Charlie Hebdo Forced Entrance and Access Control Measures

Author: Brian Rhodes, Published on Feb 09, 2015

Electronic Access Control usually reassures people they are safe, but a recent tragedy in France reveals a big flaw.

During the massacre at Charlie Hebdo, gunmen forced a hostage to use credentials to open a door. Once inside, they murdered 10 people. Armed Responders only arrived in force at the scene more than 30 minutes after the killers fled.

In this note, we examine two options - duress credentials and physical layering to strength access control for such risks.

********** ****** ******* ******* ********* ****** **** *** ****, *** a ****** ******* ** ****** ******* * *** ****.

****** *** ******** ** ******* *****, ****** ****** * ******* to *** *********** ** **** * ****. **** ******, **** murdered ** ******. ***** ********** **** ******* ** ***** ** the ********* **** ** ************ *** ******* ****.

** **** ****, ** ******* *** ******* - ****** *********** and ******** ******** ** ******** ****** ******* *** **** *****.

[***************]

The *****

*********, ****** ******* *** **** ****** ******** ******* ******* ******* ******* *********** ******** ** ***** *** ******* ****** ***** ** **** ******.

The *************

******** ** ******* ***** *** *** * ****** ******, *** the *********** ****** ** ******** *********** ***** ***** ******** ******. *** ******** *** * ********* ****** ******* ****** *** a ********** ******** **** ********* ** * ******. ****** **** shooting ***** *** **** *** ********, *** ****** ******* ** employee ** ** ****** *** ****** *** ** **** *** main ******** ** ********. **** *****, **** *** ******** ****** to *** ******.

****** ******* **** ***** **** *********** *** ********* *** ****** to ** *******. ** **** ****, ** ******** *** *** child **** ******* **** ***** ** ****** ***********.

** **********, *** ******** ** '**** ***** ** **** ***********?' is ***** ** ****, ********** ** ***** ******* ** * similar ****** ****** ** **** ******* *** **** ****.

What *** ** ****?

*************, ********* ****** **** *******, *** ****** ******* ** *** existing ****** ***** **** ** *** **** ***** ******** *** gunmen *** *********** ******* *** ****. **** ******** ** ******* that ***** **** **** * **********:

****** ***********: ** *** **** ** ******* * ******* ** **** doors, ** ******** ******* *** ****** ** ********* ***********, *** even ******* ** ******* *** ******** *** ** ****. ** the ***** *********, ** ******* ** **** ************ *** **** to *********. *** ****** ****** ** ****** *** **** ********* readers ** * ******* **** ** * ******* **** ** entered (**: *** ********'* *** ** ******* *****) ** ** an ******** *********** ** **** (**: *** ****-**** ***** ****** than *** *****-**** *****), *** **** ****** ****** *** ***** a ******* ********* *** ****** *** ****** ** *** ****** through **** ************ ** **** ** ****** **********.

**** ****** ** ********* ****** ** **** ****** ** '******' or '*****' *************:

******** ******:******* *** ** ****** **** ** ** **** **** **** one ********** ******* ** ********* ******. ****** ******* *************************, *********** *** ******* ******** ******** (**: ***** *****, ********, office *****) **** ********** ******* ****** *** **** ****** ** unprotected ***** *** ******** ********* ********** **** ** ********* *******.

***** ***** ** ********: ******* *** *** ******** ******** *** ********* ** ** avoid ********* *** **** ********** ** *** ******* **** ******. Rather **** '***** *** *******' *** *** ************ ** * heinous ***, *** ****** ** *** ** ******** *** **** protection ***** ******* ** ****-**** ******** *******. **** * ****** access ****** *** *** ****** ** ******** *** ***** *** Charlie *****, *** *** ***** ****** *** ******** ******** *** risk ********** ******** *** ** ******** ********** ************ ** ******* and ******** *****.

Comments (5)

Great article it gives sharp relief on a feature of the EAS systems we promote and install that we are not even talking about enough. As I move away from project management toward sales I will be thinking about this story when discussing EAS requirements with clients and prospective clients.

Any duress setting that sets off an obvious reaction will be hard on the person sending the duress signal. Possibly leading to recluctance to setting off the duress signal. Therefore, duress settings should be as unobtrusive as possible.

Has anyone ever tried a series of mantraps with timers? A duress setting could lead to mantraps taking longer and longer to open, slowing down the adversary without being obvious about it. If all your doors can talk to each other, entering a duress setting should cause the first door to open after two seconds, the second door after three seconds, and so forth.

And, of course, there's the problem of sending notification without alerting the adversary that a notification is being sent.

I wonder how big of an award the jury will give the family of an employee who didn't know that sending a duress signal would result in flashy lights and loud sirens.

Good article. I always ask my clients if they want to "be" secure, or "feel" secure? They are two totally different things. It is interesting to look at how other professionals outside of our industry look at our systems. Greg Ellifritz from Active Response Training wrote an Article on the same incident and stated:

1) Don’t depend on passive security measures to keep you safe. The doors to the magazine’s office were locked. That didn’t matter to the terrorists. They just waited for an employee, held her hostage and told her they would kill her unless she let them in. From the Daily Mail:

“‘I had gone to pick up my daughter at day care, arriving in front of the magazine building, where two masked and armed men brutally threatened us,’ said Ms Rey….’They said they wanted to go up to the offices, so I tapped in the code,’ said Ms Rey, referring to the digi-code security system on the inter-phone.”

What would you do in that situation? I bet most of you would let the terrorists inside in order to prevent them from killing you and your child. Just like locked doors did not stop the killer at Sandy Hook Elementary (he shot a hole through a window and entered), locked doors didn’t stop the attack here. All locations can be penetrated by criminals if they are properly motivated. Don’t think you are safe because you live or work in a “secure” building.

As you mention, the key is to slow down the attackers but relying on people to enter duress codes or switch biometric fingers is something that I don't think will be remembered when there is a gun held to their head. Of course everyone thinks that people will rise to a situation, but I don't find that to be true based on my own experiences.

I don't know what the actual answer is, but I feel that it is very hard to stop a determined attacker with common, affordable security measures. Certainly with large budgets and operation constraints it can be achieved, but your typical magazine office is not that place.

Dynamic compartmentalization is an option worth considering although collateral damage is part of the equation that must be addressed in the security plan. The Navy pioneered this with Z door fitings that limit the damage to a ship with a torpedo attack. Sacrifice a compartment and the people in it to save the ship. I used this design principle at a major airport in 2005. Functional use of video, access control, TSA control and movable physical barriers. It has worked for 9 years enabling facility functionality, security and practical/tactical measures.

Dear Brian,

I just read your article now but you can't imagine how many time I have been asking myself about this. I am French so I was (and still am) super concerned by this Charly attack.

Also working at Suprema and I know a bit about Duress (thank you for the BioStation image BTW).

Duress code with a keypad is always a problem because you have to remember the second alternative code (that you don't use that often..). When it goes to fingerprint duress, it is getting quite easy.

1 -In normal time you use the right hand index.

2- In time of trouble, you use the left hand index (duress example). That's easy to remember however I don't know how many of us would have the intelligence to use the duress under the pression of a gun. On this I agree with Duane and employees training (with regular exericises) is the key success factor.

As Brian said, there was already alerts at Charly Hebdo and there was a 100% time guard with Gun in the facility. I think he was the first one gunshooted. This guard had a phone and could have been alerted prior to attack. 30s could have been enough.

When a Duress finger is presented, the system basically send a "Silent Alarm". This is an access control event sent to the control tower in real time but it can also be an email sent to a list of designated people. It can also be a SMS sent to mobilephone, if integrated.

(here is the configuration: https://www.supremainc.com/en/node/554)

It does not make any alarm or red signal at the door. The duress employee is entering the facilty like if nothing special had happened.

Since this event and still now, I wonder why this has not been implemented ... but I have some incomplete answers:

- Duress with code has the inconvenient described above (you forget the PIN)

- Duress with Fingerprint. First, fingerprints systems are highly controlled in France (CNIL). French people are reluctant to use Fingerprint technology. So I don't think that the Charlies would have accepted using such "evil" techno even for their own life security. Second, having a fingerprint device in Paris would raise people attention. Because you don't have any of these in the streets. Charly Hebdo office address was supposed to be confidential so the less external signs you give the better.

- When someone want to kill you and has determination, he will find a way. But that does not mean we shall not protect ourselves with simple means. Think about it.

I would be very interrested to know what ACS and CCTV Charly was using at the time of the attack. If someone has information, please contact me by PM.

Thank you,

Baud

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Access Control

Directory of Video Intercoms on Nov 13, 2018
Video Intercoms, also known as Video Door-Phones or Video Entry Systems, have been growing in the past decade as more and more IP camera...
Beware Amazon Go Store Hype (Tested) on Nov 13, 2018
IPVM's trip to and testing of Amazon Go's San Francisco store shows a number of significant operational and economic issues that undermine the...
Axis 2N Intercom Tested on Nov 08, 2018
Axis expanded its video intercom business buying Czech-based 2N in 2016. Despite competing against owner Axis' intercoms, 2N recently registered as...
Haven Targets School Security with Lockdown Lineup on Nov 08, 2018
Haven, a US startup founded in 2014 as a residential-focused company, has now raised funding and is offering a lineup of commercial grade locks for...
Directory Of Video Doorbells on Nov 06, 2018
Video doorbells are one of the fastest growing categories in video surveillance, especially among residences. The optimal placement of these...
HID: Stop Selling Cracked 125 kHz Credentials on Nov 05, 2018
HID should stop selling cracked 125 kHz access control credentials, that have been long cracked and can easily be copied by cheap cloners sold on...
Worst Products on Nov 03, 2018
Security integrators periodically report on their favorite and worst products to IPVM. These are known integrators who IPVM pays to answer surveys....
Solar-Powered, Smart-Phone-Based Access Kit (VIZPin) Examined on Nov 02, 2018
Cloud-based access control company VIZPin is releasing a solar-powered and smart phone based access control system for gates and other remote...
Building Occupancy Codes and Access Control Tutorial on Nov 01, 2018
A building or room's classification can greatly impact which building codes must be followed. In terms of access control, these 'occupancy codes'...
Resideo IPOs, Then Plunges on Oct 31, 2018
ADI and Honeywell Homes management have been touting their spinout and IPO for months, including appearing on Wall Street as they widely shared on...

Most Recent Industry Reports

'Sticker' Surveillance Camera Developed (CSEM Witness) on Nov 16, 2018
The Swiss Center for Electronics and Microtechnology (CSEM) has announced what it calls the: world’s first fully autonomous camera that can be...
ISC East 2018 Mini-Show Final Report on Nov 16, 2018
This is our second (updated) and final show report from ISC East. ISC East, by its own admission, is not a national or international show, billed...
Facial Detection Tested on Nov 16, 2018
Facial detection and recognition are increasingly offered by video surveillance manufacturers. Facial detection detects faces in an image/video...
Throughtek P2P/Cloud Solution Profile on Nov 15, 2018
Many IoT manufacturers either do not have the capabilities or the interest to develop their own cloud management software for their devices....
ASIS Offering Custom Research For Manufacturers on Nov 15, 2018
Manufacturers often want to know what industry people think about trends and, in particular, the segments and product they offer.  ASIS and its...
Hikvision Silent on "Bad Architectural Practices" Cybersecurity Report on Nov 14, 2018
A 'significant vulnerability was found in Hikvision cameras' by VDOO, a startup cybersecurity specialist. Hikvision has fixed the specific...
French Government Threatens School with $1.7M Fine For “Excessive Video Surveillance” on Nov 14, 2018
The French government has notified a high-profile Paris coding academy that it risks a fine of up to 1.5 million euros (about $1.7m) if it...
Integrator Credit Card Alternative Divvy on Nov 13, 2018
Most security integrators are small businesses but large enough that they have various employees that need to be able to expense various charges as...
Directory of Video Intercoms on Nov 13, 2018
Video Intercoms, also known as Video Door-Phones or Video Entry Systems, have been growing in the past decade as more and more IP camera...
Beware Amazon Go Store Hype (Tested) on Nov 13, 2018
IPVM's trip to and testing of Amazon Go's San Francisco store shows a number of significant operational and economic issues that undermine the...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact