RE: [TSCM-L] Re: Federal judge orders end to wiretap program - Says governments
listening in without warrant is unconstitutional
>From - Sat Mar 02 00:57:23 2024
Received: by 10.36.23.15 with SMTP id 15mr792032nzw.1181172989207;
Wed, 06 Jun 2007 16:36:29 -0700 (PDT)
Return-Path:
Received: from aacompsec.com (aacompsec.com [205.134.161.162])
by mx.google.com with ESMTP id y6si1153420nzg.2007.06.06.16.36.28;
Wed, 06 Jun 2007 16:36:29 -0700 (PDT)
Received-SPF: neutral (google.com: 205.134.161.162 is neither permitted nor denied by best guess record for domain of kon..._at_phreaker.net)
Received: from ratbastard.strikenet.vpn (unknown [192.168.3.195])
(using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))
(No client certificate requested)
by aacompsec.com (Postfix) with ESMTP id B8B8B501E8732
for ; Wed, 6 Jun 2007 19:36:27 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
by ratbastard.strikenet.vpn (Postfix) with ESMTP id 2B3C21A028698
for ; Wed, 6 Jun 2007 19:36:22 -0400 (EDT)
X-Virus-Scanned: amavisd-new at strikenet.vpn
Received: from ratbastard.strikenet.vpn ([127.0.0.1])
by localhost (ratbastard.strikenet.vpn [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 3KVxVg-D2yk7 for ;
Wed, 6 Jun 2007 19:36:07 -0400 (EDT)
Received: from [127.0.0.1] (unknown [192.168.3.125])
by ratbastard.strikenet.vpn (Postfix) with ESMTP id 064931A028698
for ; Wed, 6 Jun 2007 19:35:54 -0400 (EDT)
Message-ID: <466744DA.4050208_at_phreaker.net>
Date: Wed, 06 Jun 2007 19:35:54 -0400
From: kondrak
Reply-To: kon..._at_phreaker.net
User-Agent: Thunderbird 1.5.0.12 (Windows/20070509)
MIME-Version: 1.0
To: TSCM-L2006_at_googlegroups.com
Subject: The Secrets of Countersurveillance
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-strikenet-kicks-ass-net-MailScanner-Information: Please contact the ISP for more information
X-strikenet-kicks-ass-net-MailScanner: Found to be clean
X-strikenet-kicks-ass-net-MailScanner-MCPCheck: MCP-Clean,
MCP-Checker (score=0, required 1)
X-strikenet-kicks-ass-net-MailScanner-SpamCheck: not spam (whitelisted),
SpamAssassin (not cached, score=1.178, required 5, ALL_TRUSTED -1.80,
AWL 2.98, BAYES_50 0.00, DKIM_POLICY_SIGNSOME 0.00,
DK_POLICY_SIGNSOME 0.00)
X-strikenet-kicks-ass-net-MailScanner-From: kon..._at_phreaker.net
X-MailScanner-MCP-Flag: No
X-MailScanner-Spam-Flag: No
Stratfor: Terrorism Intelligence Report - June 6, 2007
The Secrets of Countersurveillance
By Fred Burton
Almost any criminal act, from a purse-snatching to a terrorist
bombing, involves some degree of pre-operational surveillance. In
fact, one common denominator of all the different potential threats
-- whether from lone wolves , militant groups, common criminals or
the mentally disturbed -- is that those planning an operation all
monitor their target in advance. However, while pickpockets or
purse-snatchers case their victims for perhaps only a few seconds
or minutes, a militant organization might conduct detailed
surveillance of a target for several weeks or even months.
Regardless of the length of time surveillance is performed,
however, the criminal or militant conducting it is exposed, and
therefore vulnerable to detection. Because of this,
countersurveillance (CS) -- the process of detecting and mitigating
hostile surveillance -- is an important, though often overlooked,
element of counterterrorism and security operations. CS is
especially important because it is one of the few security measures
that allows for threats to be dealt with before they can develop
into active attacks.
An effective CS program depends on knowing two "secrets": first,
hostile surveillance is vulnerable to detection because those
performing it are not always as sophisticated in their tradecraft
as commonly perceived; and second, hostile surveillance can be
manipulated and the operatives forced into making errors that will
reveal their presence.
The First Secret
Various potential assailants use different attack cycles, which
vary depending on the nature and objectives of the plotter. For
example, the typical six-step terrorist attack cycle does not
always apply to a suicide bomber (who is not concerned about
escape) or a mentally disturbed stalker (who is not concerned about
escape or media exploitation). It is during the early phases of the
attack cycle -- the target selection and the planning phases --
that the plotters conduct their surveillance, though they even can
use a surveillance team during the actual attack to signal that the
target is approaching the attack zone.
The purpose of pre-operational surveillance is to determine the
target's vulnerabilities. Surveillance helps to quantify the
target, note possible weaknesses and even to begin to identify
potential attack methods. When the target is a person, perhaps
targeted for assassination or kidnapping, surveillants will look
for patterns of behavior such as the time the target leaves for
work, the transportation method and the route taken. They also will
take note of the type of security, if any, the target uses. For
fixed targets such as buildings, the surveillance will be used to
determine physical security measures as well as patterns of
behavior within the guard force, if guards are employed. For
example, the plotters will look for fences, gates, locks and
alarms, but also will look for times when fewer guards are present
or when the guards are about to come on or off their shifts. All of
this information will then be used to select the best time and
location for the attack, the type of attack and the resources
needed to execute it.
Since an important objective of pre-operational surveillance is
establishing patterns, the operatives will conduct their
surveillance several times, often at different times of the day.
Additionally, they will follow a mobile target to different
environments and in diverse locations. This is when it is important
to know the first "secret" of CS: surveillants are vulnerable to
detection. In fact, the more surveillance they conduct, the greater
the chances are of them being observed. Once that happens, security
personnel can be alerted and the entire plan compromised.
Additionally, surveillants who themselves are being watched can
unwittingly lead intelligence and law enforcement agencies to other
members of their organization.
Surveillance
A large and professional surveillance team can use a variety of
fixed and mobile assets, including electronic listening devices and
operatives on foot, in vehicles and even in aircraft. Such a large
team can be extremely difficult for anyone to spot. A massive
surveillance operation, however, requires an organization with vast
assets and a large number of well-trained operatives. This level of
surveillance, therefore, is usually only found at the governmental
level, as most militant organizations lack the assets and the
number of trained personnel required to mount such an operation.
Indeed, most criminal and militant surveillance is conducted by one
person, or by a small group of operatives. This means they must
place themselves in a position to see the target -- and thus be
seen -- with far more frequency than would be required in a huge
surveillance operation. And the more they show their faces, the
more vulnerable they are to detection. This vulnerability is
amplified if the operatives are not highly trained.
The al Qaeda manual "Military Studies in the Jihad against the
Tyrants" and its online training magazines not only instruct
operatives planning an attack to conduct surveillance, they also
point out the type of information that should be gathered. These
documents, however, do not teach jihadist operatives how to go
about gathering the required information. In the United States, the
Ruckus Society's Scouting Manual provides detailed instructions for
conducting surveillance, or "scouting," as the society calls it, on
"direct action" targets. Following written instructions, however,
does not automatically translate into having skilled surveillance
operatives on the street. This is because, while some basic skills
and concepts can be learned by reading, applying that information
to a real-world situation, particularly in a hostile environment,
can be exceedingly difficult. This is especially true when the
application requires subtle and complex skills that are difficult
to master.
The behaviors necessary to master surveillance tradecraft are not
intuitive, and in fact frequently run counter to human nature.
Because of this, intelligence and security professionals who work
surveillance operations receive in-depth training that includes
many hours of heavily critiqued practical exercises, often followed
by field training with experienced surveillance operatives.
Most militant groups do not provide this level of training, and as
a result, poor tradecraft has long proven to be an Achilles' heel
for militants, who typically use a small number of poorly trained
operatives to conduct their surveillance operations.
What does "bad" surveillance look like? The U.S. government uses
the acronym TEDD to illustrate the principles one can use to
identify surveillance. So, a person who sees someone repeatedly
over Time, in different Environments and over Distance, or one who
displays poor Demeanor can assume he or she is under surveillance.
Surveillants who exhibit poor demeanor, meaning they act
unnaturally, can look blatantly suspicious, though they also can be
lurkers -- those who have no reason for being where they are or for
doing what they are doing. Sometimes they exhibit almost
imperceptible behaviors that the target senses more than observes.
Other giveaways include moving when the target moves, communicating
when the target moves, avoiding eye contact with the target, making
sudden turns or stops, or even using hand signals to communicate
with other members of a surveillance team.
The mistakes made while conducting surveillance can be quite easy
to catch -- as long as someone is looking for them. If no one is
looking, however, hostile surveillance is remarkably easy. This is
why militant groups have been able to get away with conducting
surveillance for so long using bumbling operatives who practice
poor tradecraft.
The Second Secret
At the most basic level, CS can be performed by a person who is
aware of his or her surroundings and who is watching for people who
violate the principles of TEDD. At a more advanced level, the
single person can use surveillance detection routes (SDRs) to draw
out surveillance. This leads to the second "secret": due to the
nature of surveillance, those conducting it can be manipulated and
forced to tip their hand.
It is far more difficult to surveil a mobile target than a
stationary one, and an SDR is a tool that takes advantage of this
difficulty and uses a carefully designed route to flush out
surveillance. The SDR is intended to look innocuous from the
outside, but is cleverly calculated to evoke certain behaviors from
the surveillant.
When members of a highly trained surveillance team recognize that
the person they are following is executing an SDR -- and therefore
is trying to manipulate them -- they will frequently take
countermeasures suitable to the situation and their mission. This
can include dropping off the target and picking up surveillance
another day, bypassing the channel , stair-step or other trap the
target is using and picking him or her up at another location along
their projected route. It can even include "bumper locking" the
target or switching to a very overt mode of surveillance to let the
target know that his SDR was detected -- and not appreciated.
Untrained surveillants who have never encountered an SDR, however,
frequently can be sucked blindly into such traps.
Though intelligence officers performing an SDR need to look normal
from the outside -- in effect appear as if they are not running an
SDR -- people who are acting protectively on their own behalf have
no need to be concerned about being perceived as being
"provocative" in their surveillance detection efforts. They can use
very aggressive elements of the SDR to rapidly determine whether
the surveillance they suspect does in fact exist -- and if it does,
move rapidly to a pre-selected safe-haven.
At a more advanced level is the dedicated CS team, which can be
deployed to determine whether a person or facility is under
surveillance. This team can use mobile assets, fixed assets or a
combination of both. The CS team is essentially tasked to watch for
watchers. To do this, team members identify places -- "perches" in
surveillance jargon -- that an operative would need to occupy in
order to surveil a potential target. They then watch those perches
for signs of hostile surveillance.
CS teams can manipulate surveillance by "heating up" particular
perches with static guards or roving patrols, thus forcing the
surveillants away from those areas and toward another perch or
perches where the CS team can then focus its detection efforts.
They also can use overt, uniformed police or guards to stop,
question and identify any suspicious person they observe. This can
be a particularly effective tactic, as it can cause militants to
conclude that the facility they are monitoring is too difficult to
attack. Even if the security forces never realized the person was
actually conducting surveillance, such an encounter normally will
lead the surveillant to assume that he or she has been identified
and that the people who stopped him knew exactly what he was doing.
Confrontational techniques can stop a hostile operation dead in its
tracks and cause the operatives to focus their hostile efforts
elsewhere. These techniques include overt field interviews, overt
photography of suspected hostiles, and the highly under-utilized
Terry stop, in which a law enforcement officer in the United States
can legally stop, interview and frisk a person for weapons if the
officer has a reasonable suspicion that criminal activity is afoot,
even if the officer's suspicions do not rise to the level of making
an arrest.
Also, by denying surveillants perches that are close to the
target's point of origin or destination (home or work, for example)
a CS team can effectively push hostile surveillance farther and
farther away. This injects a great deal ambiguity into the
situation and complicates the hostile information-collection
effort. For instance, if surveillants do not know what car the
target drives, they can easily obtain that information by sitting
outside of the person's home and watching what comes out of the
garage or driveway. By contrast, surveillants forced to use a perch
a mile down the road might have dozens of cars to choose from. CS
teams also can conduct more sophisticated SDRs than the lone
individual.
In addition, the CS team will keep detailed logs of the people and
vehicles it encounters and will database this information along
with photos of possible hostiles. This database allows the team to
determine whether it has encountered the same person or vehicle
repeatedly on different shifts or at different sites. This
analytical component of the CS team is essential to the success of
the team's efforts, especially when there are multiple shifts
working the CS operation or multiple sites are being covered.
People also have perishable memories, and databasing ensures that
critical information is retained and readily retrievable. CS teams
also can conduct more sophisticated SDRs than the lone individual.
Although professional CS teams normally operate in a low-key
fashion in order to collect information without changing the
behaviors of suspected hostiles, there are exceptions to this rule.
When the team believes an attack is imminent or when the risk of
allowing a hostile operation to continue undisturbed is
unacceptable, for example, team members are likely to break cover
and confront hostile surveillants. In cases like these, CS teams
have the advantage of surprise. Indeed, materializing out of
nowhere to confront the suspected surveillant can be more effective
than the arrival of overt security assets.
Well-trained CS teams have an entire arsenal of tricks at their
disposal to manipulate and expose hostile surveillance. In this
way, they can proactively identify threats early on in the attack
cycle -- and possibly prevent attacks.
Received on Sat Mar 02 2024 - 00:57:23 CST
This archive was generated by hypermail 2.3.0
: Sat Mar 02 2024 - 01:11:45 CST