LPRC - CrimeScience – The Weekly Review – Episode 169 with Dr. Read Hayes, Tom Meehan & Tony D’Onofrio
Episode Date: December 15, 2023LPRC has 3 new team members, this week our hosts discuss the continued growth of the LPRC! On this episode, our hosts discuss the upcoming LPRC events, the latest cyber attacks, and AI news. The hosts... also go into a recap of the latest AP/LP news and the NRF Big Show. Listen in to stay updated on hot topics in the industry and more!
Transcript
Discussion (0)
Hi, everyone, and welcome to Crime Science. In this podcast, we explore the science of
crime and the practical application of this science for loss prevention and asset protection
practitioners as well as other professionals.
Welcome, everybody, to another episode of Crime Science, the podcast. This is the latest
in our weekly update series. I'm joined by Tom Meehan, as well as our producer, Diego
Rodriguez, and we're excited, as always,
to talk with each other and you all about what's going on. And we know there's a whole lot. I think
on the tragedy side, we've talked about the two asset protection team members that are visible
security officers at Macy's that were both inexplicably stabbed in the face,
one fatally by an individual who had been stealing hats and left and came back and then
committed this violence. In a second incident that we're aware of, a self-checkout employee
at a Kroger company store, something equally bizarre. And in this case,
an individual came in and fatally stabbed a self-checkout employee, an associated team
member there at that Kroger company location in a very confused situation where, again,
he thought he was being paged.
He wasn't. The employee politely told him he was not being paged.
He this happened evidently more than once. He exited the store, came back and then fatally stabbed her for no apparent reason. So we know the downside. We know the horrific risks to some in these vulnerable places and spaces that we call retail because they're open to the public at large, present unique problems.
In addition to in the first case at Macy's, in that instance where there's theft involved in the entire incident and in this case of stabbing.
And the entire incident in this case is stabbing. So, well, you know, this is really what gets our team up in the morning is the drive to help use research, use partnerships, use the things that we all know that we need to be doing, trialing, testing, improving to safeguard vulnerable people in places and spaces. This is what makes it happen.
So it's been very, very busy.
We're preparing again for the kickoff conference, excuse me, the meeting hosted by AT&T Business.
And that, again, will be in Hudson Yard in Manhattan near the Javits Center, 730 to 1230.
7.30 to 12.30, and that will be on January 17th after the conclusion of the NRF's annual Big Show event. We'll be participating in multiple panels that'll be out on the exhibit hall floors.
By the way, one on RFID with Avery Dennison, with Joe Cole, the VP of Macy's. We'll be participating with Mike Lamb,
the VP at the Kroger Company, and one involving NVIDIA, Lenovo, talking about AI usage in
retail asset protection, loss prevention. We'll be participating in one with Esri,
We'll be participating in one with ESRI, the giant mapping organization that we work so closely with.
And in that case, we'll be working with Capindex's Dr. Trav.
We'll be working with several other luminaries, including Dave Johnston from the National Retail Federation.
So we're excited in those. Additionally, our colleague and friend, Dr. Corey Lowe,
here at the LPRC, our research team leader,
will be on a panel that will be working with Google and others.
So the LPRC team is very proud,
very humbled to be asked to participate in some of those panels.
We'll also be at some of the social events,
certainly honoring Gus Downing of Downing & Downing.
So look for us, please, in New York City.
But there's a lot of planning and effort that goes into that effort.
Simultaneously with that, we've mentioned several times,
Ignite is our winner planning meeting.
We had our Board of of advisors teams call yesterday we had 25 I believe it was of our board advisors on there going through
and discussing with them what we've been doing and growing our team we now have 19 team members
up from six just two years ago and the team is going to continue to grow. We're going to add one more
coming up here, a director of operations, but talking with them about what we're trying to
get done. What's the most critical need of them? How do we make sure that we align our capability,
our people, our research venues, obviously our focus on what types of theft, fraud, or violence and variations of those we're
working on. Is it lab? Is it, and of course, out in the wild in these ecosystems? And by the way,
we'll be stressing this a lot at our kickoff event, talking about the individual that we're
trying to influence, they or their crew throughout their journey to, at, and from a crime event, but this takes place within an entire ecosystem that we're trying to understand
and influence, and that's really what our field initiatives are all about. So, just to bolster
that idea that frameworks and evidence are what the scientific method's all about, a logic model
and observations, and that's how we roll here at the LPRC and at the University of Florida's Safer Places Lab.
We're also in heavy planning for the next day after that Ignite Board of Advisors meeting, February 28th here in Gainesville.
Also, the Innovate Advisory Panel, their meeting here.
But the next day, of course, on the 29th of February, the integrate, the second year
will have had integrate, which will go beyond a tabletop exercise. This will be a highly kinetic
exercise that will include tabletop exercises around that. Last year, we had 31 retail
corporations, 46 executives from them, eight law enforcement agencies this year. We expect all the above to double.
And again, that'll be on the 29th invitation only.
But if you're a retailer or you're an LPRC Innovate partner or prospective advisory panel partner for Innovate program, you're interested, then please reach out to us.
Tom, T-O-M, at lpresearch.org, tom at lpresearch.org,
and let him know you have interest in that tabletop, that grand exercise in the Innovate program itself.
But yesterday, as part of the planning, we also had the commander of the University of Florida's ROTC and his
chief NCO here as well, NCOIC. And so we had the colonel in here. And so we were planning a little
bit about emergency responses and how UF's Army ROTC will start to get involved, providing one
or more interns every semester to work in our Security Operations Center lab, our SOC lab, and with our FusionNet.
Again, for all LPRC members, remember our retailers, we have FusionNet. going, violent or storm event, something that's an emergent threat, then we activate and are on
that Discord platform that we call FusionNet. This is something we stood up in 2020 to help
handle all that was going on during the pandemic from vaccinations to elections to widespread
looting and burning, and and has continued since that time.
With a lot of participation, we have voice and intel channels that there's a lot of communication,
insertion of OSINT and other types of intelligence, and so on.
So that's a big play today.
We're getting ready.
We're going to have our Gainesville Police Department partners in to help us plan through the active shooter event again on February 29th as part of our integrate tabletop.
So we've got three new team members starting at the LPRC. They started Monday of this week. Here we are recording on I am on Wednesday.
Wednesday and so they have been going through two days so far of onboarding going through and understanding all the complexity of complexities of the LPRC
what their role will be of course so a great play there and desperately needed
additional team members to help us get through all this but the the stressing
and what we're going to be doing
with Gainesville PD, with the University of Florida Police Department, who's actually hosting
the Integrate Active Assailant event, the exercise, it's all about intelligence at first,
right? Early warning, developing targets that we want to influence so that they don't initiate or
progress toward us, and then providing
target dynamics for the action. You know, what do we need to know about this target if we can
identify them? So, this is a very complex, hopefully very well planned out event. We've got
multiple retailers, professionals, AP professionals from there who have dealt with, tragically dealt with, active shooter or active stabber events at their places to help us plan and execute this,
as well as law enforcement experts that have done the same, that have been involved in
before, during, and after active shooter events to help us plan this properly and execute it
and learn the lessons learned so everybody can
continue to improve. This will be the first event and the first part of a series that'll go on for
one to two years, depending on what all needs to be done out there on active assailants. We're doing
a literature review, reviewing all the research literature on active assailants, shooters,
review, reviewing all the research literature on active assailants, shooters, stabbers,
people with hatchets and beyond, those kind of mass attacks, particularly in a commercial and especially, of course, in a retail environment, a mall and or parking lot of a store or inside
those locations, including also we'll be deconstructing different active events, active assailant events before, during, and after with those that were involved in a series of those.
We will also be providing and executing another exercise in conjunction with some other experts on this.
So stay tuned on all that. And one of our new team members is going to be helping myself, help me and others
do all the detailed planning and things that have to happen around that in addition to the other
violent crime. The three LPRC summits are under heavy planning. The product protection summit,
something similar to Shark Tank. For those that aren't aware of it, it's online.
It's been very successful the last three years. We've got the Violent Crime Summit that will be in Albuquerque
this year. That's where you're normally going to see a couple hundred law enforcement and our
members, retailer members in particular, but some SPs coming in. Together, we'll have our Supply
Chain Protection Summit. It's between two different
venues right now. They're working that out on the Supply Chain Protection Working Group.
And a quick call-out again, we've got seven of these ongoing working groups. One is, of course,
the Innovate Advisory Panel, 36 retailers that meet eight times by teams and two times in person.
And we've also now got 16 innovate advisory panel partners that are from
the solution partner side. They are the ones that are funding our growth in our research team.
So we've got that ongoing monthly, 10 events there to work year round. But that's in addition,
again, to the organized retail crime working Group that meets 10 times throughout the year, the Violent Crime Working Group, Retail Fraud Working
Group. We've got, of course, Supply Chain Protection Working Group, the Data Analytics
Working Group, or DOG, to name a few. So, we encourage everybody that's a member of the LPRC
to get your people involved in as many of these working groups
as possible. We now have a large enough team that each team has a research scientist and a research
project coordinator assigned to those to curate even better and better, more meaningful, engaging,
and productive engagements in a year for each of the working groups, including their summits.
So what I'll do with no further ado is turn it over to my colleagues.
Tom, if you please take it away.
Thank you, Reid.
I have a few different stories.
Probably today everything is focused more on the tech side than the retail side.
But starting with some hacking news there is a website
called cameo where celebrities and other folks charge monies to do videos for
people if you're not familiar with cameo there are a ton of celebrities
politicians on where you can request a video and have it made for you.
So for an example, if you wanted to wish someone a happy birthday,
you could pay $200 and Mike Tyson would do a customized birthday video
and send it to you.
Well, some hackers overseas used the Cameo feature
to create a propaganda video about Ukraine's President Zelensky
having a drug and alcohol problem.
So they actually went out and got a ton of videos and had them made with various messages wishing
well, no one involved knew who the video was for. And then this hacking group used artificial intelligence to stitch the videos together and change some of the voices to create a bunch of propaganda videos from celebrities, basically using this as a misinformation campaign.
So why are we talking about it here on the podcast?
So why are we talking about it here on the podcast?
This continues to be one of the challenges with AI. When you think about deepfakes and mixing of voices, what can occur?
And then when you add in an application like Cameo, which actually allows someone to take someone's video or audio,
it really makes AI a dangerous, dangerous tool.
I've said it many times before,
AI, for a very small amount of money,
you can go online right now,
download an app and take someone's voice
and if you have a large enough sample,
replicate it with almost near perfection.
Video deepfakes are still something
that's being worked on.
In this case, the videos were real,
so the stitching was a little bit changing.
So they basically took different parts of words and cut them out to make the message change differently.
So a clever type of attack, but something to be very, very aware of as we continue to evolve in AI.
With more AI news, the European Union and the FTC is investigating Microsoft.
The European Union and the FTC is investigating Microsoft.
This is still in the early stages in relationship to their 49% ownership stake
in OpenAI, ChatGPT's parent company.
Basically what the EU is saying
is this is essentially an ownership
and does this allow Microsoft to have have control and the ftc is just
monitoring it so there's not necessarily anything here more than the very early stages of it so
definitely a space to watch when you think about artificial intelligence
excuse me and more artificial news uh intelligence news uh expect to see robot bartenders in the very near future.
There is two companies that have commercialized a robot bartender.
When we talk about AI and the potential for removing jobs or people losing jobs,
this is one example where it does look like these robot bartenders are going into place.
It does look like these robot bartenders are going into place.
There are also robot coffee – I can't say the word.
So now we'll skip that one.
So there are coffee makers that are robots as well.
So I think this is just one of those things that's going to occur and we're going to continue to see occurring in the sense of, you know, robots thing over barista was the word that I was drawing a blank on. So,
so both baristas and bartenders, these machines are available today. For bars, there are bars making pre-orders. It's too early to see what will happen with it, but this is just one of those
things when, if you're out and about traveling, you might see in the near future something to keep an
eye on.
Switching gears a little bit to cybersecurity and risk, The Washington Post had a story
related to the alleged attacks on infrastructure from the Chinese government.
There have been about two dozen attacks that are being linked back to the Chinese government on infrastructure and utilities throughout the United States.
And I think this is something that we'll continue to watch here.
And I often say just when we think about attacks on infrastructure, what the real risk here is and what would happen if the power grid went down.
I think all of us probably remember the last time the Northeast was without power for a few days
or disruption in payment systems.
So something definitely, definitely to watch, the space.
There's actually a small city in Ireland that had a cyber incident related to Iran,
and they were not able and they're still not able to have clean water.
So something that is very, very real to be mindful of so
we'll continue to watch this space I think when we talk about cyber instances
we continue to see an increased amount of cyber incidents so in the first nine
months of 2023 there were more ransomware attacks than all of 2024.
So we're seeing the exponential growth.
There are a lot of different reports out there.
Some reports suggest that every few seconds,
there's some sort of cyber attack from a bot.
And when we think of AI, the AI is just exasperating this issue because it allows those attacks to happen more rapidly.
So definitely, definitely something that we're going to all watch about.
23andMe,
which if anybody's familiar with this, had a data breach recently. 23andMe went ahead and
changed their terms of services. So for those of you that don't know what 23andMe is, 23andMe is
an actual DNA service where you send in your DNA.
They had a pretty significant cyber instance, which led to a breach of 6.9 million people's data.
Anytime we talk about these DNA or geneology companies, I always wonder what people, when they're sending this in, what people are concerned with. So this is a
really significant breach if you think of the sense that DNA data could have been leaked,
personal data. I don't have the specifics, so I don't want to go into it. But what 23andMe did
that is drawing a lot of attention is they changed their terms of services,
which is basically something
that happens all the time it doesn't require acknowledgment so there's
legal-esque language that you can put in that says basically if you don't opt out
you're automatically opted in and then their new terms of services you're
giving your right up to sue or take a class after my lawsuit or arbitration so
this got a tremendous amount of attention.
So I'm assuming folks who are involved in the Transition Agreement are looking at it
and going in and opting out of this option.
But just something to be very mindful of when we think of some of the things
that are occurring in the cyber standpoint.
One of the things I would say is we're hyper digitized today.
So when you think of these services
and all of these other things that have web portals,
the landscape, the digital landscape is huge,
which means the risk of having an incident, it grows.
So we've increased our threat vectors significantly.
So when you're giving very
personal intimate data away that you don't need to be very mindful of that so
23andMe is not a medical company so this is a kind of a novelty to identify DNA
so when you're thinking of that you're giving that data and in return expecting
something so something definitely you want to be aware of when you're doing that.
So when you're sharing anything that is really, really personal data,
my suggestion to you would be to look at it and say, is this data I need to share?
Is this data I want to share? Would I be concerned if this data got out?
So when we talk about social media, social media is not free, right?
We've said this hundreds of times. Now we're
seeing paid versions. But just this is a good kind of reminder of understand what you're giving,
understand what you're giving up, understand what you're giving out in exchange for service.
I'm not suggesting that you don't use these services. What I'm suggesting is just be a
little bit more mindful and aware of it. And I think we're all caught in this kind of vacuum of, wow, this is a data company. They've got to have pretty good
data protections. This is what they do for a living. And we all believe that and should believe
that until there's an incident that means that is otherwise. The holiday season is in full swing.
And so the bad guys are trying to take advantage of that. Pay special attention to text messages, emails, and phone calls, asking for information, telling you to track packages,
anything with a link that you click that you're not expecting.
My suggestion would be if you're looking for a package to go back to that original order, not click on a link in a text message.
Today, arguably anybody at any time during
this season would be expecting a package so when you get that automated text
message saying track your package here or your package is delayed be very very
cautious double and before you click think and as always you know keep your
devices updated I know that I say it all the time, but go ahead and patch and update.
The quickest, easiest way to keep yourself safe.
And with that, I'll turn it back over to Reid.
All right.
Thanks so much, Tom.
Great stuff as always.
I always look forward to hearing about learning.
Actually, a lot from what you're finding out.
I want to thank all of you all out there.
I want to thank Diego for his production and launching of the podcast across all the platforms. Please
like us, tell others about us, send links around your team. The more people involved in crime
science, the better the podcast. And please, if you've got any ideas about improvements,
guests, topics that we might put out on the Crime
Science Podcast, I would appreciate that. And we understand, again, we've been voted in a couple
different types of podcast rankings in the top 120 for must listen in the business realm. And
we're very grateful and honored to be recognized there at the Crime Science Podcast. So stay in touch. Always operations at LPResearch.org. Stay in touch. Stay tuned.
And pay special attention to LPResearch.org, the website.
It's going to look and be and provide a whole lot more, I think, engagement and going forward starting January 17th. So stay in touch.
Thanks for listening to the Crime Science Podcast presented by the Loss Prevention Research Council.
If you enjoyed today's episode, you can find more crime science episodes and valuable information
at lpresearch.org. The content provided in the Crime Science Podcast is for informational Thank you.