on the protocol level, so you don't have to nuke the entire spectrum for the entire neighbourhood (which would attract attention)
How would this work for scenarios where people take advantage of the free network hotspot connectivity provided by some Wi-Fi and cellular providers? anyone who travels throughout even a moderately dense coverage area would swiftly accumulate a history of hundreds if not thousands of briefly-connected ssids? It seems like constantly broadcasting this data would result in fairly noticeable performance degradation.
AT&T smart wifi is a recent example, it manages discovery of different system partner ssids through an app. But even if the SSID was exactly the same, the bssid would be different in every case, and that's the unique (mod spoofing) station identifier.
It's hard and generally unnecessary to protect wireless protocols against DoS, since jamming almost always works. Military transceivers do try, but as I understand it it's well beyond just designing the protocol carefully.
It's not just denial of service. First step is to kick the client off. That's DoS. Next step is spoof the station so when it tries logging back in it grabs the password. I am asking how to mitigate against that, and don't see anything beyond disabling auto logging and password rotation.
802.1x allows for the client to validate the authentication server by way of X.509 certificates, although this normally does require manual configuration since there is no global namespace to tie an ESSID to like there is for domain names in normal TLS. Mutual asymmetric key auth is available through EAP-TLS as well, but I could see that being a rare feature on cameras.
Actually, why there is not? Company should be able to just get cert for wifi.company.com and then be allowed to just call its network wifi.company.com...
I replaced my Orbi network with Eeros. Same SSID, same password, but almost nothing in my house (smart devices, phones, computers, Alexa) would use it until I logged in again on each device. I'm not sure how it's done, but something's in place.
Did you configure the Eero to spoof the Orbi's BSSID?
It's not really "secure" in the academic sense of the word, but many devices record the BSSID along with the SSID to be a little more safe from hijacking.
It's trivial to spoof the BSSID if you're an attacker since it's something that's just advertised wirelessly.
The dumping of energy into noise in bands variants tend to be very short ranged because of physics.
Malicious clients/APs need much less energy to DoS a network Wi-Fi network. WPA3
adds optional PMF (802.11w) to protect against rogue deauth over WPA2. Also, not deploying 802.11r but deploying WPA-3 only mode and device/user cert-based 802.1x auth also help.
> The dumping of energy into noise in bands variants tend to be very short ranged because of physics.
Sure, but compliant Wifi devices use miniscule transmit power. If you're a criminal you can easily hook up a car battery/generator to a 1000 W transmitter and cover a pretty wide area, or use a directional antenna to focus it a bit more on your target. These sorts of jammers definitely exist, too. Downside though is you're also lighting a huge beacon that says "HELLO I AM DOING SOMETHING ILLEGAL", so you will not be able to keep it up forever. Protocol-based attacks are more discrete, but newer APs (especially enterprise) have countermeasures.
I dunno how legit they are but a Google search finds examples claiming a 20 W jammer can cover 500 meters. I'm skeptical that's accurate but it's probably within an order of magnitude. Enough to cover a house, and a large transmitter would plausibly be able to block out a larger facility.
Adding a couple of thoughts I had while reading it:
- If the criminals' jamming only needs to protect their identity when people look at footage in the future (as opposed to taking offline a large facility's entire network of cameras so that security can't tell where the criminals are in real time) then they could potentially carry the jammer with them, in which case it just needs to be strong enough to block any camera within sight rather than the full building
- In addition to scaling the power of a jammer to take out a big enough area, they could place multiple jammers around the location, either to combine to a larger area or to expand on your directional antenna idea to target individual networked items (cameras, routers, whatever). Even if having many of them means there isn't time to collect them all again when leaving, assuming the crime's pay-off is significant then it could easily still be cost-effective to consider them single use jammers (I'm assuming it wouldn't be hard for people smart enough to plan this sort of crime to make sure that the left-behind jammers can't be traced back to them as an easy solve for the police).
> If the criminals' jamming only needs to protect their identity when people look at footage in the future ... within sight rather than the full building
Ideally a well-designed camera would buffer locally when its WiFi path is down. But there's always limits there and I suppose if the criminal started the jamming a bit before entering line of sight, it should work. Then again I suppose most security cameras probably don't buffer at all or just barely enough to smooth out a network hiccup.
Yeah hand carryable jammers are a thing you can find them for sale easily which kinda blows my mind considering there's (AFAIK) no legal use for them, nor even any grey area semi-valid use. Granted I've never bought one so maybe all the stores in Google results are fake but I doubt it.
Jammers also aren't super expensive and don't need to be supervised, it's entirely possible a thief could just leave a big one in a trash can or something and then abandon it.
All that said though I don't think this is a credible threat against anywhere with minimum legitimate security. Everything should be hardwired and battery backed up in any reasonable security system. It's mostly a thing that would effect cheap residential systems.
Sale is one thing, but possession and use are a separate thing. If you happen to build a faraday cage on your own private property and want to run some sort of thing that is a jammer within it the FCC isn't going to come after you. It's intentional radiators they care about.
What you can't do is operate a business and fill the lobby for example with jammers that wipe out cell phone service and then require people to pay for access via WiFi.
Is it maybe legal to jam wifi signals if either a) your jamming is restricted to inside your private building, with absolutely no leakage outside, or b) the same except regarding property lines rather than physical walls (e.g. if you had a weak jammer in the middle of your private field, whose jamming signals were undetectable at each edge of the field)?
My guess would be that A is legal and B might not be, but I've never had reason to look up the relevant laws and I don't know if it would be the same in different countries either.
But yeah, I doubt most purchases of portable jammers are for legal use.
b) is not legal, people have gotten fined for interfering with RF signals on their own property (e.g. stores, restaurants etc). People interfering with GPS or cellular on their own property is also common and highly illegal, and I assume the same laws would apply to wifi. Problem is you can't stop RF propagating off your property lines in that scenario, and noise jamming in the wifi bands can effect other more sensitive equipment that operate in the same bands. But like most things FCC related, you can likely get away with it if you aren't egregious.
a) I've never been quite sure. People do testing in Faraday cages so there has to be some exception. I'm pretty sure as long as you aren't interfering externally and are being responsible nobody is gonna fine you.
GSM blockers are easy to buy. Unsecured camera logins can be detrimental too, manufacturers use a lot of the same default login information and they keep it readily available to anybody who knows where to look or how to ask properly.
Also if there was inside knowledge, perhaps by a VAR who maintains the CCTV - They usually use the same login/password information for every individual camera which makes it too easy to just log in directly to the camera via IP and kill it.
Or if you're going to post a shallow dismissal, at least say something interesting about why you're dismissing, unlike your comment which literally adds nothing to the conversation and doesn't educate anyone who doesn't already know what led you to your opinion.
Drawing attention to the fact that people choose the absolute most vulnerable possible equipment and then express shock when it's exploited is hardly a shallow dismissal. Is your complaint that the GP wasn't sufficiently verbose for your tastes? What's the minimum word count required to call bullshit?
No not to do with the length. They were responding to someone asking how wifi jammers work, and they didn't address the question at all they just criticised anyone who puts themselves in a situation where wifi jamming affects their security setup. Which may be a reasonable opinion, but didn't, in my opinion*, address the question they were replying to nor did it add anything to the conversation generally as it didn't give any explanation - meaning readers either already agree and think "that sentence sums up my views" or they don't already think that in which case the sentence does nothing to change their mind.
* But I'm not god, nor am I perfection personified, you're very welcome to disagree with my opinion. (Though to be completely honest I am a bit surprised that two people replied disagreeing with me, I'd expected my view that the comment didn't belong on this site wouldn't be controversial, so maybe my judgement is off in this case. But I've not been convinced to change my mind.)
* Unless you ripoff rich or powerful people like Madoff or SBF. If your quant shops causes global financial chaos on a diffuse and global level, it's okay to use financialization trickery like LTCM.
None of this works if the serial numbers were recorded when the cash was put into the vault.
Take your first example: the music festival promoter shows up at his bank with a duffel bag of cash -- that's not unusual until suddenly every single missing serial number lights up the bank's cash handling systems.
Busted.
It's possible to launder marked cash, but it has to be in such small quantities that it's always plausible that it was simply spent in circulation, which in practice dramatically limits the speed with which it can be laundered.
Probably the single most straightforward approach to dispose of marked bills would be to swap for unmarked cash with someone who doesn't care, like an overseas drug lord. But man, good luck with that.
Just bring it out of the country. Many third world countries use USD as a side currency, just spend it there. Buy a few houses in Syria, a few businesses in Ecuador, sell them when you need clean money.
No it doesn’t work that way. You assume they can just move $20 million+ in cash out of the country just easily, then go to Syria of all places (and hope a terrorist or rebel group doesn’t murder them and take the cash) or Ecuador (and hope a cartel doesn’t do the same).
Many armchair money launderers on HN cooking up unrealistic schemes..
There’s a reason real money launderers charge up to 50 cents on the dollar. It’s f** difficult.
Reading up some on the difficulties of laundering money was one of the more interesting topics in the last few years for me, such as this video[1]
It turns into a fascinating business and process problem, since you can only inject a certain percentage of dirty money into a legitimate cash revenue stream. And this in turn means - even if you had infinite dirty income, you end up with a finite amount of money you can launder per month. And marked bills make this a lot harder. And if attention comes to the business it becomes harder.
And that in fact has happened in reality. Some cartels were earning so much dirty money that they couldn't launder it all. And in fact, just storage of the dirty cash became a real logistical issue. And to be honest, "storage of large amounts of illegal cash" hasn't been a problem on my radar so far.
> While the involvement of Chinese money-laundering rings in handling drug proceeds from Mexico is nothing new, a number of recent court cases in the United States have revealed crucial information about how these schemes work ... weekly pick-ups from representatives of Mexican criminal groups, made in cash ranging between $150,000 and $1 million, with an average of $500,000. These were made in large cities including Chicago, New York and Atlanta ... network of Chinese-owned businesses in the United States and Mexico ... transfer a correspondent amount of money through Chinese banking apps. This happened entirely through the Asian country’s domestic banking system ... “It’s the most sophisticated form of money laundering that’s ever existed,” one of the US sources told Reuters.
This is also literally one of the most complex, relationship-based, and opaque to outsiders communities on the planet. Try to wrap your head around the unimaginable clout and favor calling that this took to develop. "Exclusive" is an understatement. Nobody has free access to something like this.
It's basically the Chinese version of hawala except with drug dealers. A number of ethnicities have developed informal value transfer systems. Pretty sure it's well documented that everyday Argentinians use systems like this for getting money out of Argentina.
After reading the article it's still not clear to me what's meant by "transfer a correspondent amount of money through Chinese banking apps".
Jane picks up 500K in cash in Chicago and then transfers 450K from her business in China, to Joe's business in China. Joe then transfers 400K from his US account to Juan's account in the US.
Honestly, rewatching Breaking Bad, and while fictional I have to commend the attention to detail and realism in their laundering process. The part where Skylar tells Walt that $7M would take up to 10yrs to rinse through their carwash business, or the fact that Saul takes 17% in addition to their other overheads. Ozark also nailed it when the lead tells the would-be robbers that they'd only be able to buy groceries with stolen cash, as large purchases would raise red flags.
I find any US crime show that places the IRS above FBI, DEA etc in terms of fear factor is generally a better one.
>No it doesn’t work that way. You assume they can just move $20 million+ in cash out of the country just easily,
It does actually work exactly that way all the time. On the larger end, major drug traffickers routinely move millions in cash to Mexico and elsewhere with little trouble.
On the smaller end, many lesser criminals and groups also do the same in creative ways. 20 million in cash is a lot, physically, but nowhere near enough to be really hard to move overseas through smuggling in several largish, carefully concealed shipments, especially if you can use a small part of that same money to pay for all kinds of object shipping arrangements.
'Ndrangheta are famous for laundering money for other cartels, criminal organizations etc. Tens of billions. They have hooks in many countries governments say in EU and launder billions ie via EU development funds (this happened in my home country on big scale, corrupt directly involved government fell, another came, rewind 4 years and the crooks are back and won elections, even stronger... ashamed where I come from)
Yep. You don't go antagonistically against the system, you just corrupt it.
I wonder what's the difference between the IRS and their French and Italian equivalent. For what I've experienced in both those countries, the easier path would be paying a percentage of the heist to whoever is making those checks.
> There’s a reason real money launderers charge up to 50 cents on the dollar. It’s f* difficult.
I have no sense of scale for any of the things in this topic, my reaction to this is "only 50 cents?" because that would still leave these thieves with 15 million USD, which is significantly more than most Americans earn in their lifetimes.
You've got it backwards. You don't hope the cartel doesn't steal your money. You call them up and offer an easy 10% cut for their services. If it's their turf and they get their cut, everything is OK.
That used to be the case but not so much anymore. The last two times I have driven into Mexico I've been searched and questioned (granted not very thoroughly like the US side does). The took pictures of the vehicle/occupants and had some kind of video device as well.
You don't have to be at the border and the amount can be far less than 10,000. If law enforcement anywhere in the US learns you have it, it gets seized.
Those dollars need to be both exchanged and intermingled with different dollars, and unlinked from the illicit source before depositing into the electronic financial system
I don’t think financial institutions care as much as you’re assuming, and there are alot of types of organizations that count as institutions - where the whole anti money laundering regime relies on trusting that the other institution vetted the money - but assuming they do care, it means avoiding them in alot of ways
I still think reintegration can be done with just cash payment, and cash investment into a revenue producing business. But what you’re saying does rely on the recipient also not depositing into a bank for some time until there are enough other dollars intermingled too. What’s “enough”?
>None of this works if the serial numbers were recorded when the cash was put into the vault.
There are workarounds even for that, such as shipping the money overseas and using it in places that love US dollars but don't much care for cash transaction reporting rules.
However, I doubt any group as apparently pro as these guys, who seem to have known exactly what to hit and when for a ton of money, would have done so without first also verifying that the serial numbers weren't recorded. I'd bet that they werent, at least not yet.
It's difficult to imagine that it wasn't recorded well before it even reached the vault. Firms like Garda inventory cash in excruciating detail as a matter of standard procedure, since otherwise it would rapidly disappear into employee pockets.
There is a big difference in labor between confirming sealed bundles of cash are intact, counting the bills, and tracking every serial number of each bill.
Considering how ‘cost efficient’ they were being on security, hard to imagine they were maintaining detailed databases of each serial number for this cash. These are the same folks that bitch and whine over $.25/hr raises for their employees.
> There is a big difference in labor between confirming sealed bundles of cash are intact, counting the bills, and tracking every serial number of each bill.
There are machines for this. Garda absolutely has them.
I'm thinking a simultaneous laundering at Vegas, Atlantic City, and other gaming venues could launder tons. Drop a few hundred into a slot machine, play a few games, hit cash out. Take the ticket to a cash dispenser machine and leave.
Casinos are some of the most camera filled places on the planet. Probably very easy for them to correlate the cash in the machine to the user putting in it.
The bill validator in the slot machine will not flag a serial number. It won't be caught until the bills hit the bank. But once they deduced that casinos were being used, Barney Fife would be hot on the trail.
I am not suggesting going over $10k at the cashier's desk. The automated ticket cashing machines can easily handle $500-$1k amounts. I'm also not suggesting all $30MM could be washed in one casino in one day. I do think a few people could wash $100k in a day or 2, depending on the size of the operation.
2 edits: wash isn't really the right word because you still can't prove where you got it. Secondly, you'd potentially be showing yourself on video so that's a significant risk.
"Potentially" on video? I think after the third or fourth bill you put into a slot or a table, it'd be -trivial- for casino camera systems to isolate you.
The software is specifically designed to track people between cameras, to be able to point to a person and 'rewind' their movements, to be able to say "which people played these three slots between 10pm and 11pm", etc.
Yeah so basic ops sec. Don't drive in with a vehicle tied to you, wear a hat or basic disguse, get your money swapped and leave. You can put a few bills into the machine, that's not a crime. The only thing to worry about is if that casino has been alerted to people cashing out without playing.
Hell, you could find the lowest volatility game such as video poker that has a 99.5% hold and play it for a calculated amount to converge to the mean as quickly as possible. It's not like cheating where they are going to be running after you as soon as you put in funny money.
> You can put a few bills into the machine, that's not a crime.
Until you're suspected of laundering.
All I'm saying is that as soon as the Secret Service comes knocking (although maybe they only deal with counterfeiting, but [insert any federal agency]) with a suspicion that you, or that money, are involved, the casinos will fall over themselves to assist. They're not going to risk threats to their licenses.
> Don't drive in with a vehicle tied to you, wear a hat or basic disguse
You say this like casinos don't also employ systems, and people who are trained to look for hustlers, con artists, cheats who might be using disguises to enter.
You're right, though, absent any suspicion of you, they won't be looking for you.
It's very easy for banks to tell what merchants have had skimmers installed. Three or four fraud reports that all have a common merchant, and you're off and running, by seven or eight you can isolate pretty much any merchant.
But this also the fallacy of superiority, and "the intelligence of criminals". "Hah, stupid criminals, basic opsec, and you're fine." Were you carrying a cell phone? What's your gait as you walk look like? Etc., etc. "Oh, they won't go to that length"... for thirty million dollars cash stolen? They absolutely will. "Gait analysis is pseudoscience"? Maybe. Do you think that will stop efforts at parallel construction?
> Hell, you could find the lowest volatility game such as video poker that has a 99.5% hold and play it for a calculated amount to converge to the mean as quickly as possible. It's not like cheating where they are going to be running after you as soon as you put in funny money.
This would stand out like a red flag as soon as you did it a few times. Because who goes from video poker machine to video poker machine (even at different casinos - and many of the casinos can and do track and work with each other on surveillance to watch people moving between them) just to "play for a calculated amount to converge on the mean" and then cash out? No, they're not running after you, but when the po-po come knocking, you'll be wearing a neon sign above your head.
What do you mean? The next largest LA heist was caught because they couldn't disperse of the cash properly [1]. It's hard to spend that much money with seemingly no income stream without the IRS raising a few eyebrows.
You would need a lot of planning and coordination on how it's spent and where it's spent to make it look legit. And have enough untainted income to live while you plan on how to spend the tainted stuff.
From the article you linked it sounds more like a vehicle used to transport the money during or immediately after the robbery was what led the police to them.
"Despite the daring robbery, what ended up solving it was not that exciting: An informant identified Hill as the person who rented a 14-foot U-Haul truck a day before the heist and had returned it a day later."
I find it hard to believe they could meticulously plan the tactical aspects of this heist but not plan for how to launder the loot. Since US cash is accepted abroad (and has more buying power) my guess is exporting it is the plan.
If I were the cops I'd check Google maps records to see who was looking at the satellite view of the area before the heist.
It's not like that money was stolen though, it was spent without any kind of controls. The Pentagon disappears far more than $20 billion, the fact it was cash and the logistics in getting it to Iraq and out of the hands of the military is the only interesting part.
And it's not really that surprising imo. If you need to pay translators, contractors, bribe local officials or collaborators, assets, etc in a country that doesn't have a functioning banking system you need cash. And it's quicker to deliver some pallets with a C-130 and have guys dump it into duffel bags for whatever they need then to ask Congress nicely to set up bank transfers.
"Television is the explanation for this. You see this in bad television. Little assault guys creeping through the vents, coming in through the ceiling - that James Bond sh*t never happens in real life, professionals don't do that."
Security is an illusion, even in the physical world. The only "winning" move is to have your stuff in multiple locations so you only lose a part of it.
Underwriters Lab conducts the test and provides certification to the safe manufacturers. It also helps determine the maximum insured value you can get out of a particular safe. Their process is essentially white hat safe Crackers evaluate products. Pretty neat stuff.
