Security Officers went way too far

In one of China’s industrial giants, private security organization applies Gestapo tactics in furtherance of their client’s policy.  Incidents like this discredit an organization’s reputation and create unnecessary subterfuge.  The matter would undoubtedly create considerable backlash for Foxconn’s clients.  It also highlights an important oversight regarding policy statements.  It’s ok to have global policy statements just as long as we provide clear guidelines on how they should be executed.  This is especially important if the operation is located in a country with sketchy human rights past.  One thing is clear for me, ambiguous protection policy without the human rights counterweight is just throwing out the baby with the bath water.

IPhone Maker in China Is Under Fire After a Suicide

By DAVID BARBOZA   Published: July 27, 2009

A 25-year-old worker in China jumped from an apartment building after being accused of stealing an iPhone prototype.


Tightening hotel security

Picture this; you’re sitting in a luxury hotel lobby about to close a very important business deal when out of nowhere a loud explosion rings out followed by the crackle of gun fire.  The scene goes from sumptuous to hellish in a matter of seconds.  After the Mumbai attacks in November of 2008 and the recent Jakarta suicide bombing the trend is all too real. 

For luxury hotel guests the whole ordeal is not only unimaginable, it’s unacceptable to pay thousands of dollars for these accommodations without having top level security more than guaranteed.  What many fail to realize is that even for the most lavish (read expensive) hotels security comes with a set of tradeoffs which everyone must accept.

So what have luxury hotels learned from the terrorist attacks?

Financial crime: Fraud reporting | The Economist

Financial crime: Fraud reporting | The Economist

I am not convinced that the effects of fraud, waste and abused are being discussed often enough to create awareness.  More grassroots efforts are needed in that regards.  So here is to doing my part.  You can wade in below.

Shared via AddThis

Is Economic Espionage At All Time High?

By Francisco Mateo, CPP, CFE

I previously posted about the Lloyd’s 360 Risk Insight findings on the increased risk of “piracy, kidnapping and government expropriations, which have been exacerbated by the global financial crisis.”  Likewise, economic espionage is another threat to business value.  There has been an increase lately leading to notable cases. 

Such is the case of Sergey Aleynikov, a former Goldman Sachs Group Inc computer programmer accused of stealing secret trading codes from the financial firm which cost nearly $50 million to produce.

In a recent disclosure financial industry giant Deutsche Bank recently fired two executives, Wolfram Schmitt, head of investor relations, and Rafael Schenz, German security chief for their involvement in retaining an investigations firm to gather information on activist shareholder Michael Bohndorf and media tycoon Leo Kirch.  The improper acts took place over the last 4 years.  The case highlights how commercial espionage cases transcend companies from diverse industries.

A recent Stuff Magazine in New Zealand noted on Business spies on the rise, as they try to gain an edge over each other’s business in a tough business environment.  What is remarkable about these cases is that even small businesses are joining the act.

The current trend indicates that economic espionage would continue to grow in significance for both businesses and governments. Most recently Chinese authorities arrested 4 Australian mining firm, Rio Tinto, employees accused of “bribing Chinese steel company employees to obtain confidential information on China’s negotiating position in the talks.” The arrest of Stern Hu, an Australian national who up until his arrest was Rio Tinto’s GM in China, has been received with stern condemnation from the Australia’s foreign minister.  Ironically there have been notable espionage cases involving Chinese nationals in the US. David Yen Lee is a Taiwan native facing a five-count indictment alleging theft of trade secrets from Valspar Corp., a publicly traded maker of household paint and other coating products. Other cases include Hanjuan Jin a former software engineer at Motorola Inc. accused of stealing commercial and military secrets. The most notable case is that of Chinese citizen Dongfan “Greg” Chung former aerospace engineer at the Boeing plant in Huntington Beach, California; convicted in the first-ever trial under the Economic Espionage Act, for taking 300,000 pages of sensitive documents that included information about the U.S. space shuttle and booster rockets.


The growing economic espionage problem highlights the difficulties of protecting intellectual property from competitors worldwide.  The trend calls for increase vigilance and counterintelligence efforts at all levels.  I recently posted on the successful strategy at Apple, which has nourished a culture of honesty and awareness. Some of the strategies include:

  • Hardening R&D areas with elaborate access control schemes.
  • Some companies employ Technical Surveillance Countermeasures (TSCM) like office debugging sweeps periodically.
  • Keeping a tight lid on information access and dissemination, through, security awareness, non-disclosure agreement, etc.
  • Security cameras in areas where employees are working on important projects.
  • Cloaking and disinformation are also part of a counterintelligence/counter-surveillance strategy.

Regardless of the strategies companies use, prudence should prevail since lack of transparency regarding a company’s products or services can be counterproductive from a shareholder point of view.  Regardless of your company’s size, all strategies should be evaluated with the right internal stakeholders (Legal, marketing, corporate security, etc.) before execution.

Terrorist’s Macabre Machinations

During the attacks on Mumbai’s luxury hotels terrorists showed significant dexterity based on their superior knowledge of the hotel’s layout.  This was a new disturbing strategy which went beyond the obvious.  The terrorist planning and operation exploited holes in hotels’ active security strategies. Friday’s attack on Jakarta’s Ritz Carlton and J.W. Marriott shows similarities:

  • The attacks targeted luxury hotel lobbies where foreign and local business people were most likely to interact.
  • The terrorist also exploited weakness by masquerading as hotel guests and banked on the openness nature hotels must convey.
  • The attackers most likely accounted for security hardening at all hotels after 2003 bombings.
  • They spend several days in the hotel assembling the bombs and as video footage shows, a suicide bomber blended in with other business travelers.

The International Centre For Political Violence and Terrorism Research prepared a topped level report on the incident:

Spot Report on the Jakarta Hotel Blasts

17 July 2009

The Incident

On 17 July 2009, bomb explosions rocked the Ritz-Carlton Hotel and the JW Marriot Hotel in the upscale Mega Kuningan District in Jakarta, Indonesia. The blasts occurred at about 0730 local time or 0030 GMT.  As of 1250hours officials reported that the nearly simultaneous blasts killed nine people and wounded at least 50 others – a number of foreigners were reported to be among the victims. No group has claimed responsibility for the attacks which came just days after the Indonesian presidential elections which was won by incumbent President Susilo Bambang Yudhoyono.

Tactics and Impact

Indonesian police said that the bombs were planted at the Ritz-Carlton’s Air Langga restaurant and the basement of the JW Marriot.  There were no confirmed reports as to the structure and composition of the bombs except that they were described as “high explosive bombs”.

“Fatal blasts hit Jakarta hotels”, BBC News, 17 July 2009,

 “Officials: Jakarta hotel blasts kill 9, wound 50”, Today Online, 17 July 2009,

Witnesses reported hearing an explosion and seeing smoke coming from the Marriot Hotel.  After five minutes, another explosion was heard coming from the Ritz-Carlton.  Police have said however that the explosions were two minutes apart.  The blasts sent a huge plume of smoke into the sky; debris and shattered glass were scattered across the street.  The façade of the Ritz-Carlton and a second-storey restaurant were reported to have suffered the brunt of the damage while there was little damage to the JW Marriot Hotel that was visible from the outside.

Six people were reported to have died at the JW Marriot Hotel while there were 2 people killed at the Ritz-Carlton. The ninth fatality was an injured person who died while undergoing treatment at the Medistra Hospital. Witnesses at the scene reported seeing Indonesians and foreign nationals being evacuated from the area. Out of the 55 injured, 18 of them are foreigners including five Americans, one Italian, one Norwegian. The number of casualties from the two bombings is expected to rise.

Reports suggest that the attacks may have been perpetrated by suicide bombers due to the discovery of two headless bodies at the Ritz-Carlton Hotel. However, the information has yet to be validated by the authorities.

“Officials: Jakarta hotel blasts kill 9, wound 50”, Today Online, 17 July 2009,

 “Bombs kill nine in Jakarta hotels: police”, Google news, 17 July 2009,

 “Six killed in central Jakarta hotel blasts-police”, Reuters Alertnet, 17 July 2009,

“Officials: Jakarta hotel blasts kill 9, wound 50”, Today Online, 17 July 2009,

  “Bombs kill nine in Jakarta hotels: police”, Google news, 17 July 2009,

Group Responsible

The Indonesian police have said that it was “too early to say whether the bombs were planted by Islamic militants”.  Members of the Islamic militant network Jemaah Islamiyah (JI) were the ones behind the 2002 Bali bombings which killed more than 200 people and the 2003 attack on the JW Marriot Hotel which killed 12 people. These past years, the Indonesian government has embarked on massive counterterrorism operations which have resulted in the significant weakening of the group. Authorities have arrested many of the top leadership of the JI including those responsible for the 2002 bombings in Bali.

   “Bombs kill nine in Jakarta hotels: police”, Google news, 17 July 2009,

JI however, is still regarded to be a capable organization and is believed to be quite capable of carrying out terrorist attacks along the scale of the recent hotel bombings.  An article from The Australian said that two recent developments may change the current assessment that the threat from the JI is waning.  The first is that the JI leadership is in turmoil and its future direction remains unclear.  Secondly, the “release from prison of former JI members, including some who reject police efforts to rehabilitate them, might now re-energize the movement towards violent attacks”.  It could be that for some dissident JI members, a bombing campaign might be the only way that they could achieve their political objectives.

Security Response

The lessons learnt from the 2002 Bali bombings and the 2003 attack on the JW Marriot have resulted in most major hotels in Jakarta improving on their security measures. Most hotels have implemented checkpoints for incoming vehicles and required hotel guests and visitors to pass through metal detectors.  It remains a question as to how the perpetrators of the 17 July 2009 Jakarta hotel bombings were able to circumvent the security measures that are in place.

Immediately following the hotel bombings, anti-terror forces and emergency teams were at the scene of both blasts. A third explosion in the Muara Angke area of northern Jakarta was initially believed to be related to the hotel bombings but further investigation revealed that the explosion was caused by a faulty battery and not a bomb.

Police response to the bombings was immediate and guests at both hotels have been evacuated and moved to secure locations. As investigators and policemen secured the scene of the bombings, they discovered what they believe was the “control center” for the attacks.  Police recovered an unexploded bomb and other explosive materials inside room number 1808 at the JW Marriot.

 “JI jihadis still plot terrorism:, The Australian, 17 July 2009,

 “Bomb blasts in Jakarta”, Straits Times, 17 July 2009,

 “3rd blast not a bomb”, Straits Times, 17 July 2009,

  “Travelers postpone their trips to Jakarta”, News.Com.Au, 17 July 2009,

The Australian Department of Foreign Affairs and Trade (DFAT) has not raised its travel advice warning level for Indonesia despite the bombings but the overall level of advice remains to be at “reconsider your need to travel”.  The New Zealand Embassy has advised its citizens against tourist and other non-essential travel to Indonesia due to the continuing threat of terrorism amidst reports that one of their citizens died in the bombings.


The Indonesian government has made significant progress in counterterrorism and addressing security threats from militant and radical groups which has contributed to the country’s sense of political stability in recent years. The country has been successful in building up an image of security these past few years and it has emerged as one of the biggest economies in Southeast Asia.

The attacks against the Ritz-Carlton Hotel and the JW Marriot Hotel were the first major terrorist attacks in Indonesia in more than three years since the start of the government’s counterterrorism operations. Both hotels are also seen to be among the most secure in Jakarta and the attacks could severely affect investor confidence because they occurred amidst a stable security environment and tough counterterrorist measures implemented by the Indonesian government.

   “Unexploded bomb found in JW Marriot in Indonesia”, Channel News Asia, 17 July 2009,

   “Travelers postpone their trips to Jakarta”, News.Com.Au, 17 July 2009,

    “NZ witnesses describe Jakarta bombings”, Brisbane Times, 17 July 2009,

Why we should declare war-on-fraud?

By Francisco Mateo, CPP, CFE

Fraud Awareness

Fraud awareness has gained incredible speed in the last two years.  It’s no longer just the Nigerian 419 scams; myriad online schemes or even government corruption that we think of when the word fraud comes up anywhere in the world.  The global financial crisis has revealed a seeding world of lies and betrayals brought to you straight from the bowls of Wall Street and the exoteric world of high finance.  Bernard Madoff, Tom Petters and Allen Stanford are the modern versions of Charles Ponzi in the infamous fraudster’s hall-of-shame. Like the aftermath of a plane crash, forensic fraud examiners have now spend months meticulously analyzing the wreckage trying to determine what caused this disaster.  Unfortunately Hedge Funds and other exclusive investment clubs don’t come with a black box that can pin point which systems failed. Their world is shrouded in secrecy hiding behind tax shelters and corporate veils.  Luckily there are dedicated fraud experts out there that can make sense of the tangle web these sorcerers of finance weaved. 

The recent fraud losses have left a deep financial, moral and cultural impact on our global society.  Let’s not squander this opportunity to highlight the evil of unfettered greed masquerading as legitimate business.  Let progress be defined by fraud awareness.  As President Barack Obama said during his inaugural speech, let’s all “do our business in the light of day” and persuade those less enlightened to do the same.

Fraud awareness is a must have prevention tool that needs to be cultivated from the specialized knowledge, it is today to a level of common knowledge available to everyone, if we stand a chance of avoiding these schemes from growing again.

We also need to encourage the work of people like Harry Markopolos, who wisely alerted the official fraud watchdog (SEC), about Madoff’s Ponzi scheme, years ago. He reveled in the process structural deficiencies in America’s official finance system’s oversight, which left the scheme fester through inaction. To revert to the airplane analogy the watchdog agencies throughout the world have acted as the air traffic controllers gone on holiday, while the radar signals were blinking red.  Equally courageous and commendable were the whistleblowers in Stanford and Petters’ case.

Now more than ever fraud fighters have a duty to continue being beacons of light in the prevention and detection of fraud, waste and abuse.  I’m proud to be a member of this crowd.  The message is also clear for both corporations and government anti-fraud organizations; they all need to be agile in the prevention (meaning properly allocating, training, and fostering a culture of honesty), as well as swift in the persecution of existing fraud schemes.

Cloaking Strategy Gone Wrong

A word of caution to security practitioners operating in trouble spots; be careful what cover stories you use. The ruse may carry more risk than just taking proper precautions.  I get the part of passing off as a neutral person, but before adopting a strategy like this think of the long term consequences to journalists every.  Despots and murderers don’t need more excuses to accuse journalists of being spies and such.  Having said that, I think everyone should adopt all necessary measures to stay safe, but not at the expense of other vulnerable professionals else down the chain.

Two French Security Advisers Abducted in Somalia

By Edward Cody

Tuesday, July 14, 2009

PARIS, July 14 — Two French security advisers posing as journalists were abducted from their hotel in Mogadishu on Tuesday by Somali gunmen, according to the Foreign Ministry and reports from the chaotic Somali capital.

The Foreign Ministry did not identify the two men or specify which branch of the French government had dispatched them to Somalia. But it said in an announcement that they were in Mogadishu on “an official mission” to assist the Western-backed government of President Sharif Ahmed in “security matters.”

A senior official in Ahmed’s government told Agence France-Presse, the main French news agency, that the two men had arrived in Mogadishu nine days ago, invited by the Somali Defense Ministry to train “their counterparts in Somali intelligence agencies.”

The men were staying at the Hotel Sahafi International, which over the years has gained a reputation as headquarters for foreign correspondents covering the violence that has ripped Somalia apart. In more recent times, however, few Western journalists have ventured into Mogadishu, where the official police and army are weak, heavily armed factions often rule the streets and kidnapping is a constant danger….