The Hatton Garden Heist - why did the Security Team get it so wrong?
Chris Phillips heads up 2-sec’s Physical Security Consulting Practice and is ex-head of NaCTSO, the UK’s National Counter Terrorism Security Office. He provides his own expert view below on the jewellery heist, the failings of the Hatton Gardens physical security team and what should have been done to prevent the attack.
The audacious Hatton Gardens heist that took place over the Easter bank holiday weekend has been lauded as a “great heist” and “worthy of a movie” by certain parts of the internet.
It is very obvious that the gang that carried out the raid were extremely organised, sophisticated and well connected.
WHAT HAPPENED?
Before the robbery actually took place, there are now suspicions that the criminals deliberately started a fire at nearby Holborn. The fact that the fire was started in the week before the attack and took hold only 500 yards from the vault whilst causing major power outages and chaos, does seem to be more than just a coincidence.
The gang, wearing workmen’s overalls, take out their haul in wheelie bins.The gang made it inside the Safety Deposit lock up on Thursday 2nd April. They then spend Thursday, Friday and most of Saturday completely unchallenged by any member of the security forces or general public, jamming the lift, drilling through the 2 metre thick lift shaft and vault to reach the deposit boxes and opening 70 of the safes to find the treasure inside. They removed their haul on Sunday, by dragging loaded wheelie bins into an unmarked white van parked outside the building.
The break in wasn’t discovered until Tuesday morning, when Hatton Gardens Safety Deposit workers discovered the pile of rubble and damaged security boxes in the basement of their building, and called the police.
There has been on and offline criticism directed against the Met, after they issued a statement admitting an alarm sounded on the vault in the middle of the night on Good Friday, but it was ignored and no officers were sent in response.
WHAT WENT WRONG?
The missed alarm
Scotland Yard released a statement about the missed alarm:
“We have established that on Friday, 3 April at 00:21hrs a call was received at the MPS Central Communications Command (MetCC) from Southern Monitoring Alarm Company. The call stated that a confirmed intruder alarm had been activated at the Hatton Garden Safe Deposit Ltd. The call was recorded and transferred to the police’s CAD (computer aided despatch) system. A grade was applied to the call that meant that no police response was deemed to be required. We are now investigating why this grade was applied to the call. This investigation is being carried out locally. It is too early to say if the handling of the call would have had an impact on the outcome of the incident.”
It seems a little disingenuous by the Met to say that they are not sure if the handling of the call would have had a "positive impact on the raid". If the police had turned up on site, surely they would have been ideally placed to make at least SOME kind of impact on the ongoing robbery?
Are the Police being Criticised Unfairly?
The Hatton Gardens Safety Deposit building had already suffered a significant number of false alarm activations. It is policy that all remote signalling alarms that terminate at approved central monitoring stations, like those at the Hatton Gardens building, are registered with the police and identified by a unique reference number (URN). The police response to their activation will be based on the assumption that an offence is taking place, but “against the background of competing urgent calls and available resources”. Such a response is also be conditional upon the number of false activations in any 12 month period, in which case the activation may receive a “lower priority police attendance”.
Remote signalling alarms are connected to a control room and assigned an URN.
So, due to the sheer number of false alerts from the Hatton Gardens building over the last year, the police system automatically flagged the response grade to “no response” on their URN. It is also the alarm company’s responsibility to contact the key holder, not the police.
Read the rest of our article on the Hatton Garden's Heist on 2-sec's blog!
Head of Cyber Security @ Tate & Lyle | Cyber Security Strategy
9 年This is if we still think the ultimate goal of the heist were the diamonds in the deposit boxes......
Passionate about technology. Architecture, Research, Mathematics, ML/AI, Algorithms, Cloud, Containers, Network, Security, Programming, Linux. Enjoy learning all the time, from the universe to cooking and writing.
9 年The Hatton Garden Heist had already slipped to the back of my mind. I am sure there will be a lot of investigations. Whether the result really will have an impact and change anything in the security arena, will have to be seen. However, I am sure there will be some kind of movie or book based on this heist :)
Non-Executive Director: Software & Technology
9 年As Dame Manningham-Bueller once said at a conference I was at, no amount of Technology can match the human element in intelligence gathering/actioning. If it is true that people ignored the Technology then woe be it them.
Trusted Advisor/Critical Friend, Interim/Virtual CISO, Team Lead, Principal Consultant, NED & #UnsungHero 2022 Security Leader & Mentor
9 年Illustrates an old lesson, perhaps - an over-reliance on technology to deter/detect/defend undermined by false positive alarms leading to ineffective response. Though this incident was in the physical domain, the analogies to the cyber are clear. Think Target, for example ...... NB I'm currently sat some 75 yds from the Hatton Gdns Safety Deposit bldg!