Charlie Hebdo Forced Entrance and Access Control Measures

Author: Brian Rhodes, Published on Feb 09, 2015

Electronic Access Control usually reassures people they are safe, but a recent tragedy in France reveals a big flaw.

During the massacre at Charlie Hebdo, gunmen forced a hostage to use credentials to open a door. Once inside, they murdered 10 people. Armed Responders only arrived in force at the scene more than 30 minutes after the killers fled.

In this note, we examine two options - duress credentials and physical layering to strength access control for such risks.

********** ****** ******* ******* ********* ****** **** *** ****, *** a ****** ******* ** ****** ******* * *** ****.

****** *** ******** ** ******* *****, ****** ****** * ******* to *** *********** ** **** * ****. **** ******, **** murdered ** ******. ***** ********** **** ******* ** ***** ** the ********* **** ** ************ *** ******* ****.

** **** ****, ** ******* *** ******* - ****** *********** and ******** ******** ** ******** ****** ******* *** **** *****.

[***************]

The *****

*********, ****** ******* *** **** ****** ******** ******* ******* ******* ******* *********** ******** ** ***** *** ******* ****** ***** ** **** ******.

The *************

******** ** ******* ***** *** *** * ****** ******, *** the *********** ****** ** ******** *********** ***** ***** ******** ******. *** ******** *** * ********* ****** ******* ****** *** a ********** ******** **** ********* ** * ******. ****** **** shooting ***** *** **** *** ********, *** ****** ******* ** employee ** ** ****** *** ****** *** ** **** *** main ******** ** ********. **** *****, **** *** ******** ****** to *** ******.

****** ******* **** ***** **** *********** *** ********* *** ****** to ** *******. ** **** ****, ** ******** *** *** child **** ******* **** ***** ** ****** ***********.

** **********, *** ******** ** '**** ***** ** **** ***********?' is ***** ** ****, ********** ** ***** ******* ** * similar ****** ****** ** **** ******* *** **** ****.

What *** ** ****?

*************, ********* ****** **** *******, *** ****** ******* ** *** existing ****** ***** **** ** *** **** ***** ******** *** gunmen *** *********** ******* *** ****. **** ******** ** ******* that ***** **** **** * **********:

****** ***********: ** *** **** ** ******* * ******* ** **** doors, ** ******** ******* *** ****** ** ********* ***********, *** even ******* ** ******* *** ******** *** ** ****. ** the ***** *********, ** ******* ** **** ************ *** **** to *********. *** ****** ****** ** ****** *** **** ********* readers ** * ******* **** ** * ******* **** ** entered (**: *** ********'* *** ** ******* *****) ** ** an ******** *********** ** **** (**: *** ****-**** ***** ****** than *** *****-**** *****), *** **** ****** ****** *** ***** a ******* ********* *** ****** *** ****** ** *** ****** through **** ************ ** **** ** ****** **********.

**** ****** ** ********* ****** ** **** ****** ** '******' or '*****' *************:

******** ******:******* *** ** ****** **** ** ** **** **** **** one ********** ******* ** ********* ******. ****** ******* *************************, *********** *** ******* ******** ******** (**: ***** *****, ********, office *****) **** ********** ******* ****** *** **** ****** ** unprotected ***** *** ******** ********* ********** **** ** ********* *******.

***** ***** ** ********: ******* *** *** ******** ******** *** ********* ** ** avoid ********* *** **** ********** ** *** ******* **** ******. Rather **** '***** *** *******' *** *** ************ ** * heinous ***, *** ****** ** *** ** ******** *** **** protection ***** ******* ** ****-**** ******** *******. **** * ****** access ****** *** *** ****** ** ******** *** ***** *** Charlie *****, *** *** ***** ****** *** ******** ******** *** risk ********** ******** *** ** ******** ********** ************ ** ******* and ******** *****.

Comments (5)

Great article it gives sharp relief on a feature of the EAS systems we promote and install that we are not even talking about enough. As I move away from project management toward sales I will be thinking about this story when discussing EAS requirements with clients and prospective clients.

Any duress setting that sets off an obvious reaction will be hard on the person sending the duress signal. Possibly leading to recluctance to setting off the duress signal. Therefore, duress settings should be as unobtrusive as possible.

Has anyone ever tried a series of mantraps with timers? A duress setting could lead to mantraps taking longer and longer to open, slowing down the adversary without being obvious about it. If all your doors can talk to each other, entering a duress setting should cause the first door to open after two seconds, the second door after three seconds, and so forth.

And, of course, there's the problem of sending notification without alerting the adversary that a notification is being sent.

I wonder how big of an award the jury will give the family of an employee who didn't know that sending a duress signal would result in flashy lights and loud sirens.

Good article. I always ask my clients if they want to "be" secure, or "feel" secure? They are two totally different things. It is interesting to look at how other professionals outside of our industry look at our systems. Greg Ellifritz from Active Response Training wrote an Article on the same incident and stated:

1) Don’t depend on passive security measures to keep you safe. The doors to the magazine’s office were locked. That didn’t matter to the terrorists. They just waited for an employee, held her hostage and told her they would kill her unless she let them in. From the Daily Mail:

“‘I had gone to pick up my daughter at day care, arriving in front of the magazine building, where two masked and armed men brutally threatened us,’ said Ms Rey….’They said they wanted to go up to the offices, so I tapped in the code,’ said Ms Rey, referring to the digi-code security system on the inter-phone.”

What would you do in that situation? I bet most of you would let the terrorists inside in order to prevent them from killing you and your child. Just like locked doors did not stop the killer at Sandy Hook Elementary (he shot a hole through a window and entered), locked doors didn’t stop the attack here. All locations can be penetrated by criminals if they are properly motivated. Don’t think you are safe because you live or work in a “secure” building.

As you mention, the key is to slow down the attackers but relying on people to enter duress codes or switch biometric fingers is something that I don't think will be remembered when there is a gun held to their head. Of course everyone thinks that people will rise to a situation, but I don't find that to be true based on my own experiences.

I don't know what the actual answer is, but I feel that it is very hard to stop a determined attacker with common, affordable security measures. Certainly with large budgets and operation constraints it can be achieved, but your typical magazine office is not that place.

Dynamic compartmentalization is an option worth considering although collateral damage is part of the equation that must be addressed in the security plan. The Navy pioneered this with Z door fitings that limit the damage to a ship with a torpedo attack. Sacrifice a compartment and the people in it to save the ship. I used this design principle at a major airport in 2005. Functional use of video, access control, TSA control and movable physical barriers. It has worked for 9 years enabling facility functionality, security and practical/tactical measures.

Dear Brian,

I just read your article now but you can't imagine how many time I have been asking myself about this. I am French so I was (and still am) super concerned by this Charly attack.

Also working at Suprema and I know a bit about Duress (thank you for the BioStation image BTW).

Duress code with a keypad is always a problem because you have to remember the second alternative code (that you don't use that often..). When it goes to fingerprint duress, it is getting quite easy.

1 -In normal time you use the right hand index.

2- In time of trouble, you use the left hand index (duress example). That's easy to remember however I don't know how many of us would have the intelligence to use the duress under the pression of a gun. On this I agree with Duane and employees training (with regular exericises) is the key success factor.

As Brian said, there was already alerts at Charly Hebdo and there was a 100% time guard with Gun in the facility. I think he was the first one gunshooted. This guard had a phone and could have been alerted prior to attack. 30s could have been enough.

When a Duress finger is presented, the system basically send a "Silent Alarm". This is an access control event sent to the control tower in real time but it can also be an email sent to a list of designated people. It can also be a SMS sent to mobilephone, if integrated.

(here is the configuration: https://www.supremainc.com/en/node/554)

It does not make any alarm or red signal at the door. The duress employee is entering the facilty like if nothing special had happened.

Since this event and still now, I wonder why this has not been implemented ... but I have some incomplete answers:

- Duress with code has the inconvenient described above (you forget the PIN)

- Duress with Fingerprint. First, fingerprints systems are highly controlled in France (CNIL). French people are reluctant to use Fingerprint technology. So I don't think that the Charlies would have accepted using such "evil" techno even for their own life security. Second, having a fingerprint device in Paris would raise people attention. Because you don't have any of these in the streets. Charly Hebdo office address was supposed to be confidential so the less external signs you give the better.

- When someone want to kill you and has determination, he will find a way. But that does not mean we shall not protect ourselves with simple means. Think about it.

I would be very interrested to know what ACS and CCTV Charly was using at the time of the attack. If someone has information, please contact me by PM.

Thank you,

Baud

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Access Control

Access Control Records Maintenance Guide on Jan 16, 2019
Weeding out old entries, turning off unused credentials, and updating who carries which credentials is as important as to maintaining security as...
Access Control Cabling Tutorial on Jan 15, 2019
Access Control is only as reliable as its cables. While this aspect lacks the sexiness of other components, it remains a vital part of every...
Avigilon Favorability Results 2019 on Jan 15, 2019
Since IPVM's 2017 Avigilon favorability results, the company was acquired by Motorola and has shifted from being an aggressive startup to a more...
Wavelynx Access Control Manufacturer Profile on Jan 10, 2019
Denver-based WaveLynx is not well known as an access reader manufacturer, but OEMs for big industry brands including Amag, Isonas (Allegion),...
Combating Vaping Epidemic - Halo Smart Sensor Profile on Dec 21, 2018
Youth vaping has become an epidemic, according to the US Surgeon General, while the market leader, Juul, just received a $12.8 billion investment...
ACRE-Acquired Open Options Access Company Profile on Dec 17, 2018
Who is the company ACRE is acquiring? In this note, we examine Open Options line for best customer fit, key features, pricing, and main...
Open Options Acquired By ACRE on Dec 17, 2018
ACRE is doing deals again. A year after they sold Mercury, they are buying another access control company - Open Options. In this note, we...
2019 Access Control Book Released on Dec 12, 2018
This is the best, most comprehensive access control book in the world, based on our unprecedented research and testing has been significantly...
Multi-Factor Access Control Authentication Guide on Dec 10, 2018
Can a stranger use your credentials? One of the oldest problems facing access control is making credentials as easy to use as keys, but restricting...
Top 2019 Trend - AI Video Analytics on Dec 10, 2018
160+ Integrators answered: What do you think the top industry trend will be in 2019? Why? AI / video analytics was the run-away winner with...

Most Recent Industry Reports

Testing Bandwidth vs. Frame Rate on Jan 23, 2019
Selecting frame rate has a major impact on surveillance bandwidth and storage consumption. But with smart codecs now common and cameras more...
Camera Course January 2019 on Jan 23, 2019
This is the only independent surveillance camera course, based on in-depth product and technology testing. Lots of manufacturer training exists...
Bosch Favorability Results 2019 on Jan 23, 2019
Bosch's favorability moderately strengthed, in new IPVM integrator statistics over their results from 2017, with 2019 results showing strong net...
Intersec 2019 Show Report on Jan 23, 2019
The 2019 Intersec show, held annually in Dubai, is now complete. IPVM attended for 3 days, interviewing numerous Chinese and Western video...
2019 Camera Book Released on Jan 22, 2019
This is the best, most comprehensive security camera training in the world, based on our unprecedented testing. Now, all IPVM PRO Members can get...
Milesight Company Profile on Jan 22, 2019
Milesight Technology, a Chinese company building an International branded business, says they are slowly building their presence through a series...
Cable Trenching for Surveillance on Jan 21, 2019
Trenching cable for surveillance is surprisingly complex. While using shovels, picks, and hoes is not advanced technology, the proper planning,...
Milestone Favorability Results 2019 on Jan 21, 2019
Milestone's favorability moderately strengthed, in new IPVM integrator statistics over their results from 2016. While the industry has been...
The IP Camera Lock-In Trend: Meraki and Verkada on Jan 18, 2019
Open systems and interoperability have become core features of video surveillance systems, as virtually all professional IP cameras integrate with...
NYPD Refutes False SCMP Hikvision Story on Jan 18, 2019
The NYPD has refuted the SCMP Hikvision story, the Voice of America has reported. On January 11, 2018, the SCMP alleged that the NYPD was using...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact