Log in


  • March 26, 2019 2:36 PM | Office IFCPP (Administrator)

    Reposted from The New York Times

    Homeland Security Secretary Kirstjen Nielsen said Monday that her department may have been founded to combat terrorism, but its mission is shifting to also confront emerging online threats.

    China, Iran and other countries are mimicking the approach that Russia used to interfere in the U.S. presidential election in 2016 and continues to use in an attempt to influence campaigns on social media, she said. Under threat are Americans' devices and networks.

    "It's not just U.S. troops and government agents on the front lines anymore," Nielsen said. "It's U.S. companies. It's our schools and gathering places. It's ordinary Americans."

    Devices and networks are "mercilessly" targeted, she said. Those responsible are "compromising, co-opting, and controlling them."

    Nielsen was speaking about the priorities of a sprawling department created after the Sept. 11 attacks. It handles counterterrorism, election security and cybersecurity, natural disaster responses and border security — President Donald Trump's signature domestic issue.

    The president on Friday issued his first veto , to secure money for a U.S.-Mexico border wall. Nielsen did not specifically mention that fight, but made clear that she sees a humanitarian and security crisis at the border because of an increasing number of Central American families crossing into the U.S. to seek asylum.

    While the overall number of migrants coming into the U.S. is down from a high of 1.6 million in 2000, the number of families crossing the U.S.-Mexico border has reached record highs. The system is at a breaking point, she said.

    Nielsen said the department has introduced tougher screening systems at airports and is working with the State Department to notify other countries of stricter information-sharing requirements. She said the countries that work with the U.S. will make the world safer, and those that do not "will face consequences."

    See Original Post

  • March 26, 2019 2:32 PM | Office IFCPP (Administrator)

    Reposted from StaySafeOnline

    I’m going to start this piece off with a statement that you may find a little controversial: it doesn’t matter how much you spend on cybersecurity.

    Before you bounce from the page, allow me to explain. How much you spend matters very little. It’s how you spend it that makes a real difference.

    Too often, I see businesses throwing away money on point solutions that they ultimately never use. I see them implement new technology but fail to leverage its full potential. I see them invest in protecting areas that don’t represent a risk to their data while ignoring areas that do.

    “A lot of [cybersecurity technology] gets acquired and is not leveraged,” explains Tom Parker, Managing Director of Accenture Security. “A lot of the time it’s about having organizations understanding the value of what they have already invested in…It’s easy for us in this industry to say ‘sure you need more budget and give us more money,’ but the reality is the conversation you want to have is not about how much money you have to spend, but how to spend smart money on the problem.”

    So, how do you spend smart on cybersecurity? How do you ensure your investments aren’t just wasted capital and the time and resources you expend actually protect what needs to be protected? It all starts with understanding your organization.

    Know Your Infrastructure

    What devices do your employees most frequently use in the workplace? What mobile devices are present in your organization and how do your employees use those devices? What endpoints exist both inside and outside of your office?

    How does data flow between all these endpoints? What are your most sensitive files – what does your business need to protect above all else and why? Where are those files stored and who has access to them?

    Last but certainly not least, what apps are critical to employee workflows and what potential security risks do they pose?

    These are all questions you need to answer before you can form even a partial understanding of where and how to invest your security budget. But this isn’t the only information you need to know. It’s also critical that you understand the threat landscape facing your business and that you incorporate some form of threat intelligence solution.

    Incorporate Threat Intelligence

    As you’ve probably surmised, threat intelligence should probably be one of your first investments. Threat intelligence is a way to monitor, analyze and respond to the cyber threats facing your business. Equipped with an understanding of what it is you need to protect, you can implement systems that allow you to keep track of those assets. How advanced you want these systems to be is entirely up to you.

    On the one hand, you might settle for network monitoring systems that alert your administrators whenever suspicious behavior occurs. On the other, you might employ advanced processes, tools and techniques such as machine learning, data analytics and Security Information and Event Management (SIEM) platforms. If you have the budget and the expertise to do so, there’s no harm in employing such tactics.

    Make sure you’ve spent the necessary time and money on establishing a good foundation first.

    Put Good Processes in Place

    You should harden your systems. You should use firewalls and anti-malware software. That’s all table stakes – it’s basic stuff you’re probably doing already.

    Ultimately, it’s not your hardware or application infrastructure that’s your weakest link. It’s your people. A good chunk of your cybersecurity budget should, therefore, go to staff education and awareness. You should have clear-cut policies and processes in place for handling everything from data access to a ransomware attack; and every employee should be aware of them.

    Speak to A Cybersecurity Specialist

    When in doubt, it’s almost always worthwhile to bring in a third-party specialist. They can help you locate weaknesses in your security posture, recommend point solutions that fit your specific use case and perform penetration tests on your existing security systems.

    Remember That Cybersecurity is Not a “One and Done” Project

    Last but certainly not least, the most important thing to remember about your cybersecurity budget is that you should treat it as something organic. Securing your business isn’t something you can ever really close the book on. You’re going to need to adapt how and where you spend your money based on how your business grows and the threat landscape evolves.

    Otherwise, it doesn’t matter where you spend the money – you’ll eventually be spending it in all the wrong places.

    See Original Post

  • March 26, 2019 2:28 PM | Office IFCPP (Administrator)

    Reposted from the Independent

    A gang of thieves thought they had got their hands on a €3m (£2.6m) painting, only to learn they had stolen a fake masterpiece after some artful policing.

    Pieter Bruegel the Younger’s The Crucifixion seemingly vanished from a church in northwest Italy this week after robbers smashed open its case with hammer.

    It looked to have been a perfectly executed heist, until police revealed on Thursday they had swapped the Flemish artist’s original 1617 oil painting with an exact replica.

    After being tipped off about the planned theft last month, officers had also installed secret cameras in the church in town of Castelnuovo Magra in Liguria to catch the culprits in the act.

    The town’s mayor Daniele Montebello was also in on the bluff, initially telling the media the loss of the “work of inestimable value” was “a hard blow for our community”.

    He later admitted the real painting had been placed in secure storage weeks ago.

    “The rumour had started to circulate that someone could steal the work and the Carabinieri [national military police] decided to keep it safe, replacing it with a copy and installing some cameras,” he told Italian news agency Ansa. “For investigative reasons we could not reveal anything.”

    The mayor also thanked parishioners, some of whom had noticed the Bruegel on display in the Santa Maria Maddalena church “was not the original but did not reveal the secret”.

    The painting, a reproduction of a work by the artist’s father, Bruegel the Elder, was donated to the church in the 19th century by a family of Italian nobles.

    The thieves pulled up in a Peugeot at lunchtime on Wednesday before speeding off with the fake masterpiece in a smash-and-grab raid.

    Police are now studying the surveillance footage in a bid to identify the gang.

    See Original Post

  • March 26, 2019 2:24 PM | Office IFCPP (Administrator)

    Reposted from CBS Denver

    A teenager who damaged 10 works of art at the Denver Art Museum pleaded guilty on Thursday. Jake Siebenlist was 18 when he was arrested last December.

    More than $96,000 in damage was done to the “Stampede: Art and Animals” exhibit on the fourth floor of the museum’s Frederic C. Hamilton Building.

    After pleading guilty, Siebenlist received a three year deferred sentence, meaning he will be on probation. The judge also ordered Siebenlist to pay back the $96,000 in restitution. Siebenlist also has been ordered to stay away from the museum.

    After Siebenlist’s rampage in the museum, Christoph Heinrich, the museum’s director, said he believed the works of art could be salvaged. The museum released a statement Thursday afternoon that said “affected objects are being evaluated by the Denver Art Museum’s art conservation staff, and specifics about repairs are not yet available.”

    See Original Post

  • March 26, 2019 2:21 PM | Office IFCPP (Administrator)

    Reposted from Facility Executive

    Last month, Aurora, IL made national headlines for a workplace shooting that left five people dead and several police officers injured. With workplace shootings occurring at places like Aurora, the Annapolis Capital Gazette, the Washington Navy Yard and others in recent years, it may not be surprising that roughly one out of seven Americans do not feel safe at work, according to new data from the Society for Human Resource Management (SHRM).

    Nearly half of human resources (HR) professionals said their organization had at some point experienced a workplace violence incident at some level—up from 36 percent in 2012. And of those who reported having experienced workplace violence, over half said their organization had experienced an incident in the last year.

    “Companies and HR should and must do more to make employees feel safe at work,” said Johnny C. Taylor, Jr., SHRM-SCP, president and chief executive officer of SHRM. “This data shows we have a lot of work to do in terms of security, prevention, training and response.”

    Unfortunately, nearly one-third of American employees and nearly one out of five HR professionals are currently unsure or don’t know what to do if they witness or are involved in a workplace violence incident.

    “The goal for employers—and this is something we address in our toolkit—is making your workplace a ‘difficult’ target for violent offenders and being prepared to react quickly,” Taylor explained. “If you make the investment in security and preparation, your employees will feel safer and respect you for valuing their safety.”

    While the majority of HR professionals say their organization already provides training to employees on how to respond to an act of workplace violence, more than one-third do not provide such training to employees. Additionally, while almost all say their company has a process for identifying employees with a history of violence, over half are unsure whether they have a workplace violence prevention program.

    According to the research, Americans understandably feel safer when employers provide prevention and training response programs. Additionally, more employees know how to react if their organization already has a workplace violence prevention and/or employee response training program.

    “Education has to start from the top down, and often that starts with HR,” Taylor said. “There’s naturally a lot of fear when people think of workplace violence. But preparing and providing employees with hands-on training helps empower them to react and take action in the event of a worst-case scenario.”

    SHRM’s newly released online toolkit, Understanding Workplace Violence Prevention and Response, provides information and resources to address workplace violence, including:

    • Creating a prevention plan;
    • Identifying how workplace violence is defined;
    • Recognizing warning signs;
    • Implementing a response team; and
    • Responding to workplace violence incidents.

    See Original Post

  • March 26, 2019 2:16 PM | Office IFCPP (Administrator)

    Reposted from BBC News

    A Frenchman has been given a life sentence for killing four people in an anti-Semitic attack in Brussels in May 2014.

    Mehdi Nemmouche, 33, opened fire with a Kalashnikov assault rifle and a handgun at the city's Jewish Museum.

    Three people died at the scene and one later in hospital. 

    Nemmouche spent a year fighting in Syria for the Islamic State (IS) group before returning to Europe to carry out the attack.

    A man who helped plan the attack and supply weapons, Nacer Bendrer, was sentenced to 15 years in prison. 

    Nemmouche and Bendrer were found guilty last week after a two-month-long trial involved apparent witness intimidation and testimony from former captives of IS in Syria.

    Bendrer, who is also French, told the court: "I am ashamed to have crossed paths with this guy [Nemmouche]. He is not a man, he is a monster."

    When asked to speak, Nemmouche reportedly said with a smirk: "Life goes on."

    Nemmouche's lawyers tried to suggest that he had been framed in an elaborate conspiracy which blamed the murders on foreign intelligence agencies. But they produced no evidence to support the claim. 

    Two Israeli tourists, a volunteer worker and a receptionist were killed in the attack on the museum.

    Who is Mehdi Nemmouche?

    He is believed by Belgian prosecutors to be the first European jihadist to return from war-torn Syria to carry out terror attacks in Europe. 

    He was born into a family of Algerian origin in the northern French town of Roubaix.

    He was previously known to French authorities, having served five years in prison for robbery. He is said to have met Bendrer while in prison.

    Both have been described as "radicalised" prisoners.

    Nemmouche travelled to Syria in 2013 and stayed for one year, during which time he is believed to have fought for a jihadist group in the country's civil war.

    Investigators say that while there, he met Najim Laachraoui, who was a suicide bomber in the Brussels airport attack of March 2016, which killed 32 people. 

    Four French journalists held hostage in Syria say they were guarded by both Laachraoui and Nemmouche during their captivity.

    Nemmouche was extradited to Belgium to face charges connected to the museum shooting, but may also face trial in France over the allegations he was involved in holding the French hostages. 

    What happened during the trial?

    Security was tight, matching that of the trial of jailed jihadist Salah Abdeslam, the sole surviving member of the 2015 Paris attackers.

    Days after the trial began, a lawyer representing a witness reported his laptop and some paperwork on the case had been stolen from his office.

    A baseball bat and replica gun were left in their place – something prosecutors viewed as a threat.

    In the dock the next day, Nemmouche denounced the attempt at intimidation - and the witness, 81-year-old Chilean artist Clara Billeke Villalobos, went on to testify anyway.

    Next came the orphaned daughters of Miriam and Emmanuel Riva, the Israeli tourists killed. 

    Ayalet, 19, and Shira, 21, described a mother "devoted to her family" and an unassuming father who "loved to travel". 

    Three weeks into proceedings, jurors were shown video of Nemmouche in custody after his arrest.

    Belgian newspaper Le Soir described it as showing an "arrogant" Nemmouche in front of police with a "disdainful smile", arms folded.

    Testimony from prisoners

    Two of the French journalists held for nearly a year in the northern Syrian city of Aleppo appeared in court, pointing to Nemmouche as their captor.

    Nicolas Henin told the court Nemmouche was "sadistic, playful and narcissistic", while Didier Francois said he had beaten him dozens of times with a truncheon.


    Summing up, prosecutor Bernard Michel told the court Nemmouche was "not simply radicalised but ultra-radicalised".

    "If attacking a museum with a combat weapon is not violent and savage then nothing will ever be violent and savage," he said. 

    "For the killer, for Mehdi Nemmouche, the identity of the victims mattered little," he added.

    "The aim was simply that there should be victims. Everything was premeditated."

    'Lebanese-Iranian-Israeli plot'

    The closing argument from the defence was described by some as "mind-boggling", as it wove a web of conspiracy involving foreign intelligence agencies and assassination.

    Sebastien Courtoy, Nemmouche's lawyer, suggested that his client was recruited in Lebanon in January 2013 by Iranian or Lebanese intelligence to join the ranks of IS. But this claim went unsubstantiated.

    According to Mr Courtoy, the Jewish Museum murders were not an IS attack, but a "targeted execution of Mossad agents" - a reference to the Israeli intelligence agency, which he claimed the Israeli couple belonged to. The killing was carried out by an unknown person, he said.

    Yet judges investigating the museum attack last month told the court there was no evidence to support any link to Mossad.

    At one pointed the defence even argued that Nemmouche could not be considered anti-Semitic because he wore Calvin Klein shoes - an apparent reference to Mr Klein's Jewish heritage.

    A lawyer representing a committee of Jewish organisations called that observation "mind-boggling and incoherent".

    See Original Post

  • March 26, 2019 2:10 PM | Office IFCPP (Administrator)

    Reposted from StaySafeOnline

    Cybercrime campaigns based on social engineering can yield better results for crooks than regular malware attacks. These hoaxes don’t require any tedious software development efforts and the “vulnerabilities” of human nature often play right into the perpetrators’ hands. Add a little bit of malicious code into the mix and you’ve got yourself a tech support scam.

    The con artists behind tech support scams impersonate reputable technology companies to interact with would-be victims over telephone, via websites or by means of rogue software. The logic of such schemes is to persuade the user that their computer is infected with viruses, generating suspicious network activity or having system activation issues. The goal is to trick victims into paying for troubleshooting services they don’t need.

    There are several variations of the modern tech support scam. Whereas the common denominator always boils down to manipulation, the specific mechanisms of achieving this objective may vary and allow security analysts to single out three main tactics of these scammers.

    • The most old-school tactic relies on cold calling the potential victims. The impostor pretends to be from the support department of a major IT company and says they have detected malicious activity emanating from the user’s computer. Then, they ask the unsuspecting person to allow then remote access of their computer so they can fix the problem. Instead, the scammer will point to harmless items in system maintenance reports and claim they are serious problems. The malefactor will then attempt to offer a remote tech assistance subscription for a fee.
    • Another variant of tech support scams involves specially crafted websites that display bogus security alerts or error notifications. People hit these deceptive pages by clicking on a fishy ad on another site, or as a result of a redirect caused by a browser hijacker. To top it off, the code embedded in these web pages triggers popup alerts and splash screens that cannot be closed unless the victim terminates the browser process altogether. The self-proclaimed support agents instruct the user to dial a specific phone number so that they can remotely rectify the issue for a fee.
    • Some tech support scams engage scareware. Scareware is a malicious program that reports nonexistent security threats, imitates operating system crashes or displays counterfeit product activation windows. Most of these deceptive applications sneak into PCs as part of freeware bundles. The nag screens provide a phone number that the user is instructed to call for assistance. Again, the “operators” on the other end will try to sell the victim worthless support services.

    Latest trends

    The evolution of tech support scams has spawned new techniques that make these hoaxes more effective and increasingly elusive.

    1. Multiple layers of obfuscation

    Cybercrooks have recently devised a method to prevent their scams from being detected by antivirus software. It revolves around hiding malicious scripts behind several layers of obfuscation – usually backed by encryption. Following this is an intricate sequence of technical processes that keeps security software from identifying the scam.

    2. Call optimization services

    Some of the newer frauds mimic the activity of legitimate call centers. The scammers employ call optimization services that normally facilitate the process of routing calls by distributing the load and generating relevant phone numbers based on the user’s location.

    When a user is redirected to a scam page, they see a stubborn popup alert that cannot be easily closed due to persistent code. This notification includes a phone number for the visitor to dial in order to take care of the issue. With automatic call optimization in place, the attackers make sure the contact details inserted in the page align with the user’s geographic location. Furthermore, the service can dynamically generate new phone numbers that haven’t been blacklisted.

    3. Causing CPU to skyrocket

    Another recent tech support scam stands out from the crowd as it disrupts computer performance via the user’s web browser.

    The scam drags the web browser into a traffic loop that uses up all CPU power of the target machine. A warning message on the page maxes out the CPU and keeps it there, thus causing the browser to crash. Naturally, this also impacts the stability of the whole computer system and makes regular applications unresponsive. This tactic is used to pressure the victim into giving the feigned support agents a phone call as soon as possible.

    Not only are tech support scams prolific, but they are also becoming increasingly sophisticated and evasive. The exploitation of legitimate services make these hoaxes look convincing. To stay on the safe side, users should treat any online warnings with a fair degree of suspicion. The rule of thumb is to refrain from calling the phone numbers listed on such pages.

    See Original Post

  • March 26, 2019 2:05 PM | Office IFCPP (Administrator)

    Reposted from Hyperallergenic

    News that the thumb of a 2,000-year-old Chinese terracotta warrior was stolen by a guest of the Franklin Institute’s annual Ugly Sweater Party has become the least of the Philadelphia museum’s worries. The theft, which occurred in December 2017, resulted in three felony charges for Michael Rohana. Two public defenders representing the Delaware man are now petitioning the court for information about the museum’s security protocols and correspondences.

    According to a February 27 filing reviewed by the Courier Post, Rohana and two other guests were able to enter the darkened exhibit space housing the warrior more than two hours after the boozy holiday party began.

    “Needless to say, when Mr. Rohana in his ugly green sweater entered the Terracotta Warriors of the First Emperor exhibit to explore it, he was intoxicated,” the filing states.

    The lawyers would like access to the museum’s security records to help investigate whether or not Rohana’s actions were “more consistent with vandalism than with the specific intent to steal.”

    When the thumb-napping story broke (pun intended) in early 2018, Chinese officials urged American authorities to “severely punish those who have done [this]” in an interview between the Shaanxi Provincial Cultural Relic Exchange Center’s director and the state-run Chinese newspaper, Beijing Youth Daily.

    The 209 BCE statue from the Qin Dynasty is valued at $4.5 million and is considered a priceless piece of China’s cultural heritage. The life-size statues were originally built to guard the tomb of China’s first emperor, Qin Shi Huang. The site where they were discovered by a Shaanxi province farmer in 1974 is now a United Nations world heritage site.

    The de-thumbed warrior in question was part of a traveling exhibit that was scheduled to run at the Franklin Institute from September 30, 2017, to March 4, 2018. It included 10 sculptures from the Shaanxi mausoleum site.

    Although the alleged theft occurred on December 21, museum employees didn’t notice the missing digit until January 8, when the FBI Art Crime Unit was called in to investigate. Surveillance footage helped lead to Rohana’s arrest.

    Court records say that “when asked if he had anything in his possession he wanted to turn over to the FBI, Mr. Rohana stated he had a finger from a museum.” Rohana retrieved the thumb from his desk drawer in his bedroom.

    In addition to security footage, the public defenders also want a subpoena to access the museum’s record of alcohol sales the night of the Ugly Sweater Party, saying evidence of intoxication “may show that Mr. Rohana did not have the intent to commit the offense.”

    The request comes because, the lawyers say, the museum has not complied with earlier requests for multiple records, including communications between the Franklin Institute and Chinese authorities.

    Federal prosecutors have rebuffed these attempts, saying that the case “is not about any alleged negligence by the Franklin Institute. Nor is it about any accidental damage to objects exhibited at the Franklin Institute.”

    Opposing access to security records, Assistant US Attorney K.T. Newton clarified the government’s position that “this case is about [Rohana’s] guilt or innocence.” She added: “This is nothing more than a cover for the use of this information for jury nullification.” (Jury nullification defines the concept in which jurors exonerate a defendant on the grounds of opposing a law because they think it is unjust and not because they believe the accused has actually broken it.)

    The severity of Rohana’s prospective punishment also hinges on the thumb’s market value, which prosecutors estimate is $150,000. The defense says that this number is immaterial because the Chinese government owns the terracotta warriors, which cannot be sold; furthermore, they contend that market value for the whole statue cannot prove “the market value of the individual thumb.”

    See Original Post

  • March 12, 2019 12:56 PM | Office IFCPP (Administrator)

    Reposted from Security Management

    Awareness of police misconduct and calls for reform in the United States have increased over the last decade. In some cases, officers were investigated and prosecuted at the state level for their actions. Other incidents investigated by the U.S. Department of Justice resulted in criminal prosecution of a police officer for violating a person’s constitutionally protected rights.

    For example, from 2009 to 2012 the U.S. Department of Justice charged 254 police officers throughout the United States with violating the individual rights of Americans. 

    The private security industry remains historically insulated from claims of civil rights-related violations and the resulting criminal sanctions that can be imposed against security personnel. The private security industry in the United States is much larger than the public sector police force; the industry outnumbers public police by a ratio of at least three to one. This growing number of security personnel could lead to increased civil rights violations. 

    The security industry is also less regulated, meaning that security personnel have varying amounts of training while public sector police counterparts have mandated training programs. This discrepancy in training can also become a problem because many private security personnel have direct contact with the public, often performing quasi-judicial police-related activities. ​

    Criminal Sanctions

    One federal statute that has been used to prosecute police officers for civil rights violations is Title 18 of the United States Code, Section 242. It makes it a crime for anyone acting “under color of any law, statute, ordinance, regulation or custom” to willfully deprive a person of a right or privilege protected by the U.S. Constitution or state and local laws. 

    The statute also applies to public officials violating a person’s civil rights, including elected officials, public facilities’ care providers, correctional officers, court staff, and security officers.

    For example, if a police officer assaults a citizen, the officer can be prosecuted for assault and battery and be charged at the federal level for violating the citizen’s Fourth Amendment rights under Section 242.

    A conviction under the statute requires three elements. First, the act must violate a protected right guaranteed by the U.S. Constitution. If defendants reasonably understand that their actions are constitutionally impermissible, they can be held accountable for their actions. 

    Second, the accused must be acting under “color of law,” meaning an officer authorized under state or federal law and acting in his or her official capacity.

    Lastly, there must be intent to “deprive a person of a right which has been made specific either by the express terms of the Constitution or laws of the United States or by decisions interpreting them,” according to Screws v. United States (U.S. Supreme Court, 1945). 

    This case clarified that a defendant violated Section 242 when engaged in activities to deprive an individual of his or her rights and was also “aware that what he does is precisely that which the statute forbids,” according to the Court’s opinion. 


    Few federal Section 242 prosecutions have involved security personnel. Of those cases, however, private security personnel were prosecuted when they conferred with police powers, were working off duty or moonlighting, or when they were employed as security guards under government contracts.

    Police powers. Some security personnel were prosecuted under Section 242 when they were granted state-related powers and considered “state actors.” In the events leading to Williams v. United States (U.S. Supreme Court, 1951). Williams was a private detective with a special police officer’s card issued by the City of Miami. He had also taken an oath. Lindsey Lumber Company hired Williams to investigate a series of thefts, and during the investigation Williams used “brutal methods,” displayed his badge, and included the presence of a policeman to “lend authority” to the interrogations of four suspects who were “unmercifully punished for several hours,” according to court documents.

    A jury convicted Williams of violating Section 242. He appealed the ruling, ultimately appearing before the U.S. Supreme Court to answer the question of whether private persons could be prosecuted under the statute.

    In its opinion, the Court reasoned that Williams was acting under color of law and was not a private person. The Court concluded Williams’ actions were an “investigation conducted under the aegis of the state” because a regular police officer attended the interrogation and Williams was “asserting the authority granted him and not acting in the role of a private person.”

    The Court upheld his conviction and noted that Williams was “no mere interloper but had the semblance of a policeman’s power from Florida” and his conduct violated the due process right to be free “from the use of force and violence to obtain a confession.”

    Another case where private security personnel were convicted under Section 242 was United States v. Hoffman (U.S. Seventh Circuit Court of Appeals, 1974). In the case, two members of the Penn Central Transportation Company’s police force were convicted for physically assaulting trespassers on or near company property.

    The officers admitted that they attacked trespassers but argued that they were not acting under Illinois law. Instead, they said they were acting in a purely private capacity and as private persons at the time they committed the crimes.

    Ultimately, the appellate court determined the officers were acting under color of law because Illinois state statute had given the railroad company’s police force “police powers as those conferred upon the police of cities,” according to court documents.

    Moonlighting. Off-duty police officers granted government powers in a private security capacity have also been prosecuted and convicted of civil rights violations, such as in 2003 when a federal court ruled that a security guard in a strip club was acting under the color of law when he assaulted a dancer.

    The off-duty police officer, moonlighting as a private guard, was wearing his badge and gun during the assault, identified himself as a police officer, and prevented the victim from calling the police. He also filed an arrest report against the victim for allegedly assaulting him.

    The officer was found guilty under Section 242 and received a 27-month sentence as well as three years of supervised release. The officer appealed the decision, and the federal circuit court upheld the original ruling (United States v. White, U.S. Court of Appeals for the Sixth Circuit, 2003). A federal judge found that “displaying signs of state authority” by wearing his gun and badge, declaring himself to be a police officer while off-duty, and filing a police report “underscores his imposition of state authority,” according to court documents.

    Government contract. The third identified theme is that security personnel can be prosecuted under Section 242 when operating under a contractual relationship with the state. In cases where security personnel employed as contractors for the state were prosecuted under Section 242, private security personnel had positions within a state agency, making the parties liable for their actions under the statute. Private security personnel working in correctional settings have also been prosecuted under similar circumstances.

    Some of these cases are based on violations of a person’s Eighth Amendment right to be free from cruel and unusual punishment. In United States v. Mendez (U.S. District Court for the Eastern District of Texas, 2009), the defendant, an employee of a privately-owned prison transport company, received six months imprisonment and one year of supervised release for assaulting an inmate in her care and custody.

    In another case, United States v. Fuller (U.S. District Court for the District of New Mexico, 2009), four defendants who worked for the Wackenhut Corporation, a contractor for a New Mexico county correctional facility.

    Employed as correctional officers, two of the defendants physically assaulted an inmate, kicking him in the head multiple times. Prosecutors charged another defendant with failing to prevent the attack and indicted the fourth defendant with conspiracy for fabricating evidence, lying to, and providing false statements to police investigators. A jury convicted three of the defendants—the two defendants directly involved in the assault and the employee that lied to investigators—for violating Section 242.

    Fifth Amendment violations involving contract security also exist. In United States v. Loya (U.S. District Court for the Southern District of Texas, 2009), Loya was employed as a contract guard at an Immigration and Customs Enforcement (ICE) detention facility. 

    While working in the facility’s infirmary, Loya sexually assaulted female inmates—a violation of the detainees’ Fifth Amendment right, to “life and liberty, including the right to bodily integrity.” Loya pleaded guilty to Section 242 violations and served a 36-month sentence.


    These cases show that private security personnel can be prosecuted under Section 242, but also raise questions as to why so few cases have been brought. This may be because people fail to report violations, prosecutorial discretion, or the use of other federal statues to prosecute security personnel for civil rights-related violations.

    For example, federal prosecutors can recommend a case for diversion instead of prosecuting suspects under Section 242 when the accused agree to probation and dismissal of the charges upon completion of probation. 

    Additionally, proving all requirements to secure a Section 242 conviction can be a barrier. “Color of law” and the “willfulness” standards can be difficult to establish, subsequently insulating security officers from prosecution.

    Despite these factors that may limit prosecutions of private security personnel, the security industry should be aware of these liabilities, which could become greater as public-private partnerships expand to fight crime. Security managers should train their officers to protect the constitutional rights of the people they serve.  

    See Original Post

  • March 12, 2019 12:54 PM | Office IFCPP (Administrator)

    Reposted from Allied Universal

    Does this scenario sound familiar? You relied on your security services provider to hire the best staff and ensure everyone received the right training. But a handful of them have already quit and moved onto the next company, leaving your facility’s security at risk. A new stream of security officers are being hired and trained, but the gap in security has you feeling uneasy as there is no consistent security presence. 

    There is never a guarantee that an employee is going to stay in their position for any length of time, but there are ways to help avoid a high rate of turnover with in your security team. Turnover doesn’t have to be the standard for your security program if you work with a security provider who properly cares for their employees and understands your ultimate goals. 

    Here are some tips for avoiding unnecessary turnover at your facility: 

    1. Engage with the right security provider. Work together to find dependable, talented individuals who have a passion for securing your facility. This starts with the application process and continues throughout the career of the individual.

    2. Identify your staffing needs up front and vet the candidates to ensure they have the skills and characteristics you want for your facility. A security background doesn’t have to be the first thing you look for on a resume, sometimes customer service or industry experience may mean the best fit. It is also important to know where the applicants came from. Were they referred to the position from a friend? This information matters as this shows the relationship the security company has with its current employees.

    3. Training is critical to ensure your security team is compliant with any industry requirements and are well aware of your rules and regulations. Training can come in a variety of forms including in the classroom, hands-on or online. Work with a security provider who offers ongoing training to their employees as it equates to better prepared officers and can help increase retention rates.

    4. Relationships between your business partners, individuals within your facility and the security team are a key component in keeping a team together. The security team that builds a rapport with the people in your facility will become a reliable and trusted part of their environment. It is comforting knowing you are going to see the same person every morning when you walk in the door.

    5. When security officers feel valued by you, they become an integral part of your business. Many security teams feel like partners rather than a third party vendor. Security officers who are recognized for their efforts or accomplishments are more likely to take personal ownership in their work.

    See Original Post




1305 Krameria, Unit H-129, Denver, CO  80220  Local: 303.322.9667
Copyright © 2015 - 2018 International Foundation for Cultural Property Protection.  All Rights Reserved