Protective Security

7/29/2019 Protective Security

1/13

PROTECTIVE SECURITY COUNCIL Protecting People and Your Organization

Skip to content

Home

ABOUT PSC

ARTICLES

NETWORKING

NEWS

RESOURCES

CONTACT PSC

Making the Case for Surveillance Detection

Posted on February 7, 2011 by PSC

By David L. Johnson, DABCHS, CHS-V

The Increasing Threat of Homegrown Terrorists

Someone once told me that the more things change, the more they stay the same. I guess that

statement is true to some extent. As Im watching the world of terrorism continue to evolve, observe

the growing phenomenon of homegrown terrorists, and the advent of the new internet based Inspire

magazine allegedly published by al-Qaida on the Arabian Peninsula (AQAP), those of us in the security,

law enforcement, and military communities need to be as proactive as we can.

According to the Council on Foreign Relations, [1] terrorists are increasing their use of the internet as a

means of communicating with each other and the rest of the world. Western governments have

intensified surveillance of such sites but their prosecution of site operators is hampered by concerns

over civil liberties, the Internets inherent anonymity, legal constraints, and other factors.

The internet is a powerful tool for terrorists, who use online message boards and chat rooms to share

information, coordinate attacks, spread propaganda, raise funds, and recruit, experts say. According to


2/13

Haifa Universitys Gabriel Weimann, whose research on the subject is widely cited, the number of

terrorist (web) sites increased exponentially over the last decade - from less than 100 to more than

4,800 two years ago. The numbers can be somewhat misleading, however. In the case of al-Qaida,,

hundreds of sister sites have been promulgated but only a handful are considered active, experts say.

Nonetheless, analysts do see a clear proliferation trend. *2+

Whats changing is the ease of anonymous and global communication, the ability to recruit, motivate,

and train homegrown terrorists, and further exploitation of vulnerabilities in our open and free society

by those who seek to do us great harm.

What remains the same is the need to develop our collective ability to conduct, and use, surveillance

detection. Actually, the need for surveillance detection is the same as it has been for years, although

some consider it to be a relatively new concept. Whats different today, however, is the level of needfor it there is a definite need for its expanded growth and use. In fact, the need for us to get better at

conducting it and do it more often is of paramount importance.

A Range of Risk

As a retired US Army Criminal Investigator and a dignitary and executive protection practitioner for

some 31 years now, I know there are three ways a protectee can become a victim of a crime. In the

context of what protection professionals do; assassination and kidnapping, causing injury, and even

causing embarrassment are the crimes we must protect against. Deterring those crimes is what is

what we do in this profession. Its important to realize too, that it doesnt matter if these crimes are

committed by a terrorist, a stalker, or a mentally deranged individual with a motive no sensible person

can understand or rationalize. Motive is irrelevant, the effect is the same.

So how does one become the victim of one of these crimes? There are three ways:

Being specifically targeted an individual or group targets a specific individual or entity.

Being a target of opportunity either by:

Meeting a specific profile. For example: a white male driving an American-made SUV on the streets of

Bagdad, Iraq.


3/13

Being immediately recognizable as an individual of considerable target value during a chance encounter

with people using these tactics.

Being an innocent bystander in an area where and when an act of terrorism is committed, but not

specifically targeted under conditions 1 or 2, above.

Now, theres something interesting about all of that from the surveillance detection perspective, the

conditions under which these three types of crimes can occur have distinctive characteristics:

In order to accomplish an attack on a specific target, the attacker(s) must be in place at a time before

their intended victim arrives, or meet the target at a time and place that the attacker knows their victim

will be. The victim must be time and place predictable to the attacker(s) or the plan fails. In the case of

celebrities and political figures, this is can sometimes be accomplished simply by reading press releases

or a newspaper. In most cases, however, gathering this information is not that easy and necessitates

conducting surveillance. A common predictor of time and place are the targets patterns. Determiningthose patterns, and the development of associated information, is the purpose of that surveillance

activity. Either way, the attacker(s) now know when they have to be in a particular place at a particular

time in order to carry out their attack against their intended victim. Examples of this kind of scenario

are the attempted assassination of General Frederick Kroesen, and the successful kidnapping and

subsequent murder of Hans Martin Schleyer in West Germany in the late 70s and early 80s by the

terrorist organization then known as the Red Army Faction. The assassination of President John F.

Kennedy also fits this scenario. There are many other case studies that could be cited here.

Attackers seeking targets of opportunity must first develop a profile of their intended victim and then

set up at a location that suits their needs. They then conduct surveillance waiting for someone whomeets their profile to enter their area of operations. When that happens they can then initiate their

attack. One example of an opportunity attack is a crime commonly encountered in Mexico called

express kidnapping. A tourist flags down a taxi. The taxi driver is a criminal looking for customer

victims who fit his profiletourists with fat wallets and ATM cards. The taxi driver kidnaps his fare,

takes them to an ATM machine once before midnight, and forces them withdraw the maximum daily

amount of funds. The taxi driver holds his victim until after midnight at which time he takes his mark

once more to an ATM to make another withdrawal. This method enables the criminal taxi driver to get

two days worth of funds from the victims bank account. After that, generally the victim is released.

Both the scenarios described above are purely crimes of opportunity.

An innocent bystander, getting caught in the middle of a violent situation directed at someone else and

becoming a victim of the crime is a situation that, generally, has arisen out of one of the first two

scenarios and where surveillance has been conducted. Whether that crime was one of specific

targeting, or opportunity, is of no matter. One of the most notable examples of this type of incident is

the assassination of Egypts President Anwar Sadat in 1981 while he was a reviewing a military parade.

While this act was clearly a specifically targeted assassination attack directed at President Sadat, others

in this reviewing stand, all of whom were invited guests, were killed or wounded. In addition to


4/13

President Sadat, six others were killed in that attack. The wounded included the Belgian Ambassador to

Egypt, the Cuban Ambassador to Egypt, the First Secretary of the Australian Embassy, and three

American servicemen. All of the killed and the wounded were innocent bystanders caught in the middle

of a planned, targeted attack directed at President Sadat.

Its critically important to recognize that no matter which of these three scenarios you may potentiallyencounter as a victim, surveillance has been conducted by the bad guys. If its the first, the attackers

will use surveillance to identify a planned, future event, at which the target of their attack will be

present. Ifits the second scenario, the attackers will utilize surveillance techniques to identify potential

victims who fit their profile. If it is the third, theyve already conducted their surveillance and are now

carrying out their plan. If you get caught in one of those events, youd definitely be at the wrong place

at the wrong time.

Basic Avoidance

In response to all of this, various theories, philosophies, tactics, techniques, and procedures for dealing

with these threats have been developed over the years. As I review some of ways to minimize risk, Im

going to work in reverse order of the preceding list; working from the easiest thing to counter to the

hardest.

Avoidance can be used to reduce the potential of becoming a bystander victim of a terrorist act.

Westerners might avoid frequenting places where other Westerners congregate. For example, avoidingfor a while the Marriott Hotel in Jakarta, Indonesia might be a sensible idea since that hotel has been

bombed twice; once in 2003 and again in 2009. Avoid large crowds and gatherings, and know the dates

that are important to terrorist organizations. Avoid hanging out with folks who may be bullet magnets

whenever possible, and at all times, attempt to dress and act as unobtrusively as possible.

To reduce the potential of becoming a victim of a crime of opportunity, once again, as much as possible,

avoid the kinds of behavior that make attack easier. Avoid routes where opportunity crimes are easy or

common. Avoid bad parts of the towns and cities. Stay up-to-date on US State Department Travel

Advisories and other alert sources, and only use taxis recommended by a hotels concierge, especially in

Mexico.

Maintain a low profile as much a possible, and try to fly under the radar so to speak. Leave expensive

jewelry and other bling at home or in the hotel safe. Try not to overtly advertise American in certain


5/13

locations. Keep tight control of itinerary information and use trusted, vetted resources whenever

possible.

They key to avoid being victimized as a targeted individual, is to think like a target. People can make a

potentially fatal error by thinking that they are not an important enough personality, to be a target.

Just the opposite could be the case: Not being an important personality could make them a target a

softer target that a group or organization can use effectively to advance their agenda. Sometimes, the

mere fact of being employed by a company that has been targeted, and living in a particular area

whether in a cloistered compound or amongst the population at large is enough to make someone a

desirable target. Simple things like varying travel routes and times, as much as possible, make it difficult

for someone to develop predictable time and place information. Why do these things? Because before

an attacker can carry out their plan, they need to know, in advance, where and when their target will be

there so they can pre-deploy their forces in preparation for the attack.

The Targeted Attack Planning Process

There is however, another protective measure that can help avoid all of these attack scenarios:

surveillance detection. An individual can do this on their own or employ a trained, dedicated

Surveillance Detection Team.

There are two reasons why an individual needs to become familiar with using surveillance detection

techniques if living or working in an environment where this is a prudent activity. First, history indicates

that surveillance in one form or another has been conducted on every single victim of a targeted

attack all of them with no exceptions! Again, that is because the target of this type of attack must be

time and place predictable to the attackers. Second, there are eight phases common in all planned,

targeted terrorist attacks.

Phase One: Initial Target Selection. Within a terrorists operating area there are often many people or

facilities that, if attacked, will provide them with the kind of media exposure or other attributes theymay be seeking to achieve their agenda. Often, terrorists will make a list of potential suitable targets

that can be assessed to determine which targets are of the highest value and offer the greatest

probability of successful attack execution.

Phase Two: Surveillance. Conducted to learn all there is to know about the potential target. If the

target is an individual, they look at routines, security awareness, amount of security present, routes, and


6/13

myriad other things that will help them plan their attack. If the target is a facility, they identify and

evaluate security issues perhaps even conducting penetration testing identify avenues of approach,

and the various vulnerabilities that can be exploited. They try to identify all the information necessary

to determine what it will take to successfully attack that person or location and what kind of attack has

the best chance of success.

Phase Three: Final Target Selection. OK, well move forward with the plan to conduct a

_______________ type of attack against _______________ (individual or facility). This is where they

decide who or what they will attack and how they will conduct their attack.

Phase Four: Planning. The attack plan is made, resources are gathered, the bomb is built. Whatever

they think they need to be successful in their endeavor is pulled together, produced, or prepared. In the

case of assassination or kidnapping, they often rehearse the attack plan so they can get good at it.

Phase Five: Final Surveillance. Terrorists can be rather paranoid and are often very thorough in their

efforts. Though not always done, there is a definite tendency to go back out and do surveillance one

more time just to make sure that nothing has changed and that their plan will still work.

Phase Six: Deployment. They are ready to go and all is in order. Their attacking force will head to the

facility or to a pre-planned destination, often a rally point, to make final arrangements for carrying out

the attack. If the target is an individual, they go where he or she is time and place predictable.

Phase Seven: Target Arrival. This step is not necessary when attacking facilities; the attackers will move

from the deployment phase to the attack phase. However, when attacking people, they must confirm

that their target has arrived at the expected and predicted time and place.

A member of their team may be assigned the task of Target ID - verify that the target has arrived at the

site and that all is well in the environment. If that is the case, they signal all is well to the attacking force

and the attack begins. If all is not well, for example the intended victim has changed their security

posture by adding security agents or there are police in the area, the signal is given to call off the attack

(in cases where suicide modus operandi are not in play and sometimes even if they are), and the attack

is deferred to another day.

Phase Eight: Attack. The plan is executed.

During at least five of these phases; Initial Surveillance, Final Surveillance, Deployment, and Target

Arrival and Target ID there is the potential to detect surveillance, and possibly even the terrorist

operatives themselves, Through proper training and awareness, an individual or a protection team canuse surveillance detection techniques to discover if the individual has been targeted, and also to provide

a higher level of security. Its entirely possible that by using surveillance detection techniques, an

individual (or in my profession, my principal) might gain advance knowledge that they have become:

a) A potential specifically targeted victim; or,


7/13

b) That activity consistent with surveillance and crimes committed against targets of opportunities is

present in the immediate environment; or,

c) A potential innocent bystander victim by recognizing that one of the five times there is potential to

detect surveillance or deployment is occurring. Right that instant.

In all of these circumstances, for most people, the first natural reaction will be to look down and say,

Feet dont fail me now! Candidly, in some cases, thats the worst thing to do. The proper action will

be dictated by the circumstance. Early in the process the first Phases there are other options

available. But in the later Phases, thats exactly the proper action!

The Risk of Doing Nothing

Inspire Magazine and various other Internet recruitment efforts are actually inspiring the growth of the

terrorist phenomenon. Terrorism isnt going away any time soon and plain, everyday criminals, even

psychologically deranged individuals, are now using tactics once solely reserved for terrorist

organizations. All of them are using surveillance methodology, even including penetration testing.

Surveillance Detection methodology needs to move more to the forefront of proactive security efforts

so security professionals can become even more capable and successful at identifying and stopping

attacks before they happen. Identifying activity consistent with the conduct of surveillance, coupled

with ongoing protective intelligence gathering that can lead to effective investigations that can stop a

terrorist operation in its tracks.

If you dont use, or have not been trained at, Surveillance Detection, and the information in this article

doesnt persuade you to use it or seek training, then maybe the following tidbit of information will help.

Sometime around the year 2000, the Manchester Metropolitan Police in England raided and searched a

suspected al-Qaida members home. During that search, they discovered a training manual in acomputer file described as the military series related to The Declaration of Jihad. Sections of it

were released during a trial in New York related to the US Embassy Bombings in Africa.

In the beginning of this manual, under a section called Principles of Military Organization the following

information is presented:


8/13

Military Organization has three main principles without which it cannot be established:

Military Organization commander and advisory council

The soldiers (individual members)

A clearly defined strategy

Military Organization Requirements:

The Military Organization dictates a number of requirements to assist it in confrontation and endurance.

These are:

Forged documents and counterfeit currency

Apartments and hiding places

Communications means

Transportation means

Information [3]

Arms and ammunition

Transport

Sounds like there was a budding Sun Tzu writing this manual but it is all correct though I know not why

they mention transportation twice.

But Ill give you three guesses about how they develop and obtain information. Yep, youre right one

of the ways they advocate gaining information necessary to carry out their nefarious plans is throughconducting surveillance. They also advocate reading open source material and recruiting informants or

spies but thats not the subject of this article. Surveillance Detection is the subject, and as I read those

parts of this training manual that I could get my hands on, I noted that there were approximately

4,097 words in 251 paragraphs of that document that were devoted to the conduct of surveillance and

surveillance detection efforts. Yep, you read that right they too, use surveillance detection.


9/13

Serious players in this world also use dedicated, separately deployed, security elements to guard their

surveillance operatives. If youre out there without proper training in surveillance detection and dont

know about that kind of thing and how it works, guess what? Youre more than likely about to become

a target of opportunity yourself.

Now Im going to make just one last pitch at selling this concept of surveillance detection to members of

the security, law enforcement, and military communities (and to potential victims of these crimes

everywhere). This is a skill base that has BROAD application. Drug dealers are using both surveillance

and surveillance detection. So are people hi-jacking cars, conducting insurance frauds, picking pockets,

robbing convenience stores, and a whole host of other crimes these days.

And if you really want to get good at this start studying the modus operandi used by the criminals you

are targeting with surveillance detection efforts. Learn how they do what it is they do. That way, youwill greatly enhance your effectiveness in applying surveillance detection in protective security.

If, while doing this surveillance detection thing you encounter terrorist surveillance, and develop enough

information through your actions to initiate a formal criminal investigation that results in the

identification and arrest of plotters, youll probably not become a public hero. Likely as not, youll

remain in the background and quietly continue to do your thing. But I can promise you this: uncovering

one of their plots in this manner hurts a whole lot less than discovering youve become the victim of

their crime when you arrive on the X of their kill zone and have to execute an Attack on Principal Drill,

or your very best anti-ambush techniques. That much is for sure!

[1] (www.cfr.org),

[2] Terrorists on the Internet Council on Foreign Relations, January 8, 2009.

[3] Bold Italics added for emphasis by the author

David L. Johnson is President of ITG Consulting Services. He has over 30 years of experience in

providing executive and personal security services in both the US military and private sector on a global

scale. He is the author of ADVANCE: The Guide For Conducting A Protective Security Advance. Contact

him at [email protected]


10/13

inShare

1

This entry was posted in Articles. Bookmark the permalink.

2 Responses to Making the Case for Surveillance Detection

Ed Castillo says:

May 6, 2011 at 8:12 pm

Dave,

Great article. SD is one of the most useful tools at our disposal within the industry, but sadly it is also

one of the most under utilized.

Ed

Reply

Thomas Pecora says:

October 23, 2011 at 1:31 pm

Dave

I have been a practitioner of Surveillance Detection and Counter-Surveillance in a variety of overseas

and domestic environments and I totally agree with your emphasis on this methodology and on being

pro-active. Your article clearly meshes the fundamental theories of personal security which can be

applied world-wide. Tom

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Name *

Email *


11/13

Website

Comment

You may use these HTML tags and attributes:

Notify me of follow-up comments by email.

Notify me of new posts by email.

Join Our Mailing List

Email:

For Email Newsletters you can trust

Follow Us!

Post Archives

December 2012

November 2012

May 2012

April 2012

March 2012

February 2012

January 2012

June 2011

May 2011

April 2011

March 2011


12/13

February 2011

December 2010

October 2010

August 2010

June 2010

September 2009

March 2009

Twitter Updates

Rick Colliver published his EP book: PRINCIPAL PROTECTION; LESSONS LEARNED. http://t.co/ypWH7beD

1 month ago

Rick Colliver just published his long anticipated book: PRINCIPAL PROTECTION; LESSONS LEARNED The

Evolution of... http://t.co/M8CZVPml 1 month ago


Evolution of... http://t.co/AuCvte0k 1 month ago


Evolution of... http://t.co/eqRVMtNa 1 month ago


Evolution of... http://t.co/UYrMgi2G 1 month ago

PO Box 8413 Shawnee Mission, KS 66208 USA - Tel: 913-385-2034

[email protected]

Privacy Policy Terms & Conditions - 2010 Protective Security Council


13/13

1

inShare

2 Online

Select Language

Share

Documents

Protective Security