How to break into a vault with 10 layers of security
In 2003, Leonardo Notarbartolo and a team of Italian thieves broke into the Antwerp Diamond Center and made off with $100 million worth of diamonds, jewelry and other valuables. The vault was protected by 10 layers of security including a combination lock, Doppler radar, infrared heat detectors, and more. For six years, he has refused to speak with any journalists regarding the crime until now.
Wired magazine has published an article detailing Notarbartolo’s story and how him and his team were able to circumvent all the various security measures. It was interesting to see that despite having 10 different high-tech security measures, when each problem was considered individually, the exploit seemed simple yet ingenious.
For example, the infrared heat detector could be momentarily insulated using a thin layer of hairspray, buying enough time to physically deactivate the detector. Polyester shields could also insulate heat signatures, giving balcony access to the team. Even though a forged key was made, it turned out to be unnecessary because the guards simply kept it in a nearby supply room.
The question is, how could something like this have been prevented? As I mentioned, when each individual security measure was considered, each work-around seemed possible. Considering all 10 security measures would be a daunting task. What was interesting to note was that each security layer protects the vault from becoming compromised, but there didn’t seem to be any specific countermeasures for preventing someone from tampering with the security devices. Considering how each security measure could be defeated and how security measures might complement each other (i.e. protect each layer from tampering) would be a good way to prevent future break-ins.
Also, the thieves were able to break in because they were able to defeat predictable electronic devices. Prior to the heist, they gathered detailed information about the vault’s technologies, and they duplicated the vault and all its devices in order to simulate the heist. Once working details were confirmed, the same technology could be cracked consistently over and over. At night, the security was entrusted entirely to technology — no guard stood by at night to protect the vault. Posting a guard would add a layer of uncertainty that increases the risk of attempting a heist.
So that seems to beg the question, how much should we entrust technology to handle our problems? From a security stand-point, probably all technologies are fallible and are likely to fail in some way or another eventually. At the same, the article brought up the issue of possible insurance fraud. There was the possibility that some of the diamond dealers were in on the heist and pulled out their inventory secretly prior to the heist, collecting on the insurance money while keeping their diamonds. That suggests that there wasn’t much of a system for keeping track of where the diamonds were and whether they were really lost in the heist or not. There needs to be a reliable system for tracking safety deposit transactions while maintaining privacy.
This also brings up the eternal security question — how much security is sufficient? You would suppose 10 layers of high-tech devices would be enough to deter thieves from an attempt. Does there need to be more security? Or perhaps the security could be used in a more efficient and effective way. Who are the stakeholders? It seems like the bank, the customers with the safety deposit boxes, and the insurance companies should have an interest in answering these questions.
Overall, the article told an interesting story, almost as if it were out of a movie. I highly suggest reading it just for entertainment at the least.