Letter Bombs, Suspect Packages & Post Room Threats
Seven explosive devices have been posted in the last three weeks to offices related to motoring.
The buildings are in London, Berkshire and Swansea.
Until recently those recipients of the letter bombs may have never considered them to be any form of target.
We don't naturally think of such attacks in these type of organisations and it may be that no risk assessment or appropriate protective security measures were in force, simply because an attitude might be "it wouldn't happen to us" ...
but it did.
A risk assessment would help decide on the type of threats one might face and their likelihood of happening.
The first thing one should do is identify the organisations vulnerabilities and the potential impact of exploitation.
Study the short list below and ask key members as well as your security team for opinions.
·What are we learning from the media regarding recent terrorist activities? ·Is there anything about the organisation, personnel, actual building and other occupiers that could possibly attract an attack? ·If neighbours are a possible high-risk, could you suffer collateral damage occurring from an attack directed at a neighbour? ·Does your organisation have anything that terrorists are likely to want; this includes access to other premises that might be targets? Whilst you are looking at this list and answering the questions, it is worth focusing on the fact the letter bombs sent to offices in January and February of 2007 were organisations dealing with motorists.
Would you have guessed that a disgruntled driver might decide to send letter bombs for vengeance? These things can spread, not purely to the actual organisation that endorses your driving license but to the company that manufacturer the speed cameras.
Then the installers, and then the operators ...
where will it end.
Look deeply into your organisation, your staff, your building and your neighbours.
Then identify your vulnerabilities and decide what needs protecting.
There is a logical order of priorities starting with people, no matter what position; customers, staff, contractors and visitors..
They are all people.
You then need to look at physical assets, sensitive materials (these might be plans, ID documents, passwords and codes), other contents such as equipment.
Then, deal with information, both hard copies and electronic.
Finally look at your processes and services that are essential to the running of your organisation.
If you feel that you are at risk, it is important to contact the Counter Terrorist Security Advisor within your local police station.
It is highly likely that you have plans in place to deal with fire, flood or burglary.
You probably have IT back up, firewalls and anti-virus protection.
Have you got a thoroughly efficient procedure for vetting staff? How often do you review these plans? It should be on a regular basis and if you haven't built in a higher security arrangement, do it now.
We have all heard the saying "putting your feet in someone else's shoes".
Now is the time to practice this, especially if you feel that you are at risk of attack.
The reasons might be because of the very nature of your service, business or the location of your premises.
Assess you vulnerability by then considering what others could find out about you.
Conduct a 'vanity search' type your name in Google ...
and all other search engines, don't just look at the first page - take time and go through the first ten pages (at least).
Call your local library and ask what information they might have on your organisation; you need to become a private eye! What services come into your building that is vital to your business? If they were stopped, terminated, or suspended -what affect will it have? Identify them and develop measures to ensure the continuation of the business.
All your staff need to be security conscious but what is the point in discussing top security measures if you have the enemy within? Security consciousness is of paramount importance but don't give away sensitive security information .
Is this the time to start a vetting process on all employees? 1 year ago, 2 years ago, 3 years ago and so on, they were fine but suppose their lifestyles and relationships have changed? New in-laws may now become a threat! Take a look at your present security.
Building security, Contents security, Personal security - adopt an integrated approach to security; from access control to recruitment practice.
Security is not cheap, good security is priceless, bad security is worthless.
You might need to introduce additional security measures, you can make them much more cost-effective by careful planning.
If you are in multi-occupied building or business park - even a high street, do you have an association or joint body that looks after the facilities, if not - why not?It is important to agree communal security arrangements and share the cost.
It can be frustrating when your neighbours don't share your concern about terrorist attacks, so convert it to crime concern in general then they will be concerned.
When was the last time you had a drill? Irrespective of political climates we should conduct regular reviews of our security plans and conduct rehearsals of building evacuation.
Is there a need to modify security then to take account of any changes in your business, services and supplies.
Have you had new building work? Did you build in security at the time? Has there been changes to personnel, have key individuals left such as First Aiders.
Look at new health and safety rules and regulations, could these have an impact on your security plans.
All buildings have assembly points, is yours in close vicinity to a neighbour that could be a threat? To review new evacuation procedures contact your local fore station.
Often changes make people nervous so ensure all personnel fully understand and accept the need for new security measures and that security is as a common responsibility shared by all.
It should be simple for members of staff to report incidents, concerns and observations, consider tasking certain individuals or nominating security staff for this role.
All reports should be taken seriously no matter how they sound when first reported.
Suspect Packages A letter bomb doesn't necessarily need to look like a letter.
Think of all delivered items, including letters, packages, parcels, and of course anything delivered couriers as well as post.
Couriers don't wear uniforms ...
neither do terrorists.
It should be standard procedure for all couriers to remove motorcycle helmets before entering the building.
No exceptions, no excuses - if the receptionist or security cannot see a face, they don't get in the building! You are unlikely to know whether a package is 'suspect' and it is unlikely that you will know whether it is explosive or incendiary - or indeed chemical, biological or radiological!(CBR) Imagine the handling a package receives at the local sorting office; your average letter bomb isn't necessarily a delicate item.
The detonator won't be set off by motion, but by actual opening.
If Royal Mail delivers it, it is unlikely to have a timing device because of the uncertainty of delivery times.
On the other-hand a 'courier' can deliver at a precise time, so a timing device may be installed.
Telltale signs may appear to be obvious but it is easy to double guess; for example if it is unexpected or of unusual origin or from an unfamiliar sender, would it be deemed suspect, the answer is yes.
However, if there is no return address or the address cannot be verified, treat it as suspect even though it is not unusual to have no return address, let's face it, anyone can stick a return address on it, especially using a credible address.
Do you normally receive post that is poorly or inaccurately addressed? Think about the old fashioned ransom note made up from cut-out newspaper letters and words and think about what you would use to disguise handwriting.
Jiffy bags hide the real feel for its contents; do you normally receive those kind of envelopes? Does it seem unusually heavy for its size?.
There are exceptions to this but most letters weigh up to about 30g, however most letter bombs weigh around 50-100g and are 5mm or more thick.
A terrorist might not want to go to the post office to weigh his bomb, does your package more than the appropriate value of stamps for its size and weight? Look for an additional inner envelope, it might also be tightly taped or tied but is it common for your organisation to receive packages with letters inside? They could be invoices or letters double wrapped for security.
When you look at a sealed envelope, you will note that there is an ungummed gap of 35mm at the corners; are these taped down? It might be that the gum on the envelope was ineffective so the sender taped it down, all the same treat it as suspicious.
If there is a pin-sized hole in the envelope or package wrapping - it is a suspect package.
Smell the packaging, do you detect almonds, ammonia, marzipan or any unusual smell.
Artificial odours can disguise suspect smells.
Also look for oily or greasy stains.
The above is not a be all and end all guide to detecting a letter bomb and even if a letter meets any of the criteria mentioned, remember that the vast majority will be false alarms and even hoaxes.
Some character in your building may feel it would be funny to test your new security measures.
This is a criminal offence and should be reported to the police.
It is important to ensure that your procedures do not needlessly disrupt the everyday business but still need to be effective and seen to be in force.
As mentioned earlier, it is important to contact the Counter Terrorist Security Advisor at your local police station.
Do you have the facilities to process all post and off-site or in a separate building? , Can at least one be isolated so that deliveries are handled without taking them through other parts of the building? Post rooms should have independent air conditioning and independent alarm systems as well as integral alarms.
They should also have their own washing and shower facilities, including soap and detergent.
Lockers would be ideal to keep overalls and footwear available in case staff need to remove contaminated clothing Explore the various scanners and x-ray machines that are available.
However, while post scanners may detect devices for spreading chemical, biological and radiological (CBR) materials (e.
g.
explosive devices), they will not detect the CBR materials themselves.
You are not expected to be an expert in post room scanning devices and X-ray machines so seek advice from your local Counter Terrorism Security Adviser.
If there are unusual patterns in deliveries - treat them as suspicious.
Ensure your mail handlers and reception staff are trained to deal with such situations.
Train them to open post with letter openers using minimum movement, and to keep hands away from noses and mouths.
Always wash hands after dealing with mail.
Often people will blow through the envelope flap to create a cavity for ease of opening.
Another habit might be to shake the envelope so that the contents moves in order to make it easier to open.
Stop these practices.
Obtain some strong self seal tamperproof mailing bags so that packages suspected of containing CBR material can be placed in, ideally once on one bag, put it in another and seal it.
Double sealed should be relatively safe.
Contact the police immediately.
An health and safety expert should advise you as to whether mail handlers need to be equipped with protective equipment such as latex gloves and face masks.
Make certain that post opening areas can be promptly evacuated.
Rehearse evacuation procedures and route, which should include washing facilities in which contaminated staff could be isolated and treated It is a good idea to prepare instruction signs for display so in the event of a suspected or actual attack; staff will have clear standing orders.
Ensure all important telephone numbers are at hand.
The buildings are in London, Berkshire and Swansea.
Until recently those recipients of the letter bombs may have never considered them to be any form of target.
We don't naturally think of such attacks in these type of organisations and it may be that no risk assessment or appropriate protective security measures were in force, simply because an attitude might be "it wouldn't happen to us" ...
but it did.
A risk assessment would help decide on the type of threats one might face and their likelihood of happening.
The first thing one should do is identify the organisations vulnerabilities and the potential impact of exploitation.
Study the short list below and ask key members as well as your security team for opinions.
·What are we learning from the media regarding recent terrorist activities? ·Is there anything about the organisation, personnel, actual building and other occupiers that could possibly attract an attack? ·If neighbours are a possible high-risk, could you suffer collateral damage occurring from an attack directed at a neighbour? ·Does your organisation have anything that terrorists are likely to want; this includes access to other premises that might be targets? Whilst you are looking at this list and answering the questions, it is worth focusing on the fact the letter bombs sent to offices in January and February of 2007 were organisations dealing with motorists.
Would you have guessed that a disgruntled driver might decide to send letter bombs for vengeance? These things can spread, not purely to the actual organisation that endorses your driving license but to the company that manufacturer the speed cameras.
Then the installers, and then the operators ...
where will it end.
Look deeply into your organisation, your staff, your building and your neighbours.
Then identify your vulnerabilities and decide what needs protecting.
There is a logical order of priorities starting with people, no matter what position; customers, staff, contractors and visitors..
They are all people.
You then need to look at physical assets, sensitive materials (these might be plans, ID documents, passwords and codes), other contents such as equipment.
Then, deal with information, both hard copies and electronic.
Finally look at your processes and services that are essential to the running of your organisation.
If you feel that you are at risk, it is important to contact the Counter Terrorist Security Advisor within your local police station.
It is highly likely that you have plans in place to deal with fire, flood or burglary.
You probably have IT back up, firewalls and anti-virus protection.
Have you got a thoroughly efficient procedure for vetting staff? How often do you review these plans? It should be on a regular basis and if you haven't built in a higher security arrangement, do it now.
We have all heard the saying "putting your feet in someone else's shoes".
Now is the time to practice this, especially if you feel that you are at risk of attack.
The reasons might be because of the very nature of your service, business or the location of your premises.
Assess you vulnerability by then considering what others could find out about you.
Conduct a 'vanity search' type your name in Google ...
and all other search engines, don't just look at the first page - take time and go through the first ten pages (at least).
Call your local library and ask what information they might have on your organisation; you need to become a private eye! What services come into your building that is vital to your business? If they were stopped, terminated, or suspended -what affect will it have? Identify them and develop measures to ensure the continuation of the business.
All your staff need to be security conscious but what is the point in discussing top security measures if you have the enemy within? Security consciousness is of paramount importance but don't give away sensitive security information .
Is this the time to start a vetting process on all employees? 1 year ago, 2 years ago, 3 years ago and so on, they were fine but suppose their lifestyles and relationships have changed? New in-laws may now become a threat! Take a look at your present security.
Building security, Contents security, Personal security - adopt an integrated approach to security; from access control to recruitment practice.
Security is not cheap, good security is priceless, bad security is worthless.
You might need to introduce additional security measures, you can make them much more cost-effective by careful planning.
If you are in multi-occupied building or business park - even a high street, do you have an association or joint body that looks after the facilities, if not - why not?It is important to agree communal security arrangements and share the cost.
It can be frustrating when your neighbours don't share your concern about terrorist attacks, so convert it to crime concern in general then they will be concerned.
When was the last time you had a drill? Irrespective of political climates we should conduct regular reviews of our security plans and conduct rehearsals of building evacuation.
Is there a need to modify security then to take account of any changes in your business, services and supplies.
Have you had new building work? Did you build in security at the time? Has there been changes to personnel, have key individuals left such as First Aiders.
Look at new health and safety rules and regulations, could these have an impact on your security plans.
All buildings have assembly points, is yours in close vicinity to a neighbour that could be a threat? To review new evacuation procedures contact your local fore station.
Often changes make people nervous so ensure all personnel fully understand and accept the need for new security measures and that security is as a common responsibility shared by all.
It should be simple for members of staff to report incidents, concerns and observations, consider tasking certain individuals or nominating security staff for this role.
All reports should be taken seriously no matter how they sound when first reported.
Suspect Packages A letter bomb doesn't necessarily need to look like a letter.
Think of all delivered items, including letters, packages, parcels, and of course anything delivered couriers as well as post.
Couriers don't wear uniforms ...
neither do terrorists.
It should be standard procedure for all couriers to remove motorcycle helmets before entering the building.
No exceptions, no excuses - if the receptionist or security cannot see a face, they don't get in the building! You are unlikely to know whether a package is 'suspect' and it is unlikely that you will know whether it is explosive or incendiary - or indeed chemical, biological or radiological!(CBR) Imagine the handling a package receives at the local sorting office; your average letter bomb isn't necessarily a delicate item.
The detonator won't be set off by motion, but by actual opening.
If Royal Mail delivers it, it is unlikely to have a timing device because of the uncertainty of delivery times.
On the other-hand a 'courier' can deliver at a precise time, so a timing device may be installed.
Telltale signs may appear to be obvious but it is easy to double guess; for example if it is unexpected or of unusual origin or from an unfamiliar sender, would it be deemed suspect, the answer is yes.
However, if there is no return address or the address cannot be verified, treat it as suspect even though it is not unusual to have no return address, let's face it, anyone can stick a return address on it, especially using a credible address.
Do you normally receive post that is poorly or inaccurately addressed? Think about the old fashioned ransom note made up from cut-out newspaper letters and words and think about what you would use to disguise handwriting.
Jiffy bags hide the real feel for its contents; do you normally receive those kind of envelopes? Does it seem unusually heavy for its size?.
There are exceptions to this but most letters weigh up to about 30g, however most letter bombs weigh around 50-100g and are 5mm or more thick.
A terrorist might not want to go to the post office to weigh his bomb, does your package more than the appropriate value of stamps for its size and weight? Look for an additional inner envelope, it might also be tightly taped or tied but is it common for your organisation to receive packages with letters inside? They could be invoices or letters double wrapped for security.
When you look at a sealed envelope, you will note that there is an ungummed gap of 35mm at the corners; are these taped down? It might be that the gum on the envelope was ineffective so the sender taped it down, all the same treat it as suspicious.
If there is a pin-sized hole in the envelope or package wrapping - it is a suspect package.
Smell the packaging, do you detect almonds, ammonia, marzipan or any unusual smell.
Artificial odours can disguise suspect smells.
Also look for oily or greasy stains.
The above is not a be all and end all guide to detecting a letter bomb and even if a letter meets any of the criteria mentioned, remember that the vast majority will be false alarms and even hoaxes.
Some character in your building may feel it would be funny to test your new security measures.
This is a criminal offence and should be reported to the police.
It is important to ensure that your procedures do not needlessly disrupt the everyday business but still need to be effective and seen to be in force.
As mentioned earlier, it is important to contact the Counter Terrorist Security Advisor at your local police station.
Do you have the facilities to process all post and off-site or in a separate building? , Can at least one be isolated so that deliveries are handled without taking them through other parts of the building? Post rooms should have independent air conditioning and independent alarm systems as well as integral alarms.
They should also have their own washing and shower facilities, including soap and detergent.
Lockers would be ideal to keep overalls and footwear available in case staff need to remove contaminated clothing Explore the various scanners and x-ray machines that are available.
However, while post scanners may detect devices for spreading chemical, biological and radiological (CBR) materials (e.
g.
explosive devices), they will not detect the CBR materials themselves.
You are not expected to be an expert in post room scanning devices and X-ray machines so seek advice from your local Counter Terrorism Security Adviser.
If there are unusual patterns in deliveries - treat them as suspicious.
Ensure your mail handlers and reception staff are trained to deal with such situations.
Train them to open post with letter openers using minimum movement, and to keep hands away from noses and mouths.
Always wash hands after dealing with mail.
Often people will blow through the envelope flap to create a cavity for ease of opening.
Another habit might be to shake the envelope so that the contents moves in order to make it easier to open.
Stop these practices.
Obtain some strong self seal tamperproof mailing bags so that packages suspected of containing CBR material can be placed in, ideally once on one bag, put it in another and seal it.
Double sealed should be relatively safe.
Contact the police immediately.
An health and safety expert should advise you as to whether mail handlers need to be equipped with protective equipment such as latex gloves and face masks.
Make certain that post opening areas can be promptly evacuated.
Rehearse evacuation procedures and route, which should include washing facilities in which contaminated staff could be isolated and treated It is a good idea to prepare instruction signs for display so in the event of a suspected or actual attack; staff will have clear standing orders.
Ensure all important telephone numbers are at hand.