Tag: security

  • Prison Breaks as Reverse Heists: The Engineering of Escape

    A heist defeats a security system to remove something valuable from a controlled space. A prison break defeats a security system to remove something valuable from a controlled space. The engineering is the same — tunneling, tool fabrication, timing security rotations, exploiting human vulnerabilities in the guard staff, coordinating a team under surveillance, and executing during a narrow window before the breach is discovered. The only difference is the direction. In a heist, you go in and take something out. In a prison break, you are the thing being taken out. The constraint analysis is identical, the failure modes are identical, and the reason most prison breaks collapse — like most heists — is that the escape itself works but the aftermath doesn’t.

    Tunneling: the shared engineering

    El Chapo Guzmán’s 2015 escape from Mexico’s Altiplano maximum-security prison was, by any engineering standard, a construction project. His associates spent over a year building a mile-long tunnel from a house outside the prison walls to a 20-by-20-inch opening in the shower floor of his cell — a location in a camera blind spot. The tunnel was five feet seven inches tall, ventilated, lit, and equipped with a modified motorcycle on rails that was used to transport excavated dirt and construction tools. The cost was estimated at over $1 million. Guzmán stepped into his shower, dropped through the hole, rode the motorcycle through a mile of underground passage, and emerged in a building his cartel had purchased for the purpose. He was free for six months before Mexican marines recaptured him in Sinaloa.

    The engineering parallels to the 2005 Banco Central heist in Fortaleza, Brazil — where a 25-member gang dug a 256-foot tunnel from a fake landscaping business into a bank vault — are structural, not cosmetic. Both operations required months of excavation conducted in secrecy. Both required a cover property (a house, a fake business) to justify activity near the target. Both required disposal of enormous volumes of excavated material without attracting attention. Both required ventilation, lighting, and structural reinforcement to prevent collapse. The difference: the Banco Central crew tunneled in to take $71.6 million. Guzmán’s crew tunneled in to take Guzmán. Same discipline, same timeline, same logistics.

    The Alcatraz escape of June 1962 — Frank Morris and brothers John and Clarence Anglin — used the same principle at a smaller scale and with prison-available materials. Over months, they used sharpened spoons and a homemade electric drill fashioned from a vacuum cleaner motor to widen the ventilation ducts behind their cells, accessing an unguarded utility corridor. They fabricated dummy heads from plaster, flesh-tone paint, and real human hair harvested from the barbershop and placed them in their beds to fool the guards conducting night checks. They built a raft and life vests from over 50 raincoats, bonded with contact cement stolen from the prison’s glue shop. On the night of June 11, they climbed to the roof, descended to the shore, inflated the raft, and paddled into San Francisco Bay. They were never found. The FBI concluded they likely drowned; subsequent hydrodynamic simulations suggest it was possible — though not certain — that the currents could have carried them to shore.

    The Alcatraz escape is the purest form of the prison break as engineering problem. No bribed guards. No cartel money. No outside construction team. Three men with spoons, stolen raincoats, plaster, and paint, working for months inside the most secure prison in the United States, fabricating every component of their escape from materials available within the facility. The constraints were absolute: no access to power tools, no external supply chain, no communication with anyone outside the walls. Every heist crew wishes its operational security was that airtight — Morris and the Anglins had it imposed on them by the prison itself.

    The human element: same vulnerability, different label

    The Dannemora escape from Clinton Correctional Facility in June 2015 — the first breakout in the prison’s 170-year history — ran on the same human vulnerability that drives inside-job heists. Convicted killers David Sweat and Richard Matt didn’t defeat the prison’s physical security through engineering alone. They seduced Joyce Mitchell, a civilian employee who supervised the prison’s tailor shop. Mitchell smuggled hacksaw blades, chisels, and other cutting tools into the facility by hiding them inside frozen hamburger meat, which was then delivered to the inmates by guards who didn’t inspect the packages closely enough. Mitchell had sexual relationships with both men. She was supposed to be the getaway driver.

    The analytical frame is identical to the inside-job heist: the security system’s weakest point is the human being it has to trust. Mitchell wasn’t a guard — she was a civilian employee with access to the interior. She wasn’t coerced at gunpoint like the Northern Bank officials in Belfast. She was manipulated emotionally, over months, by two men whose operational objective was her access to the supply chain. Sweat used the smuggled tools to cut through the steel wall of his cell, carve into a large pipe, and navigate a labyrinth of tunnels to a manhole outside the prison walls. The physical engineering was sophisticated. The human engineering was the prerequisite.

    Their expected ride — Mitchell — never showed up. She lost her nerve. Sweat and Matt emerged from the manhole into Dannemora, New York, with no vehicle, no plan B, and a note left in their cells that read “Have a nice day.” After 20 days on the run, Matt was shot dead by police. Sweat was captured two days later. The escape worked. The aftermath didn’t. The pattern holds.

    Pascal Payet, a French convicted murderer, solved the human-element problem by going vertical. In 2001, he arranged for associates to land a helicopter on the roof of his prison and fly him out. In 2003, while still a fugitive, he went back to the same prison by helicopter and extracted three more inmates. He was caught, imprisoned again, and in 2007 escaped a third time — from a different prison — again by helicopter, this one hijacked by four men in Cannes. He was recaptured in Barcelona. Three helicopter escapes from three different prisons. The engineering is minimal. The audacity is maximal. And the vulnerability Payet exploited was that French prisons, despite being designed to prevent tunneling, wall-climbing, and gate-crashing, had no anti-aircraft countermeasures. Nobody planned for a helicopter because nobody imagined a helicopter. The same category error that makes heists work — the security designer didn’t anticipate the actual attack vector — makes prison breaks work.

    The Great Escape: when the military does it

    The most famous prison break in history is also the most operationally instructive. In March 1944, 76 Allied prisoners of war escaped from Stalag Luft III, a German POW camp, through a tunnel codenamed “Harry” — one of three tunnels dug over 15 months using improvised tools made from bed boards and spoons. The tunnel was 350 feet long and nearly 30 feet underground, shored with bed-board lumber, ventilated by a hand-pumped air system, and lit with electric lamps tapped from the camp’s power grid. Over 200 prisoners contributed to the operation, which required not just tunnel construction but the fabrication of civilian clothing, forged identity documents, and escape maps — an entire logistics infrastructure built inside a POW camp.

    Only three men made it to safety. Seventy-three were recaptured. Fifty were executed on Hitler’s orders. The escape was a tactical success — 76 men got through the tunnel — and a strategic catastrophe. But the engineering itself is a graduate seminar in constrained manufacturing: how to build a ventilated, lit, reinforced tunnel 350 feet long using materials available inside a prison, without power tools, under constant surveillance, over a year and a half.

    Why prison breaks, like heists, fail in the aftermath

    The Dannemora escape is the diagnostic case. Sweat and Matt got out. The physical escape was successful. They had no vehicle, no cash reserves, no false identities, and no extraction network. They wandered through upstate New York for three weeks, increasingly desperate, until both were shot. The escape was a closed system the inmates controlled. The aftermath was an open system they didn’t.

    El Chapo — a billionaire cartel leader with a global logistics network — is the exception that proves the rule. He had a motorcycle in his tunnel, a house waiting at the exit, cartel infrastructure to move him across Mexico, and enough corruption in the state apparatus to buy six months of freedom. He had an extraction network because he had a narcotics empire. The Dannemora men had hacksaw blades hidden in hamburger meat and a getaway driver who lost her nerve.

    The parallel to heist failures is exact. The Hatton Garden crew — the “diamond wheezers,” average age 63 — drilled through a vault wall and stole £14 million in jewels and cash. They were caught because they drove their own cars to the heist (captured on license plate readers), used their personal cell phones (tower pings placed them at the scene), and were filmed by cameras they didn’t know existed. The Dunbar Armored crew was caught because one man paid a broker with cash still in the original currency straps. In every case, the operation itself succeeded. The operational security after the operation collapsed.

    Prison breaks and heists share the same structural irony: the part that requires the most engineering — getting in or getting out — is the part that usually works. The part that requires the least engineering — not getting caught afterward — is the part that almost always fails. The tunnel is a solvable problem. Being a fugitive is not.

    We cover prison breaks alongside inside jobs, the Gardner Museum heist, and the full architecture of the greatest thefts and escapes in history across our Greatest Heists course — including why the most meticulously engineered escapes in history keep ending the same way the most meticulously engineered heists do: with someone using their personal cell phone.

  • Inside Jobs: Why the Biggest Thefts in History Were Committed by the People Hired to Prevent Them

    Allen Pace III worked as a regional safety inspector for Dunbar Armored in Los Angeles. His job was to ensure the security of the company’s armored car depot — the facility where cash was stored, sorted, and loaded for transport. While performing that job, he photographed the floor plans, mapped the camera positions, timed the security rotations, identified which bags contained the highest denominations of non-sequential bills, and noted that on Friday nights the vault was left open to accommodate the volume of cash being moved. On September 12, 1997, he used his keys to let five childhood friends into the building. They ambushed the guards during their 12:30 a.m. lunch breaks, duct-taped them before anyone triggered an alarm, loaded $18.9 million into a U-Haul in 30 minutes, and removed the security camera recordings on the way out. Police immediately suspected an inside job. They looked at Pace — who had been fired the day before for tampering with company vehicles — but found nothing. The case cracked two years later when one of the crew paid a real estate broker with cash still bound in the original Dunbar currency straps.

    Pace didn’t defeat the security system. He was the security system. And that’s the pattern that connects the largest thefts in modern history: the person with the most access is the person with the most opportunity, and no vault, alarm, or camera network can protect against the individual whose job description includes knowing exactly how those protections work.

    The armored car problem

    The armored car industry has been hit by inside jobs so consistently that the pattern qualifies as a structural vulnerability rather than a series of coincidences.

    In March 1997 — six months before the Dunbar job — Loomis Fargo driver Philip Noel Johnson turned his company-issued firearm on his coworkers in Jacksonville, Florida, handcuffed them, and drove off with $18.8 million after a ten-year career with the company and several failed applications to police departments. He fled to Mexico. He was caught trying to cross the U.S. border with multiple passports and $11,000 in cash. In December 1982, Sentry Armoured Car guard Christos Potamitis in the Bronx planned a robbery in which his associate George Legakis and a crew broke in through the wooden roof, and Potamitis allowed himself to be “surprised” at gunpoint and handcuffed — a staged victimization that was supposed to deflect suspicion. They stole $11 million. In 1993, a Loomis armored car driver in Las Vegas simply left during his shift with $2.9 million in ATM funds from several casinos, disappeared, and was never found.

    The economics are consistent: armored car employees have direct physical access to large volumes of cash, detailed knowledge of security protocols and timing, legitimate reasons to be present at every point in the custody chain, and compensation that is orders of magnitude below the value of the assets they handle. The average armored car guard earns roughly $35,000 to $45,000 per year. The vault they access nightly contains millions. The gap between the employee’s economic position and the value they’re entrusted with is the gap through which every one of these jobs passes.

    The bank guard pattern

    The same dynamic scales to every institution that stores high-value assets and requires human beings to guard them.

    Anthony Black was a security guard at the Brink’s-Mat warehouse at London’s Heathrow Airport. On the morning of November 26, 1983, he let a crew of robbers into the facility. They tied up the other guards. The crew had expected to find cash. What they found instead was three tons of gold bullion, diamonds, and cash worth £26 million — roughly $41 million. Black’s insider access was the entire plan: the robbers didn’t need to defeat the locks, the alarms, or the perimeter security because the man responsible for monitoring them opened the door. The case created a money-laundering infrastructure across London that arguably persists in some form decades later, because fencing three tons of gold requires a financial network that doesn’t dismantle itself when the heat dies down.

    In Baghdad in 2007, three guards at the Dar es Salaam Investment Bank walked out of the facility overnight with $282 million. Bank employees discovered the theft when they arrived the next morning to find the front door open and the guards — who typically slept at the bank — gone along with the money. The guards had both the access and the time: the bank’s security model relied on the same people to protect the assets and to be present after hours, which meant the guards were the only human element in the entire security chain during the hours when theft was most feasible.

    In Belfast in 2004, armed men posing as police officers took the families of two Northern Bank officials hostage, then instructed the officials to go to work the next morning as if nothing had happened. At the end of the business day, the officials let the crew into the vaults. The haul was £26.5 million. The operation didn’t need to defeat any security technology. It needed to coerce two people who had legitimate vault access — turning the bank’s own authorization hierarchy into the attack vector.

    Why this keeps working

    Every security system has to solve the same fundamental problem: someone has to be trusted. A vault requires a person with the combination. An alarm requires a person who can arm and disarm it. A camera network requires a person who monitors it. A cash facility requires a person who handles the cash. At every point in the chain, there is a human being whose job description includes the ability to circumvent the security measures — because the security measures were designed to be operated by that person.

    This is the insider threat as a systems design problem. The security system protects the asset from outsiders. The insider is not an outsider. The security system, by definition, does not protect against the people it was designed to serve. Pace had keys. Black had the alarm codes. Potamitis had the schedule. Johnson had the truck. The Baghdad guards had the building to themselves. Each of these individuals exploited exactly the access their employer gave them, used exactly the knowledge their training provided, and operated within exactly the window their work schedule created.

    The countermeasures are well-known: dual-person integrity (two people must be present for any high-value access), separation of duties (the person who arms the alarm isn’t the person who opens the vault), background checks, financial monitoring of employees with asset access, rotation of duties to prevent any single person from mapping the full system, and surveillance of the surveyors — cameras that watch the people watching the cameras. The Securitas depot robbery in Kent in 2006, where a crew kidnapped the branch manager and his family to coerce vault access, demonstrated that even dual-person controls can be defeated through coercion rather than collusion.

    The honest assessment is that no security architecture eliminates the insider threat. It can only raise the cost, complexity, and risk of exploiting insider access. Every countermeasure introduces friction into normal operations — the same friction that makes the system secure makes it slower, more expensive, and more dependent on compliance with protocols that employees find tedious. The gap between the security system’s design and the security system’s daily operation is where the insider lives. Pace knew the cameras. He also knew that on Friday nights, the vault stayed open because the volume of cash made closing and reopening it impractical. The operational convenience that made the depot efficient was the same operational convenience that made it vulnerable.

    The modern version

    The inside job hasn’t gone away. It’s migrated. The 2024 Easter Sunday heist in Los Angeles — over $30 million stolen from a GardaWorld cash management facility — bore what a federal source called “the markings of an inside job.” Someone knew how the building was set up, how to terminate the alarms, and how to access the vaults. The investigation is ongoing.

    But the more consequential modern inside jobs don’t involve vaults at all. IT administrators with root access to financial systems, bank employees who sell customer data to fraud rings, cryptocurrency exchange operators who drain their own platforms — the asset being stolen has shifted from physical cash to digital value, but the mechanism is identical: the person trusted with access uses that access to steal. The 2022 collapse of FTX, where founder Sam Bankman-Fried misappropriated billions in customer funds, is structurally the same crime as Anthony Black opening the Brink’s-Mat door — the person entrusted with the assets took them, and the security architecture was designed to give that person access, not to prevent them from using it.

    The inside job is the oldest heist architecture and the most durable one. It survived the transition from physical vaults to electronic systems, from gold bullion to cryptocurrency, from armed guards to multi-factor authentication. The technology changes. The vulnerability doesn’t. Every system that stores value requires a human being with access to that value, and the human being with access is the single point of failure that no technology eliminates.

    We cover inside jobs alongside the Gardner Museum heist, North Korea’s state-sponsored cyber theft, and the full landscape of the greatest thefts in history across our Greatest Heists course — including why the most expensive security systems on earth keep getting defeated by the people they were built to serve.