Sloane Risk Group

What would your first reaction be if you heard that your child was in trouble?

Scammers prey on our emotions, they make us rush into action without thinking, leveraging a sense of urgency or making us panic and do something without thinking it through.

We have heard several reports of worried parents falling victim to the latest scam, a text message purportedly from their child stating that they have damaged their phone and asking them to quickly save a new number. This is then followed by an urgent request for money. Parents have transferred up to £1,500 not realising that it is not their child texting them.

How can this be avoided?

Firstly, by understanding the social engineering methodology used by scammers. This typically consists of making you panic, worry and rush.

This can apply to the purchase of items, requests to transfer pension funds and those stating you have won something. Stop and think if you are being pushed into something, are you being asked to provide personal information, click links, or provide money or bank details? Can you confirm the identity of the person contacting you?

Secondly, have a plan. Speak to your family and children and have a password that you would put in a text, email or phone call if you were ever asking for something unusual, and even consider one to use if you were in trouble or under duress.

Avoiding Communication Problems and Hacking

Another good idea is to have a backup method of communication. For instance, if you use WhatsApp as a messaging app and it becomes unworkable, make sure your family and friends have an alternative option such as Signal.

Many scams involve the insertion of malware through phishing links sent via email or SMS. The majority of people put anti-virus software on their computers, forgetting that their phones also contain a wealth of personal information and are just as likely to be targeted. To keep phones secure use trusted anti-virus software, and a VPN, install regular updates and remove apps that are no longer required.

Sloane Risk Group
[email protected]
020 3633 0672
www.sloaneriskgroup.com

Why Security Professionals Should use a Physical Pe*******on Test as a Tool when Creating an ESRM Program

Organisations often fail to appreciate and understand the value that a strategic relationship between their security professionals and stakeholders can bring to the organisation. Asset owners don’t traditionally understand security, they envisage it as the guards who stop known threat actors from walking through the door. Many heads of security feel undervalued, they know where the business weaknesses are and have tried to address them multiple times, only to be knocked back by budget constraints and a lack of understanding.
However, the modern-day security professional is highly skilled and experienced and can help improve the overall business mission by incorporating security practice into everyday business activity.

Enterprise Security Risk Management
In 2019 ASIS, the world’s largest membership organization for security professionals launched the Enterprise Security Risk Management Guideline (ASIS ESRM-2019) defined as “a strategic approach to security management that aligns an organization’s security practices to its overall strategy using globally established and accepted risk management principles”. Its foundation is set on the principle that security risk management is a partnership between the asset or business owner and the organisation's security professionals.

As a security professional, encouraging your business to adopt an ERSM program will holistically benefit the entire organisation and will hopefully be reflected upon you. This can be partially achieved by engaging a professional physical pe*******on testing company that understands ERSM to conduct a physical pe*******on test (PPT) to provide an effective risk analysis of your assets. A well-presented PPT debrief can provide stakeholders with a very realistic and comprehensive report of exactly what vulnerabilities look like. For instance, a presentation to a C-suite showing multiple people literally jumping over speed gates in view of staff members who don’t react has a huge impact when shown visually.

What is a Physical Pe*******on Test?
A physical pe*******on test is effectively ethical burglary. Experienced PPT specialists will use a range of physical entry and social engineering techniques to try and access specific areas of your buildings. The aim is to test the risk to assets by identifying vulnerabilities in procedures, practices, equipment and infrastructure.

To use a PPT to communicate with the C-suite, it is vital to identify the organization's assets and to convey these to the PPT testing organization at the client consultation stage. The PPT will then be created to test the risks that the assets are subject to. These should include both tangible and intangible assets. The consultation stage will provide you with the opportunity to tell the testing team where you feel there are vulnerabilities which should be included in the testing scope and for them to use their experience to suggest ones of which you may not be aware.

A PPT can be subjective, the alignment of security and staff conditions can vary greatly throughout the business day. It is important to allow testers a realistic period of testing to identify the routine and procedures of security, staff, executives, deliveries, and shift changes to gain a comprehensive understanding of where the human and physical vulnerabilities lie. If the findings are going to be used to create a presentation, the testing team will also need the capability and manpower to capture strong high-quality imagery to portray the methodology and findings of the test.

How to identify a professional PPT service

There are many security companies that will offer PPT, however, PPT is not yet regulated, and it is important to choose an organisation that is worthy of your engagement.
Establish the background and experience of the organisation, whether they are sub-contracting the project and the background of the testers that will be used. Whilst many testers will have former government and military experience, they must also have enough commercial security knowledge to understand the principles of ERSM. A varied demographic of testers should be used, women are notoriously more successful at infiltration and social engineering than men as they are often viewed as less suspicious. Don’t be afraid to ask for biographies of testers but remember not to share the information with anyone in your organisation or it could have a negative impact on the test. A testing team should also be able to provide proof of their insurance. Your testing company should understand risk assessment and should have a risk assessment methodology in place to measure the risk found.

How the findings can be used
Once the PPT is completed you will be provided with a detailed report, which will include suggested recommendations to mitigate the identified risks. This can be used to create a presentation delivering the findings to the relevant stakeholders and will form the foundation which will enable you to move to the next stage of ERSM creation, mitigating and prioritising your risks. It may be necessary to improve your organisation's security culture before attempting to gain buy-in for ERSM program development. Security culture change is a slow process involving a lengthy period of continuous improvement to gain maturity but a PPT will certainly provide you with the ammunition to start the conversation.

To find out more about Physical Pe*******on Testing or our other corporate security and counter-espionage services, contact us:

[email protected]
www.sloaneriskgroup.com
020 3633 0672

*******ontesting

Be alert for text message and emails inviting you to apply for the government £400 energy bill support. It is a scam, the money will be paid automatically.

This is a great example of why you should set your phone not to display notifications when locked.

How is a thief taking thousands from London gym-goers? A serial thief is targeting well-off young women across London's gyms. How is she doing it?

Are AirTags a great way to keep your belongings safe, or a dangerous stalking aide?

There have been countless articles written about air tags over the last year, ranging from how they have helped to find lost pets and baggage to the more sinister aspect of them being used as an aide to stalking.

This blog is intended to address the pros v cons of the Apple devices and to draw attention to how you can protect yourself from the threats associated with their misuse.

How do AirTags work?

AirTags do not work on regular GPS, instead, they use a mixture of Bluetooth and ultra-wideband (UWB) technology, which operates via Apple's Find My network.

The devices send out a Bluetooth signal which is conveyed to iCloud by any other Apple devices using the network in its vicinity. If you lose an AirTag in the middle of the countryside you are unlikely to find it, as it does not have an apple phone or laptop nearly to relay its location. In a town centre, or office building they can be extremely accurate.

What are the pros?

Frankly, they look good, they even feel good. They are a smart shiny, sleek little device slightly larger than a 50p coin. They are quick to set up and easy to place in suitcases, on precious items or on pet’s collars. They can be placed in specially made wallets or keyrings and as I found out by accident when sewn inside children’s coats or trainers they can even survive a spin cycle. So far when used legitimately, they are as secure as any other Apple product and are described as fully encrypted.

The most appealing thing to me as an investigator is that they have an amazing battery life, up to a year and they do not require the purchase of any data to operate.

The Cons

However, wearing the hat of a security professional who frequently provides advice to lone female travellers, they are a very efficient way of tracking your movements and discovering quickly where you are or where you live. My team tested one recently during a training exercise in Central London and were able to track our target for over an hour without any of Apple's safety mechanisms activating. This included walking through Hyde Park where people are much more spread out than on a high street.

Other methods of criminality include cases of them being taped under high-end vehicles to assist thieves to later steal them. They have also been mailed to protected addresses and PO Boxes in order to discover confidential locations.

What can we do to protect ourselves from Air tag stalking?

The good news is that Apple has started to increase their countermeasures, a recent Apple firmware update has made a warning tone louder which should emit from the AirTag when it becomes separated from its owner’s phone, making it easier to detect. If an AirTag is following you, you should also receive an alert on your phone (as long as it is an Apple phone), this however is not a fail-safe, as notifications rely on the right settings being selected and the warning sound can take several hours to activate. AirTags have also been discovered with their speakers deactivated.

The following steps will help to prevent you from being a victim of AirTag stalking.

1. Run your updates. You should regularly run updates on all of your devices. This is how vulnerabilities are patched and improvements are implemented. Allow your devices to auto-update so you do not miss important updates.
2. Scan for Bluetooth devices. There are several Bluetooth scanning Apps which can be installed onto Android devices which will detect a rogue AirTag such as AirGuard or Tracker Detect.
3. Listen for the warning. If you notice an unusual chirping noise which seems to move with you, check for an AirTag.
4. Enable safety settings. To receive alerts that you are co-located with a separated AirTag, you need to enable your Bluetooth and location settings, enable significant locations in system settings, turn on the Find My app and enable tracing notifications. It should be noted that enabling Bluetooth to be constantly on can increase your chances of various other hacking techniques.
5. Maintain Security Awareness. As already discussed, it is not always possible to quickly identify that an AirTag is following you. Check your bags, pockets and vehicles regularly, don’t leave your items unattended. If you are someone with a known threat against you and you have the financial resources, consider regular bug sweeps of your home, workplace, and vehicle.
6. Deactivate. If you find an unfamiliar AirTag, you can deactivate it by pressing and turning the back to release the battery. There will be a serial number under the back part which may make the tag traceable depending on the resources of the originator. If you receive an alert on your phone saying that you are being followed by an AirTag, screenshot the warning and location map, as you may later need this as evidence.

For more information regarding our personal and corporate security awareness and counter-espionage services contact us or visit the Sloane Risk Group website.

www.sloaneriskgroup.com
[email protected]
0203 897 22 72

CPNI have produced a short film which introduces the quick actions a member of staff within a small business can take to lockdown their premise during a terrorist incident.

Café Lockdown Drama CPNI have produced a short film which introduces the quick actions a member of staff within a small business can take to lockdown their premise during a terr...

Part 4 of the Case Study Series describes an unsusal close protection/ executive protection request.

Close Protection/Executive Protection

The perception of Close Protection or Executive Protection usually presents the image of celebrities, politicians, royalty, and high net worth individuals utilising bodyguards due to their status, wealth, or political bearing. However, one of our recent operations involved a very different principal.

Our Principal

Our principal was an astounding lady, she was well educated with a deep interest in culture, art, the environment, music and history. She was extremely wealthy but unknown publicly. The reason that she required our protection was that she was tremendously vulnerable.

She had been a victim of cuckooing, which is where criminals such as drug dealers and con artists will move into the residence of a vulnerable person and exploit them, often taking their possessions, money, benefits and abusing them for their own interests.

Our client had various medical problems and requested our full-time assistance to keep her safe within her home, es**rt her when she went out and to help her with her daily routine. Many of her requirements were suited to medical professionals and would not be expected of the average bodyguard. However, as we have seen an increase in close protection requests for vulnerable people over the last two years, we were able to source a range of paramedics, nurses, and rare operators with the unique mixture of medical knowledge, soft skills, patience, and close protection experience who were ideal for her situation.

The Deployment

Due to the nature of our principals ailments the task required some careful planning and bespoke policy and procedure creation. Covid added extra complications.

Our client was terminally ill, due to her condition, she was not an easy person to look after, she was often angry and frustrated. However, our team were amazing, they went above and beyond their job description to make her last month’s happy ones, taking great care to provide her with human interaction and the comfort and safety that she needed.

Slone Risk Group would like to thank all of the operators involved, you know who you are and you did an amazing job.

For further information regarding extra-ordinary close protection services please contact us:
Email: [email protected]
Phone: 0203 897 22 72
Website: www.sloaneriskgroup.com
Address: 71-75 Shelton St, Covent Garden, London, WC2H 9JQ

Part 3 of The Case Study Series - Insider Threat and Undercover Operations

The Client Consultation

Our client was the CEO of a software development firm, he suspected a case of insider threat and asked for our assistance. Our initial consultation established that a competitor had released information which our client had strong grounds to believe had been stolen from his company. We recommended a multi-stage operation, aiming to detect the insider, ascertain why and how they were implicated, present evidence of our findings and prevent further theft of intellectual property.

The Deployment

We positioned an undercover operator within the company to slowly establish who had a motivation or could be coerced into providing the information. Common reasons for someone becoming a threat to an organisation include disenchantment, an offer from another company, financial difficulty or even blackmail.

After investigating employee working patterns, establishing who was planning to leave the organisation, and who’s attitude or demeanour had changed over the previous months, one employee stood out. There had been times when he had remained at work unusually late, had been noted as asking questions about projects he was not part of and he had become moody, disassociated himself from other employees.

After several weeks, our undercover operator discovered that he was in the process of a divorce and was a frequent gambler, indicating that he could potentially have financial difficulty and therefore a motive to sell information.

Once we had enough evidence for reasonable suspicion, we mounted an operation of false information dissemination. We then monitored his activity and were able to establish that he was accessing documents relating to our campaign. Our monitoring then detected that he had printed the documents, and we had enough evidence to set up a surveillance operation against him.

Surveillance

One afternoon he left work and instead of his normal routine of travelling home via underground, he walked for several minutes before hailing a taxi and travelling some distance to a bar. He was acting suspiciously, frequently turning around to look behind him, and making random stops which we surmised was a crude attempt at anti-surveillance. We followed him and sent two surveillance operators inside. They were able to gain a table close by and watched as he met an unknown female and handed her an A4 sized envelope. She then passed him something under the table which our camera footage later showed to be a smaller envelope.

The female left shortly afterwards. She was followed to an address and was later identified as associated with our client’s competitor. Our evidence was compiled accordingly and presented to our client.

Further Information

To learn more about our investigation, surveillance, counter surveillance, physical pe*******on testing and security awareness services, contact us:
Sloane Risk Group Ltd
E- [email protected]
P- 0203 897 22 7
W- www.sloaneriskgroup.com
A- 71-75 Shelton St, Covent Garden, London, WC2H 9JQ

Part 2 of our Case Study Series, looks at one example of how we have provided Counter Surveillance.

The Client

Our client was a journalist who was going to release a story which she realised could cause retribution from the entity that she was writing about. She had arranged a meeting with a source who was going to provide her some information, but she was concerned that they could be related to the subject of the story and might attempt to follow her home to cause her harm or to prevent the story from being released.

She approached us and requested that we provide her with assistance in attending the meeting and getting home safely afterwards.

Client Consultation

We established where the meeting was planned to be held and created a counter surveillance route that she could use to get to the meeting, and then away. Ensuring that if she was followed, we would detect it and be able to warn her. As an extra precaution we placed a protective surveillance detail at the meeting venue. This was a close protection trained undercover team who would be able to remain at a discreet distance but keep an eye on her to ensure she felt safe.

Counter Surveillance

A counter surveillance route is a historic espionage tactic, consisting of a logical route which one would appear to naturally take. Along it are three points where a counter surveillance operator will be positioned to identify surveillance and communicate it to the person being followed. This enables the person to continue with the awareness that they are being followed, attempt to lose the person or abandon their planned destination.

We also advised our client that if the meeting venue was changed at the last minute, she was to cancel the meeting, as she would not be able to travel the planned counter surveillance route and an experienced threat actor could potentially also place surveillance at the venue to detect our protective surveillance team should they relocate.

The Deployment

In this instance, the meeting was legitimate. She was given the material that she was hoping for, successfully walked the planned counter surveillance roue afterwards and was able to travel home in safety. However, the precaution of utilising counter surveillance has been proved highly beneficial to many of our clients.
To learn more about our counter surveillance and security consultancy services, contact us.

Email: [email protected]

Phone: 0203 897 22 72

Website: www.sloaneriskgroup.com

The 4 Part Case Study Series

Part 1 Physical Pe*******on Testing - A London Law Firm

The Client

Our client was a CSO who had just commenced a new role at a global law firm with offices in London and four other UK cities. His requirement was to quickly establish the security posture of the buildings, the staff security culture, and to identify any vulnerabilities which required attention.

The Client Consultation

Our first step was to conduct a thorough client consultation. We established the locations that we would be testing, the known and potential unknown adversaries faced by the business, and the client’s appetite for our range of tests. This was a chance for us to explain our capabilities to the client and to gain an understanding of who the threat actors were, enabling us to create a range of tests to realistically replicate the measures that they would use.

The Threat Actors

The law firm was primarily concerned about well planned attacks from criminal entities aiming to obtain their clients personal information and that relating to ongoing cases. They were also aware that opportunistic attackers could seek entry in order to steal hardware or other office items.

The Planning Stage

Once we had agreed the scope of our tests, we conducted reconnaissance of each building to be tested, this lasted for five days in each location, during which time we identified who the contractors, suppliers, staff and visitors were, what time various people arrived, how the security measures operated and the obvious physical weaknesses of the buildings.

We then spent two weeks researching the business as a whole, the individual offices, the key executives and employees. The information that we gained assisted us in deploying social engineering methods to identify additional information regarding the workings of the business and we started to draw up a plan of how we would gain access to the buildings.

We chose our team based on the pretexts that we thought would enable us to gain entry, they ranged from facilities and contractor guises to visiting executives from other offices.

The Deployment

We deployed our tests simultaneously to minimise suspicion being conveyed between sites. We gained entry to every building, some multiple times.

Our aim is rarely to just gain entry. When replicating an attack, we need to reach the targets that the adversaries would aim for. One inside we wanted to prove that confidential information could be accessed, items could be removed, and we could exit without detection. We are also continuously assessing as we move through the building, we need to present our clients with highly comprehensive reports which make genuine recommendations to enhance their security and safety.

A big part of our testing is around the security of the organisations people, very often people can be coerced or tricked into providing information and providing access. Our aim is to present these findings neutrally without blame, in a way which people will learn and adopt different security techniques.

In this instance, our physical infiltrations resulted in accessing unlocked computers, gaining information relating to the network and WIFI used, inserting keylogging devices onto computers, installing replica audio eavesdropping and video bugging devices, and the removal of hard drives. We found passwords, personal information and an access badge that allowed our entry into the most secure parts of the buildings.

We were not compromised at any of the buildings and the hardware that we removed was not reported as missing until we were a considerable distance from the target buildings.

The Result

Our report was presented to the client, who was able to request a budget to improve some access control measures, and most importantly develop a staff training package to ensure that vital policy and procedure information was communicated correctly to staff and the correct measures were adopted.

The financial cost of our project was minimal compared to the damage that could have been caused by a genuine hostile attacker.

For a free Pe*******on Testing Quotation contact us:

Email: [email protected]

Phone: 0203 897 22 72

Website: www.sloaneriskgroup.com

We are really pleased to announce that the Professional Dog Walkers Association have endorsed our Canine Surveillance Awareness course, members can access a 25% discount via the association members area.

https://sloaneriskgrouptraining.thinkific.com/courses/canine-surveillance-awareness-full

https://www.facebook.com/ProfessionalDogWalkersAssociation

Canine Surveillance Awareness This course has been developed for dog owners & walkers, it aims to reduce dog theft by teaching people how to raise their awareness; how to detect if they are being followed; how to improve their home and online security, and how to deter criminals.