STOP THE NAZI FILTH!
Stratford.com:
Almost any criminal act, from a purse-snatching to a terrorist bombing, involves some degree of pre-operational surveillance. In fact, one common denominator of all the different potential threats — whether from lone wolves, militant groups, common criminals or the mentally disturbed — is that those planning an operation all monitor their target in advance. However, while pickpockets or purse-snatchers case their victims for perhaps only a few seconds or minutes, a militant organization might conduct detailed surveillance of a target for several weeks or even months.
Regardless of the length of time
surveillance is performed, however, the criminal or militant
conducting it is exposed, and therefore vulnerable to detection.
Because of this, countersurveillance (CS) — the process of
detecting and mitigating hostile surveillance — is an important,
though often overlooked, element of counterterrorism and security
operations. CS is especially important because it is one of the few
security measures that allows for threats to be dealt with before
they can develop into active attacks.
An effective CS program depends on
knowing two "secrets": first, hostile surveillance is
vulnerable to detection because those performing it are not always as
sophisticated in their tradecraft as commonly perceived; and second,
hostile surveillance can be manipulated and the operatives forced
into making errors that will reveal their presence.
The
First Secret
Various
potential assailants use different attack cycles, which vary
depending on the nature and objectives of the plotter. For example,
the typical six-step terrorist attack
cycle does
not always apply to a suicide bomber (who is not concerned about
escape) or a mentally disturbed stalker (who is not concerned about
escape or media exploitation). It is during the early phases of the
attack cycle — the target selection and the planning phases —
that the plotters conduct their surveillance, though they even can
use a surveillance team during the actual attack to signal that the
target is approaching the attack zone.
The purpose of pre-operational
surveillance is to determine the target's vulnerabilities.
Surveillance helps to quantify the target, note possible weaknesses
and even to begin to identify potential attack methods. When the
target is a person, perhaps targeted for assassination or kidnapping,
surveillants will look for patterns of behavior such as the time the
target leaves for work, the transportation method and the route
taken. They also will take note of the type of security, if any, the
target uses. For fixed targets such as buildings, the surveillance
will be used to determine physical security measures as well as
patterns of behavior within the guard force, if guards are employed.
For example, the plotters will look for fences, gates, locks and
alarms, but also will look for times when fewer guards are present or
when the guards are about to come on or off their shifts. All of this
information will then be used to select the best time and location
for the attack, the type of attack and the resources needed to
execute it.
Since an important objective of
pre-operational surveillance is establishing patterns, the operatives
will conduct their surveillance several times, often at different
times of the day. Additionally, they will follow a mobile target to
different environments and in diverse locations. This is when it is
important to know the first "secret" of CS: surveillants
are vulnerable to detection. In fact, the more surveillance they
conduct, the greater the chances are of them being observed. Once
that happens, security personnel can be alerted and the entire plan
compromised. Additionally, surveillants who themselves are being
watched can unwittingly lead intelligence and law enforcement
agencies to other members of their organization.
Surveillance
A large and professional
surveillance team can use a variety of fixed and mobile assets,
including electronic listening devices and operatives on foot, in
vehicles and even in aircraft. Such a large team can be extremely
difficult for anyone to spot. A massive surveillance operation,
however, requires an organization with vast assets and a large number
of well-trained operatives. This level of surveillance, therefore, is
usually only found at the governmental level, as most militant
organizations lack the assets and the number of trained personnel
required to mount such an operation. Indeed, most criminal and
militant surveillance is conducted by one person, or by a small group
of operatives. This means they must place themselves in a position to
see the target — and thus be seen — with far more frequency than
would be required in a huge surveillance operation. And the more they
show their faces, the more vulnerable they are to detection. This
vulnerability is amplified if the operatives are not highly trained.
The
al Qaeda manual "Military Studies in the Jihad against the
Tyrants" and its online training magazines not only instruct
operatives planning an attack to conduct surveillance, they also
point out the type of information that should be gathered. These
documents, however, do not teach jihadist operatives how to go about
gathering the required information. In the United States, the Ruckus
Society's Scouting Manual provides detailed instructions for
conducting surveillance, or "scouting," as the society
calls it, on "direct
action" targets.
Following written instructions, however, does not automatically
translate into having skilled surveillance operatives on the street.
This is because, while some basic skills and concepts can be learned
by reading, applying that information to a real-world situation,
particularly in a hostile environment, can be exceedingly difficult.
This is especially true when the application requires subtle and
complex skills that are difficult to master.
The behaviors necessary to master
surveillance tradecraft are not intuitive, and in fact frequently run
counter to human nature. Because of this, intelligence and security
professionals who work surveillance operations receive in-depth
training that includes many hours of heavily critiqued practical
exercises, often followed by field training with experienced
surveillance operatives.
Most militant groups do not provide
this level of training, and as a result, poor tradecraft has long
proven to be an Achilles' heel for militants, who typically use a
small number of poorly trained operatives to conduct their
surveillance operations.
What does "bad"
surveillance look like? The U.S. government uses the acronym TEDD to
illustrate the principles one can use to identify surveillance. So, a
person who sees someone repeatedly over Time, in different
Environments and over Distance, or one who displays poor Demeanor can
assume he or she is under surveillance. Surveillants who exhibit poor
demeanor, meaning they act unnaturally, can look blatantly
suspicious, though they also can be lurkers — those who have no
reason for being where they are or for doing what they are doing.
Sometimes they exhibit almost imperceptible behaviors that the target
senses more than observes. Other giveaways include moving when the
target moves, communicating when the target moves, avoiding eye
contact with the target, making sudden turns or stops, or even using
hand signals to communicate with other members of a surveillance
team.
The
mistakes made while conducting surveillance can be quite easy to
catch — as long as someone is looking for them. If no one is
looking, however, hostile surveillance is remarkably easy. This is
why militant groups have been able to get away with conducting
surveillance for so long using bumbling
operatives who
practice poor tradecraft.
The
Second Secret
At the most basic level, CS can be
performed by a person who is aware of his or her surroundings and who
is watching for people who violate the principles of TEDD. At a more
advanced level, the single person can use surveillance detection
routes (SDRs) to draw out surveillance. This leads to the second
"secret": due to the nature of surveillance, those
conducting it can be manipulated and forced to tip their hand.
It is far more difficult to surveil
a mobile target than a stationary one, and an SDR is a tool that
takes advantage of this difficulty and uses a carefully designed
route to flush out surveillance. The SDR is intended to look
innocuous from the outside, but is cleverly calculated to evoke
certain behaviors from the surveillant.
When
members of a highly trained surveillance team recognize that the
person they are following is executing an SDR — and therefore is
trying to manipulate them — they will frequently take
countermeasures suitable to the situation and their mission. This can
include dropping off the target and picking up surveillance another
day, bypassing the channel,
stair-step or other trap the target is using and picking him or her
up at another location along their projected route. It can even
include "bumper locking" the target or switching to a very
overt mode of surveillance to let the target know that his SDR was
detected — and not appreciated. Untrained surveillants who have
never encountered an SDR, however, frequently can be sucked blindly
into such traps.
Though intelligence officers
performing an SDR need to look normal from the outside — in effect
appear as if they are not running an SDR — people who are acting
protectively on their own behalf have no need to be concerned about
being perceived as being "provocative" in their
surveillance detection efforts. They can use very aggressive elements
of the SDR to rapidly determine whether the surveillance they suspect
does in fact exist — and if it does, move rapidly to a pre-selected
safe-haven.
At a more advanced level is the
dedicated CS team, which can be deployed to determine whether a
person or facility is under surveillance. This team can use mobile
assets, fixed assets or a combination of both. The CS team is
essentially tasked to watch for watchers. To do this, team members
identify places — "perches" in surveillance jargon —
that an operative would need to occupy in order to surveil a
potential target. They then watch those perches for signs of hostile
surveillance.
CS teams can manipulate
surveillance by "heating up" particular perches with static
guards or roving patrols, thus forcing the surveillants away from
those areas and toward another perch or perches where the CS team can
then focus its detection efforts. They also can use overt, uniformed
police or guards to stop, question and identify any suspicious person
they observe. This can be a particularly effective tactic, as it can
cause militants to conclude that the facility they are monitoring is
too difficult to attack. Even if the security forces never realized
the person was actually conducting surveillance, such an encounter
normally will lead the surveillant to assume that he or she has been
identified and that the people who stopped him knew exactly what he
was doing.
Confrontational techniques can stop
a hostile operation dead in its tracks and cause the operatives to
focus their hostile efforts elsewhere. These techniques include overt
field interviews, overt photography of suspected hostiles, and the
highly under-utilized Terry stop, in which a law enforcement officer
in the United States can legally stop, interview and frisk a person
for weapons if the officer has a reasonable suspicion that criminal
activity is afoot, even if the officer's suspicions do not rise to
the level of making an arrest.
Also, by denying surveillants
perches that are close to the target's point of origin or destination
(home or work, for example) a CS team can effectively push hostile
surveillance farther and farther away. This injects a great deal
ambiguity into the situation and complicates the hostile
information-collection effort. For instance, if surveillants do not
know what car the target drives, they can easily obtain that
information by sitting outside of the person's home and watching what
comes out of the garage or driveway. By contrast, surveillants forced
to use a perch a mile down the road might have dozens of cars to
choose from. CS teams also can conduct more sophisticated SDRs than
the lone individual.
In addition, the CS team will keep
detailed logs of the people and vehicles it encounters and will
database this information along with photos of possible hostiles.
This database allows the team to determine whether it has encountered
the same person or vehicle repeatedly on different shifts or at
different sites. This analytical component of the CS team is
essential to the success of the team's efforts, especially when there
are multiple shifts working the CS operation or multiple sites are
being covered. People also have perishable memories, and databasing
ensures that critical information is retained and readily
retrievable. CS teams also can conduct more sophisticated SDRs than
the lone individual.
Although professional CS teams
normally operate in a low-key fashion in order to collect information
without changing the behaviors of suspected hostiles, there are
exceptions to this rule. When the team believes an attack is imminent
or when the risk of allowing a hostile operation to continue
undisturbed is unacceptable, for example, team members are likely to
break cover and confront hostile surveillants. In cases like these,
CS teams have the advantage of surprise. Indeed, materializing out of
nowhere to confront the suspected surveillant can be more effective
than the arrival of overt security assets.
Well-trained CS teams have an
entire arsenal of tricks at their disposal to manipulate and expose
hostile surveillance. In this way, they can proactively identify
threats early on in the attack cycle — and possibly prevent
attacks.
No comments:
Post a Comment