Upload
salvador-dagoon-jr
View
212
Download
0
Embed Size (px)
Citation preview
7/29/2019 Protective Security
1/13
PROTECTIVE SECURITY COUNCIL Protecting People and Your Organization
Skip to content
Home
ABOUT PSC
ARTICLES
NETWORKING
NEWS
RESOURCES
CONTACT PSC
Making the Case for Surveillance Detection
Posted on February 7, 2011 by PSC
By David L. Johnson, DABCHS, CHS-V
The Increasing Threat of Homegrown Terrorists
Someone once told me that the more things change, the more they stay the same. I guess that
statement is true to some extent. As Im watching the world of terrorism continue to evolve, observe
the growing phenomenon of homegrown terrorists, and the advent of the new internet based Inspire
magazine allegedly published by al-Qaida on the Arabian Peninsula (AQAP), those of us in the security,
law enforcement, and military communities need to be as proactive as we can.
According to the Council on Foreign Relations, [1] terrorists are increasing their use of the internet as a
means of communicating with each other and the rest of the world. Western governments have
intensified surveillance of such sites but their prosecution of site operators is hampered by concerns
over civil liberties, the Internets inherent anonymity, legal constraints, and other factors.
The internet is a powerful tool for terrorists, who use online message boards and chat rooms to share
information, coordinate attacks, spread propaganda, raise funds, and recruit, experts say. According to
7/29/2019 Protective Security
2/13
Haifa Universitys Gabriel Weimann, whose research on the subject is widely cited, the number of
terrorist (web) sites increased exponentially over the last decade - from less than 100 to more than
4,800 two years ago. The numbers can be somewhat misleading, however. In the case of al-Qaida,,
hundreds of sister sites have been promulgated but only a handful are considered active, experts say.
Nonetheless, analysts do see a clear proliferation trend. *2+
Whats changing is the ease of anonymous and global communication, the ability to recruit, motivate,
and train homegrown terrorists, and further exploitation of vulnerabilities in our open and free society
by those who seek to do us great harm.
What remains the same is the need to develop our collective ability to conduct, and use, surveillance
detection. Actually, the need for surveillance detection is the same as it has been for years, although
some consider it to be a relatively new concept. Whats different today, however, is the level of needfor it there is a definite need for its expanded growth and use. In fact, the need for us to get better at
conducting it and do it more often is of paramount importance.
A Range of Risk
As a retired US Army Criminal Investigator and a dignitary and executive protection practitioner for
some 31 years now, I know there are three ways a protectee can become a victim of a crime. In the
context of what protection professionals do; assassination and kidnapping, causing injury, and even
causing embarrassment are the crimes we must protect against. Deterring those crimes is what is
what we do in this profession. Its important to realize too, that it doesnt matter if these crimes are
committed by a terrorist, a stalker, or a mentally deranged individual with a motive no sensible person
can understand or rationalize. Motive is irrelevant, the effect is the same.
So how does one become the victim of one of these crimes? There are three ways:
Being specifically targeted an individual or group targets a specific individual or entity.
Being a target of opportunity either by:
Meeting a specific profile. For example: a white male driving an American-made SUV on the streets of
Bagdad, Iraq.
7/29/2019 Protective Security
3/13
Being immediately recognizable as an individual of considerable target value during a chance encounter
with people using these tactics.
Being an innocent bystander in an area where and when an act of terrorism is committed, but not
specifically targeted under conditions 1 or 2, above.
Now, theres something interesting about all of that from the surveillance detection perspective, the
conditions under which these three types of crimes can occur have distinctive characteristics:
In order to accomplish an attack on a specific target, the attacker(s) must be in place at a time before
their intended victim arrives, or meet the target at a time and place that the attacker knows their victim
will be. The victim must be time and place predictable to the attacker(s) or the plan fails. In the case of
celebrities and political figures, this is can sometimes be accomplished simply by reading press releases
or a newspaper. In most cases, however, gathering this information is not that easy and necessitates
conducting surveillance. A common predictor of time and place are the targets patterns. Determiningthose patterns, and the development of associated information, is the purpose of that surveillance
activity. Either way, the attacker(s) now know when they have to be in a particular place at a particular
time in order to carry out their attack against their intended victim. Examples of this kind of scenario
are the attempted assassination of General Frederick Kroesen, and the successful kidnapping and
subsequent murder of Hans Martin Schleyer in West Germany in the late 70s and early 80s by the
terrorist organization then known as the Red Army Faction. The assassination of President John F.
Kennedy also fits this scenario. There are many other case studies that could be cited here.
Attackers seeking targets of opportunity must first develop a profile of their intended victim and then
set up at a location that suits their needs. They then conduct surveillance waiting for someone whomeets their profile to enter their area of operations. When that happens they can then initiate their
attack. One example of an opportunity attack is a crime commonly encountered in Mexico called
express kidnapping. A tourist flags down a taxi. The taxi driver is a criminal looking for customer
victims who fit his profiletourists with fat wallets and ATM cards. The taxi driver kidnaps his fare,
takes them to an ATM machine once before midnight, and forces them withdraw the maximum daily
amount of funds. The taxi driver holds his victim until after midnight at which time he takes his mark
once more to an ATM to make another withdrawal. This method enables the criminal taxi driver to get
two days worth of funds from the victims bank account. After that, generally the victim is released.
Both the scenarios described above are purely crimes of opportunity.
An innocent bystander, getting caught in the middle of a violent situation directed at someone else and
becoming a victim of the crime is a situation that, generally, has arisen out of one of the first two
scenarios and where surveillance has been conducted. Whether that crime was one of specific
targeting, or opportunity, is of no matter. One of the most notable examples of this type of incident is
the assassination of Egypts President Anwar Sadat in 1981 while he was a reviewing a military parade.
While this act was clearly a specifically targeted assassination attack directed at President Sadat, others
in this reviewing stand, all of whom were invited guests, were killed or wounded. In addition to
7/29/2019 Protective Security
4/13
President Sadat, six others were killed in that attack. The wounded included the Belgian Ambassador to
Egypt, the Cuban Ambassador to Egypt, the First Secretary of the Australian Embassy, and three
American servicemen. All of the killed and the wounded were innocent bystanders caught in the middle
of a planned, targeted attack directed at President Sadat.
Its critically important to recognize that no matter which of these three scenarios you may potentiallyencounter as a victim, surveillance has been conducted by the bad guys. If its the first, the attackers
will use surveillance to identify a planned, future event, at which the target of their attack will be
present. Ifits the second scenario, the attackers will utilize surveillance techniques to identify potential
victims who fit their profile. If it is the third, theyve already conducted their surveillance and are now
carrying out their plan. If you get caught in one of those events, youd definitely be at the wrong place
at the wrong time.
Basic Avoidance
In response to all of this, various theories, philosophies, tactics, techniques, and procedures for dealing
with these threats have been developed over the years. As I review some of ways to minimize risk, Im
going to work in reverse order of the preceding list; working from the easiest thing to counter to the
hardest.
Avoidance can be used to reduce the potential of becoming a bystander victim of a terrorist act.
Westerners might avoid frequenting places where other Westerners congregate. For example, avoidingfor a while the Marriott Hotel in Jakarta, Indonesia might be a sensible idea since that hotel has been
bombed twice; once in 2003 and again in 2009. Avoid large crowds and gatherings, and know the dates
that are important to terrorist organizations. Avoid hanging out with folks who may be bullet magnets
whenever possible, and at all times, attempt to dress and act as unobtrusively as possible.
To reduce the potential of becoming a victim of a crime of opportunity, once again, as much as possible,
avoid the kinds of behavior that make attack easier. Avoid routes where opportunity crimes are easy or
common. Avoid bad parts of the towns and cities. Stay up-to-date on US State Department Travel
Advisories and other alert sources, and only use taxis recommended by a hotels concierge, especially in
Mexico.
Maintain a low profile as much a possible, and try to fly under the radar so to speak. Leave expensive
jewelry and other bling at home or in the hotel safe. Try not to overtly advertise American in certain
7/29/2019 Protective Security
5/13
locations. Keep tight control of itinerary information and use trusted, vetted resources whenever
possible.
They key to avoid being victimized as a targeted individual, is to think like a target. People can make a
potentially fatal error by thinking that they are not an important enough personality, to be a target.
Just the opposite could be the case: Not being an important personality could make them a target a
softer target that a group or organization can use effectively to advance their agenda. Sometimes, the
mere fact of being employed by a company that has been targeted, and living in a particular area
whether in a cloistered compound or amongst the population at large is enough to make someone a
desirable target. Simple things like varying travel routes and times, as much as possible, make it difficult
for someone to develop predictable time and place information. Why do these things? Because before
an attacker can carry out their plan, they need to know, in advance, where and when their target will be
there so they can pre-deploy their forces in preparation for the attack.
The Targeted Attack Planning Process
There is however, another protective measure that can help avoid all of these attack scenarios:
surveillance detection. An individual can do this on their own or employ a trained, dedicated
Surveillance Detection Team.
There are two reasons why an individual needs to become familiar with using surveillance detection
techniques if living or working in an environment where this is a prudent activity. First, history indicates
that surveillance in one form or another has been conducted on every single victim of a targeted
attack all of them with no exceptions! Again, that is because the target of this type of attack must be
time and place predictable to the attackers. Second, there are eight phases common in all planned,
targeted terrorist attacks.
Phase One: Initial Target Selection. Within a terrorists operating area there are often many people or
facilities that, if attacked, will provide them with the kind of media exposure or other attributes theymay be seeking to achieve their agenda. Often, terrorists will make a list of potential suitable targets
that can be assessed to determine which targets are of the highest value and offer the greatest
probability of successful attack execution.
Phase Two: Surveillance. Conducted to learn all there is to know about the potential target. If the
target is an individual, they look at routines, security awareness, amount of security present, routes, and
7/29/2019 Protective Security
6/13
myriad other things that will help them plan their attack. If the target is a facility, they identify and
evaluate security issues perhaps even conducting penetration testing identify avenues of approach,
and the various vulnerabilities that can be exploited. They try to identify all the information necessary
to determine what it will take to successfully attack that person or location and what kind of attack has
the best chance of success.
Phase Three: Final Target Selection. OK, well move forward with the plan to conduct a
_______________ type of attack against _______________ (individual or facility). This is where they
decide who or what they will attack and how they will conduct their attack.
Phase Four: Planning. The attack plan is made, resources are gathered, the bomb is built. Whatever
they think they need to be successful in their endeavor is pulled together, produced, or prepared. In the
case of assassination or kidnapping, they often rehearse the attack plan so they can get good at it.
Phase Five: Final Surveillance. Terrorists can be rather paranoid and are often very thorough in their
efforts. Though not always done, there is a definite tendency to go back out and do surveillance one
more time just to make sure that nothing has changed and that their plan will still work.
Phase Six: Deployment. They are ready to go and all is in order. Their attacking force will head to the
facility or to a pre-planned destination, often a rally point, to make final arrangements for carrying out
the attack. If the target is an individual, they go where he or she is time and place predictable.
Phase Seven: Target Arrival. This step is not necessary when attacking facilities; the attackers will move
from the deployment phase to the attack phase. However, when attacking people, they must confirm
that their target has arrived at the expected and predicted time and place.
A member of their team may be assigned the task of Target ID - verify that the target has arrived at the
site and that all is well in the environment. If that is the case, they signal all is well to the attacking force
and the attack begins. If all is not well, for example the intended victim has changed their security
posture by adding security agents or there are police in the area, the signal is given to call off the attack
(in cases where suicide modus operandi are not in play and sometimes even if they are), and the attack
is deferred to another day.
Phase Eight: Attack. The plan is executed.
During at least five of these phases; Initial Surveillance, Final Surveillance, Deployment, and Target
Arrival and Target ID there is the potential to detect surveillance, and possibly even the terrorist
operatives themselves, Through proper training and awareness, an individual or a protection team canuse surveillance detection techniques to discover if the individual has been targeted, and also to provide
a higher level of security. Its entirely possible that by using surveillance detection techniques, an
individual (or in my profession, my principal) might gain advance knowledge that they have become:
a) A potential specifically targeted victim; or,
7/29/2019 Protective Security
7/13
b) That activity consistent with surveillance and crimes committed against targets of opportunities is
present in the immediate environment; or,
c) A potential innocent bystander victim by recognizing that one of the five times there is potential to
detect surveillance or deployment is occurring. Right that instant.
In all of these circumstances, for most people, the first natural reaction will be to look down and say,
Feet dont fail me now! Candidly, in some cases, thats the worst thing to do. The proper action will
be dictated by the circumstance. Early in the process the first Phases there are other options
available. But in the later Phases, thats exactly the proper action!
The Risk of Doing Nothing
Inspire Magazine and various other Internet recruitment efforts are actually inspiring the growth of the
terrorist phenomenon. Terrorism isnt going away any time soon and plain, everyday criminals, even
psychologically deranged individuals, are now using tactics once solely reserved for terrorist
organizations. All of them are using surveillance methodology, even including penetration testing.
Surveillance Detection methodology needs to move more to the forefront of proactive security efforts
so security professionals can become even more capable and successful at identifying and stopping
attacks before they happen. Identifying activity consistent with the conduct of surveillance, coupled
with ongoing protective intelligence gathering that can lead to effective investigations that can stop a
terrorist operation in its tracks.
If you dont use, or have not been trained at, Surveillance Detection, and the information in this article
doesnt persuade you to use it or seek training, then maybe the following tidbit of information will help.
Sometime around the year 2000, the Manchester Metropolitan Police in England raided and searched a
suspected al-Qaida members home. During that search, they discovered a training manual in acomputer file described as the military series related to The Declaration of Jihad. Sections of it
were released during a trial in New York related to the US Embassy Bombings in Africa.
In the beginning of this manual, under a section called Principles of Military Organization the following
information is presented:
7/29/2019 Protective Security
8/13
Military Organization has three main principles without which it cannot be established:
Military Organization commander and advisory council
The soldiers (individual members)
A clearly defined strategy
Military Organization Requirements:
The Military Organization dictates a number of requirements to assist it in confrontation and endurance.
These are:
Forged documents and counterfeit currency
Apartments and hiding places
Communications means
Transportation means
Information [3]
Arms and ammunition
Transport
Sounds like there was a budding Sun Tzu writing this manual but it is all correct though I know not why
they mention transportation twice.
But Ill give you three guesses about how they develop and obtain information. Yep, youre right one
of the ways they advocate gaining information necessary to carry out their nefarious plans is throughconducting surveillance. They also advocate reading open source material and recruiting informants or
spies but thats not the subject of this article. Surveillance Detection is the subject, and as I read those
parts of this training manual that I could get my hands on, I noted that there were approximately
4,097 words in 251 paragraphs of that document that were devoted to the conduct of surveillance and
surveillance detection efforts. Yep, you read that right they too, use surveillance detection.
7/29/2019 Protective Security
9/13
Serious players in this world also use dedicated, separately deployed, security elements to guard their
surveillance operatives. If youre out there without proper training in surveillance detection and dont
know about that kind of thing and how it works, guess what? Youre more than likely about to become
a target of opportunity yourself.
Now Im going to make just one last pitch at selling this concept of surveillance detection to members of
the security, law enforcement, and military communities (and to potential victims of these crimes
everywhere). This is a skill base that has BROAD application. Drug dealers are using both surveillance
and surveillance detection. So are people hi-jacking cars, conducting insurance frauds, picking pockets,
robbing convenience stores, and a whole host of other crimes these days.
And if you really want to get good at this start studying the modus operandi used by the criminals you
are targeting with surveillance detection efforts. Learn how they do what it is they do. That way, youwill greatly enhance your effectiveness in applying surveillance detection in protective security.
If, while doing this surveillance detection thing you encounter terrorist surveillance, and develop enough
information through your actions to initiate a formal criminal investigation that results in the
identification and arrest of plotters, youll probably not become a public hero. Likely as not, youll
remain in the background and quietly continue to do your thing. But I can promise you this: uncovering
one of their plots in this manner hurts a whole lot less than discovering youve become the victim of
their crime when you arrive on the X of their kill zone and have to execute an Attack on Principal Drill,
or your very best anti-ambush techniques. That much is for sure!
[1] (www.cfr.org),
[2] Terrorists on the Internet Council on Foreign Relations, January 8, 2009.
[3] Bold Italics added for emphasis by the author
David L. Johnson is President of ITG Consulting Services. He has over 30 years of experience in
providing executive and personal security services in both the US military and private sector on a global
scale. He is the author of ADVANCE: The Guide For Conducting A Protective Security Advance. Contact
him at [email protected]
7/29/2019 Protective Security
10/13
inShare
1
This entry was posted in Articles. Bookmark the permalink.
2 Responses to Making the Case for Surveillance Detection
Ed Castillo says:
May 6, 2011 at 8:12 pm
Dave,
Great article. SD is one of the most useful tools at our disposal within the industry, but sadly it is also
one of the most under utilized.
Ed
Reply
Thomas Pecora says:
October 23, 2011 at 1:31 pm
Dave
I have been a practitioner of Surveillance Detection and Counter-Surveillance in a variety of overseas
and domestic environments and I totally agree with your emphasis on this methodology and on being
pro-active. Your article clearly meshes the fundamental theories of personal security which can be
applied world-wide. Tom
Reply
Leave a Reply
Your email address will not be published. Required fields are marked *
Name *
Email *
7/29/2019 Protective Security
11/13
Website
Comment
You may use these HTML tags and attributes:
Notify me of follow-up comments by email.
Notify me of new posts by email.
Join Our Mailing List
Email:
For Email Newsletters you can trust
Follow Us!
Post Archives
December 2012
November 2012
May 2012
April 2012
March 2012
February 2012
January 2012
June 2011
May 2011
April 2011
March 2011
7/29/2019 Protective Security
12/13
February 2011
December 2010
October 2010
August 2010
June 2010
September 2009
March 2009
Twitter Updates
Rick Colliver published his EP book: PRINCIPAL PROTECTION; LESSONS LEARNED. http://t.co/ypWH7beD
1 month ago
Rick Colliver just published his long anticipated book: PRINCIPAL PROTECTION; LESSONS LEARNED The
Evolution of... http://t.co/M8CZVPml 1 month ago
Rick Colliver just published his long anticipated book: PRINCIPAL PROTECTION; LESSONS LEARNED The
Evolution of... http://t.co/AuCvte0k 1 month ago
Rick Colliver just published his long anticipated book: PRINCIPAL PROTECTION; LESSONS LEARNED The
Evolution of... http://t.co/eqRVMtNa 1 month ago
Rick Colliver just published his long anticipated book: PRINCIPAL PROTECTION; LESSONS LEARNED The
Evolution of... http://t.co/UYrMgi2G 1 month ago
PO Box 8413 Shawnee Mission, KS 66208 USA - Tel: 913-385-2034
Privacy Policy Terms & Conditions - 2010 Protective Security Council
7/29/2019 Protective Security
13/13
1
inShare
2 Online
Select Language
Share