Charlie Hebdo Forced Entrance and Access Control Measures

Author: Brian Rhodes, Published on Feb 09, 2015

Electronic Access Control usually reassures people they are safe, but a recent tragedy in France reveals a big flaw.

During the massacre at Charlie Hebdo, gunmen forced a hostage to use credentials to open a door. Once inside, they murdered 10 people. Armed Responders only arrived in force at the scene more than 30 minutes after the killers fled.

In this note, we examine two options - duress credentials and physical layering to strength access control for such risks.

********** ****** ******* ******* ********* ****** **** *** ****, *** a ****** ******* ** ****** ******* * *** ****.

****** *** ******** ** ******* *****, ****** ****** * ******* to *** *********** ** **** * ****. **** ******, **** murdered ** ******. ***** ********** **** ******* ** ***** ** the ********* **** ** ************ *** ******* ****.

** **** ****, ** ******* *** ******* - ****** *********** and ******** ******** ** ******** ****** ******* *** **** *****.

[***************]

The *****

*********, ****** ******* *** **** ****** ******** ******* ******* ******* ******* *********** ******** ** ***** *** ******* ****** ***** ** **** ******.

The *************

******** ** ******* ***** *** *** * ****** ******, *** the *********** ****** ** ******** *********** ***** ***** ******** ******. *** ******** *** * ********* ****** ******* ****** *** a ********** ******** **** ********* ** * ******. ****** **** shooting ***** *** **** *** ********, *** ****** ******* ** employee ** ** ****** *** ****** *** ** **** *** main ******** ** ********. **** *****, **** *** ******** ****** to *** ******.

****** ******* **** ***** **** *********** *** ********* *** ****** to ** *******. ** **** ****, ** ******** *** *** child **** ******* **** ***** ** ****** ***********.

** **********, *** ******** ** '**** ***** ** **** ***********?' is ***** ** ****, ********** ** ***** ******* ** * similar ****** ****** ** **** ******* *** **** ****.

What *** ** ****?

*************, ********* ****** **** *******, *** ****** ******* ** *** existing ****** ***** **** ** *** **** ***** ******** *** gunmen *** *********** ******* *** ****. **** ******** ** ******* that ***** **** **** * **********:

****** ***********: ** *** **** ** ******* * ******* ** **** doors, ** ******** ******* *** ****** ** ********* ***********, *** even ******* ** ******* *** ******** *** ** ****. ** the ***** *********, ** ******* ** **** ************ *** **** to *********. *** ****** ****** ** ****** *** **** ********* readers ** * ******* **** ** * ******* **** ** entered (**: *** ********'* *** ** ******* *****) ** ** an ******** *********** ** **** (**: *** ****-**** ***** ****** than *** *****-**** *****), *** **** ****** ****** *** ***** a ******* ********* *** ****** *** ****** ** *** ****** through **** ************ ** **** ** ****** **********.

**** ****** ** ********* ****** ** **** ****** ** '******' or '*****' *************:

******** ******:******* *** ** ****** **** ** ** **** **** **** one ********** ******* ** ********* ******. ****** ******* *************************, *********** *** ******* ******** ******** (**: ***** *****, ********, office *****) **** ********** ******* ****** *** **** ****** ** unprotected ***** *** ******** ********* ********** **** ** ********* *******.

***** ***** ** ********: ******* *** *** ******** ******** *** ********* ** ** avoid ********* *** **** ********** ** *** ******* **** ******. Rather **** '***** *** *******' *** *** ************ ** * heinous ***, *** ****** ** *** ** ******** *** **** protection ***** ******* ** ****-**** ******** *******. **** * ****** access ****** *** *** ****** ** ******** *** ***** *** Charlie *****, *** *** ***** ****** *** ******** ******** *** risk ********** ******** *** ** ******** ********** ************ ** ******* and ******** *****.

Comments (5)

Great article it gives sharp relief on a feature of the EAS systems we promote and install that we are not even talking about enough. As I move away from project management toward sales I will be thinking about this story when discussing EAS requirements with clients and prospective clients.

Any duress setting that sets off an obvious reaction will be hard on the person sending the duress signal. Possibly leading to recluctance to setting off the duress signal. Therefore, duress settings should be as unobtrusive as possible.

Has anyone ever tried a series of mantraps with timers? A duress setting could lead to mantraps taking longer and longer to open, slowing down the adversary without being obvious about it. If all your doors can talk to each other, entering a duress setting should cause the first door to open after two seconds, the second door after three seconds, and so forth.

And, of course, there's the problem of sending notification without alerting the adversary that a notification is being sent.

I wonder how big of an award the jury will give the family of an employee who didn't know that sending a duress signal would result in flashy lights and loud sirens.

Good article. I always ask my clients if they want to "be" secure, or "feel" secure? They are two totally different things. It is interesting to look at how other professionals outside of our industry look at our systems. Greg Ellifritz from Active Response Training wrote an Article on the same incident and stated:

1) Don’t depend on passive security measures to keep you safe. The doors to the magazine’s office were locked. That didn’t matter to the terrorists. They just waited for an employee, held her hostage and told her they would kill her unless she let them in. From the Daily Mail:

“‘I had gone to pick up my daughter at day care, arriving in front of the magazine building, where two masked and armed men brutally threatened us,’ said Ms Rey….’They said they wanted to go up to the offices, so I tapped in the code,’ said Ms Rey, referring to the digi-code security system on the inter-phone.”

What would you do in that situation? I bet most of you would let the terrorists inside in order to prevent them from killing you and your child. Just like locked doors did not stop the killer at Sandy Hook Elementary (he shot a hole through a window and entered), locked doors didn’t stop the attack here. All locations can be penetrated by criminals if they are properly motivated. Don’t think you are safe because you live or work in a “secure” building.

As you mention, the key is to slow down the attackers but relying on people to enter duress codes or switch biometric fingers is something that I don't think will be remembered when there is a gun held to their head. Of course everyone thinks that people will rise to a situation, but I don't find that to be true based on my own experiences.

I don't know what the actual answer is, but I feel that it is very hard to stop a determined attacker with common, affordable security measures. Certainly with large budgets and operation constraints it can be achieved, but your typical magazine office is not that place.

Dynamic compartmentalization is an option worth considering although collateral damage is part of the equation that must be addressed in the security plan. The Navy pioneered this with Z door fitings that limit the damage to a ship with a torpedo attack. Sacrifice a compartment and the people in it to save the ship. I used this design principle at a major airport in 2005. Functional use of video, access control, TSA control and movable physical barriers. It has worked for 9 years enabling facility functionality, security and practical/tactical measures.

Dear Brian,

I just read your article now but you can't imagine how many time I have been asking myself about this. I am French so I was (and still am) super concerned by this Charly attack.

Also working at Suprema and I know a bit about Duress (thank you for the BioStation image BTW).

Duress code with a keypad is always a problem because you have to remember the second alternative code (that you don't use that often..). When it goes to fingerprint duress, it is getting quite easy.

1 -In normal time you use the right hand index.

2- In time of trouble, you use the left hand index (duress example). That's easy to remember however I don't know how many of us would have the intelligence to use the duress under the pression of a gun. On this I agree with Duane and employees training (with regular exericises) is the key success factor.

As Brian said, there was already alerts at Charly Hebdo and there was a 100% time guard with Gun in the facility. I think he was the first one gunshooted. This guard had a phone and could have been alerted prior to attack. 30s could have been enough.

When a Duress finger is presented, the system basically send a "Silent Alarm". This is an access control event sent to the control tower in real time but it can also be an email sent to a list of designated people. It can also be a SMS sent to mobilephone, if integrated.

(here is the configuration: https://www.supremainc.com/en/node/554)

It does not make any alarm or red signal at the door. The duress employee is entering the facilty like if nothing special had happened.

Since this event and still now, I wonder why this has not been implemented ... but I have some incomplete answers:

- Duress with code has the inconvenient described above (you forget the PIN)

- Duress with Fingerprint. First, fingerprints systems are highly controlled in France (CNIL). French people are reluctant to use Fingerprint technology. So I don't think that the Charlies would have accepted using such "evil" techno even for their own life security. Second, having a fingerprint device in Paris would raise people attention. Because you don't have any of these in the streets. Charly Hebdo office address was supposed to be confidential so the less external signs you give the better.

- When someone want to kill you and has determination, he will find a way. But that does not mean we shall not protect ourselves with simple means. Think about it.

I would be very interrested to know what ACS and CCTV Charly was using at the time of the attack. If someone has information, please contact me by PM.

Thank you,

Baud

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Access Control

UTC, Owner of Lenel, Acquires S2 on Sep 20, 2018
UTC now owns two of the biggest access control providers, one of integrator's most hated access control platforms, Lenel, and one of their...
Favorite Request-to-Exit (RTE) Manufacturers 2018 on Sep 19, 2018
Request To Exit devices like motion sensors and lock releasing push-buttons are a part of almost every access install, but who makes the equipment...
Door Fundamentals For Access Control Guide on Sep 12, 2018
Assuming every door can be secured with either a maglock or an electric strike can be a painful assumption in the field. While those items can be...
Access Control Course Fall 2018 on Sep 06, 2018
Registration IS CLOSED ends this Thursday. Register now. If you are looking to strengthen your ability to design and deploy access systems or...
Drain Wire For Access Control Reader Tutorial on Sep 04, 2018
An easy-to-miss cabling specification plays a key role in access control, yet it is commonly ignored. The drain wire offers protection for readers...
Directory Of 110+ Video Management Software (VMS) Suppliers on Aug 30, 2018
This directory provides a list of Video Management Software providers to help you see and research what options are available. Listing...
Exit Devices For Access Control Tutorial on Aug 28, 2018
Exit Devices, also called 'Panic Bars' or 'Crash Bars' are required by safety codes the world over, and become integral parts of electronic access...
Assa Aperio Wireless Access Reader R100 Tested on Aug 23, 2018
Wireless access control is frequently promoted by manufacturers as a way to cut installation costs. Perhaps the biggest proponent of this is mega...
Synology Surveillance Station VMS Tested on Aug 22, 2018
With so many low-cost NVRs and enterprise VMSes, is there any place in the market for NAS-based VMSes? Recently, IPVM bought a Synology NAS for...
Backup Power For Maglocks Guide on Aug 20, 2018
When the main power fails, many believe maglocks must leave doors unlocked. However, battery backed up maglocks are allowed according to IBC /...

Most Recent Industry Reports

Alexa Guard Expands Amazon's Security Offerings, Boosts ADT's Stock on Sep 21, 2018
Amazon is expanding their security offerings yet again, this time with Alexa Guard that delivers security audio analytics and a virtual "Fake...
UTC, Owner of Lenel, Acquires S2 on Sep 20, 2018
UTC now owns two of the biggest access control providers, one of integrator's most hated access control platforms, Lenel, and one of their...
BluePoint Aims To Bring Life-Safety Mind-Set To Police Pull Stations on Sep 20, 2018
Fire alarm pull stations are commonplace but police ones are not. A self-funded startup, BluePoint Alert Solutions is aiming to make police pull...
SIA Plays Dumb On OEMs And Hikua Ban on Sep 20, 2018
OEMs widely pretend to be 'manufacturers', deceiving their customers and putting them at risk for cybersecurity attacks and, soon, violation of US...
Axis Vs. Hikvision IR PTZ Shootout on Sep 20, 2018
Hikvision has their high-end dual-sensor DarkfighterX. Axis has their high-end concealed IR Q6125-LE. Which is better? We bought both and tested...
Avigilon Announces AI-Powered H5 Camera Development on Sep 19, 2018
Avigilon will be showcasing "next-generation AI" at next week's ASIS GSX. In an atypical move, the company is not actually releasing these...
Favorite Request-to-Exit (RTE) Manufacturers 2018 on Sep 19, 2018
Request To Exit devices like motion sensors and lock releasing push-buttons are a part of almost every access install, but who makes the equipment...
25% China Tariffs Finalized For 2019, 10% Start Now, Includes Select Video Surveillance on Sep 18, 2018
A surprise move: In July, when the most recent tariff round was first announced, the tariffs were only scheduled for 10%. However, now, the US...
Central Stations Face Off Against NFPA On Fire Monitoring on Sep 18, 2018
Central stations are facing off against the NFPA over what they call anti-competitive language in NFPA 72, the standard that covers fire alarms....
Hikvision USA Starts Layoffs on Sep 18, 2018
Hikvision USA has started layoffs, just weeks after the US government ban was passed into law. Inside this note, we examine: The important...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact