Lessons Learned from Melbourne Casino Robbery
A recent crime in a Melbourne casino that netted the thieves a cool 32 million AUD demonstrates that despite our best efforts, even the most high-tech security system can sometimes be compromised to some degree. In this case, the casino’s surveillance recording equipment was used to assist the robbers.
While we do not know the full details, IFSEC was quick to offer some constructive suggestions. It is believed the casino surveillance system was compromised enabling the perpetrators to cheat the casino at cards, specifically blackjack.
Two Networks Required
IFSEC normally established two separate networks for IP-based systems. The first is a camera network. The second is for the workstation network. These should be separate networks not separate VLAN sections.
All servers have two network cards and the networks interact. The servers and the camera are the only equipment on the camera LAN. All external communication must go through the workstation LAN. This means that any access to the camera must proceed through the workstation, not the case in the Melbourne casino robbery.
IFSEC also adds additional security measures. Engaged principles are not permitted remote access to surveillance recordings. This prevents simple access by way of a login name and password. A perpetrator can only access the system with specific software for the unique design.
The issue of remote access is uncomfortable for many businesses and even homeowners. In most cases, remote access can be useful but in operations like the casino, it is not recommended. In casino gaming, the provider often needs to access the software remotely in order to provide troubleshooting.
In the case of the Melbourne Casino caper, it seems the system was inadequately designed and monitored. External access was compromised and the casino is out $32 million.
Impossible to Overprotect
In any case, the issue of protecting the security system cannot be overstated. New usernames, new passwords and new security protocols must be implemented on very regular occasions. Breaching the access is one of the biggest threats to breaching a security system.
And, make no mistake about it. Many new-age thieves are up to par on technology and security systems. That’s does not mean that they do not have to perform their background work, but they understand what they are looking at much more than the client.
IFSEC encourages all their clients to report any security breach. That can mean a lost cell phone, a hacked computer or even a seemingly innocent break-in. One of the undeniable statistics about security system breaches is that the perpetrator is usually known to the offended party. Many companies insist on changing codes every time an employee is dismissed. You cannot be too careful.