SAND Executive Services Inc.



The Face of Terror
Underwriting terrorism insurance is a challenging task, since the likelihood of terrorist attacks is difficult to predict and the potential liability is enormous.
By: Marc Sand2010-05-01

The number and variety of domestic and international corporations conducting business in Canada and the rest of the world is growing daily, exposing all to the risk of disruptions related to terrorist activities. Terrorism represents a risk of disruption to any business, potentially resulting in shut down time, reconstruction, employee and family counseling, to name just a few consequences.

Terrorism insurance is a difficult product for insurance companies. Underwriters face a challenging task, since the likelihood of terrorist attacks is very difficult to predict and the potential liability is enormous. The Sept. 11, 2001 attacks, for example, resulted in estimated losses of $31.7 billion.
The combination of uncertainly and potentially huge losses makes it difficult to define the parameters of potential damage. Therefore, most insurance companies exclude terrorism from their coverage in casualty and property insurance.

Since 9-11, a substantial stand-alone terrorism market has developed, Aon noted in a March 2006 publication, Stand-Alone Terrorism Insurance Market Update. "This market has enough capacity to fill gaps adequately in most property insurance placements where the property 'all risks' insurers are unwilling to offer terrorism coverage.

"Corporations can purchase terrorism insurance to cover their potential losses and liabilities that might occur due to an act of terrorism. Additional insurance for personal accident coverage -- including war and terrorism, workers compensation, worldwide fleet, transit/cargo insurance and even personal insurance -- are available. (In Baghdad, such coverage is offered for about $70.)


Canada's Criminal Code defines "an act of terrorism" in two parts. The first and second part of the definition can be found in section 83.01 (1) of the Criminal Code, which applies to activities inside or outside Canada. Satisfying either part of the two-part definition constitutes a "terrorist activity."The first part refers to actions in contravention of United Nations conventions.
Such conventions are related to the unlawful seizure of aircraft, civil aviation safety, crimes against internationally protected persons, hostage-taking, protection of nuclear materials, maritime safety, oil rigs, bombings and the financing of terrorism.

The second part refers to an action that is done "in whole or in part for a political, religious or ideological purpose, objective or cause." This action might be undertaken "with the intention of intimidating the public, or a segment of the public, with regard to its security, including its economic security, or compelling a person, a government or a domestic or an international organization to do or to refrain from doing any act.

" Furthermore, the action is intended to cause: 1) death or serious bodily harm to a person, 2) danger to a person's life, 3) a serious risk to the health or safety of the public or any segment of the public, 4) substantial property damage or 5) "serious interference with or serious disruption of an essential service, facility or system, whether public or private, other than as a result of advocacy, protest, dissent or stoppage of work that is not intended to result in [harm].
"Throughout the Anti Terrorism Act, careful attention has been paid to the requirements and guarantees of the Canadian Charter of Rights and Freedoms.


Recently we have seen a 244% increase in the number of anti-government extremist groups, the kind of groups that spawned the likes of Timothy McVeigh 15 years ago. April 19, 2010 marks the fifteenth anniversary of the Oklahoma City bombing, perpetrated by McVeigh (who was described in media reports as a racist, anti-government fanatic), and killed 187 men, women and children.In addition, recent shootings in Mexico City and Tijuana raise the specter of narco-terrorism.

Kidnappings in the world, mostly in Mexico and South America, have increased by 100% over the past six years. Mid-term captivity kidnapping-and-ransom events in Mexico alone happen at a frequency of 1,200 per year, and range in duration between five days to five months. Long-term events occur about 10 times per year and last between six months and one year. "Express" kidnaps that are considered to be robberies happen about 10 times per day, and last between one and three days.
Corporations have adapted, securing kidnap and ransom insurance for operating in foreign countries. A variety of coverage's are available.


Insurance Concentration of risk is a big factor in determining availability for terrorism insurance. Most commonly, insurance companies are using an approach similar to the one used for natural catastrophe risks.
According to Guy Carpenter's Global Terror Update 2009, nine Organization for Economic Co-operation and Development (OECD) countries -- including Canada (although companies in Canada do offer standalone terrorism insurance policies) -- have not established terrorism insurance schemes of any kind in either the public or private sectors.

They include Denmark, Italy, Norway, Portugal, Sweden, Japan, Korea and Mexico.In the Netherlands, insurance payments related to terrorism are restricted to a maximum of $1 billion per year for all insurance companies.
This includes property, life, medical insurance, etc.In the United Kingdom, after the Baltic Exchange bombing in 1992, all UK insurers stopped including terrorism cover on their commercial insurance policies as of Jan. 1, 1993. (Home insurance policies were unaffected.)

As a result, the government and the insurance industry established Pool Re, which is primarily funded by policyholders. The government guarantees the fund, although its support is to be repaid from future premiums. (To date, the government has not had to make a payment.)

In the United States, in mid-2007, the idea of another extension to TRIA (Terrorism Risk Insurance Act) was tabled; officially, it was known as TRIREA (Terrorism Risk Insurance Revision and Extension Act). Initially TRIREA contained several new provisions, including a mandatory "make available" clause for nuclear, chemical biological and radiological (NCBR) coverage and the ending of the distinction between domestic and foreign terrorism.

However NCBR was not largely adopted in the public sector.

Risk Management  Crisis management planning is also an important tool upon which insurance companies and underwriters rely when assessing coverage for a company's terrorism risk exposure.

For every dollar spent on developing a solid crisis management plan ahead of time, $7 is saved in losses when an attack strikes or disaster occurs.

But the preparation of policies, procedures, crisis management plans, implementation and execution of all those steps is still not enough. It is important that insurers and insured's consult with certified anti-terrorism specialists who have been involved in the war of terrorism and the prevention and detection.

A solid crisis management plan needs proactive -- and not reactive -- thinking.The involvement of all citizens, frontline police offers, emergency evacuation and response teams, business professionals, insurance companies and underwriters -- basically, everyone -- is vital. We cannot rely only on information we learn through media.

We need to look beyond that. Risk management is key in the prevention and managing of any act of terrorism or catastrophic event.

Expecting the Unexpected
Risk managers and insurers need to help businesses prepare policies and procedures for dealing with a terrorist attack
By: Marc Sand, CEO, V.I.P. Protection 2006-07-01

Preparing for acts of terrorism is now more important than ever. Today, given our country's increasing involvement in global political and military affairs - including the sending of Canadian troops to Afghanistan or aiding the United Nations in a humanitarian mission to volatile countries - we must all realize the threat of harm as a result of terrorist activities is real and near.

It does not lie across the border, but awaits us, Canadians, within our cities and towns, risking our citizens and our children.

Risk Managers, underwriters and brokers must be properly educated on how to evaluate current threats and how to understand the necessary steps needed to deal with these threats.
There should be continual training and distribution of intelligence to update risk managers with current vital information about the global risk of terrorism and which specific threats may cause harm to people and/or businesses interruption.
Insurance companies, public and private corporations, institutions and public works of any kind must assist themselves in creating internal defense systems.

They must avoid apathy and put into place anti-terrorism policies and procedures; more importantly, they must test these policies and procedures at least once per year, just as people practice fire drills in schools and businesses around this great country.

These drills, tests and exercises are the only way to ensure people are aware of the steps they must take in the event of a terrorist attack or natural disaster.

In today's world, corporations may be vulnerable to a variety of attacks and threats from a wide range of antagonists.
For example, these attacks may be the result of threats from ex-employees, leading to workplace violence.

They could also include: hostile acts of sabotage by militant environmentalists; money-laundering schemes conducted by organized crime; theft of corporate proprietary information; and extremists' mindless acts of terrorism.
Unfortunately, no matter where you live in today's world, each and every person faces the fear of experiencing an act of terrorism.

Our societies, businesses and corporations seem to evolve at an astounding pace, but frighteningly terrorism seems to be evolving at an even faster pace.
Terrorism touches on many underlying themes and motivations: nationalism; religion; state-sponsored violence; political ideology; narco-terrorism; and economic or financial security (or lack thereof).

Terrorists seizing on these motives are building growing, self-justified organizations whose aim has one underlying goal - to gain publicity by creating havoc and driving fear within society's normal and law abiding citizens. Terrorists' tactics include attempts to coerce corporations, organizations or governments to change key policy decisions without losing the sympathy of their followers and supporters.

For example, every corporation with an office in Mexico City is well aware of the risks of kidnap and ransom. These corporations have taken out the necessary insurance policies for such events, ensuring that their liability and risk is minimized.

The same should hold true for the risk of terrorism, since this threat is found throughout the world and is not isolated to one or two distant locations. Any corporation that communicates by telephone, fax, e-mail, etc. is at risk being the target of terrorist activities - especially if such businesses are represented globally and attract large amounts of media attention.

And yet, the vast majority of corporations' policies and procedures related to security and emergencies from an attack or natural disaster are not current. All areas of policies and procedures must be continuously updated and their implications reviewed.

For example, it is not sufficient for an organization to have money-laundering policies in place for investments over CD$1,000 without concerning themselves about other aspects of their business.

They must go further and analyze all areas of their business - such as their information infrastructure, for example - that, if compromised, could have devastating and terminal affects on their business.

It is vital to review such policies at least once per year and consult with a certified expert within these specialized fields. Many so-called specialists do not have the required level of training and experience to study, review, propose and implement complex and interwoven policies and procedures.

Within Canada, there are but a handful of legitimate security specialists to properly create and implement such policies and procedures.

Obtaining credible and reliable information is an important component of policy-making. American corporations are now strongly relying on information provided by several government agencies that monitor terrorist activities around the world.

The agencies provide the public with a first level of safety, but that is not always enough. These agencies face problems similar to corporations and businesses: a lack of internal communication reduces their efficiency and effectiveness.

Due to budget constraints and untrained staff, only a few agencies around the world are capable of determining if the data they are collecting is information or intelligence.

Collected data, which has been evaluated and released to the public, is deemed to be information. Intelligence is data that law enforcement agencies use to help fight and avoid possible future terrorist attacks.

What society requires is for experts from separate fields of expertise and levels of law enforcement to cooperate with one other. They need to share their expertise and create the best possible defense against any possible threats, not only the ones from terrorists.

Events in Toronto, ON on June 3, 2010 illustrate what I mean. Police officers made several arrests throughout the GTA area related to allegations of using explosives in support of terrorist activities. In this scenario, the cooperation and communication among our different levels of law enforcement agencies prevented an imminent attack that would have made the April 1995 Oklahoma City bombing seem small by comparison.

The Oklahoma City bombing was executed with one-third of the amount of ammonium nitrate recently seized in Toronto. The Oklahoma City bombing killed 168 people, including 19 children and one person who died in the effort of rescue. More than 220 buildings sustained damage on Apr. 19, 1995.

Imagine the wider devastation these people intended in Canada. The victims could have been you, your spouse, relative or children.

Public awareness to vital facts is very important in being pro active.
The public is not educated as their only source of information comes from television, radio or newspaper.

More then ever we need to be aware of all circumstances. Such awareness must be reflected in policies and procedures designed to minimize the risk and damage of such attacks.

For additional reference:

UK Counter Terrorism and Security Act 2015

Terrorism Prevention and Investigation Measures Act 2011


SAND Executive Services Inc.'s team of experienced professional operatives and consultants can be a valuable addition to an organisation as the need to address risks becomes a reality.  SAND Executive Services Inc.'s team works legally, ethically and professionally to secure the information that is required to make informative business decisions. Areas of expertise include Close Body Protection, Threat Risk Analysis, Conflict Resolution, Kidnap for Ransom Prevention & Negotiations, Litigation Support, Insurance Claims, Labour Issues, Legitimacy of Claims, Fraud Detection, Corporate & Criminal Investigations globally. 


The Silk Road:

 Analysis of the Dark Web site and the innovative methods utilized by its operators and users to maintain anonymity online

Press Conference: Senator Schumer blows the lid off the Silk Road

 On Sunday, June 5, 2011, U.S. Senator Charles “Chuck” Schumer held a news conference in which he called upon federal authorities to shut down a secretive market for illicit drugs operating online with anonymous sales and untraceable currency via a website called the Silk Road located in what is known as the Deep Web. Senator Schumer had been prompted to take this action by stunning reports made public several days earlier by the blog known as Gawker along with other news media.

Gawker had led off its coverage of the Silk Road with the following sensational rhetoric:

Making small talk with your pot dealer sucks. Buying cocaine can get you shot. What if you could buy and sell drugs online like books or light bulbs? Now you can: Welcome to Silk Road.

The public outrage created by these news reports had compelled Senator Schumer to describe the Silk Road at his news conference with some sensational rhetoric of his own:

"Literally, it allows buyers and users to sell illegal drugs online, including heroin, cocaine, and meth, and users do sell by hiding their identities through a program that makes them virtually untraceable," Schumer said at a news conference Sunday. "It's a certifiable one-stop shop for illegal drugs that represents the most brazen attempt to peddle drugs online that we have ever seen. It's more brazen than anything else by light-years."

But how were buyers and users able to hide their identities? And how were they able to conduct untraceable financial transactions? What is the Deep Web? This document endeavours to answer such questions below.

What is the Deep Web? What about the Dark Web?

The Deep Web is that portion of the World Wide Web that is not indexed by standard search engines like Google. Standard search engines utilize programs known as crawlers or spiders to gather information, and this method works well if the given database being searched has been designed to respond to the queries made by such programs. But if the developer of a website chooses not to design the site to respond to such queries, the site’s database will be ignored by standard search engines. So, if we think of the total World Wide Web as an iceberg, Deep Web sites are “deep”, meaning they are beneath the “surface” of the water. Above the surface is where sites that are designed to respond to standard search engines reside, and so we refer to that portion of the Web as the Surface Web. Note that the size of the Deep Web is vastly greater than that of the Surface Web by orders of magnitude, so the analogy of the iceberg is indeed apt.

The creator of the Silk Road, a man we now know to be Ross Ulbricht, made his controversial website part of the Deep Web by design for obvious reasons, namely to help him evade capture and prosecution by U.S. law enforcement agencies as he planned the site to be a marketplace for illicit drugs.

One should note the technical difference between the Deep Web and something else known as the Dark Web. The Dark Web is a subsection of the Deep Web made up of private networks called “darknets.” A “darknet” is a private network of Deep Web sites where connections are made only between trusted peers or “friends” using non-standard protocols and ports. The collection of all darknets forms the Dark Web. Despite this technical difference, however, the terms Deep Web and Dark Web do seem to be used interchangeably in news media reports. The Silk Road is referred to as part of the Deep Web and/or the Dark Web by many sources.

How did Ulbricht and his users hide their identities while communicating online? Answer: Tor

The key to anonymity for Ulbricht and the users who bought and sold illicit drugs on the Silk Road was a computer program known as Tor. What is Tor?

Tor is free software produced by a company called The Tor Project, Inc. for the purpose of encrypting online communications and sending them across a free, worldwide, volunteer network consisting of more than six thousand relays. The name “Tor” is an acronym for the project’s original name, The Onion Router. In an onion network, information is put through several layers of encryption, like the layers of an onion. The Tor software sends a user’s traffic through the Tor network in order to shield the user’s location and data from any potential network surveillance or traffic analysis. As many people now know, a device that is connected to the internet is identified by what is known as an IP address. As long as Ulbricht and his users utilized Tor, the true IP addresses of their devices remained effectively concealed from law enforcement agencies and also from each other. Ergo, Tor made them anonymous.

However, it is important to note that Tor was not intended for criminal purposes when it was launched. Rather, it was intended to enable individual users to protect their privacy while communicating online, and also provide individuals with the freedom and ability to conduct confidential online communications. The fact that Ulbricht and the users of the Silk Road utilized Tor for criminal activities does not make Tor itself evil by design. In the same fashion that “guns don’t kill people; people kill people”, Tor software and the Silk Road Deep Web site didn’t buy or sell illicit drugs; Ulbricht and the Silk Road users bought and sold illicit drugs and used Tor software to hide their online communications. In fact, the U.S. Navy currently uses Tor for intelligence gathering and covert operations in parts of the Middle East. Law enforcement agencies themselves often use Tor to conceal government IP addresses while conducting undercover sting investigations. And the potential for Tor to assist law-abiding citizens in maintaining their online privacy and protecting themselves from identity theft and other types of online attacks is indisputable.

How were Ulbricht and his users able to conduct untraceable financial transactions? Answer: Bitcoin

The users of the Silk Road conducted their online transactions in a digital “cryptocurrency” known as Bitcoin. What is Bitcoin?

Bitcoin is an online payment system which utilizes peer-to-peer transactions, meaning users deal directly with one another and there is no central authority of any kind. Transactions are verified by nodes on the network and recorded in a publicly distributed ledger called the block chain. The block chain ledger uses its own unit of accounting, namely the bitcoin. Bitcoin was released in January of 2009 and, although at the beginning of 2013, we saw one bitcoin (XBT) trading at a price of around $13 in U.S. dollars (USD), bitcoin is currently (at the time of this writing) trading on the open currency markets at a value of 1.00 XBT = 247.46 USD according to XE Currency Converter ( As the users of the Silk Road dealt directly with one another in peer-to-peer bitcoin transactions, they left no traces of their transactions in any bank or financial institution of any kind.

How big was Silk Road?

Doing business in bitcoins and communicating via the Tor network allowed Ulbricht and the users of the Silk Road to create, in the words of Senator Chuck Schumer, “the most brazen attempt to peddle drugs online that we have ever seen.” Research conducted by Carnegie Mellon computer security professor Nicolas Christin while the site was still active indicated that, at its peak, the Silk Road was doing between $30 million and $45 million per year in sales.

When the FBI announced the arrest of Ulbricht in October of 2013, they estimated that the site had done $1.2 billion in total sales since its inception in February of 2011. However, as Ulbricht’s trial began in January of this year, prosecutors scaled that estimated figure back to $200 million. Note that Ulbricht charged 10 to 12 percent on each transaction that took place on the Silk Road. Even with the scaled-back figure, Ulbricht became rich very fast.

So, if Ulbricht’s techniques were so effective, how did they catch him?

On Wednesday, February 4, 2015, nearly four years after Senator Schumer’s press conference, 30-year-old Ross Ulbricht was convicted of all seven crimes he was charged with, including narcotics and money laundering conspiracies and a “kingpin” charge usually reserved for mafia dons and drug cartel leaders. His trial lasted less than a month and it took the jury only 3.5 hours to return the guilty verdicts. Ulbricht’s minimum sentence will be 30 years in prison; the maximum is life. Ulbricht’s legal team has declared their intent to appeal his convictions.

Prior to his arrest, Ulbricht was known only by his online alias, Dread Pirate Roberts, a name he took from a character in the 1987 movie, “The Princess Bride.” Ulbricht was arrested in a public library in San Francisco in October of 2013. When he was arrested by the FBI, his fingers were on the keyboard of his laptop and he was logged into the “mastermind” user account belonging to the Silk Road. The FBI seized the laptop and found it to be a goldmine of evidence for Ulbricht’s prosecution. The seized laptop contained a journal, a daily logbook, and thousands of pages of private chat logs that chronicled Ulbricht’s years of planning, launching, and operating the Silk Road. Investigators were also able to trace $13.4 million worth of bitcoin transactions to the bitcoin “wallets” stored on the laptop. But how did the FBI track down Ulbricht in that library?

According to the evidence presented at trial by Ulbricht’s prosecutors, the FBI discovered the Silk Road’s true IP address in June of 2013 and traced it to a server located in a data center in Reykjavik, Iceland. After the FBI enlisted the cooperation of police in Reykjavik, those same police accessed and secretly copied the server’s data, and then passed the data on to the FBI. The information contained within the server data was sufficient to lead the FBI to Ulbricht in the library, and Ulbricht’s seized laptop became the prize piece of evidence at trial. 




Ulbricht’s legal team has raised many challenges to the legality of the searches conducted by the FBI, and one very controversial issue is the question: did the FBI or some other agency (such as the NSA) successfully penetrate the Tor network? The FBI says no such penetration occurred. They say, rather, that they used a rather mundane technique to expose a misconfiguration in the Silk Road login page which caused the site to “leak” the site’s true IP address and thus the physical location of the site’s host server. Information Technology (IT) security experts who have studied the FBI court statements are skeptical. While it appears that the FBI is not lying outright, it seems likely they are not disclosing all the details of their investigative tactics.

One of the skeptical experts is Runa Sandvik, a privacy researcher who has closely followed the story of the Silk Road and worked for the Tor project at the time of the FBI’s discovery. “The way [the FBI] describe how they found the real IP address doesn’t make sense to anyone who knows a lot about Tor and how web application security works,” Sandvik says. “There’s definitely something missing here.” Another expert is Nik Cubrilovic, an Australian security consultant who has made a hobby of analyzing the Silk Road’s security since just after it launched in 2011, and he says, “The way they’re trying to make a jury or a judge believe it happened just doesn’t make sense technically.

Instead, Cubrilovic and Sandvik both suggest that the FBI took a more aggressive approach to investigating the Silk Road, namely actively attacking the login page with hacking tactics to reveal its IP. They speculate that the FBI used a hacker trick that involves entering programming code into a data entry field. If such an attack is successful, it can trick the site’s server into running that code as actual commands, forcing the site to cough up data that could include the computer’s IP address. Although this is all just theory and speculation, even if it is correct, it would still not show that the FBI lied to the court. Rather, in leaving out certain details, the statements made by the FBI would then be revealed to have been carefully crafted to be opaque, a strategy that one might consider to be “fair game” in the quest to put the bad guys behind bars. Though this could open an avenue to Ulbricht’s legal team to challenge the legality of the FBI searches under the Fourth Amendment, there’s no guarantee such a challenge would be successful. It may turn out that Ulbricht’s case enters uncharted legal waters over the course of his appeals. It will be interesting to watch as the appeal proceeds.

The matter of Ulbricht’s guilt in the court of law, however, is distinct from the question of his guilt (or innocence) in the court of public opinion, and this question is a complicated one. We know Ulbricht created and operated the Silk Road, he has admitted as much. But he and his supporters are making the broader moral argument that, since the buyers and sellers on the Silk Road were all consenting adults, there is no victim of his actions, and, as the old argument goes: no victim, no crime. Addressing this argument is a matter for philosophers and is certainly beyond the scope of this research paper, but no matter how you see Ross Ulbricht: as a swashbuckling Dread Pirate Roberts or as a contemptible criminal, you have to be impressed by the man’s innovative use of the latest technologies. There is a great deal of valuable information that can be learned from the story of the Silk Road and such information can certainly be put to effective use in the field of IT security.

An important question raised by this case for security experts is, did the investigation that led to Ulbricht’s capture involve a defeat of the anonymity provided by Tor? While Ulbricht’s legal team suggests that it does, the FBI says it did not, and here we can be confident that the FBI is telling the court the whole truth. Our confidence comes from the fact that military and law enforcement continue to utilize Tor for their own covert operations, i.e. they still have confidence in Tor, as well as the fact that it has been widely reported that many new illicit marketplace Deep Web sites have emerged to fill the void created by the FBI’s shutdown of the Silk Road. There is already a “Silk Road 3.0” (Silk Road 2.0 was found and shut down by the feds on November 5, 2014) up and running along with many other online “drug bazaars.” It appears that, in the wake of Ulbricht’s takedown, the revised strategy of the online drug dealers is to decentralize the marketplace by creating many different sites, so that all their eggs are never in one basket.

The protection of privacy and the freedom to communicate confidentially are valuable assets that software like Tor can help to provide, and individuals are right to act to seek to maintain these assets in the digital age. Tor is still evolving, however, like many new technologies, and even Tor’s developers warn that it is not invincible to attack. Tor is just one measure, albeit a powerful one, that people can utilize to protect their privacy online. With the ever-evolving nature of technology today, however, it is increasingly important for businesses to acquire expertise in IT security.

833.1 KB