Security professionals undertake planning in relation to threat spirals. As a threat escalates, it inspires new defensive countermeasures. The security professional endeavors to get inside an opponent’s threat spiral. This means anticipating the next escalation and instituting countermeasures that insulate his principal from the future threat. Getting inside an opponent’s threat spiral requires tools, technology, and manpower.
Some form of surveillance usually precedes attacks against people and facilities. This hostile effort will include research using open sources, social engineering, and both technical and physical surveillance.
One powerful tool to get inside the threat spiral is surveillance detection. Hostile surveillance is a precursor to attack – recognising the surveillance activity gets you inside the opponent’s threat spiral.
The surveillance conscious subject is more common today than forty years ago when I started in the business. Lawyers coach claimants on how to deal with surveillance. Criminals teach each other on how to recognise surveillance. Unfortunately, PI’s do not receive much training on how to avoid detection of their surveillance efforts.
Clumsy choice or use of the initial vantage point may doom the entire surveillance effort. If the subject sees someone repeatedly over Time, in different Environments and over some Distance, and if the surveillant displays poor Demeanor, then he will know that he is under surveillance. This means that initial vantage point, and the PI’s presence there, must not be remarkable in any way.
Don’t chose the initial vantage point without first evaluating the location. Understand the appearance and behaviour of the people likely to be at the vantage point. Don’t be like the inept guy in the old detective movie — you know the one — the guy leaning against a lamp pole reading a newspaper in the middle of the night.
Observe the vantage point from a position that the subject cannot see — you have questions that need answering. What type of person is at or near the vantage point? How long can you remain at the vantage point without arousing suspicion? What appearance, behaviour or persona will allow you to remain in place without arousing suspicion? Can you follow the subject in your adopted persona or must another team member do that?
I was reviewing a stalled investigation into an apparent corporate fraud when I noticed something interesting. A surveillance photograph was in the paper file — you don’t see many real surveilance photographs any more, just muddy images taken from video.
This particular photo was so clear and detailed that I had to talk to the investigator who took it. It was taken with a long lens mounted on a camera with a 22 mp full-frame CMOS sensor. The investigator directed me to the server and directory that contained over one hundred images along with video taken using the same camera. All of this data was summarised in two paragraphs in the investigation report. This proved unfortunate, as this fine work happened early in the investigation. The investigator wrote a detailed report that someone summarised without including a proper citation. The person who did this failed to recognise that the problem had been solved. Over one year later I was hired to solve this difficult and persistent problem.
The surveillance picture clearly showed an employee pass card. The pass card clearly showed the name of the security system vendor, employee name, employee picture, and worst of all, the employee number. The employee number was the defacto authentication required for gaining information the crooks needed. During social engineering the crooks were challenged and asked for their employee number. When they provided the number the information flood gates opened.
Further investigation revealed that a fake employee pass card was made and used to gain access to the facility. The card didn’t have any electronic component, but the crook was wearing a authentic-looking employee card just like everybody else, and that was enough for him to repeatedly gain the access he needed. He just walked throughout he front door at the right time of day and followed the real employees to the department where he committed his crime, over and over again.
Once captured, this crook freely admitted that he got everything he needed from the passcards that employees wore prominently around their necks. He copied it from pictures he took, just like the first investigator did.
A colleague with offices in South Korea and Singapore was casting about trying to think of an article to write for his blog, The Erudite Risk Blog, which covers issues related to risk management in Asia.
I was pleased to help out, especially since his blog usually contains longer, more detailed articles than I usually have here. My article, Surveillance Detection, deals with creating a holistic approach to Surveillance Detection (SD). I explain how to evaluate the risk associated with hostile surveillance and the methods employed by the surveillance operative. The basics of a SD operation and organisation are explained along with risks and difficulty of conducting Counter Surveillance.
In conjunction with my SD article, I recommend reading Rodney Johnson’s Social Engineering and Information Theft and Ice to an Eskimo. Social Engineering (SE) is surveillance’s evil cousin. Physical surveillance, technical surveillance, and SE are all part of the same risk — the loss of critical information.
Most Private Investigators learn that carrying a clipboard will grant access to most places, even those with confidential data to protect. Well there is a more powerful access tool than a clipboard and his name is Dickie.
Dickie doesn’t work alone, he has friends — 2-way radio, tool belt, Maglight, hard hat, and well-worn safety boots.
Nobody ever challenges Dickie. If a particularly diligent person does question Dickie, he says, “fine with me, but it will be at least four weeks until I can get back here. We’re really backed up.” Thusly, Dickie intimidates the most diligent, pretentious, and over-dressed staff member.
Dickie has an entire wardrobe to cover all occasions. Telephone technician days he is blue as Bell detested Gray. On computer service days, he is in tan slacks with a white polo shirt. When he is fixing the troublesome copier, he is either blue or grey. On clean-up days, he helps the janitor in grey. On hot or cold days, he fixes the HVAC system in this blue-green ensemble. Sometimes he delivers parcels in his fetching brown outfit.
Dickie is a master of surveillance and disguise.
I came across a book written during the Great War that has some good tips for the surveillance operator. It introduces the essentials of spycraft of a bygone era, but it remains particularly relevant to the Investigator who conducts surveillance operations.
The attitude that espionage is a sport in which the players appreciate and honor each other is truly misplaced, but the author’s observations about how to look like you belong in a place and about the key elements of disguise are timeless. The author’s description of how he gained access to critical installations to make observations are as relevant today as the Balkans in the 1890′s.
My Adventures as a Spy, By Lt. Gen. Sir Robert Baden-Powell, is an excellent short read.
I found an excellent article on using disguise to gather information. This is the type of thing really good surveillance guys become adept at this.
I don’t do much surveillance work anymore, but recently I was pressed into service to assist a friend who was injured on the job. I took a file from his caseload at random and this led to a couple of interesting days.
This subject was very ‘surveillance-aware’. He must have been coached or read a book or two. He did all the right things, but in a very obvious and clumsy manner. This was obviously his first rodeo.
On several occasions, I observed him look at his phone then at the surrounding people. I realised that he was doing this with a purpose; I just couldn’t put it into context. It was like his practice of looking at the people in the area when he left a building and then watching the people exiting the door he used to leave the building. Then I realised my problem was that I am a mobile telephone Luddite and I needed to talk to the younger folks — you know the type, the ones always fiddling with their gadget phone thingy.
My conclusion was that the subject was using his mobile phone to scan the area for Bluetooth devices. To do this, he selected relatively confined areas, or choke-points, where he could see people in the area that he might have seen before. If he saw the same Bluetooth device at more than one of these choke-points, he knew he was being followed, and that he stood a good chance of identifying the person following him.
This was a clever use of Bluetooth technology, but it was wasted on me. I don’t carry a Bluetooth-enabled mobile.
You never know who is watching. Please note that if you are Investigating someone inside your own company, and using the company network to search the Internet, at least use the encrypted search sites. However, it is becoming more common for large companies to insert an inline HTTPS proxy in the network to read and analyze this traffic by creating a man-in-the-middle. You can’t be sure that your investigation won’t be compromised because someone sees what you are searching and then tells the wrong person.
During the course of a surveillance, the vehicle driven by the subject may offer more information than just the registration details.
For example, a quick look inside the vehicle may reveal his occupation, place of employment, or places where he frequently parks his car if you see unpaid parking tickets inside.
If you suspect the subject is involved in criminal activity or insurance fraud, then pay for a report from CARFAX and CarProof and get a history search on the vehicle identification number (VIN). The history for the VIN will reveal any liens and state if the car was involved in past accidents or if it has been marked as a salvage, re-built or non-repairable vehicle. Also run the VIN at the Canadian Police Information Centre website under the stolen vehicle section.
I was summoned to a meeting with a client. The client firm is over a century old. This successful firm has learned a thing or two about security.
I was asked to surrender my electronic gadgets. Being of the old school, I had none. This pleased the gatekeeper. I was led to a room furnished with only a curious table and four old wooden bankers chairs. No telephone, no electrical outlets, one florescent light fixture above the table. The gatekeeper had to unlock the room. She then waited at the open door until my contact arrived.
My contact enters and places pieces of chalk and a chalkboard eraser on the the table. Most of the table top is painted with chalkboard paint.
We eventually compose a handwritten Memorandum of Agreement regarding the engagement, sign it, and off we go.
These people understand the rules, especially Rule #1 — If you don’t want it overheard, don’t say it. But I must admit, I have never seen a “Magic Slate” table before.
The CIA developed the Moscow Rules to guide operations in Moscow was during the Cold War. The content of the original Moscow Rules are debated, but they are generally agreed to consist of 40 different rules. Here’s the abbreviated list circulating today: Continue reading ‘Moscow Rules’
Recognising that a subject is likely carrying a pistol is a necessary surveillance skill, even in Toronto.
Color is used to highlight how the gun moves and how the gun reveals itself, short visual noun-verb sentences that indicate the key signs that help detectives to spot someone carrying a hidden handgun. Click on the image to get a clearer view or go to the original article.
The explanation of how this graphic was developed with the help of Detective Robert T. Gallagher of the NYPD makes interesting reading.
Early in my career I was part of a surveillance crew. Every day I would go out and follow people. Sometimes I worked alone, sometimes in a car or cab with two other guys, sometimes as part of a multi-vehicle team.
It takes a long time to integrate a new guy into a surveillance crew. If he is experienced, it will take about 6 months. I have not seen any really good training schools for this in North America. I think the reason that such schools don’t exist here is that it takes too long to teach the fundamentals and this would cost a lot of money for lodging, cars, and instruction. In Canada, learning to conduct surveillance is definitely on-the-job training.
Let’s start with some definitions. Continue reading ‘Surveillance Tradecraft’