Allen Pace III worked as a regional safety inspector for Dunbar Armored in Los Angeles. His job was to ensure the security of the company’s armored car depot — the facility where cash was stored, sorted, and loaded for transport. While performing that job, he photographed the floor plans, mapped the camera positions, timed the security rotations, identified which bags contained the highest denominations of non-sequential bills, and noted that on Friday nights the vault was left open to accommodate the volume of cash being moved. On September 12, 1997, he used his keys to let five childhood friends into the building. They ambushed the guards during their 12:30 a.m. lunch breaks, duct-taped them before anyone triggered an alarm, loaded $18.9 million into a U-Haul in 30 minutes, and removed the security camera recordings on the way out. Police immediately suspected an inside job. They looked at Pace — who had been fired the day before for tampering with company vehicles — but found nothing. The case cracked two years later when one of the crew paid a real estate broker with cash still bound in the original Dunbar currency straps.
Pace didn’t defeat the security system. He was the security system. And that’s the pattern that connects the largest thefts in modern history: the person with the most access is the person with the most opportunity, and no vault, alarm, or camera network can protect against the individual whose job description includes knowing exactly how those protections work.
The armored car problem
The armored car industry has been hit by inside jobs so consistently that the pattern qualifies as a structural vulnerability rather than a series of coincidences.
In March 1997 — six months before the Dunbar job — Loomis Fargo driver Philip Noel Johnson turned his company-issued firearm on his coworkers in Jacksonville, Florida, handcuffed them, and drove off with $18.8 million after a ten-year career with the company and several failed applications to police departments. He fled to Mexico. He was caught trying to cross the U.S. border with multiple passports and $11,000 in cash. In December 1982, Sentry Armoured Car guard Christos Potamitis in the Bronx planned a robbery in which his associate George Legakis and a crew broke in through the wooden roof, and Potamitis allowed himself to be “surprised” at gunpoint and handcuffed — a staged victimization that was supposed to deflect suspicion. They stole $11 million. In 1993, a Loomis armored car driver in Las Vegas simply left during his shift with $2.9 million in ATM funds from several casinos, disappeared, and was never found.
The economics are consistent: armored car employees have direct physical access to large volumes of cash, detailed knowledge of security protocols and timing, legitimate reasons to be present at every point in the custody chain, and compensation that is orders of magnitude below the value of the assets they handle. The average armored car guard earns roughly $35,000 to $45,000 per year. The vault they access nightly contains millions. The gap between the employee’s economic position and the value they’re entrusted with is the gap through which every one of these jobs passes.
The bank guard pattern
The same dynamic scales to every institution that stores high-value assets and requires human beings to guard them.
Anthony Black was a security guard at the Brink’s-Mat warehouse at London’s Heathrow Airport. On the morning of November 26, 1983, he let a crew of robbers into the facility. They tied up the other guards. The crew had expected to find cash. What they found instead was three tons of gold bullion, diamonds, and cash worth £26 million — roughly $41 million. Black’s insider access was the entire plan: the robbers didn’t need to defeat the locks, the alarms, or the perimeter security because the man responsible for monitoring them opened the door. The case created a money-laundering infrastructure across London that arguably persists in some form decades later, because fencing three tons of gold requires a financial network that doesn’t dismantle itself when the heat dies down.
In Baghdad in 2007, three guards at the Dar es Salaam Investment Bank walked out of the facility overnight with $282 million. Bank employees discovered the theft when they arrived the next morning to find the front door open and the guards — who typically slept at the bank — gone along with the money. The guards had both the access and the time: the bank’s security model relied on the same people to protect the assets and to be present after hours, which meant the guards were the only human element in the entire security chain during the hours when theft was most feasible.
In Belfast in 2004, armed men posing as police officers took the families of two Northern Bank officials hostage, then instructed the officials to go to work the next morning as if nothing had happened. At the end of the business day, the officials let the crew into the vaults. The haul was £26.5 million. The operation didn’t need to defeat any security technology. It needed to coerce two people who had legitimate vault access — turning the bank’s own authorization hierarchy into the attack vector.
Why this keeps working
Every security system has to solve the same fundamental problem: someone has to be trusted. A vault requires a person with the combination. An alarm requires a person who can arm and disarm it. A camera network requires a person who monitors it. A cash facility requires a person who handles the cash. At every point in the chain, there is a human being whose job description includes the ability to circumvent the security measures — because the security measures were designed to be operated by that person.
This is the insider threat as a systems design problem. The security system protects the asset from outsiders. The insider is not an outsider. The security system, by definition, does not protect against the people it was designed to serve. Pace had keys. Black had the alarm codes. Potamitis had the schedule. Johnson had the truck. The Baghdad guards had the building to themselves. Each of these individuals exploited exactly the access their employer gave them, used exactly the knowledge their training provided, and operated within exactly the window their work schedule created.
The countermeasures are well-known: dual-person integrity (two people must be present for any high-value access), separation of duties (the person who arms the alarm isn’t the person who opens the vault), background checks, financial monitoring of employees with asset access, rotation of duties to prevent any single person from mapping the full system, and surveillance of the surveyors — cameras that watch the people watching the cameras. The Securitas depot robbery in Kent in 2006, where a crew kidnapped the branch manager and his family to coerce vault access, demonstrated that even dual-person controls can be defeated through coercion rather than collusion.
The honest assessment is that no security architecture eliminates the insider threat. It can only raise the cost, complexity, and risk of exploiting insider access. Every countermeasure introduces friction into normal operations — the same friction that makes the system secure makes it slower, more expensive, and more dependent on compliance with protocols that employees find tedious. The gap between the security system’s design and the security system’s daily operation is where the insider lives. Pace knew the cameras. He also knew that on Friday nights, the vault stayed open because the volume of cash made closing and reopening it impractical. The operational convenience that made the depot efficient was the same operational convenience that made it vulnerable.
The modern version
The inside job hasn’t gone away. It’s migrated. The 2024 Easter Sunday heist in Los Angeles — over $30 million stolen from a GardaWorld cash management facility — bore what a federal source called “the markings of an inside job.” Someone knew how the building was set up, how to terminate the alarms, and how to access the vaults. The investigation is ongoing.
But the more consequential modern inside jobs don’t involve vaults at all. IT administrators with root access to financial systems, bank employees who sell customer data to fraud rings, cryptocurrency exchange operators who drain their own platforms — the asset being stolen has shifted from physical cash to digital value, but the mechanism is identical: the person trusted with access uses that access to steal. The 2022 collapse of FTX, where founder Sam Bankman-Fried misappropriated billions in customer funds, is structurally the same crime as Anthony Black opening the Brink’s-Mat door — the person entrusted with the assets took them, and the security architecture was designed to give that person access, not to prevent them from using it.
The inside job is the oldest heist architecture and the most durable one. It survived the transition from physical vaults to electronic systems, from gold bullion to cryptocurrency, from armed guards to multi-factor authentication. The technology changes. The vulnerability doesn’t. Every system that stores value requires a human being with access to that value, and the human being with access is the single point of failure that no technology eliminates.
We cover inside jobs alongside the Gardner Museum heist, North Korea’s state-sponsored cyber theft, and the full landscape of the greatest thefts in history across our Greatest Heists course — including why the most expensive security systems on earth keep getting defeated by the people they were built to serve.