SensiGuard Alert: July 4th Holiday Awareness 2019

Date: 26 June 2019

Location: United States and Canada

Description: Holiday weekends are of notoriously high risk for manufacturers and logistics-related organizations. Organized cargo theft rings in the United States and Canada will be extremely active in the coming days, as more shipments are left unattended for extended periods of time due to the upcoming holiday. This year July 4th falls on a Thursday, meaning that many facilities may be closed on Friday the 5th, resulting in longer stage times and lower security staffing. In July 4th holidays between 2014 – 2018, the SensiGuard™ Supply Chain Intelligence Center (SCIC) recorded 2.5 thefts per day with an average loss value of USD $226,505 which is a theft rate 20% higher and an average loss value 34% higher than thefts throughout the year.

Geographically, Texas (+65%), Ontario (+30%), and Tennessee (+39%) all had significantly higher theft rates during the holiday weekend than throughout the year. Facility Theft (+101%) and Pilferage (+10%) were both more frequently perpetrated over the holiday weekend as well. Within product types, Electronics (avg. value $729,813) and Home & Garden ($81,824) both tie for the most stolen product types over this holiday weekend at 19% each. Electronics beat its normal theft rate by 22% and its average value by 93%, while Home & Garden beat its rate by 33% and its value by 9%.

Recommendation: The SensiGuard SCIC recommends that logistics and security professionals ensure security protocols are up-to-date and in line with industry best practices for both in-transit and warehouse operations. Also, in order to mitigate criminal attempts to exploit cargo at rest, we suggest confirming that a given receiver’s hours of operation for the holiday weekend are consistent with scheduled delivery times and planning for secure parking locations in the event a shipment will have to stop for an extended period of time. Covert GPS tracking and active monitoring of high-value shipments are highly recommended, as they have proven to be the most effective protocols to both mitigate in-transit theft and facilitate successful recovery of stolen product.

In addition, the following guidelines are collectively endorsed by IMUA, PCSC, Travelers Insurance, SWTSC, SETSC, NETSC, the Cargo Security Alliance, and Sensitech:

Transportation:

Steps should be taken to verify the authenticity of all shipment related activity during these periods – particularly any entity which has been engaged to either move or store a shipment. Driver and business verification, prior to releasing any shipment, is paramount.

Communication between drivers and shippers needs to be firmly established and regularly maintained during shipments over these periods. That communication should include driver(s) instruction as to what types of behavior are required and what is not permissible.

Truck stops, highway rest areas and distribution centers are frequent targets for cargo thieves – not only traditionally but more so over holiday periods. For that reason, any location where cargo would either intentionally (or unintentionally) come to rest – even for brief periods of time – should be as secure as possible. Things to consider when selecting a secure area/lot are: controlled access, adequate lighting, congestion, any type of either personal or video surveillance, how long the conveyance will be left unattended, as well as past intelligence of localized cargo theft activity.

If a cargo conveyance must be left unattended for any period of time it should be made as secure as possible. Theft-resistant locking/sealing mechanisms for tractors, trailers and cargo compartments; disabling technology for the vehicle’s power units or trailer movements; parking vehicles and/or cargo compartments in a fashion which make access as difficult as possible – are all things worthy of strong consideration.

If any tracking technology, such as GPS monitoring, that is available for deployment should be used to its fullest extent possible. That would include tracking technology on the conveyance’s power unit, its cargo area (if separate), as well as within the cargo itself.

Storage:

Conduct a personal inspection of both the outside and inside of your facilities before securing them. Remove/repair anything that would assist a perpetrator in his/her illicit activity. For example: exterior lighting that doesn’t work, gates/doors/windows left unsecured, keys left in forklifts inside, etc.

• Prior to securing a facility for unattended periods check to make sure all alarms, CCTV recording equipment, and any sources of auxiliary power are all in good working order. With anything that is battery powered, those batteries should be tested for effectiveness.

Treat all premises alarms (no matter the number or closeness in frequency) as if they are all actual penetration attempts. Responses should be made accordingly.

Make sure all lists of company individuals responsible for contact, in the event of suspicious activity or emergency, are up to date. All entities that monitor your alarm/access activity need to have access to these up-to-date lists.

Encourage local law enforcement agencies to make extra patrols in the areas where your facilities are located – as well as make it as easy as possible for them to “see” your critical access areas.

Notable thefts over Fourth of July 2014-2018:

• 2014, Florida, Facility Theft of Cell Phones, $451,000
• 2014, Texas, Theft of Full Truckload of Meat, $200,000
• 2015, Nevada, Facility Theft of Computers, $250,000
• 2015, California, Facility Theft of Hard Drives, $381,000
• 2015, Washington, Theft of Full Truckload of Cell Phones, $5,700,000
• 2016, Texas, Theft of Full Truckload of Canned & Dry Goods, $85,000
• 2016, Tennessee, Theft of Full Truckload of Beer, $42,000
• 2017, Wisconsin, Pilferage of pre-release Toys, $328,000
• 2017, California, Theft of Full Truckload of Appliances, $100,000
• 2018, New Jersey, Facility Theft of Cosmetics, $1,000,000
• 2018, Tennessee, Theft of Full Truckload of Canned & Dry Goods, $458,000

SensiGuard™ Supply Chain Intelligence Center • intel@sensitech.com

http://www.sensitech.com/en/supply-chain-security/sensiguard-services/ 

Scott Cornell

Heists involving identity theft and other types of fraud are growing part of cargo theft mix

Overdrive Online Todd Dills |January 12, 2017

Imagine you arrive at a facility to pick up a load and, checking in with personnel at the gate, the man in the guard shack looks confused, checks and double-checks his list of impending arrivals, only to tell you you’ve already been there. The load is gone.

It’s a situation that’s become more and more common over the years since the so-called “fictitious pickup” cargo theft mode drew enough attention in supply-chain-security circles to warrant specific attention.

According to a white paper issued in 2013 by the CargoNet firm [with the Cargo Security Alliance], it began to “emerge as a trend around 2005,” growing to account for a significant share of all thefts reported to CargoNet in 2011, with many thefts occurring in California. By 2012, such thefts, sometimes involving thieves’ fraudulent assumption of an existing carrier’s identity, accounted for 8 percent of all thefts reported to CargoNet.

Scott Cornell, 2VP of Transportation and Crime and Theft Specialist at Travelers Insurance, who for years headed the insurance company’s Special Investigations Group devoted to cargo theft, says that straight theft — thieves hitch to a loaded trailer, unload a trailer or otherwise drive away with a full tractor-trailer — remains the most common sort of cargo theft. But these “strategic” thefts, his terminology for the broad category CargoNet IDs as “fictitious pickup,” represent the “fastest-growing method of cargo theft,” Cornell says, accounting today for about 10 percent of thefts nationwide. Most of such thefts are coming from thieves operating inIllinois and Southern California, Cornell adds.

Scott Cornell

Scott Cornell

Since the thefts nearly always have a virtual component, thieves can “can target something no matter where it is,” Cornell says. “Part of the difference” — and the attraction for thieves, no doubt — “is that you can be very selective. You can pick out what you want to target rather than randomly picking out a trailer.”

As the CargoNet white paper illustrates, this relatively new kind of theft is taking advantage of the rise of web-based brokering and the sometimes tenuous nature of broker-carrier relationships on the spot market. “Fictitious pickups have grown alongside the expansion of web-based brokering,” according to the CargoNet report, “the ability to set up fictitious companies and websites, and the availability of high-quality fraudulent driver’s licenses. The just in time (JIT) supply chain management practices have exacerbated the problem by putting a premium on speed at the expense of performing time-consuming due diligence in vetting” carriers by brokers, and company employees by carriers, in some instances.

“Computer-savvy criminals (often former employees of trucking and logistics companies),” the report goes on to predict, “will increasingly turn to this modus operandi because it is less risky than traditional cargo theft.”

Carrier identity theft occurs when a thief impersonates a legitimate carrier, secures a load, picks it up and then disappears. Thieves posing as both brokers and carriers, and in some cases successfully claiming old or even active authorities for themselves, are increasingly using this scam.

“In an identity theft scenario,” says Cornell, a carrier or broker is “dealing directly with the bad guy. You’re hiring the bad guy yourself.” Conversely, in another sort of fictitious pickup, you’re dealing with the good guy. “ABC Trucking agrees to Friday at 1 o’clock to pick up the cargo. Everybody involved in that transaction is who they say they are, but the bad guy finds out about that arrangement.” He then shows early and grabs your load, leading to situations like the hypothetical one starting this piece.

Travelers’ in-house investigative unit is famous for its sting trailer, equipped with hidden cameras, tracking devices, hidden mics and more that law enforcement agencies around the nation have used to bust up the various elements of the organized cargo theft rings operating in hot spots and other areas around the country. Cornell says the enforcement community is beginning to “look at ways to use the sting trailer” to combat the gamut of fictitious-pickup scenarios as well, particularly “if there’s an organized ring concentrating on them in certain areas. We might work with law enforcement to try to get the sting trailer to be used one or two of those loads.”

Otherwise, Cornell and other speakers at Truckstop.com’s November Connected 2016 conference encouraged a holistic and preventive approach toward minimizing risk of identity theft and closing other vulnerabilities.

Tactics to minimize straight theft remain prominent in any discussion of cargo theft (with a high-value load, extend your first segment from the origin point before any stop to avoid anyone who may be following you, for instance). But the new threats require better diligence on the part of brokers in vetting carriers they don’t know personally. Double- and triple-check the identities of company reps via phone calls to the legitimate company home. Match phone numbers and other contact/address info on paperwork to home city, state and Department of Transportation (Safer.gov and the CSA Safety Measurement System) listings for the business.

Carriers can protect their identities by regularly logging into their carrier profile with their DOT-issued PIN and keeping all contact information updated and current, likewise proofing for any unauthorized changed. During the Truckstop.com panel on cargo theft, speakers referenced possible vulnerabilities in DOT’s processes, which allow for MCS-150 carrier information form updates in a manner other than online updates using the PIN that carriers are issued to make their online updates. Cases were detailed in which thieves may have utilized such methods to change contact information on a carrier’s profile to go directly to him, for instance, thus enabling him to secure a load as that carrier with a broker.

If you still don’t have a DOT PIN to take control of your registered profile online, follow this link or call (800) 832-5660 for details.

The online update, too, has its vulnerabilities. Once you have your PIN, be careful who you entrust it to, says CargoNet Vice President Sal Marino. While some people might believe FMCSA’s online system is hacked toward carrier identity theft, Marino doesn’t think that’s the case. Too many, he suggests, may just be the result of the PIN being shared too much internally, then getting out to the wrong party through any number of means.  (Queries to FMCSA were not answered in final form in time to include in this report. Overdrive will issue a follow-up when the agency responds.)

http://www.overdriveonline.com/heists-involving-identity-theft-and-other-types-of-fraud-are-growing-part-of-cargo-theft-mix/ 

TWIC Card

DHS critical of security at U.S. ports; hauler calls facilities a ‘terrorist’s paradise’

by DOROTHY COX/The Trucker Staff www.thetrucker.com

September 28, 2016

TWIC Card

The Homeland Security (DHS) Inspector General’s Office in a new report recently declared that background checks of port workers by the Transportation Security Administration (TSA) aren’t as effective as they should be.

That comes as no surprise to those who routinely go in and out of the nation’s ports.

Jim Stewart, a long-time port hauler and former Teamster recruiter said, “Any port is a terrorist’s paradise” and that “Homeland Security is a joke.”

The IGO said there isn’t sufficient oversight or guidance for TWIC (Transportation Worker Identification Credential) cards.

Again, no surprise. TWICs are still “flash cards” in the sense that there aren’t satisfactory card readers to check cardholders’ documentation adequately. Plus, “The ports have come out with their own cards,” said Stewart, who recently quit port hauling because of the low rates and health problems. He had worked in Virginia ports for years.

After September 2011, the cards were seen as necessary for maritime/port security for Longshoremen, port facility employees, truck drivers hauling in and out of the ports and others.

Mandated by the Maritime Transportation Security Act of 2002, the TWIC system has historically been beset by red tape, delays, mismanagement and a host of other problems.

Stewart said there has been a “cottage industry” of people making fake TWICs for $100 each “for years.”  He said the rush to develop TWICs made them full of security holes or as Rep. John Mica, R.-Fla., called them, “at best no more useful than a library card.”

Angered by the government’s failure to fix the TWIC system, the late Sen. Frank Lautenberg, who served on the Committee on Commerce, Science and Transportation and was at one time executive commissioner of the Port Authority of New York and New Jersey, said, “hundreds of millions of tax dollars” were being spent “on a program that might actually make the ports less safe.”

Paul Dodge, who works in the Boston area and has been a port hauler for more than 30 years, said the TWICs “really don’t do a d**n thing. I’ve been asked to put a TWIC in the [documenting] machine maybe four times and . . . the machine didn’t work, anyway. They’re kind of a joke.”

He said about once or twice a month in Boston, local authorities, TSA inspectors, U.S. Customs officials and Coast Guard officials run a random truck inspection at the port. “Lately they’ve had TWIC machines” but because it’s so random and not widespread “I seldom get caught up in that,” he said.

Dodge added that the Massachusetts Port Authority has its own ID cards which are “more secure” than a TWIC card and that’s the one he normally uses.

 “Sure there are still fake TWICs,” Stewart said, “especially with illegals behind the wheel with no CDLs. If you can’t get the [legal] paperwork you pay someone to make it up.”

“If you want to get into a port, you can get into a port. They would like to say nobody gets past the gate but I’ve seen illegals” working on a construction job in the port “cut a hole in the gate and go back and forth to work.” This was at a marine terminal in Virginia. “Anybody could have followed the construction workers in,” he said.

But, he added, why try to get in a port in the first place?

“Once a drayage truck comes out of the port with poisonous chemicals, explosives, refrigerated food or whatever, they could just follow it to the trucking company’s drop yard or some other supposedly secure yard or just wait until they drop the load along the street,” he said, “then go hook up to it and drive away.”

Frequently, he noted, “Chemicals and hazardous materials are dropped at truck stops and parking lots” outside the ports along with “chickens, drugs and truck tires, anything people can sell. I’m surprised it hasn’t happened” he said of terrorists accessing ports and nearby areas to cause a large explosion, poison a big water supply or something of that nature. He said security “soft spots” are easy to see if someone hangs around the ports long enough.

Dodge said “once in awhile” he’s asked at the port gate if he has anyone with him in his truck and he says no and they take his word. “I could have six guys in my sleeper,” he said, adding that at the small ports the truckers are usually recognized on sight by port officials. However, “They really don’t check the trucks,” he said.

The DHS Inspector General’s Office has recommended TSA take a multitude of actions to fix ports’ security problems including designating an entity to coordinate and provide guidance for the program, conducting a comprehensive risk analysis and improving the credentialing process.

According to the recent DHS report, TSA has agreed with the recommendations and “has already started to implement corrective actions.”

That’s nothing new, either. The Government Accountability Office released reports in 2011 and 2013 that criticized weaknesses in the TSA’s background checks and at one point, U.S. Government Accountability Office officials said they were able to obtain authentic TWICs using fraudulent identification documentation.

However, port haulers who had spent $125 or more on legitimate TWICs haven’t always able to use them because of system glitches, as Dodge recounted.

In November 2011 TSA announced that an estimated 26,000 TWIC cards issued before April 5, 2011, wouldn’t work when inserted into a TWIC card reader. Each card contained a Federal Agency Smart Credential Number (FASC-N), which would uniquely identify each card in federal databases but in the faulty cards the FASC-N wasn’t fully encoded, causing the cards to be read as invalid.

“TSA has known for years that there were problems and I’m concerned that little has been done to address them,” Sen. Bill Nelson, D.-Fla., ranking member of the Commerce, Science and Transportation Committee, told The Hill recently. “These weaknesses have opened up our ports to potential security threats, including the opportunity for an insider threat or someone with a serious criminal history to gain access to secure areas. These gaps must be closed immediately to secure our ports and maritime facilities.”

Meanwhile, cargo-laden Hanjin Shipping vessels that have been stranded off U.S. coastlines can’t do anything to help U.S. cargo security.

Hanjin, one of the largest container shipping companies in the world, filed for bankruptcy in South Korea at the end of August, stranding dozens of active ships in waters around the world.

Consequently, many cities and crews refused to allow Hanjin ships access, fearing that they would not be paid for their work. So far, about $14 billion worth of cargo as well as hundreds of workers and others aboard the ships have been impacted, and the saga has continued for weeks.

Stay tuned.

http://www.thetrucker.com/News/Story/DHScriticalofsecurityatUSportshaulercallsfacilitiesaterroristsparadise 

Take the Day Off!

***PCSC Holiday Alert Message***

Take the Day Off!
But first, make sure your cargo and facilities are secure.  Here are some do’s and don’ts from our friends at the Pharmaceutical Cargo Security Coalition:
Be pro-active:  Confirm that shipment dates/times coincide with your customers’ “open” hours during this holiday time frame. If they don’t, take the necessary precautions to reduce the risk of those shipments being staged or stored prior to actual delivery dates. Be sure, if you must, that your assets in-transit are either very safely secured and/or being consistently monitored. If you have technology at your disposal such as GPS tracking, King Pin Locks, Air Cuff locks, Landing Gear Locks, heavy-duty trailer door locks are all being used to the fullest extent possible – both in-transit and in stationary storage. All technological assets, whatever they may be, need to be deployed during these holiday periods.
If you must leave a rig or loaded trailer unattended look for a secure lot or choose a public facility that is well lit and utilizes visible surveillance equipment. If a trailer must remain loaded and unattended during this period keep it tethered to the tractor (no-drop policy) and consider backing it up tight against the solid wall of a building. Make it hard to penetrate. If you have GPS technology inside the load, the tractor or the trailer “geo-fence” all of those units and make any movement alarms annunciate to more than one individual.
If you must ship cargo over this period be sure that, in the event the unthinkable happens and you cargo is stolen in-transit, somewhere a shipping list with complete descriptions of the goods being shipped is readily accessible and can quickly be provided to law enforcement officials. Make sure your trucking firm/rail carrier/ air carrier has the right numbers to call if something does go wrong. All of your people on that list should know that during this weekend it is entirely possible they may get a call.
You should also be paying close attention to any warehousing and distribution facilities – particularly ones that won’t be staffed over this period.  Please Read each of these friendly reminders:
  • Fully test all your security alarm and surveillance systems to ensure they are in proper working order
  • Ensure your back-up cellular alarm system is fully functional
  • Check ALL pieces of security equipment that are backed up by batteries. Make sure all batteries are at full strength. If not, replace them
  • Perform a full perimeter check of your facility(s). Take a walk – look at your fencing, all of your windows, all of your doors, as well as your roofs to ensure they can be properly secured. Think, if you were a bad guy, how would you try to get in???
  • One evening this week have someone make sure all of your exterior lighting is functional – perform a check and replace/repair any lighting units that are defective BEFORE the holiday weekend starts
  • Think about leaving more lights, than usual, “on” inside your facilities during this period – particularly ones that can be seen from the outside
  • Don’t make it easier for potential burglars by leaving anything outdoors (or within a warehouse) that they could use to help facilitate a crime
  • TODAY, look at your company’s alarm call list and make sure it is current/accurate with those at your central station
  • That same on-call list should be current with your local police department – check, TODAY, to make sure
  • Remind all the employees that are on your call list to respond immediately to any calls from your alarm monitoring contractor
  • Treat ALL alarms with the same degree of diligence
  • Have law enforcement respond to ALL alarm events – even when the system is suspected of mal-functioning (you can worry about any false alarm “fees” after the weekend is over)
  • If you don’t currently employ a guard service consider hiring a contracted guard entity just for this specific holiday time period
  • Contact your local law enforcement and request, if it’s possible, additional patrols in the area during this period
  • If your facility is not gated, make it as easy as possible for a passing patrol car to “see” your critical points of entry. Keep as many lanes open as possible to allow that patrol car to drive around your facility
  • Talk with your neighbors – offer to assist them by remaining diligent if they, in turn, will do the same for you. Share basic contact information with them
  • Remove any keys from all warehouse equipment (such as forklifts) and place them in a secure location
  • In the unfortunate event that someone is able to illicitly enter your facility make sure all important and sensitive documents are locked up – a “clean desk” policy should be in place by Friday noon
A sophisticated eight-antenna jamming device built into a suitcase. One such "serious kit" was recently used by crooks smuggling drugs from Germany into the U.K. to knock out a variety of communications signals. Chronos Technology Ltd.

GPS Under Attack as Crooks, Rogue Workers Wage Electronic War

by MIKE BRUNKER NBC News  August 8, 2016

A sophisticated eight-antenna jamming device built into a suitcase. One such "serious kit" was recently used by crooks smuggling drugs from Germany into the U.K. to knock out a variety of communications signals. Chronos Technology Ltd.

A sophisticated eight-antenna jamming device built into a suitcase. One such “serious kit” was recently used by crooks smuggling drugs from Germany into the U.K. to knock out a variety of communications signals. Chronos Technology Ltd.

Once the province of hostile nations, electronic warfare has arrived with little fanfare on U.S. highways and byways.

Criminals, rogue employees and even otherwise law-abiding citizens are using illegal “jamming” devices to overpower GPS, cellphone and other electronic signals over localized areas. The devices are small and mobile — a common variety plugs into a vehicle’s cigarette lighter — making it difficult for law enforcement to identify the culprits.

And experts say the threat to the Global Positioning System (GPS) — the critical space-based navigational, positional and timing network — is escalating as potentially more destructive “spoofing” devices become readily available.

“We’re highly dependent on (GPS) in pretty much every part of our economy and security, yet it’s very easy to disrupt,” said Dana Goward, president and executive director of the Resilient Navigation and Timing Foundation, which is urging the federal government to move quickly to better protect GPS and to develop a backup system. “… I think the general consensus is that any outage of more than an hour or two would be pretty unpleasant.”

Experts have been warning for years about the vulnerabilities of GPS, a global network of 36 U.S. satellites that provides timing data for a wide array of critical infrastructure, including telecommunications, the energy grid and financial markets, as well as everyday applications like smart phone mapping and ride-sharing services like Uber.

“If there were an airline crash or a wide-scale, long-duration interruption of GPS, say in New York City, that affected the stock exchanges there, you can bet there would be a lot of people wagging their fingers and saying, ‘I told you so,'” said Todd Humphreys, associate professor at the Radionavigation Laboratory at the University of Texas at Austin and a leading authority on GPS security holes.

Humphreys was referring to predictions that a widespread outage of GPS — either due to natural phenomena like solar flares or a major electronic warfare attack — would immediately cause serious slowdowns in all types of transportation, with the impact spreading through other sectors if service could not be quickly restored.

Protecting the system is difficult, as GPS signals from 12,000 miles in space are extremely faint and susceptible to interruption by jamming (interference by transmitters operating at or near the same frequency) or spoofing (tricking GPS receivers into reporting they are somewhere they are not or producing an incorrect time signal). The U.S. military, which developed GPS, uses a separate frequency band with encryption and other measures that render it more secure.

Predictably, criminals have found ways to profit from GPS weaknesses with illegal jamming devices. The devices, once available only to those with considerable technical savvy, are now widely advertised on the internet for $50 or less and require no expertise to operate.

“You put a battery in it or plug it in and turn it on. That’s it,” said Peter Soar, business development manager for military and defense for the Canadian firm NovAtel, which supplies positioning and timing components to a wide range of industries.

Addition to the criminal ‘Armory’

As a result, experts say, the devices — which typically disrupt GPS and sometimes other frequencies over areas ranging from about 980 feet to more than 5 miles, according to one test — have become almost standard issue for villains engaged in certain kinds of serious crime like cargo theft and drug trafficking.

“Any respectable criminal involved in that kind of (cargo) hijacking is going to employ jammers as part of their armory,” David Last, professor emeritus at the University of Bangor in Wales and past president of the Royal Institute of Navigation, told NBC News. “There is no reason why they shouldn’t and every reason why they should.”

Charles Curry, managing director and founder of the British firm Chronos Technology, cited a case in which an organized crime group used jammers to protect surreptitious shipments of stolen high-end cars to Uganda for resale.

“You must have been a really well-organized crime gang to be doing that kind of business, stealing top-end Jaguar Land Rovers from the streets of the U.K., shipping them via France (and the) Middle East to Mombasa in Kenya and then overland to Uganda,” he said. “That isn’t a petty criminal.”

Drug traffickers also regularly use them to try to foil electronic surveillance by law enforcement or rival gangs, Last said.

Last, who frequently testifies as an expert witness in GPS jamming cases in Britain, recalled one recent incident in which the courier meeting a flight of illicit drugs from Germany at a small general aviation airport in England deployed a “very serious kit” in a suitcase, with eight antennas that jammed GPS, mobile phones, Bluetooth, Wi-Fi and the frequency used by stolen vehicle recovery systems such as LoJack.

“I don’t know if you’ve ever been around when Air Force One lands, but nothing electronic works for several hundred meters around,” he said. “It was quite like that.”

Stealing jewels with a garage-door opener

But Last said far less sophisticated crooks also are using jamming, citing a case in which “a couple very low-tech criminals” used a garage door opener to prevent a jewelry courier’s key fob from locking the vehicle. They then made off with goods left inside while the courier was in a store making a delivery.

“So there’s quite a mom-and-pop level of criminality that uses jammers and doesn’t even know quite how they work,” Last said.

U.S. authorities are generally tight-lipped about the criminal use of jamming devices, but an industry advisory issued by the FBI’s Cyber Unit in October 2014 indicates they take the problem seriously.

The advisory said an industry security group had reported 46 instances of car thieves’ using jammers to try to avoid detection of stolen vehicles in shipping containers bound for China.

It also referred to a theft in Florida in which the thieves used jamming devices after stealing a refrigerated truck trailer filled with pharmaceuticals, in case any tracking device was hidden in the cargo. The thieves were caught by the Florida Highway Patrol during a routine vehicle stop, it said.

Separately, the shipping security firm FreightWatch reported last year that there have been at least four failed cargo thefts in which jamming devices were recovered, saying the attempted heists were the work of Cuban cargo thieves operating along the Eastern Seaboard.

That may just be the tip of the iceberg.

“We often don’t know, based on what law enforcement tells us, whether a GPS jamming device facilitated and enabled (a particular) cargo theft to happen,” said John Wislocki, the information manager and publisher with the American Trucking Associations’ Safety Management and Transportation Security councils.

(The FBI declined an interview request from NBC News, directing inquiries to the Federal Communications Commission, the agency primarily tasked with enforcing anti-jamming laws. The FCC also declined an interview, instead pointing to a jammer enforcement web page and a 2013 forfeiture notice imposing a $32,000 fine on Gary Bojczak, a New Jersey engineer whose illegal jamming device inadvertently interfered with a test of a GPS landing system at Newark Liberty International Airport in New Jersey.)

Hiding from ‘the boss’

The use of jammers has been well documented in Britain in a 2012 study known as the Sentinel Project, which used a network of detection sensors around the country to measure the frequency of the illegal activity. The BBC reported at the time that 20 roadside monitors detected 50 to 450 occurrences of jamming in the country every day.

The problem has only grown worse since then, according to Curry, whose company conducted the study with government and industry support.

In addition to documenting use of jamming devices, the study found that the overwhelming majority of them — about 9 out of 10 — were employed by fleet drivers or truckers trying to avoid monitoring by the fleet-tracking systems “because they don’t want the boss to know where they are,” Curry said.

That observation was bolstered by a March 2014 experiment in the United States by Rohde & Schwarz, which manufactures radio testing and measurement equipment. An instrumented van parked near a major highway adjacent to Portland International Airport in Oregon found that “about every third or fourth truck” was radiating at or near GPS frequency, according to a presentation by GPS and communications consultant Logan Scott.

Despite such anecdotal evidence, Brian Lagana, executive director of the trucking associations’ safety and security councils, said he has seen no evidence that truckers are using the devices in significant numbers to defeat tracking or manipulate driving logs.

“I think, in general drivers, are well aware of the regulatory requirements … and they’re also very well aware of the penalties they could receive for use of a jamming device,” he said.

In fact, Britain’s Sentinel study found that many jamming culprits were at the wheels of smaller vehicles, including service and delivery vehicles and taxis.

It also documented instances of civilians with no ill intent using jammers. In one account that has become something of a legend in GPS security circles, an employee of a U.S. government agency with a mobile jamming detection device was surprised when it began alerting while he was at church.

“He went up to the priest after the service and said, ‘Father, I think there’s a GPS jammer in the church here somewhere,'” said Goward, who knows the official. “The father says: ‘Yeah. You’re darn right. I bought it to jam GPS and the cellphones because I was tired of people texting during the sermon.'” (The official declined an interview request from NBC News and requested anonymity.)

Spoofing concern growing

While use of illegal jammers appears relatively common in the field, spoofing — tricking GPS receivers by faking satellite signals — so far appears to be largely confined to electronic battlefields (Iran reportedly spoofed a U.S. reconnaissance drone that it captured in 2011) and laboratories. But that may be changing.

The closest thing to official confirmation of a criminal spoofing incident came when a Homeland Security Department official said at a security conference in December that Mexican drug cartels were trying to jam and spoof GPS signals to interfere with U.S. government drones patrolling the border.

“The bad guys on the borders have lots of money, and what they’re putting money into is … spoofing and jamming of GPS,” Timothy Bennett, a DHS science-and-technology program manager, said at the Center for Strategic International Studies conference.

In an interview with NBC News in July, however, Bennett said DHS has no evidence that the cartels have actually used spoofing and that his comments were based on “what is happening in the field (and) what I know about how other people are using jammers in the United States.”

Humphreys, the University of Texas expert who is often consulted by law enforcement and other government security experts, said there are likely other incidents that have not been made public.

“When I get interviewed by the FBI, they often guardedly allude to incidents where jamming and even spoofing have been carried out … but of course they don’t reveal details to me,” he said.

Humphreys famously demonstrated how spoofing can be used to take control of a vehicle using GPS for navigation. In June 2012, he and several graduate students demonstrated the technique for DHS officials by commandeering a civilian drone; the following year, they went after larger game — a 213-foot superyacht — and tricked its GPS navigation system into sending the vessel hundreds of yards off course in the Mediterranean Sea without raising any on-board alarms.

Those demonstrations required considerable effort and expense, Humphreys said, estimating that it took “five years and a bunch of Ph.D.s” to develop the device capable of simulating and then overpowering real GPS signals.

But that changed dramatically last year when Chinese technology experts demonstrated at the Defcon hacker conference how anyone can use a $300 software-defined radio to spoof GPS.

“There is now the capability of downloading something that’s available online onto an off-the-shelf … radio frequency card and making your own spoofer,” Humphreys said. “It would be something that would only takes a few hours for someone who has a little bit of experience with radio frequency work.”

Humphreys estimates that, as a result, “the difficulty of mounting a spoofing attack has dropped by maybe a factor of a hundred since 2012,” when he first raised the alarm.

While jamming as practiced “in the wild” is often a nuisance crime — causing GPS to black out briefly or cell towers to drop calls when one is nearby — spoofing is potentially much more dangerous in the wrong hands.

As Soar, the NovAtel executive, puts it: “The snotty kid in the bedroom is now probably our worst nightmare.”

Hoping for a small ‘crisis’

Law enforcement is starting to fight back. Jamming detection devices manufactured by Chronos Technology, for example, have been available for about a year and are “starting to find their way into standard use,” Curry said.

The multi-agency Space-Based Positioning, Navigation and Timing Executive Committee, known as ExCom, has been working for years on a GPS backup solution that would make jamming and spoofing of GPS much harder.

It is now developing requirements for a backup timing system — the GPS function most important to critical infrastructure — to be followed by navigation and positioning requirements. The commission is expected to issue recommendations in the fall of 2017, said Nancy Wilochka, a spokeswoman for the U.S. Transportation Department.

Manufacturers of GPS navigation devices also are beginning to incorporate anti-jamming and anti-spoofing measures — such as inertial sensors and antennas that draw from multiple Global Navigational Satellite Systems (GNSS) or can determine the direction from which signals are arriving — into their designs to at least improve the chances that they can withstand a malicious attack or GPS outage.

“It’s an arms race of giving enough protection,” Soar said.

That is encouraging to experts like Humphreys, but he can’t help wondering whether the improvements will arrive soon enough — and be strong enough — to prevent a disaster.

“My hope is the first crisis, if it comes, is just large enough to really wake us into action but small enough that nobody gets killed or that there isn’t a great deal of economic damage done,” he said. 

http://www.nbcnews.com/news/us-news/gps-under-attack-crooks-rogue-workers-wage-electronic-war-n618761

Theft of Cargo Is Constant Worry for Trucking

By Marissa Gamache, Special to Transport Topics

Days before Fourth of July celebrations, trailers loaded with SweetWater Brewing Co.’s 24-pack bottles of beer were stolen from its brewery; its Summer Variety Packs due for pick up in early morning. 

The Atlanta-based company said the majority of its two trailers of beer stolen June 21 was found June 29 with help from Georgia authorities. That was the good news. 

The bad news, the company said: “Unfortunately, the return of the stolen brews does not mean the product is able to be sold or consumed — every bottle will be destroyed.” 

Incidents of cargo theft occur all too often across the nation and are a constant worry for trucking. 

CargoNet, a theft prevention and recovery network, reported 906 thefts last year valued at $100.5 million. It said food and beverage thefts led the way, accounting for 29%, followed by electronics at 13% and household goods at 12%. 

That’s up 7% from 2014, when 844 thefts valued at about $90 million were reported.

Continue reading this article at TTNews.com:

http://www.ttnews.com/articles/basetemplate.aspx?storyid=42591&t=Theft-of-Cargo-Is-Constant-Worry-for-Trucking

© Transport Topics, American Trucking Associations Inc.

Reproduction, redistribution, display or rebroadcast by any means without written permission is prohibited.

How Well Do You Understand Your Cargo Theft Threats?

Travelers Indemnity Company 30 June 2016

Cargo theft affects businesses across the globe. Beyond the direct cost of the stolen goods, missing cargo can have far-reaching supply chain implications. Threats to your company’s cargo can vary by commodity type, region and even day of the week. Understanding your product’s susceptibility to theft and developing appropriate strategies to reduce it can help protect your cargo and your business.

“Education is paramount to combatting cargo theft,” says DZ Patterson, a Travelers Investigative Services professional. “Once companies are aware of the cargo theft problem, they can implement behavioral and procedural changes and the use of hard controls, including locks and electronic controls, to harden the supply chain,” adds Patterson. Travelers’ Special Investigations Group even goes the extra distance by assisting law enforcement. Sting Trailer, an industry-leading tool created by Travelers, is a tool deployed in concert with law enforcement that so far has resulted in several arrests and prosecution of criminals.

While headlines have focused on the theft of pharmaceuticals and electronics, since 2010, food and drinks are the product type most often stolen, accounting for 24 percent of reported cargo theft in the United States in 2015.* The lack of unique serial numbers makes it easier for thieves to sell food and drinks on the illicit market than more protected products.

Generally, the goal of cargo theft criminals is to make a fast buck without getting caught, which means even some of the most mundane products can be targeted for theft. For instance, a load of diapers could be a target because it can be sold easily to small businesses or directly within many communities right from the back of the truck. For this reason, it is important shippers understand how the cargo will travel from point A to point B; in some cases, the less costly path may cost you more in the end.

Cargo thieves’ tactics vary greatly around the world. Poor infrastructure and roadways, lax port security and lacking telecommunications to support tracking devices can serve as choke points where criminals can observe and target cargo moving through their areas. In the United States, many criminal groups take advantage of standard two-day and long holiday weekends, knowing that stationary cargo* will be less-protected and giving them more time to transfer the goods to another trailer, eventually hiding it away or even selling it before law enforcement is notified.

On the high seas, piracy still exists. In some instances, entire ships are being diverted and ransacked. In certain parts of the world, law enforcement may not be available or able to respond if notified of an active theft. Having alternative plans and strategies in place can significantly improve your ability to avoid losses and possibly recover your goods.

A few starting points when evaluating the theft potential for goods in transit are:

  • Understand how your cargo will travel—both type of conveyance and the actual route it will take.
  • Develop routes in which cargo can avoid ‘known’ high-crime areas.
  • If shipping in higher-crime areas is unavoidable, consider the timing of your shipments. Ask local law enforcement if it has any data showing when cargo crime is most active in these areas and try to structure your operations around these times. Travelers is also building a route analysis tool to explore risks for customers.
  • Consider equipping high-value loads with tracking equipment. Consult with reputable vendors familiar with the threat of cargo thefts to help determine the type of devices and their best installation and use for your threats.
  • Enforce a high standard within your operations. Require that trailer kingpins have suitable locks installed whenever they are loaded and not attached to a tractor; keep your facilities well-lighted with maintained fence lines; and pay special attention to loaded trailers, ensuring they are receiving the highest levels of protection possible at your sites.

The first 200 miles from the pickup point is sometimes referred to as “The Red Zone.” Requiring all loads to travel at least 200 miles before the first stop can be effective in deterring thieves who follow a loaded trailer from pick up and then attempt a hijacking when it makes its first stop. It also is good practice to avoid dropping a trailer at an unattended location. Shippers can incorporate these requirements, as well as others, within their freight contracts with carriers to increase their responsibility to pay should a loss occur.

As a shipper, it is critical to understand where in the process of moving your goods your responsibility and exposure begins and ensure proper steps are taken to protect your cargo. In most cases, shippers will rely upon contracted third parties. Some questions to consider:

  • Are third-party logistics providers arranging carriers who implement the proper theft controls for the level of theft exposure at all points of the supply chain? It is a good practice to verify the identity of arranged carriers. 
  • Are enhanced measures to protect your cargo required/necessary and are the transportation service providers experienced and capable to coordinate these properly?
  • Is it necessary to consider additional support beyond the logistics providers?
  • Is external packaging visible during shipment as generic as possible to avoid telegraphing any valuable contents?
  • Is the information contained within shipping documents such as commercial invoices, bills of lading and packing lists treated carefully? This information in the wrong hands may assist criminals in targeting your goods.
  • Are Electronic Freight Security (EFS) strategies in use and regularly reviewed for improvement? EFS is a continually evolving, global, end-to-end strategy, leveraging the most current technology and intelligence on theft threats. It is important to stay up to date on current trends and techniques to stay ahead of criminals.

Your suppliers also may be vulnerable to cargo theft. Many companies rely upon unique suppliers for critical components used in their processes and services. Taking time to examine these critical suppliers’ cargo theft threats and protection strategies closely, especially for suppliers of hard-to-replace components and materials, can be critically important in protecting your business against cargo theft interruptions. Joining an organization dedicated to sharing cargo theft trends, such as the Transported Asset Protection Association, or TAPA, or other similar Industry-led organizations can help connect you to cargo challenges facing your industry.

Sources:

*FreightWatch International, U.S. Cargo Theft 2015 Annual Report.

Cargo theft now a tougher nut to crack – FleetOwner

Fleet Owner

Sean Kilcarr

Wed, 2016-06-01 11:50

U.S. freight crimes increase with a focus on consumable products and “soft target” regions to steal freight.

Cargo theft is a $15 billion to $30 billion a year problem according to the Federal Bureau of Investigation, and still on the rise. If you want to know why, take a look at the recent spate of nut thefts in California and new theft hot spots like the city of Dallas, TX. The first highlights the greater focus cargo thieves are placing on food and beverage freight shipments, the second recognition by thieves that regional development can create ideal targets and conditions for stealing freight.

“Why target food and beverage?” asks Scott Cornell, transportation business leader and crime/theft specialist for Travelers Insurance. “Because there are no serial numbers on pistachios, for example. There is no RFID tag attached to them or hidden in their packaging.”

“There’s no tracing of almonds over the internet. There’s often not a high enough ‘trigger point’ in terms of value to meet some companies’ requirements for heightened security protocols,” Cornell added. “Also, the ‘evidence’ gets consumed and fairly quickly at that. You can find TVs and computers – they last for a long time. With food and beverage, though, there is a much shorter window for recovery.”

The second deals with the “regionalization” of cargo theft activity as certain areas of the country can present more “ideal” targets and conditions for stealing freight, noted Chris McLoughlin, risk manager at third party logistics firm C.H. Robinson.

“Holistically, [the city of] Dallas has become a huge distribution hub for Texas; there’s a lot of short haul freight being pooled in that area now. It has become a big ‘pick and hold’ area for freight shipments,” he explained to Fleet Owner.Cargo theft

“This is one example of why cargo theft is becoming more ‘regionalized’ as specific markets on a geographic/location basis,” he said.

According to Kyle Brady, an investigator with Travelers’ Special Investigations Group (SIG), other such “hot spots” for cargo crime include a recent series of thefts of copper and other metals in the Great Lakes region, with those stolen goods transported back to the greater Chicago area to be “fenced” or sold off illicitly in other states in surrounding the Windy City.

Cargo thieves are also displaying a far greater level of sophistication as well. In the past, McLoughlin noted that many thieves would focus on truck stops, breaking seals on trailers until they found one with cargo they desired, then stealing it.

Today, cargo thieves will actually focus on shipper facilities, surveilling their establishments, tracking truck arrival/departure times, and even following tractor-trailers longer distances to establish route patterns, he emphasized.

“It used to be that once you were 200 miles down the road, you’d be past them,” McLoughlin pointed out. “Now they will use multiple teams of drivers to follow trucks farther. They are willing to invest more time identifying ‘soft targets’ where they can get the cargo while no one is watching.”

Travelers’ Cornell added that other tactics are being deployed as well including the wider use of “fictitious pickups” with counterfeit documents, and double-blind brokering schemes that shift stolen loads to innocent trucking firms as legitimate assignments to cover up the tracks of a theft.

He noted that some cargo theft gangs have gone so far as to establish legitimate trucking companies to offer true freight service, while using that cover to deploy “ghost trucks” – vehicles made out to look like their trucks or those of another carrier, but with different DOT numbering – to steal loads.

Even though cargo theft is a vastly underreported crime, the available data still supports a growing trend. For example, in the first quarter of this year, the FreightWatch International Supply Chain Intelligence Center (SCIC) recorded a total of 221 cargo thefts in the U.S., with 66 incidents occurring in January, 90 in February, and 65 in March, with the average loss value per incident topping $112,467.

Compared to the fourth quarter of 2015, those first quarter numbers represent a 13% increase in volume of thefts, though a 13% decrease in their value. When comparing these figures to the first quarter of 2015, this represents an 8% increase in volume and a 56% decrease in value, the firm said.

Travelers’ Cornell noted that the disparity of volumes to values is typical of the new focus by cargo thieves on lower-value “consumables” that can be easily disposed of.

“Remember that the value of the load all profit to a thief: a $20,000 load is $20,000 profit to them,” he explained.

Yet the focus on stealing consumables can also lead to ripple effect in the market as well. “Nuts are very popular: they are a popular health food,” Cornell noted. “And due to the drought this year in California they are scarce, pushing up their value.”

But the impact of losing a load of nuts to theft is greater in some ways than losing a higher value load of flat screen TVs. “You can manufacture new TVs to replace the ones stolen, but you have to wait for the next growing season for nuts,” he stressed.

In terms of how cargo thieves dispose of their pilfered goods, Cornell explained they use many different means.

“They will often try to move these commodities in bulk whenever possible; the quicker and easier they can get the cargo off their hands is always their first choice,” he said.

If that option is not available, they’ll target the smaller “mom and pop” stores and try to convince them that they are selling a partially-damaged load, saying something along the lines of “90% of it was fine but a few boxes got damaged so now I have to sell the whole load off.”

“Sometimes the story is, ‘We missed our scheduled delivery time so they refused the load, and now we have to sell it off to make room to book another load,’” Cornell noted. “In those scenarios, they’re willing to sell it off partially a few pallets at a time, if needed.”

He stressed, however, that larger retailers are not buying goods in this manner 99% of the time because of their supplier relationships. “They also vet their shippers pretty well,” Cornell emphasized.

He pointed out, though, that the very organized cargo theft “crews” more often than not know where they will sell stolen loads before they actually steal them.

“They often operate a small warehouse of their own and sell the products trying to pass themselves off as legitimate small suppliers or moving it through established black market channels,” Cornell explained.

Source URL: http://fleetowner.com/fleet-management/cargo-theft-now-tougher-nut-crack

FBI: Business Phishing Attacks Net Cyber Thieves $3.1 Billion

Information Week 6/15/2016

Dawn Kawamoto

Phishing attacks against companies have soared dramatically over the past 18 months, and losses have climbed into the billions, according to an FBI advisory issued this week.

FBI officials issued an alert this week that phishing attacks targeted at businesses worldwide have soared to a $3.1 billion scam in the past 18 months. A new technique employing data theft has been put into play since this latest tax season.

Specifically, the FBI focused on business email compromise (BEC) scams as the root cause of this increase. According to the bureau’s June 14 alert:

The BEC scam continues to grow, evolve, and target businesses of all sizes. Since January of 2015, there has been a 1,300% increase in identified exposed losses. The scam has been reported by victims in all 50 states and in 100 countries. Reports indicate that fraudulent transfers have been sent to 79 countries with the majority going to Asian banks located within China and Hong Kong.

Cyber-criminals are spending time studying and monitoring their potential victims to get to know them before launching the scam, learning to accurately identify them and protocols needed to conduct wire transfers from their specific company or business environment to the would be cyber thieves.

Armed with this knowledge, cyber-criminals go to work in a targeted fashion, specifically by impersonating the CEO or some other high-level executive at the company to extract money or additional information that could lead to financial gain down the line, according to the bureau.

The FBI advisory noted there are five scenarios that cyber-attackers use in these BEC scams, of which one is relatively new. It emerged with this year’s tax season.

When the FBI issued its warning in April about the new BEC scam that involved data theft, the losses to companies worldwide stood at $2.3 billion. In a mere two months, the losses mushroomed by $800 million to reach $3.1 billion today.

Under this new scenario, the attackers request either wage or tax statement information, like W-2s, or a company list of Personally Identifiable Information (PII). The employees who cyber-criminals request these items from typically work in human resources, bookkeeping, or the auditing departments.

In one of the other four business email scams, the con artist dupes a foreign supplier through email, a fax, or a phone call, into wiring an invoice payment to a bogus account.

A second scam requires the hijacking of a company executive’s email account and sending a request to an employee who normally processes wire transfers, asking that funds be wired to bank X, which the attacker can access.

A third scam involves hacking an employee’s personal email account and using it to send invoice payment requests to various vendors that the company uses. The funds are then deposited into the cyber thieves’ bank account.

Finally, the FBI notes a scam involving a cyber-criminal who poses as an attorney in an email or a phone call and claims to be handling a time-sensitive or confidential matter. The cyber-criminal pressures the employee to transfer funds into a bogus account.

The FBI suggests victims notify the agency and file a complaint, regardless of the size of the loss.

Dawn Kawamoto is a freelance writer and editor. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET’s News.com, TheStreet.com, AOL’s DailyFinance, and The … View Full Bio

http://www.informationweek.com/government/cybersecurity/fbi-business-phishing-attacks-net-cyber-thieves-$31-billion/d/d-id/1325929