Security Breach Case Study: A Literal Key to NY City

Published Oct 05, 2012 00:00 AM
PUBLIC - This article does not require an IPVM subscription. Feel free to share.

How much would it take to bring a city to it's knees? How about $150? It sounds impossible, but that is exactly what has happened in NYC. A major security vulnerability has been exposed with a simple set of keys - a "fireman's key ring" - illegally sold to a newspaper. In this note, we peek into the security firestorm, the backstory, the costs involved to recover from improperly managed 'master' keys, and discuss how to prevent similar events in the future.

The Story

In a scandalous story [link no longer available] appearing in several publications, a retired locksmith (allegedly) elected to sell a set of master keys typically carried by NYFD on an online auction. This particular set of keys is very powerful, due to the ability to 'universally' open or control the features common to NYC skyscrapers with the following keys:

  • Elevator Control Fireman Key: Lift systems are required by code to be recalled to the ground floor and 'locked out' of service by firemen during a fire event. This prevents building occupants from becoming trapped inside cars, or potentially waiting too long for a car when they should be evacuating.
  • Subway Gate Access Key: Rolling grilles are used to control access to vulnerable areas of NYC's Subway System, and one of master keys opened these gates.
  • Circuit Breaker Cabinet/Closet: Locks securing electrical utility share a common key for quick access by fireman during firefighting efforts.
  • Construction Site Lockboxes: Similar to 'Knoxboxes', several keys on the ring reportedly opened the keycabinets holding all keys for entire construction projects (1 World Trade Center was cited.)

The end result of this particular key ring being sold in the 'grey market' is that vast portions of NYC's most vulnerable areas can be entered without authorization by unknown keyholders - including potential terrorists, vandals, and criminals [link no longer available].

While no charges have yet been filed in the event, selling city property is a crime, and the public outcry has been swift and strong - many are calling for the compromised locks to be repinned immediately.

The Cost

Even conservative estimates place the cost of this event in tens of thousands, potentially up to hundreds of thousands of dollars.

Assuming that a single 'master key' could open 1000 potential locks throughout the city, losing a ring of 5 keys can easily effect 5000 individual locks. Assuming that the average cost of repinning a single lock is $10-$15, just the effort of changing over the locks alone could measure $50,000 - $75,000. This estimate does not consider the additional cost of recutting keys, purchasing (in some cases, rare) keyblanks, and the overall logistical labor required to administer and perform the work.

Solving The Problem

Among the number of mistakes and errors detailed in the story, the biggest failure is proper Key Control. As we previously discussed in our "Are You Neglecting Key Control?" report, this most inglorious aspect of security management is also one of the most critical.

While no indication of a key management system is given by the various reports, several of the key numbers have been tied to individual positions or keyholders. Regardless of the details of the particular system in place, the circumstance where a newspaper is able to buy a set of master keys simply would not be possible if basic key management was in place.

Given standard issuance policy, when a specific key (especially a 'master' key) is lost it should be immediately reported, or at least discovered to be missing during routine scheduled audits. At the point a key is missing, controlled and preventive action can be taken to recover the key or repin/modify affected locks, rather than a sensationalized 'knee-jerk' reaction fueled by fear.