Printer Friendly

Safekeeping for safe combinations.

THERE ARE EASIER, MORE imaginative ways to steal from a safe than spending a night drilling, burning, pounding, and prying.

The easy defeats usually have little to do with a safe's resistance to force. The easiest way is to learn the safe's combination.

Safe combinations are vulnerable to compromise by alert and resourceful thieves - and the thief who learns a safe combination can be an outsider or insider.

The average American's head is filled with numbers: addresses, telephone numbers, dates, sales figures, baseball scores, ATM user codes, and so on. Writing down a safe combination relieves the holder of the need to remember yet another number.

But consider this scenario: The safe in a busy store needs a new combination. The manager presides over the combination change. He asks the safe company's representative for four cards, on which he writes the new combination. One card goes in the manager's wallet, one goes to each of two assistant managers, and the fourth copy is sealed and sent to the security department for filing-a typical procedure.

Later that day the manager goes to a restaurant. He hangs up his jacket, leaving his wallet in his jacket pocket. A sneak thief steals the wallet. The thief takes the wallet to the men's room, removes the cash, and scans the other contents for credit cards. Besides credit cards he finds the safe combination and his victim's employee ID. The thief realizes the combination must be for the safe where his victim works.

The thief isn't a burglar, but he knows other criminals will be interested in the combination. In fact, he has a standing set of instructions from a fence who buys stolen credit cards: If he finds a safe combination in a wallet, he is to copy it, leave the credit cards, and return the wallet quickly and anonymously. His fence will pay a fee for a combination stolen in that way.

Acting every inch the good citizen, the thief hands the wallet (minus cash) to the restaurant manager while exiting, saying he found it on the men's room floor. The restaurant manager recognizes the name in the wallet and returns it to the victim, who until then was unaware of his loss. The victim checks his wallet's contents. All that is missing is pocket cash. Luckily, his credit cards, employee ID, and safe combination seem to have been ignored.

Because only cash is missing, the relieved store manager reasons the thief must have been an opportunist or amateur. He decides to count his blessings and consider his misfortune a cheap lesson.

If his wallet hadn't been returned he would have had to hurry back to work and order another combination change. Worse, he would have had to file an incident report with the security department. Besides wanting to avoid unnecessary expense, the manager doesn't want it known he was inattentive enough to be so easily victimized. His performance review is only weeks away.

The thief in the restaurant could just as easily have been the manager's girlfriend, an acquaintance, or an employee - virtually anybody with dishonest inclinations and a few moments' undetected access to the combination. The result is the same: The safe contents are now at high risk, and nobody knows it.

Unless a time lock is engaged, a nighttime visitor with the safe combination needs only minutes to open the safe, empty it, and leave. The speed with which this could happen virtually negates the effectiveness of an alarm system. A criminal who approaches the safe during business hours might be able to bypass time locks and nighttime alarm protection altogether.

Losses from safes that exhibit no signs of forcible entry suggest inside jobs or careless failure to lock. If the safe in the scenario just described were subsequently emptied without being damaged, the combination holders could truthfully deny complicity and swear the safe was properly locked.

A thorough investigation might uncover incidents like the loss and return of a wallet containing a combination. However, such an incident shows that despite existing mechanical and electronic safeguards, the safe contents weren't as secure as they were thought to be. Maybe whoever took the manager's cash didn't actually see the safe combination. Who can prove somebody didn't surreptitiously look through one of the assistant managers' wallets?

The moment a safe or vault combination is recorded, the security of that container's contents becomes a direct function of the security of the record. Wallets, the usual "safekeeping" place for combinations, may be left wherever people leave personal items-in jackets, purses, cars, or dresser drawers. Nobody can be certain someone hasn't had a look.

While the made-up incident of the store manager's wallet may at first seem improbable, it's worth remembering that criminals are often willing to exert their imaginations when planning crimes. Literally thousands of safe users jeopardize themselves or their employers by recording safe and vault combinations and carrying them.

Preferably, safe and vault combinations should be memorized. People who use combinations daily generally memorize their combinations after just a few uses. When a combination is memorized, written records of it become unnecessary liabilities.

If a safe combination must be written down, it should be encoded. Even an easily remembered cipher will add security. Here are two simple suggestions for encoding safe combinations.

Number one, take one or more words totaling 10 letters, using no letter twice, and write them out-for instance, "LOCKMYSAFE." Assign each of the letters a number value by writing digits 0 to 9 under the word or phrase as follows:


0 1 2 3 4 5 6 7 8 9

The combination 22-67-41-74 becomes CC-SA-MO-AM when encoded in that way. Without the correct key word or phrase, this sequence has no meaning.

Number two, if you can't think of a usable 10-letter word or phrase in which no letters repeat, use letters of the alphabet in their proper order, but reverse the numbers' order, like this:


9 8 7 6 5 4 3 2 1 0 The combination 22-67-41-74 becomes HH-DC-FI-CF.

Safes and alarm systems can represent multithousand-dollar expenditures. Loss of the contents they protect, however, can mean multimillion-dollar liabilities. Despite security regulations and commonsense logic, many honest and responsible people can't resist jotting down safe combinations and alarm codes and carrying them. Encrypting a combination or alarm code that will be carried in a wallet leaves less to chance.

DUAL CONTROL IS A FACT OF LIFE in financial institutions, armored car operations, and other businesses where high-value items must be protected. When well-reasoned dual-control procedures are prescribed and practiced, theft by people in positions of trust becomes a more difficult proposition. Dual control procedures ensure shared responsibility for safe and vault contents.

Standard, contemporary American-built vaults incorporate two four-tumbler combination locks. Each lock accepts a four-number combination and is theoretically capable of 100,000,000 different combination settings.

A bank-grade vault door can be mechanically arranged to allow two locking modes, both of which permit dual control. Either mode is considered acceptable, depending on the viewpoint of security planners.

The first way of achieving dual control is to arrange the locking mechanism so that operating either lock will allow the vault door to be opened. To satisfy dual control requirements, the four combination numbers that open the lock are divided between the people on the dual-control access team. This process is known as splitting the combination.

In practice, the person with the first two numbers dials the first half of the combination, then leaves the dial set at a neutral number. Then the holder of the second half of the combination dials the remaining two numbers, opening the lock.

When combination splitting is practiced on vaults equipped with dual combination locks, vault users are protected against lockouts caused by lock failure. If the first lock fails to operate properly, operating the second lock opens the vault and allows the business day to begin with minimal delay. Lockouts on burglary-resistant vault doors are expensive and embarrassing.

A second widely accepted mode of vault locking entails arranging the combination locks so that both locks must be operated every time the vault is to be opened. Under this setup, each lock is set to a different combination. Both lock combinations must be dialed before the door can open. The first lock's entire four-number combination is assigned to the first person on the dual control team, and the second lock's four-number combination is assigned to the second person.

Most American-made, bank-grade, burglary-resistant vault doors can accommodate either locking arrangement and can be changed from one to the other without much trouble by a qualified technician. While locking a vault in the second manner described does not provide convenient recourse when one lock malfunctions, it is more secure.

Here's why: As mentioned earlier, burglary-resistant vaults made for the US market typically have two four-wheel (or four-tumbler) combination locks. A four-wheel combination lock allows 100,000,000 theoretical four-number combinations, in contrast to the 1,000,000 theoretical possibilities afforded by three-wheel locks. However, the operative word is theoretical.

Because of the way combination locks work and the way people dial them, a combination lock must have some built-in tolerance for inexact dialing. According to UL Standard 768 for four-tumbler Group 2 (not manipulation resistant) combination locks, "A four-tumbler lock shall not open with the dial turned more than 1 1/2 dial graduations on either side of the proper graduation for each tumbler." For four tumbler Group 1 (manipulation resistant) locks, the standard is a little more exacting: "A four-tumbler lock shall not open with the dial turned more than than 1 1/4 dial graduations on either side of the proper graduation for each tumbler wheel."

The UL standard is referring to what are commonly known as dialing tolerances. A four-tumbler Group 2 (not manipulation resistant) lock set to a combination of 10-20-30-40 is considered to work properly if it can be opened when dialed as much as 1 1/2 numbers off on each setting.

For example, a lock set to 10-20-30-40 might also work when dialed a full number low for each setting (9-19-29-39) or a full number high for each setting (11-21-31-41). However, if a lock works when dialed a full number low, it should not work when dialed a full number high, and vice versa. An exception would be altered or badly worn locks.

Built-in dialing tolerance is therefore allowable, and even necessary, because it takes into consideration the fact that people make minor dialing errors. Mechanical locks are not as exact as digital keypads, which work with absolute values.

The effect of dialing tolerance is that instead of 100 possible different settings per tumbler the real number is closer to 50. To calculate the number of combination possibilities for a combination lock, multiply the number of setting possibilities for each wheel or tumbler (that is, the number of graduations on the safe dial - typically 100) by the number of possibilities for every other wheel.

Thus, 100 x 100 x 100 x 100 equals 100,000,000 combination possibilities. But if a tumbler setting has a tolerance of 1 1/4 to 1 1/2 settings, it follows that for every number actually set there is an adjacent setting that also allows the lock to work.

That cuts the combination possibilities for each tumbler to 50. Realistically, then, the lock has 50 x 50 x 50 x 50 setting possibilities, or 6,250,000, still enough different combinations to make the lock highly secure.

If a person dialed one combination every minute, trying every combination would take 6,250,000 minutes, or 11.9 years, of nonstop dialing. But such a number of combination possibilities remains impressive only until one considers that a person who starts with two of the four combination numbers only needs to combine those numbers with 2,500 (50 x 50) other combinations.

Dialing 2,500 combinations at the rate of one per minute equals over 40 hours of nonstop dialing. But burglars have been known to spend entire weekends breaking into a vault. The 40 straight hours of dialing can be further reduced by someone with a knowledge of combination locks. In some cases the time can be reduced to under three hours.

WHO KNOWS TWO OF THE FOUR numbers in a split combination? At least two people do-often four, because of the need for backup personnel. A time lock keeps out a trusted employee gone bad, but who winds the time lock? Usually someone who knows half the vault combination. there were no cause for concern, there would be no dual-control procedures in the first place. Further, what prevents prying eyes from looking in the wallet or purse of one of the people who have two of the four combination numbers?

Mechanical time locks are by no means accurate to within seconds or even minutes per month. Out of fear of being inconvenienced by late vault openings, some bank operations personnel habitually wind from a half hour to a full hour less than the recommended locking time.

The lock know-how needed for combination defeats of this nature is not as hard to obtain as many people think. Safe lock manipulation is a necessary diagnostic skill for legitimate safe and vault technicians. Manipulation can be learned from readily available printed material, and such information is available by mail from locksmith suppliers and trade publishers. Few, if any, legal constraints govern mail-order sales of such information.

Besides mail-order sources, other companies offer classroom training in safe lock manipulation. Such companies are operated by responsible people in the safe and vault industry. However, few laws address prospective students' eligibility. The idea of going through legitimate channels to get the information and training necessary to defeat safe and vault locks quietly isn't far-fetched. It's been done.

In the late 1980s a man named Travis Loufburrow was jailed for burglarizing automated teller machines in Texas. He had learned how to defeat alarm systems, safes, and combination locks through experimentation and independent study of available information.

In another case, burglars entered a bank vault in Medford, MA, and looted a large number of safe-deposit boxes over the 1980 Memorial Day weekend. Most of the gang members were later arrested and convicted. Gerald W. Clemente, a former police captain who was one of the burglars, gave an account of that crime in a recent book, The Cops Are Robbers (Boston: Quinlan Press, 1987).

For optimum security, safes in which important business documents or high-value items will be stored should use four-wheel Group 2 (not manipulation resistant) locks or three-wheel Group 1 (manipulation resistant) locks. Unfortunately, three-wheel Group 2 locks can be compromised too easily by too many people. ***CORRUPTED TEXT*** arrangements are two combination locks; one combination and one high-security, key-operated lock; or two high-security, key-operated locks. Safe dials with small key locks that prevent turning are not secure enough for dual control of safes with high-value contents. They are too easily picked.

Burglary-resistant vault doors should have a pair of Group 2 or Group 1 four-wheel locks. The Bank Protection Act accepts Group 2 locks, but the full protection afforded by Group I locks is only a few dollars more. Each lock should be on a different combination. The locks should be arranged so that both locks must be operated before the door will open. Splitting combinations does not provide dual control in its most secure form.

It may sound improbable for sneak thieves to find combinations and for burglars to learn from legitimate sources how to defeat safes and vaults. But it's all a matter of record, and it all can be prevented.

About the Author . . . Kenneth Dunckel operates SAFECRACKER, a safe and vault service and consulting company in the San Francisco area. He was senior bank locksmith for Crocker National Bank in San Francisco from 1981 to 1985. He is a member of ASIS.
COPYRIGHT 1990 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1990 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Dunckel, Kenneth
Publication:Security Management
Date:Nov 1, 1990
Previous Article:A profile of partnership.
Next Article:The call of the whistle-blower.

Related Articles

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters