Cybercrime

 

 

https://sm.asisonline.org/Pages/Vulnerability-Rediscovery-Occurs-At-More-Than-Twice-The-Previously-Reported-Rate.aspxVulnerability Rediscovery Occurs At More Than Twice The Previously Reported RateGP0|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a43444652017-07-21T04:00:00Zhttps://adminsm.asisonline.org/pages/megan-gates.aspx, Megan Gates<p>​Multiple researchers—working independently—uncover the same security flaws more consistently than previously believed, according to a new report from Harvard.</p><p><em></em><a href="http://www.belfercenter.org/sites/default/files/files/publication/Vulnerability%20Rediscovery.pdf" target="_blank"><em>Taking Stock: Estimating Vulnerability Rediscovery</em> </a>looked at a dataset of more than 4,300 vulnerabilities discovered between 2014 and 2016 for Android, and the Chrome and Firefox browsers. Vulnerabilities are flaws that allow cyber criminals, as well as intelligence and law enforcement agencies, to gain access to targeted systems.<br></p><p>Researchers Trey Herr, Ph.D., postdoctoral fellow with the Belfer Center’s Cyber Security Project at Harvard Kennedy School; Bruce Schneier, research fellow with the Belfer Center and adjunct lecturer in public policy at Harvard Kennedy School; and Christopher Morris, research assistant at the Harvard School of Engineering and Applied Sciences, found that rediscovery of vulnerabilities happens more than twice as often as previously reported. <br></p><p>Their findings conclude that “rediscovery happens more than twice as often as the 1 to 9 percent range previously reported,” according to the report. “For our dataset, 15 percent to 20 percent of vulnerabilities are discovered independently at least twice within a year.”<br></p><p>Based on their findings, the researchers suggested that the U.S. government rethink its process for not disclosing software vulnerabilities to companies.<br></p><p>“Underlying the choices to pay for a software vulnerability, as well as government decisions to keep some a secret, are assumptions about how often those same software flaws could be discovered by someone else, a process called rediscovery,” the researchers explained.  <br></p><p>“When combined with an estimate of the total count of vulnerabilities in use by the NSA, these rates suggest that rediscovery of vulnerabilities kept secret by the U.S. government may be the source of up to one-third of all zero-day vulnerabilities detected in use each year,” the report said. “These results indicate that the information security community needs to map the impact of rediscovery on the efficacy of bug bounty programs and policymakers should more rigorously evaluate the costs of non-disclosure of software vulnerabilities.”<br></p><p>In a post for <a href="https://lawfareblog.com/rediscovering-vulnerabilities" target="_blank">LawFare</a>, Herr explained that modern government intelligence agencies must maintain some access to software vulnerabilities. </p><p>"However, the WannaCry ransomware and NotPetya attacks have called attention to the perennial flipside of this issue--the same vulnerabilities that the U.S. government uses to conduct this targeting can also be exploited by malicious actors if they go unpatched," he wrote.</p><p>The researchers also suggested that rediscovery rates are likely higher than what their research was able to conclude because they only looked at high to critical-severity vulnerabilities.<br></p><p>For instance, records from a bug bounty company mentioned in the study “indicate that low- and medium-severity vulnerabilities are rediscovered more frequently than high- and critical severity bugs, to which this study is constrained,” the researchers wrote. “As it is, the 15 percent to 20 percent estimate is substantially higher than previously seen.”<br></p><p>The researchers plan to present the paper and discuss its findings at <a href="https://www.blackhat.com/us-17/briefings/schedule/#bug-collisions-meet-government-vulnerability-disclosure-7587" target="_blank">BlackHat USA</a> in Las Vegas next week.</p>

Cybercrime

 

 

https://sm.asisonline.org/Pages/Business-Theft-and-Fraud--Detection-and-Prevention.aspx2017-07-17T04:00:00ZBook Review - Business Theft and Fraud: Detection and Prevention
https://sm.asisonline.org/Pages/Survey-Of-InfoSec-Professionals-Paints-A-Dark-Picture-Of-Cyber-Defenses.aspx2017-07-07T04:00:00ZSurvey Of InfoSec Professionals Paints A Dark Picture Of Cyber Defenses
https://sm.asisonline.org/Pages/Ukraine-Among-Countries-Affected-by-Petya-Ransomware-Attack-.aspx2017-06-27T04:00:00ZUkraine Among Countries Affected by Petya Ransomware Attack
https://sm.asisonline.org/Pages/Average-Cost-of-Data-Breach-Declines-Globally-First-Time.aspx2017-06-20T04:00:00ZAverage Cost of Data Breach Declines Globally for First Time
https://sm.asisonline.org/Pages/EU-Needs-Comprehensive-Strategy-To-Address-Cybersecurity-Risks,-Think-Tank-Finds.aspx2017-06-09T04:00:00ZEU Needs Comprehensive Strategy To Address Cybersecurity Risks, Think Tank Finds
https://sm.asisonline.org/Pages/Most-Companies-Take-More-Than-A-Month-To-Detect-Cyberattackers.aspx2017-06-02T04:00:00ZMost Companies Take More Than A Month To Detect Cyberattackers
https://sm.asisonline.org/Pages/Hacking-Culture.aspx2017-06-01T04:00:00ZHacking Culture
https://sm.asisonline.org/Pages/IT-Security-Professionals-Admit-To-Hiding-Data-Breaches,-Survey-Finds--.aspx2017-05-09T04:00:00ZIT Security Professionals Admit To Hiding Data Breaches in New Survey
https://sm.asisonline.org/Pages/Cyber-War-Games.aspx2017-04-01T04:00:00ZCyber War Games
https://sm.asisonline.org/Pages/Outdated-Protocols-and-Practices-Put-the-IoT-Revolution-at-Risk.aspx2017-03-24T04:00:00ZOutdated Protocols and Practices Put the IoT Revolution at Risk
https://sm.asisonline.org/Pages/Hacked-Again.aspx2017-02-01T05:00:00ZBook Review: Hacked Again
https://sm.asisonline.org/Pages/Rise-of-the-IoT-Botnets.aspx2017-02-01T05:00:00ZRise of the IoT Botnets
https://sm.asisonline.org/Pages/Top-5-Hacks-From-Mr.-Robot.aspx2016-10-21T04:00:00ZThe Top Five Hacks From Mr. Robot—And How You Can Prevent Them
https://sm.asisonline.org/Pages/Spoofing-the-CEO.aspx2016-10-01T04:00:00ZSpoofing the CEO
https://sm.asisonline.org/Pages/Yahoo-Confirms-Hackers-Stole-at-Least-500-Million-Users’-Data-in-2014.aspx2016-09-22T04:00:00ZYahoo Confirms Hackers Stole at Least 500 Million Users' Data in 2014
https://sm.asisonline.org/Pages/Book-Review---Cyber-Physical-Attacks.aspx2016-09-01T04:00:00ZBook Review: Cyber-Physical Attacks
https://sm.asisonline.org/Pages/Cyber-Trends.aspx2016-09-01T04:00:00ZCyber Trends
https://sm.asisonline.org/Pages/A-Conversation-with-the-FBI.aspx2016-09-01T04:00:00ZIlluminating Going Dark: A Conversation with the FBI
https://sm.asisonline.org/Pages/Patient-Zero.aspx2016-07-01T04:00:00ZPatient Zero
https://sm.asisonline.org/Pages/Book-Review--Beyond-Cybersecurity.aspx2016-06-01T04:00:00ZBook Review: Beyond Cybersecurity

 You May Also Like...

 

 

https://sm.asisonline.org/Pages/Surveillance-and-Stereotypes.aspxSurveillance and Stereotypes<p>​Juveniles make up 40 percent of the shoplifters in the United States. Shoplifters, in total, contribute to billions of dollars of loss each year, according to the National Association for Shoplifting Prevention’s 2014 report <em>Shop­lifting Statistics.</em></p><p>To combat adolescent shoplifting, according to the report, retailers depend on private security officers combined with other security measures, including security cameras, observation mirrors, and radio-frequency identification (RFID) tags. </p><p>The key to apprehending juveniles during or after shoplifting, however, is to correctly determine whom to surveil. Security personnel often rely on a combination of common underlying physical characteristics—race, gender, and age—and behavioral indices—glancing at clerks nervously, assessing security measures, and loitering—to distinguish shoppers from potential shoplifters. </p><p>Are these surveillance decisions a result of bias? To find out, the authors conducted original academic research funded by the John Jay College of Criminal Justice of the City University of New York on how stereotypes play into who is suspected of shoplifting, how that suspect is dealt with, and what private security can do to limit discriminatory practices.​</p><h4>Existing Data</h4><p>A 2003 Journal of Experimental Psychology article, “The Influence of Schemas, Stimulus Ambiguity, and Interview Schedule on Eyewitness Memory Over Time,” which discussed research findings and lawsuits against retailers, concluded that stereotypes of juvenile shoplifters may unduly influence security officers to target juveniles on the basis of their physical characteristics, rather than their behaviors.</p><p>Over the past 20 years, the media has reported on cases in which the retail industry engaged in discriminatory practices. This is known as consumer racial profiling (CRP), “the use of race and or ethnicity to profile customers.” According to a 2011 study in the Criminal Justice Review, “Public Opinion on the Use of Consumer Racial Profiling to Identify Shoplifters: An Exploratory Study,” officers sometimes use CRP to determine which juvenile shoppers are potential or actual thieves. </p><p>Most people develop negative stereotypes about juvenile thieves through exposure to various types of media, particularly when they reside in areas that contain few minorities. The media has the unique ability to both shape and perpetuate society’s beliefs about which juveniles typically commit offenses through its selective coverage of crimes. </p><p>It is also common for the media to portray adolescents—particularly boys—as criminals. Biases are then used, whether consciously or unconsciously, in the private sector by retailers and security officers to target shoppers, and in the public sector by those in the legal system, including law enforcement officers, prosecutors, judges, and even legislators, to arrest and prosecute thieves.</p><p>The consequences of applying discriminatory practices can be seen in the private sector through lawsuits against retailers. Ethnic minority shoppers purport that they were targeted through excessive surveillance—and even through false arrests. </p><p>Researchers have shown that this automated bias occurs even when observers were trained to focus on behavioral cues, and it persists despite findings that shoplifting occurs across racial and ethnic groups, according to the 2004 Justice Quarterly article “Who Actually Steals? A Study of Covertly Observed Shoplifters.”</p><p>Stereotypes also affect retailers’ decisions on how to handle shoplifters, either formally by involving the police, or informally. The results of accumulated discrimination, accrued during each step in the legal process—initial involvement of police, decision to prosecute, conviction, and sentencing—continue in the legal system. This is evidenced by the disproportionate number of African- and Latin-American boys shown in the apprehension and arrest statistics of juvenile thieves, compared to their representation in the population, according to Our Children, Their Children: Confronting Racial and Ethnic Differences in American Juvenile Justice, a book published by the Chicago University Press. ​</p><h4>Current Research</h4><p>To test the premise that there is a widespread stereotype of the typical juvenile thief and shoplifter, our research team obtained information from young adults in two diverse areas:  97 psychology-major college students in a small city in the U.S. state of Kansas, and 156 security and emergency management majors at a college in a large city in New York state. </p><p><strong>Shoplifter profile. </strong>The psychology-major students were 83 percent European American. The rest of the students were represented as follows: 5 percent African American, 2 percent Asian American, 1 percent Latin American, and 9 percent of mixed or unknown descent.</p><p>The security and emergency management major students—72 percent of whom were male—came from a variety of backgrounds: 31 percent European American, 37 percent Latin American, 19 percent African American, 9 percent Asian American, and 2 percent Middle Eastern American.</p><p>Participants in both locations were asked to guess the common physical characteristics of a typical juvenile shoplifter—age, gender, ethnicity or race, and socioeconomic status. </p><p>The stereotypical juvenile shoplifters described by both the Kansas and New York respondents were remarkably similar: male, aged 14 to 17, and from lower- to middle-class families of African-American, Latin-American, or European-American descent. The two samples also indicated that the stereotypical thief was likely to have short or medium length brown or black hair and an identifying mark—such as a piercing. </p><p>These findings show commonality in the prevalence of certain physical characteristics, despite the diversity of the two groups of respondents, and demonstrate that American society has a well-developed juvenile shoplifter stereotype.</p><p><strong>Decision processes. </strong>After determining the stereotype, the research team considered whether juvenile shoplifter stereotypes affected respondents’ decisions. The goal was to determine the degree to which the respondents believed that physical characteristics influenced the security guards’ decisions regarding whom to surveil, and what consequences to apply when a youth was caught stealing.</p><p>The New York respondents read a brief scenario describing a juvenile shoplifter as either male or female and from one of five backgrounds: European American, African American, Asian American, Latin American, or Middle Eastern American. However, the description of the overt behaviors by the juvenile was the same for every scenario—selecting and returning shirts in a rack, glancing around the store, and stuffing a shirt into a backpack.</p><p>Respondents provided their opinions about the degree to which the security officer in the scenario relied on physical characteristics in surveilling a juvenile, and whether the retail manager and security officer should impose informal or formal sanctions on the shoplifter. Researchers reasoned that respondents should draw identical conclusions for surveillance and sanctions if they were simply evaluating the juvenile shoplifters’ behaviors, but that students would have different recommendations for these choices if their racial or ethnic stereotypes were activated.</p><p>Respondents who indicated a preference for applying informal sanctions did so more frequently for girls of African-American and Middle Eastern-American descent. These respondents also assessed that the officer described in the scenario based his or her surveillance decisions on physical characteristics. No other gender differences for race or ethnicity were notable when considering reliance on physical characteristics.</p><p>Stereotypes also affected decisions on how to sanction the shoplifter. Respondents were given the option of implementing one of four informal sanctions: speak to the juvenile, call parents to pick up the juvenile, get restitution, or ban the youth from the store. Their selection of the least severe sanction—talk to the juvenile—was doled out at a higher rate for boys than for girls of each ethnicity except European Americans, which did not differ.</p><p>The moderate level sanction—call the youth’s parents—was selected more for girls than for boys of African and Latin descent. The most severe level sanction—ban the youth from the store—was selected more for boys than for girls of African descent. However, it was selected more for girls than for boys of Asian, European, and Middle Eastern descent.<img src="/ASIS%20SM%20Callout%20Images/0417%20Feature%202%20Chart%201.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;width:510px;" /></p><p>Respondents who indicated a preference for applying formal sanctions attributed physical characteristics to the guards’ surveillance decision for girls more than for boys of Latin descent; gender differences were not apparent for the other ethnicities. </p><p>Respondents were also given five formal sanctions for the youths: involve the police, prosecute the theft as larceny, impose a fine, give the youth diversion or community service, or put the incident on the youth’s criminal record. Their selection of the least severe sanction—involve the police—was endorsed more for boys than for girls of Asian, European, and Latin descent, but more for girls than for boys of African descent. No gender difference was apparent for youths of Middle Eastern descent.</p><p>The most severe sanction—diversion or community service—was preferred more for boys than for girls of African descent. A small percentage of respondents endorsed a criminal record for the theft of a shirt, but only for girls of African and European descent and for boys of Middle Eastern descent.</p><p>Finally, a comparison of our data revealed that respondents believed informal—rather than formal—consequences should be imposed for girls rather than for boys of Asian and European descent, and for boys rather than for girls of Latin descent. ​<img src="/ASIS%20SM%20Callout%20Images/0417%20Feature%202%20Chart%202.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;width:519px;" /></p><h4>Lessons Learned</h4><p>Our findings clearly demonstrate that people have stereotypes about juvenile shoplifters. They also showed that people unconsciously use the typical physical characteristics of gender and race or ethnicity associated with their criminal stereotypes to make decisions and recommendations, such as whom to surveil and how to handle a shoplifting incident. Otherwise, there would not have been a difference in how the juvenile shoplifter was processed or punished, because the behaviors exhibited by all of the juveniles were identical across scenarios.</p><p>Consumer racial profiling is a defective filtering system that may direct private security officers’ attention to characteristics that are not reflective of actual shoplifting conduct. Our data suggests that CRP not only hurts retail businesses by discouraging minority consumers from shopping in their stores, but also simultaneously prevents security officers from apprehending shoplifters.</p><p>Other research, such as from “Juvenile Shoplifting Delinquency: Findings from an Austrian Study” published in the 2014 Journal for Police Science and Practice, shows that only 10 percent of juveniles are caught shoplifting. Even more disconcerting, the typical shoplifter steals on average 48 to 150 times before being apprehended. Clearly, retailers need a better strategy if they are to reduce loss due to shoplifting.</p><p>Another issue that was addressed was the decision to involve the legal system. Many businesses, despite having posted prosecution warnings, reported only about half of the adolescent shoplifters they caught to the police. </p><p>Retailers instead focus on minimizing loss and negative publicity, and may rationalize against reporting the offense to the police because they do not want to stigmatize the adolescent or because they consider it a one-time incident, particularly when the juvenile admits to the theft and then pays for or returns the items, according to the U.S. Department of Justice’s (DOJ) Community Oriented Policing Services.</p><p>These beliefs, however, may be misguided. Though current research is scarce, a 1992 study—The Sociology of Shoplifting: Boosters and Snitches Today—indicated that 40 to 50 percent of apprehended adolescent shoplifters reported that they continued shoplifting. </p><p>There are benefits for retailers who involve the legal system, especially for informal police sanctions. </p><p>First, criminal justice diversion programs and psychological treatment and educational programs treatment may reduce recidivism. For example, shoplifters who attended and completed a diversion program had significantly fewer re-arrests compared to those who failed to complete or did not attend, a DOJ study found.</p><p>Second, the private sector needs the support of the public sector to reduce shoplifting. Shoplifters can be given an opportunity to participate in first offender programs and, upon completion of classes on the effects of shoplifting, have their charges dismissed or even erased. ​</p><h4>Recommendations</h4><p>Retailers and private security officers need training to make them aware of their own biases and how their stereotypes affect their choices. They also need training to learn which behavioral indices are most effective in distinguishing shoppers from shoplifters. </p><p>If retailers do not make significant changes in guiding their employees—particularly security officers—towards objective measures of vigilance to prevent shoplifting, their financial loss will continue to be in the billions of dollars. </p><p>Private security officers must be taught how to treat all potential shoplifters, regardless of their gender, in the same way to prevent making mistakes and subjecting retailers to lawsuits for discriminatory security practices.</p><p>Overcoming unconscious biases is difficult. Prior to specialized training in bias identification and behavioral profiling, it is important to determine the biases of security officers. Self-assessment measures similar to the ones the researchers used in their study can be administered. </p><p>The officers should also keep records that specify each incident of shoplifting, what behaviors drew their attention to warrant surveillance, what act occurred to provoke them to approach the juvenile shoplifter, the items that were taken, the method used, the shoplifter’s demographics, how the situation was handled, who made the decision, and reasons for the decision. The officers should then review these records with their retail managers.</p><p>Retailers should also implement a mandatory training program to provide private security officers with the tools needed to identify shoplifting behaviors to increase detection and reduce shrink. </p><p>The incident records could be introduced and used to help identify the impact biases have on private security professionals’ decisionmaking about juvenile shoplifters. It would also help security guards learn the various types of suspicious behaviors that shoplifters exhibit, such as juveniles who make quick glances at staff, examine items in remote aisles, monitor security cameras and mirrors, and purposefully draw employees’ attention away from others.</p><p>Additionally, a practical component would be to show surveillance videos of the behaviors exhibited by juvenile shoplifters of different gender and race or ethnicity. In this way, the findings of past studies showing the insignificance of race, ethnicity, or gender can be learned through real-world examples.  </p><p>--<br></p><p><em><strong>Dr. Lauren R. Shapiro </strong>is an associate professor in the Department of Security, Fire, and Emergency Management at John Jay College of Criminal Justice. She has published several journal articles and chapters on the role of stereotypes in perception and memory for crime and criminals. <strong>Dr. Marie-Helen (Maria) Maras</strong> is an associate professor at the Department of Security, Fire, and Emergency Management at John Jay College of Criminal Justice. She is the author of several books, including Cybercriminology; Computer Forensics: Cybercriminals, Laws, and Evidence; Counterterrorism; and Transnational Security.   ​</em></p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Ukraine-Among-Countries-Affected-by-Petya-Ransomware-Attack-.aspxUkraine Among Countries Affected by Petya Ransomware Attack <p><a href="http://www.npr.org/sections/thetwo-way/2017/05/15/528451534/wannacry-ransomware-what-we-know-monday" target="_blank">​Ukraine was hit by a large ransomware attack on Tuesday</a>, along with at least five other countries, NPR News reports. The ransomware is being referred to as "Petya," and affected "key parts of Ukraine's infrastructure," including electric grids, government agencies, and businesses. Experts fear the threat of Petya is similar to the WannaCry ransomware attack in April, which affected computers in 150 countries.</p><p>In addition to Ukraine, the ransomware attack has hit "thousands of users" in Russia, Poland, Italy, the United Kingdom, Germany, France, and the United States. The U.S. Department of Homeland Security said it is "monitoring reports of cyberattacks affecting multiple global entities and is coordinating with our international and domestic cyber partners."</p><p>Users affected by the attack are shown a locked screen demanding a payment of $300 in bitcoins to receive their files, the same ploy used by WannaCry. But security researchers say Petya uses exploits WannaCry did not to spread in internal systems, meaning patched machines can also be affected. </p><p>Ukraine's official<a href="https://www.vox.com/world/2017/6/27/15879844/ukraine-gif-russia-cyber-security-attack-hacks-this-is-fine-meme-wannacry" target="_blank"> Twitter account announced the attack</a> had hit the country with a message to assuage fears. The country tweeted a GIF of a dog drinking coffee in the middle of a room that is burning in flames. The post reads, "Some of our gov agencies, private firms were hit by a virus. No need to panic, we're putting utmost efforts to tackle the issue." </p><p>The adviser to Ukraine's interior minister, Anton Gerashchenko, says he believes the attack is the work of Russian agents to destabilize the country, and <a href="https://www.facebook.com/anton.gerashchenko.7/posts/1415938421826334" target="_blank">said on his Facebook page</a> the attack likely took weeks to set up before going into effect. </p>GP0|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Secure-Activism-101.aspxSecure Activism 101: How To Survive a Demonstration<p>​<span style="line-height:1.5em;">Twenty-thousand strong marched in protest in Bogotá in 2011 at the Colombian government’s plans to cut university spending. The protestors retained a student-led atmosphere of goodwill and the only simmering of potential aggression was due to the presence of the Colombian Police’s Riot Control Unit (ESMAD) parked on strategic side streets.</span></p><p> I was in downtown Bogotá on the second floor café above the throngs with a tourist from Seattle, watching students from all over Colombia protesting the bill pushed through by President Juan Manuel Santos’ government to reform higher education by introducing a profit motive. </p><p> “I wish my daughter could be here to witness this,” the Seattle visitor told me. “It’s a healthy display of the young airing their grievances with a government decision. We don’t see this anymore in the United States.”</p><p> Protest participants were handing out carnations to members of the ESMAD, placards were held aloft announcing the arrival of different student bodies. With several years of experience as a foreign correspondent in Colombia, I knew better than to drop my guard despite the festive mood as if these students had somehow lost their way in route to a humanities class.</p><p> And my instincts were right, as the carnival atmosphere was threatened by an undercurrent of disobedience as masked agitators—armed with spray paint canisters—left shop windows and walls emblazoned with slogans: “Pensar diferente no es un crimen.” Translation: “Thinking differently isn’t a crime.”</p><p> From our present vantage point we were safe, unless the protest turned violent, as it has been proven time and again that an emotionally charged crowd of people can be swayed from grief or merriment to sadistic dementia in a second.</p><p> After all, if the ESMAD fired off tear gas, where would we go? The only exit from the café would be down a narrow flight of stairs and out onto the Carrerra Septima, the principal thoroughfare for all demonstrations in Bogota as it leads directly to the Plaza de Bolivar and the Palicio Narino seat of power—hardly an ideal route.</p><p> Strikes, marches, and demonstrations are a routine occurrence in Colombia, set against the backdrop of the Colombian armed conflict—currently the longest-running in the hemisphere. And in 2016, in the lead up to and after the signing of a final peace accord with the Revolutionary Armed Forces of Colombia (FARC rebels), these may increase as disgruntled sectors of the country’s society feel their needs and complaints are not being heard.</p><p> If President Santos makes good on his promise to bring the final accords to a referendum, so people can vote in favor or against it, there will be many opportunities for people to make their cases heard by pounding the streets.</p><p> As a Bogotá-based journalist, the possibility of being caught up in some kind of social unrest during the course of my work in 2016 is high. To help plan for the worst, I picked the brain of a trusted security expert—Ben Hockman, senior consultant at Control Risks, a global risk management consultancy specializing in assisting clients operate in complex and hostile environments.</p><p><span style="line-height:1.5em;"><strong>Planning<br></strong></span><span style="line-height:1.5em;">Even with experience witnessing challenging demonstrations across South America from Bolivian miners threatening to hang themselves by the neck from a bridge to facing off with police and throwing sticks of dynamite along each avenue leading up to La Paz’s Plaza Murillo to politically charged May Day lawlessness, I know better than to stay too close to the action.</span></p><p> This experience with the issues of violence and potential lawlessness in demonstrations in Latin America has helped me in the past. But before hitting the streets, Hockman suggests I take the following into account when I’m planning to cover an event. <br></p><ol><li style="line-height:1.5em;"><span style="line-height:1.5em;">Gather intelligence. Know the immediate area, the wider area, and all evacuation options. Determine what the political and economic situations are.</span><br></li><li><span style="line-height:1.5em;">S</span><span style="line-height:1.5em;">tudy the basics of the local political and economic situation. A well prepared traveler to Venezuela might avoid wearing red t-shirts in and around Caracas, for instance, in the current climate of social unrest.</span><br></li><li><span style="line-height:1.5em;">Have a Go Bag. Collect identification documents, copies, snacks, cash for emergencies, water, basic first aid kit, and put them into a bag to take with you.</span><br></li><li><span style="line-height:1.5em;">Print physical copies of maps from apps. Don’t rely on applications, such as Waze, Google Street View, as Internet access may go down in the midst of unrest.</span><br></li><li><span style="line-height:1.5em;">Know in advance where help points are located and how to get to them.</span><br></li><li><span style="line-height:1.5em;">Have a back-up communication plan and prepare for network infrastructure failure. Have a replacement cell phone, a radio, or a walk-talkie.</span><br></li><li><span style="line-height:1.5em;">Be conscious of your wardrobe. Are you able to change your look quickly? What happens if you are in olive drab and resemble the military? </span><br></li></ol><p></p><p><span style="line-height:1.5em;">​As Hockman advises, before even approaching a demonstration, I should know the lay of the land—or at least have in my possession a map of the area where I will be engaging with the event. </span><br></p><p> I also need to keep myself abreast of the type of demonstration that is taking place: is it political, is violence likely? I should check for security forces and know the general current of feeling in the city and country at that precise moment, in addition to having investigated the outcomes and reactions to past demonstrations. </p><p> Additionally, as a 6-foot-tall Caucasian male, I know I’m going to stand out in a melee of rioting Bolivian miners. The question is if that makes me more—or less—of a target.</p><p> And in extreme situations where a demonstration may lead to military deployment and a challenge of the political regime, it’s crucial to have my passport and tickets out of the country on hand.</p><p><span style="line-height:1.5em;"><strong>Responding<br></strong></span><span style="line-height:1.5em;">As the tourist from Seattle and I watched the main cadre of students pass by during their protest, I was right to be concerned. Things were heating up, and paint bombs were being hurled at government buildings.</span></p><p> Our exit option was limited and there would be precious little space for movement on the street because of the numerous protestors. To get out of the café, the tourist and I would need to keep close, head to the edges of the protest, and move with the crowd as if negotiating a strong ocean current, before slipping away down a side street. </p><p> The aim would be to get out, avoid a possibly trigger-happy police front line spraying pepper spray or tear gas, and escape injury in the process.</p><p> To help think through our escape plan—if it became necessary—I ran through Hockman’s checklist on what to do if caught in the midst of a violent protest.</p><ol><li><span style="line-height:1.5em;">Remember your principal objective is to put as much distance as possible between you and the unrest. If you fail, plan b will be to seek appropriate cover—alleyways, buildings, or vehicles.</span><br></li><li><span style="line-height:1.5em;">Control your emotions. Try to remain as calm as possible.</span><br></li><li><span style="line-height:1.5em;">Keep anyone in your party close—<span style="line-height:19.5px;background-color:#ffffff;">maintain</span> a distance within reach or physical contact, and agree on safe meting points ahead of time in the event that you are separated.</span><br></li><li><span style="line-height:1.5em;">Keep moving, but don’t run.</span><br></li><li><span style="line-height:1.5em;">Move with the crowd and don’t draw attention to yourself. Look for exit options to side streets and your help points—alleys, safe zones, or alternative cover.</span><br></li><li><span style="line-height:1.5em;">Make yourself compact while moving. Protect your head, neck, face, and vital organs. Do not get pushed against or blocked by solid objects.</span><br></li><li><span style="line-height:1.5em;">Watch your footing and obstacles on the ground.</span><br></li><li><span style="line-height:1.5em;">Move between “waves of crowd movements.”</span><br></li><li><span style="line-height:1.5em;">Avoid major roads and sites.</span><br></li><li><span style="line-height:1.5em;">If gas or pepper spray is released, cover your airways with clothing but try to keep your hands free. </span><br></li><li><span style="line-height:1.5em;">Do not approach the front line of police.</span><br></li><li><span style="line-height:1.5em;">Avoid interaction with demonstrators or security forces.</span><br></li><li><span style="line-height:1.5em;">Avoid confrontation with any party.</span><br></li><li><span style="line-height:1.5em;">If you find yourself on the ground, try to stand as quickly as possible. If you can’t stand up, curl yourself into a ball to protect vital organs and try to regain your footing as soon as possible.</span><br></li><li><span style="line-height:1.5em;">If you’re in a vehicle, stay in the vehicle. If gun shots sound, determine their origin and the target before driving away or running away. Sudden movements can draw attention from both protestors and the security forces, particularly during exchanges of fire, so have a plan before you move.</span><br></li></ol><p><span style="line-height:1.5em;">Luckily, the worst of the violence was d</span><span style="line-height:1.5em;">efacement of property and a couple of skirmishes during the student protest in 2011, and we were able to safely leave the café.</span><br></p><div><span style="line-height:1.5em;"><strong>The Aftermath</strong></span></div><p>Fast forward four years, however, and I was again in the midst of some social unrest in the form of the Colombian Farmers’ Protests of 2015. Thousands of farmers were protesting to demand that the government comply with reforms it agreed to in 2014, accusing it of failing to implement measures to reduce debt and control the price of fertilizer. It was clear that the Colombian people were largely in favor of the protests, and on key dates 45,000 people had taken to the streets to demonstrate.</p><p> This time the feeling was different and the carnival atmosphere of the student-led demonstration was replaced with a more sinister and aggressive sentiment. And, as was to be expected, pandemonium ensued.</p><p> At the height of the turmoil, there was a period of four hours when police used tear gas on rioters throwing petardos (flash-bombs) that injured the police and the public. None of the injuries appeared serious, however, in what was Bogota’s worst street violence since protesters in March 2012 against the city’s municipal bus system were attacked by young vandals.</p><p> This was clearly a demonstration to avoid, and Hockman gave me the following tips to manage the immediate aftermath of violent social unrest.</p><ol><li><span style="line-height:1.5em;">Avoid public transportation.</span><br></li><li><span style="line-height:1.5em;">Check for injuries and, if necessary, seek medical help. The immediate adrenaline rush experienced during violent unrest might mask injuries.</span><br></li><li><span style="line-height:1.5em;">Report in to your office or family as frequently as you can.</span><br></li><li><span style="line-height:1.5em;">Consider the possibility of mild-Post Traumatic Stress Disorder and seek medical attention where necessary.</span><br></li></ol><p><span style="line-height:1.5em;">Colo</span><span style="line-height:1.5em;">mbia will face a new wave of emotionally and politically fueled demonstrations in 2106 and beyond as the government seeks to sign off on a peace accord with the FARC and entice the country’s second guerrilla group—the National Liberation Army—to the negotiating table, demonstrations will be the norm.</span><br></p><p> It pays to be prepared, and to fully consider the advice provided by experts in the field. </p><p><em>Richard McColl is a foreign correspondent and conflict resolution specialist based in Colombia. Ben Hockman contributed to this article and is a senior consultant at Control Risks based in Colombia and a member of ASIS International.</em></p><p><br></p>GP0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465