In the wake of the disturbing attack on Paul Pelosi, the husband of House Speaker Nancy Pelosi, concerns have risen over how politicians and others in the public sphere can keep themselves protected. Increasing political polarization across the globe is leading to extremist violence that can put high-profile public figures such as politicians in danger.
And they are not the only ones who need to worry. Business executives, influencers and any other high-profile individual can also be at risk, especially if they tend to make controversial public decisions or take strong stances on polarizing issues.
Every chief security officer or executive protection team is well aware of all kinds of potential physical and cyber threats. As such, they likely have a detailed security and response plan or system in place. Unfortunately, there are some threats that, while known, are not deemed particularly likely to happen and therefore not a high priority, meaning there are not as many protections in place. The best example may be mail-based threats.
Mail-based threats and public figures
Before any security team can start to plan for mail threats, the natural question is, how big of a deal are they? After all, everyone gets mail and most of it is harmless. Unfortunately, the past few years have made it clear that such assumptions are naïve and dangerous. In the wake of the contentious presidential election of 2020, poll workers went from often volunteer public servants to known individuals and targets of attacks.
A recent survey by the Benenson Strategy Group and Brennan Center for Justice showed that one in six local election officials has received a work-related threat. Of those who have been threatened, 25% received threats through the mail. Those threats have consisted of anything from death threats to dangerous substances intended to harm like toxic white powders or liquids. Other common mail threats sometimes include hoaxes consisting of flour or sugar, meant to spread fear or disrupt political operations. For example, in 2018 a South Boston polling station had to shut down due to finding a suspicious white powder inside a ballot. The powder turned out to be harmless, and responders said it was likely an attempt to disrupt the voting. Celebrities and TV personalities have faced similar threats.
Beyond the health risk and hoaxes, there’s also the “phygital” risk to consider, which involves physical objects like miniature computers or Wi-Fi boards getting sent through the mail to establish an on-site connection to home or office networks. Since many security teams aren’t informed about the phygital risk — or know how to recognize them — a phygital hacking device could go undetected for a long period of time acting as a portal for a hacker to gain network access or simply gathering data for a lengthy period of time in an unopened box or pile of mail items.
Moreover, the risk of these threats reaching their destinations is increased by doxxing, which involves malicious actors getting ahold of important officials’ personal info and sharing it with the public. In short, doxxing can put home addresses in the hands of anyone who might want to send a mail threat.
The recent doxxing of several Supreme Court justices is only one example of many. Mail security can get even more complex if a political leader or other public figure has multiple homes and office addresses that get exposed, resulting in even more locations that need protection. When considering personal homes, it is not only mail addressed to that specific individual. Packages received by family members, or others living at the residence, provide another mail stream to consider and thus a security vulnerability. How can a personal security team hope to collect all the mail that arrives at these different destinations and screen everything for threats?
With every controversial ruling, every new bill that passes or an incendiary social event that causes a public uproar, more public figures are at risk of threats that not everyone knows how to address.
Prioritizing mail security
The problem of mail threats isn’t limited to the homes and offices of politicians or other public figures. Nearly every industry has faced the same issues. As just one example, Meta increased spending for Mark Zuckerberg’s personal security by $4 million early this year after the recent mass layoffs. Thankfully, some leaders have developed protocols, technologies and educational resources to protect those who are most vulnerable to targeted mail attacks.
One of the first things any security team can do is consult with experts in other industries and fields who may have experience in facing similar mail security issues. Some examples include former military or law enforcement experts, including former USPIS Dangerous Mail Inspectors. These individuals have already helped to develop protocols and strategies for mail security in their respective industries and fields, and have significant experience in recognizing and mitigating threats.
Having this first-hand expertise on call to review potential threats, could make the difference between a dangerous powder injuring an innocent person — or a phygital device going undetected — and mail threats being safely and successfully neutralized.
The second thing security teams and public figures can do is to look to new technologies for detecting any kind of mail threat. X-rays, while commonly used for scanning batches of mail, can only detect certain types of threats. For instance, an X-ray scanner cannot detect small quantities of powders or liquids, which are among the most common mail-based threats today. In addition X-ray scanners can be quite large and require specialized training to use, making them less than ideal for use across multiple locations or for mobile applications. Of course, the use of X-ray scanners also requires additional permits, not to mention extensive operator training and safety protocols, given radiation safety concerns.
Another piece of technology that is easy to implement for detecting threats, specifically phygital threats, is a network scanner. A network scanner can detect irregular activity which may point to cybersecurity threats, including that of a phygital device. If the monitoring team members sees unusual activity on the network, they can check unopened packages that have been sitting in the facility for hacking devices.
People in the public eye may wind up being targets for malicious threats. But these threats don’t have to be disruptive or dangerous when the right precautions are in place. CSOs and executive protection teams can begin taking stronger measures for protecting public figures. And with the political turmoil today, these measures are more necessary than ever before.
This article originally ran in Security, a twice-monthly security-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.