Its Aug. 13, 2001. A man of apparent Egyptian descent calling himself Mohamed Atta checks into an Econo Lodge Motel on Las Vegas Boulevard South. That night, as the temperature cools from 105 degrees, Atta falls asleep in the U.S. city that personifies gambling, drinking, prostitution and even culinary decadence. Could any locale other than Sin City be a greater affront to a Muslim fundamentalist?
This was Attas second documented visit to Las Vegas, Nev., in three weeks. In fact, between May and August 2001, Atta and four other terrorists that the world would later come to know as attackers of the World Trade Center towers and the Pentagon spent time in Las Vegas.
To this day, whether Atta and his associates were at the time crafting their plan to use airplanes as gasoline-laden bombs is anyones guess. Yet there is a tragic overhang of investigative irony. Atta, Marwan al-Shahhi, Nawaf Alhazmi, Ziad Jarrah and Hani Hanjour placed themselves in the middle of a city that already had become the perfect laboratory for developing and testing the technologies and strategies that may ultimately determine the outcome of what has come to be called the War on Terrorism.
In the effort to prevent future attacks, the U.S. Department of Homeland Security (DHS) and other federal and local law enforcement agencies are now beginning to deploy the kinds of transactional, facial and other tracking technologies that casinos such as the MGM Grand, the Venetian, the Bellagio and the Stratosphere long have used.
By combining basic information on employees and guests, such as their stated home addresses, the purchases they make, the times they visit town and the movements they make, these casinos have created enormous databases that show not only visitors playing habits, but their criminal pasts and their connections to other visitors. All to safeguard a $70-billion-a-year gaming and resort industry.
Sure, these casinos use state-of-the-art digital and analog surveillance cameras and equipment to watch the activities of patrons and employees as they move or stop in any given square foot of their property. But they also make use of seemingly innocuous sources of data, such as the card keys guests use to open their rooms or the charges they make at gift shops, to paint a picture of “non-obvious” clues that might reveal unexpected threats to their tills—and their facilities.
By combining decades-old security procedures with these new tools, Las Vegas, despite being the fastest growing metropolitan area in the United States in the past dozen years, recorded in 2001 the fewest crimes per thousand residents (40.5) of any U.S. city with a population of more than 1 million residents, according to the Federal Bureau of Investigation. By comparison, on average, a city of that size reported 77 crimes per 1,000 residents.
More than 38 million people made their trek to Vegas last year for business or pleasure, each “contributing” an average of $300 in gambling losses. But the seemingly strange confluence of entertainment and excess also makes the city a glaring neon target for terrorists, according to officials from the Nevada Commission on Homeland Security (NCHS).
“This is where the bad guys come to play,” says Ret. Army Colonel Jerry Bussell, chairman of the NCHS, the state agency charged with finding and implementing the latest technology and procedures needed to fight terrorism. “These [casinos] have been here for years, almost daring anyone to come and take their best shot. It makes complete sense to me and everyone else that this is the perfect place to test and develop the technology we need to fight terrorism.”
Indeed, those charged with increasing domestic security, whether in the United States, Spain, Indonesia or other parts of the world, would do well to study how Las Vegas has mastered the art of identifying and detaining garden-variety cheats and thugs and apply them to preventing another organized terrorist plot, according to Alan Zajic, a casino-security consultant with more than 25 years of experience.
With the benefit of hindsight and three months of research, Baseline has examined how the practices that Las Vegas uses to identify cheaters could have been used by the FBI, Central Intelligence Agency and State Department to prevent most, if not all, of the 19 terrorists who took control of airplanes on 9/11 from receiving a boarding pass in the first place. Following more than 20 interviews with casino security chiefs, surveillance directors, security consultants, former FBI agents and members of the NCHS, this review will also show how technologies ranging from “non-obvious pattern recognition” to “name one other” can even today be used by DHS Secretary Tom Ridge and other federal, state and local officials to thwart future attacks.
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:
Next Page: Flashback: Summer of 2001.
Flashback
: Summer of 2001″>
Flashback: Summer of 2001
The Econo Lodge motel on Las Vegas Boulevard where Atta stayed is a short walk from both the Stratosphere Casino Hotel & Tower, the tallest building west of the Mississippi River, and the FBIs Las Vegas headquarters. Perhaps more significantly, his motel room was also seven miles north of the headquarters of Systems Research and Development Inc. (SRD).
SRD makes software that casinos have used since 1994 to spot “non-obvious” relationships within mountains of data collected on individuals. The Department of Homeland Security and other federal agencies now use the software to pursue known and suspected terrorists.
According to SRD chief executive officer Jeff Jonas, if those agencies had been working with the private sector—read: “Las Vegas casinos”—three years ago, chances would be much higher that Atta would have been arrested or detained in Las Vegas, perhaps even in his Econo Lodge room. Atta, after all, was traveling with an expired tourist visa and, according to the State Department, was already on its list of suspected or known terrorists.
A simple query of his passport, visa, drivers license or credit card against State Department or FBI databases would have resulted in a match.
This initial match would have alerted the FBI, CIA and Las Vegas police that a known or suspected terrorist was in Las Vegas. From there, SRDs software would have begun churning through billions of lines of code in multiple databases, including telephone directories, rental-car records and airline reservations, as well as the State Departments suspected-terrorist list and the list of expired visas maintained by what was then called the Immigration and Naturalization Service, to create an immediate, up-to-the-moment profile of Atta, his whereabouts and his activities.
The software also would have sent out warnings. Even something as simple as a clear image of Attas face distributed to local law enforcement throughout the country might have been enough to save more than 3,000 lives.
The software would also make connections, on its own. Anyone who ever listed a similar address, name or phone number to Atta—even anyone who had ever used “Mohamed Atta” or any similar spelling as an identity—would have been red-flagged by the software and then subsequent checks of private and public databases would have been initiated for those people. The links also are likely to have discovered, for instance, that Atta and Jarrah had visited a cybercafé near the University of Nevada in Las Vegas at the same time on the same date.
As DHS and other federal and international authorities struggle to find elusive details that connect otherwise innocuous transactions and events to known threats, Las Vegas casinos identify these links every day.
Had Atta, for instance, driven a rental car into the parking lot at any major casino that August evening, the license plate would have been photographed by digital cameras at the entrance and compared to a database provided by federal and local law enforcement looking for that specific vehicle. Had he arrived by taxi at the front valet entrance, another camera would have recorded an image of the taxis license plate, number and company.
If he had arrived on foot, he would have been caught on video well before he even entered the main casino. Once inside the casino, he would have been photographed continuously in every location inside the casino except for an individual guest room or a bathroom. But the casino would have date- and time-stamped images of him entering and leaving either of those places.
In addition, a digital image of his face would have been captured and compared to a database of undesirables such as known card counters (known as “advantage players”), those with a proclivity for illegally manipulating slot machines, dice and cards as well as those known for stealing from casinos, guests and the public. If there was a match, he would have been detained by casino security in less than two minutes.
Next Page: All individuals must get equal scrutiny.
ZIFFPAGE TITLEEqual Scrutiny
Casino security chiefs such as the Venetians Dave Shepherd say threats— including potential terrorists— can come in either gender, any age and any nationality. Meaning: All individuals must get equal scrutiny. Casino personnel are trained to pay attention to and question those who fit the typical terrorist profile, such as Middle Eastern origin, whenever the nations alert status is elevated. Yet now, each casino also regularly checks bags, laptops and parcels with X-rays and bomb- sniffing dogs. Bellhops ask people who are dropping off bags for their names and what hotel theyre staying at.
Though gambling is frowned upon in the Muslim community, its possible Atta might have indulged anyway. Any game-playing would have been captured on surveillance cameras. Had he purchased or cashed in more than $1,000 in chips at any time, he would have been subjected to a clandestine investigation designed to catch money launderers. In either scenario, Atta would have been required to produce two pieces of identification that would have been added to a running dossier managed by hotel security.
Had he been enthusiastic enough to get himself a casinos equivalent of a frequent-flyer account, known as a Player Card, his activities at the tables and the times he was there would have been recorded in great detail. In effect, a step-by-step journal of his movements would have been kept.
While it may be unlikely Atta or any other terrorists visiting Vegas would have bothered with a Players Card, FBI investigations into the 9/11 attacks revealed that at least two of the 19 terrorists used a frequent-flyer number when booking their flights for the morning of September 11, 2001.
But avoiding use of a Players Card doesnt mean a player avoids detection. If even an amateur gambler wins more than $600 on a one-armed bandit—the traditional type of slot machine—that person has to produce two legitimate forms of identification before receiving the payout.
Even out of luck is not out of sight. If Atta had ordered a gin-and-tonic from a cocktail waitress, that information would be available to investigators. Had he sauntered over to a restaurant for a bite to eat, details on the purchase of food would be available. If he tipped, the amount would be known. If he used cash, the serial number of the bill would be recorded.
Inside the room, the time, number dialed and duration of every phone call is automatically recorded for billing purposes. Even “free” local calls are noted. Room-service orders and movie choices also are noted, through the billing system.
All pretty innocent? Consider this: Today, if another Atta were to check into the Bellagio, both casino and federal officials would know instantly if he arrived, for example, in a white 2003 Ford Escort with Nevada license-plate number THF456 rented from Hertz and parked it in the main lot on the third floor at 11:22 p.m. They would know if he checked a black duffel bag at the front desk at 11:30 p.m. under the name “Hakim.”
They would know if he spent 17 minutes on the gaming floor and if he lost $7.50 in quarters at slot machine number 1845. Theyd know he used Elevator 2 at 11:47 p.m. to get to the 19th floor where he twice failed to properly insert his key card into the door of room 19-257.
Theyd know he made local phone calls at 12:06 a.m. and 12:09 a.m., respectively, to the Olympic Gardens and Glitter Gulch strip clubs, and that he made an international long-distance call at 12:14 a.m. to Munich that lasted 27 minutes. They could see he left at 1:05 a.m. wearing the same blue polo shirt and khaki slacks and used Elevator 2 to return to the casino floor. And that he walked directly to the taxi stand, where he departed at 1:11 a.m. Without his black duffel bag.
Casinos spare no expense in protecting their guests, their employees and, most important, their cash from nefarious characters. A new 110,000-square-foot casino in Las Vegas today will spend at least $10 million on security and surveillance technology alone, according to Jerry Keller, security director at Wynn Las Vegas, a $2.4 billion hotel/ casino that will open next year. That figure does not include the salaries and equipment that will be invested for a full-time security staff of more than 200.
But in 2001, the State Department, FBI and CIA could not make connections between the mountains of data they had and what was happening out on the streets. They had lists of suspected terrorists and lists of foreign visitors still in the U.S. on expired visas, but they didnt have the ability to connect this information with the tiny clues left by Atta and others in the years, months, days and even hours leading up to 9/11.
Now, the technologies exist to make those connections. And they are working, around the clock, in Las Vegas. Tom Ridge and others charged with protecting the homeland would be smart to watch closely, mimic the tracking techniques to identify threats before they get out of hand—and tap into the expertise that Las Vegas uses to store and analyze data.
“Most every security chief in Las Vegas is either a former FBI agent or retired military,” says Joe McDonald, a consultant for ADT Inc., a provider of security systems to casinos. (See Dossier, Case 085, September 2003, p. 60.) “The differences are huge,” McDonald says. “In this industry, youre given a generous budget to solve the problem and the tools to share and collect the information you need. Its a huge advantage and a philosophy that Washington needs to embrace.”
Here is a rundown of the current state of information systems deployed in Las Vegas—and how they can be employed for domestic security.