Charlie Hebdo Forced Entrance and Access Control Measures

Author: Brian Rhodes, Published on Feb 09, 2015

Electronic Access Control usually reassures people they are safe, but a recent tragedy in France reveals a big flaw.

During the massacre at Charlie Hebdo, gunmen forced a hostage to use credentials to open a door. Once inside, they murdered 10 people. Armed Responders only arrived in force at the scene more than 30 minutes after the killers fled.

In this note, we examine two options - duress credentials and physical layering to strength access control for such risks.

********** ****** ******* ******* ********* ****** **** *** ****, *** a ****** ******* ** ****** ******* * *** ****.

****** *** ******** ** ******* *****, ****** ****** * ******* to *** *********** ** **** * ****. **** ******, **** murdered ** ******. ***** ********** **** ******* ** ***** ** the ********* **** ** ************ *** ******* ****.

** **** ****, ** ******* *** ******* - ****** *********** and ******** ******** ** ******** ****** ******* *** **** *****.

[***************]

The *****

*********, ****** ******* *** **** ****** ******** ******* ******* ******* ******* *********** ******** ** ***** *** ******* ****** ***** ** **** ******.

The *************

******** ** ******* ***** *** *** * ****** ******, *** the *********** ****** ** ******** *********** ***** ***** ******** ******. *** ******** *** * ********* ****** ******* ****** *** a ********** ******** **** ********* ** * ******. ****** **** shooting ***** *** **** *** ********, *** ****** ******* ** employee ** ** ****** *** ****** *** ** **** *** main ******** ** ********. **** *****, **** *** ******** ****** to *** ******.

****** ******* **** ***** **** *********** *** ********* *** ****** to ** *******. ** **** ****, ** ******** *** *** child **** ******* **** ***** ** ****** ***********.

** **********, *** ******** ** '**** ***** ** **** ***********?' is ***** ** ****, ********** ** ***** ******* ** * similar ****** ****** ** **** ******* *** **** ****.

What *** ** ****?

*************, ********* ****** **** *******, *** ****** ******* ** *** existing ****** ***** **** ** *** **** ***** ******** *** gunmen *** *********** ******* *** ****. **** ******** ** ******* that ***** **** **** * **********:

****** ***********: ** *** **** ** ******* * ******* ** **** doors, ** ******** ******* *** ****** ** ********* ***********, *** even ******* ** ******* *** ******** *** ** ****. ** the ***** *********, ** ******* ** **** ************ *** **** to *********. *** ****** ****** ** ****** *** **** ********* readers ** * ******* **** ** * ******* **** ** entered (**: *** ********'* *** ** ******* *****) ** ** an ******** *********** ** **** (**: *** ****-**** ***** ****** than *** *****-**** *****), *** **** ****** ****** *** ***** a ******* ********* *** ****** *** ****** ** *** ****** through **** ************ ** **** ** ****** **********.

**** ****** ** ********* ****** ** **** ****** ** '******' or '*****' *************:

******** ******:******* *** ** ****** **** ** ** **** **** **** one ********** ******* ** ********* ******. ****** ******* *************************, *********** *** ******* ******** ******** (**: ***** *****, ********, office *****) **** ********** ******* ****** *** **** ****** ** unprotected ***** *** ******** ********* ********** **** ** ********* *******.

***** ***** ** ********: ******* *** *** ******** ******** *** ********* ** ** avoid ********* *** **** ********** ** *** ******* **** ******. Rather **** '***** *** *******' *** *** ************ ** * heinous ***, *** ****** ** *** ** ******** *** **** protection ***** ******* ** ****-**** ******** *******. **** * ****** access ****** *** *** ****** ** ******** *** ***** *** Charlie *****, *** *** ***** ****** *** ******** ******** *** risk ********** ******** *** ** ******** ********** ************ ** ******* and ******** *****.

Comments (5)

Great article it gives sharp relief on a feature of the EAS systems we promote and install that we are not even talking about enough. As I move away from project management toward sales I will be thinking about this story when discussing EAS requirements with clients and prospective clients.

Any duress setting that sets off an obvious reaction will be hard on the person sending the duress signal. Possibly leading to recluctance to setting off the duress signal. Therefore, duress settings should be as unobtrusive as possible.

Has anyone ever tried a series of mantraps with timers? A duress setting could lead to mantraps taking longer and longer to open, slowing down the adversary without being obvious about it. If all your doors can talk to each other, entering a duress setting should cause the first door to open after two seconds, the second door after three seconds, and so forth.

And, of course, there's the problem of sending notification without alerting the adversary that a notification is being sent.

I wonder how big of an award the jury will give the family of an employee who didn't know that sending a duress signal would result in flashy lights and loud sirens.

Good article. I always ask my clients if they want to "be" secure, or "feel" secure? They are two totally different things. It is interesting to look at how other professionals outside of our industry look at our systems. Greg Ellifritz from Active Response Training wrote an Article on the same incident and stated:

1) Don’t depend on passive security measures to keep you safe. The doors to the magazine’s office were locked. That didn’t matter to the terrorists. They just waited for an employee, held her hostage and told her they would kill her unless she let them in. From the Daily Mail:

“‘I had gone to pick up my daughter at day care, arriving in front of the magazine building, where two masked and armed men brutally threatened us,’ said Ms Rey….’They said they wanted to go up to the offices, so I tapped in the code,’ said Ms Rey, referring to the digi-code security system on the inter-phone.”

What would you do in that situation? I bet most of you would let the terrorists inside in order to prevent them from killing you and your child. Just like locked doors did not stop the killer at Sandy Hook Elementary (he shot a hole through a window and entered), locked doors didn’t stop the attack here. All locations can be penetrated by criminals if they are properly motivated. Don’t think you are safe because you live or work in a “secure” building.

As you mention, the key is to slow down the attackers but relying on people to enter duress codes or switch biometric fingers is something that I don't think will be remembered when there is a gun held to their head. Of course everyone thinks that people will rise to a situation, but I don't find that to be true based on my own experiences.

I don't know what the actual answer is, but I feel that it is very hard to stop a determined attacker with common, affordable security measures. Certainly with large budgets and operation constraints it can be achieved, but your typical magazine office is not that place.

Dynamic compartmentalization is an option worth considering although collateral damage is part of the equation that must be addressed in the security plan. The Navy pioneered this with Z door fitings that limit the damage to a ship with a torpedo attack. Sacrifice a compartment and the people in it to save the ship. I used this design principle at a major airport in 2005. Functional use of video, access control, TSA control and movable physical barriers. It has worked for 9 years enabling facility functionality, security and practical/tactical measures.

Dear Brian,

I just read your article now but you can't imagine how many time I have been asking myself about this. I am French so I was (and still am) super concerned by this Charly attack.

Also working at Suprema and I know a bit about Duress (thank you for the BioStation image BTW).

Duress code with a keypad is always a problem because you have to remember the second alternative code (that you don't use that often..). When it goes to fingerprint duress, it is getting quite easy.

1 -In normal time you use the right hand index.

2- In time of trouble, you use the left hand index (duress example). That's easy to remember however I don't know how many of us would have the intelligence to use the duress under the pression of a gun. On this I agree with Duane and employees training (with regular exericises) is the key success factor.

As Brian said, there was already alerts at Charly Hebdo and there was a 100% time guard with Gun in the facility. I think he was the first one gunshooted. This guard had a phone and could have been alerted prior to attack. 30s could have been enough.

When a Duress finger is presented, the system basically send a "Silent Alarm". This is an access control event sent to the control tower in real time but it can also be an email sent to a list of designated people. It can also be a SMS sent to mobilephone, if integrated.

(here is the configuration: https://www.supremainc.com/en/node/554)

It does not make any alarm or red signal at the door. The duress employee is entering the facilty like if nothing special had happened.

Since this event and still now, I wonder why this has not been implemented ... but I have some incomplete answers:

- Duress with code has the inconvenient described above (you forget the PIN)

- Duress with Fingerprint. First, fingerprints systems are highly controlled in France (CNIL). French people are reluctant to use Fingerprint technology. So I don't think that the Charlies would have accepted using such "evil" techno even for their own life security. Second, having a fingerprint device in Paris would raise people attention. Because you don't have any of these in the streets. Charly Hebdo office address was supposed to be confidential so the less external signs you give the better.

- When someone want to kill you and has determination, he will find a way. But that does not mean we shall not protect ourselves with simple means. Think about it.

I would be very interrested to know what ACS and CCTV Charly was using at the time of the attack. If someone has information, please contact me by PM.

Thank you,

Baud

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Access Control

FST Fails on Jul 17, 2018
FST was one of the hottest startups of the decade, selected as the best new product at ISC West 2011 and backed with tens of millions in...
Belgium Bans Private Facial Surveillance on Jul 06, 2018
Belgium has effectively banned the use of facial recognition and other biometrics-based video analytics in surveillance cameras for private,...
GDPR For Access Control Guide on Jul 03, 2018
Electronic access control is common in businesses plus organizations are increasingly considering biometrics for access control. With GDPR coming...
Allegion Acquires Isonas on Jun 29, 2018
Isonas failed to 'revolutionize' access control as they regularly claimed. Now, nearly 20 years after their founding, they are being acquired by...
Replacing / Switching Access Control Systems Guide on Jun 28, 2018
Ripping out and replacing access control systems is hard for important reasons. Because users typically hold on to access control systems for as...
Free Online NFPA, IBC, and ADA Codes and Standards on Jun 27, 2018
Finding applicable codes for security work can be a costly task, with printed books and pdf downloads costing hundreds or thousands. However, a...
'Secure Channel' OSDP Access Control Examined on Jun 21, 2018
Despite claiming to be better than Wiegand, OSDP's initial releases did not address the lack of encryption between reader and controller, leaving...
IFSEC 2018 Final Show Report on Jun 20, 2018
IPVM attended the IFSEC show for the first time this year. The Chinese took over the show, centered on Hikvision, flanked by Dahua, Huawei and a...
Axis Releases First New Access Controller In 5 Years (A1601) on Jun 15, 2018
It has been 5 years since Axis 2013 entry in the physical access control market, with the A1001 (IPVM test). Now, Axis has released its second...
Access Control - Time & Attendance, Mustering and Mantraps Guide on Jun 13, 2018
Electronic access offers features that traditional mechanical locks cannot. While these features may not be as fundamental as keeping doors secure,...

Most Recent Industry Reports

Amazon Ring Alarm System Tested on Jul 16, 2018
Amazon Ring is going to hurt traditional dealers, and especially ADT, new IPVM test results of Ring's Alarm system underscore. IPVM found that...
Hikvision Wins Chinese Government Forced Facial Recognition Project Across 967 Mosques on Jul 16, 2018
Hikvision has won a Chinese government tender which requires that facial recognition cameras be set up at the entrance of every single mosque...
Installing Dome Cameras Indoors Guide on Jul 16, 2018
IPVM is producing the definitive series on installing surveillance cameras. This entry covers one of the most common scenarios - installing dome...
Security Sales Course Summer 2018 on Jul 13, 2018
Based on member's interest, IPVM is offering a security sales course this summer. Register Now - IPVM Security Sales Course Summer 2018 This...
US Tariffs Hit China Video Surveillance on Jul 13, 2018
Chinese video surveillance products avoided tariffs for the first two rounds. Now, in the third round, many video surveillance products will be...
Last Chance - July 2018 IP Networking Course on Jul 12, 2018
Registration ends today, Thursday. Register now. This is the only networking course designed specifically for video surveillance...
4 Most Difficult Camera Installs (Statistics) on Jul 12, 2018
Heavy housings, cumbersome brackets, heavy ladders required, and tricky field of view requirements will cause difficulties no matter the camera...
Axis Perimeter Defender Video Analytics Tested on Jul 12, 2018
Axis 'high security' video analytics offering is Perimeter Defender, OEMed / developed with Digital Barriers. But how good is Perimeter Defender?...
Hikvision Fights Ban - Claims 'Red Scare', Hires 14 Term Ex-Congressman on Jul 11, 2018
Hikvision is fighting back against the House Bill Ban of their products. Hikvision has hired one of the biggest lobbying firms, led by a 14 term...
Arecont Acquisition By Costar on Jul 11, 2018
Arecont Vision acquisition by Costar Technologies has been approved by the court, concluding the bankruptcy process triggered by Arecont's...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact