Posts Tagged ‘surveillance’

Telephone Surveillance Abusing Anti-Terror Laws

Articles | Posted by (CS)d June 9th, 2009


If you thought every time you picked up the telephone and spoke to your sister, mom or best friend, it was your business; or that every time you called to book an appointment or searched for something of interest in Google it was private: think again. Telephone surveillance and the use of spy equipment has increased dramatically according to watchdogs and human rights groups. The reason for the increased use of spy equipment has been blamed on anti-terror laws that are being stretched beyond the remit they were intended for. Telephone surveillance and internet use is being monitored by councils, police and other officials. Figures state that in 2007 there were 519,260 requests from such bodies to communication providers to access information. The Daily Mail reports that our private data is being monitored, with 1,400 ‘spying operations’ being launched every day.


Telephone Surveillance: A Question of National Security?

Telephone surveillance isn’t just in the form of phone tapping and using high tech spy equipment to bug telephone conversations – in fact this kind of telephone surveillance tends to be restricted to police or intelligence services. But telephone surveillance in the form of our phone bills being raked over or the websites we visit being monitored is part of the low level intrusion UK residents now seem victim to. And it isn’t terrorism plots, drug rings, gun smuggling or international spying that’s triggered the step up in telephone surveillance and use of spy equipment – it’s issues such as dog fouling and fly-tipping. One couple was profiled in the Mail saying they were spied on for weeks by their council to check they were living in the right school catchment area.

Telephone Surveillance by Local Councils Raises Privacy Fears

It’s thought this high level of spying and intrusion is happening due to councils ‘abusing’ anti-terror laws. Telephone surveillance and internet monitoring can feel like a huge intrusion and infringement on human rights – especially if the spy equipment and investigation is not pertaining to any terrorism fears, but relatively minor offenses. Although many people may justify spying or intercept requests such as telephone surveillance from bodies such as the police or security services as a matter of national security, over 1,700 intercept requests were made by local councils in 2007.


Articles | Posted by (CS)d June 5th, 2009


Surveillance-Counter Surveillance

This article will give you some background on surveillance and countersurveillance, but no amount of theory can substitute for the real thing. So if you’re serious about learning how to follow someone undetected and how to detect someone who’s trying to follow you, you need to get out there and practice. Practice means picking a subject and following that person around without his or her seeing you. But be careful: to anyone who notices what you’re up to, your behavior will be indistinguishable from that of criminals, and you can easily get yourself into trouble with this exercise.

The difficulty of surveillance will generally be a function of four things: the environment, the surveillance consciousness of the subject, the resources you can deploy, and your objectives. These variables function together, but for now, let’s examine them one at a time.

Cameras Surveillance

Where is the surveillance going to take place? In an empty park at midday, or at a crowded shopping mall on a weekend? Obviously, the former offers you few opportunities to obscure your presence, while the latter offers many: as a rule, the more people are around for foot surveillance, and the more cars for vehicular, the easier it is to stay concealed.

How surveillance conscious is the subject? On one end of the spectrum is someone who is truly clueless: no instinct, no training, no notion that someone might be following him as he ambles along, jabbering into a cell phone or plugged into an MP3 player. You can follow this person almost anywhere without being detected. On the other end of the spectrum is the person with instincts, training, and experience, who expects that she’s being followed and is determined to identify and/or lose her pursuers.

What are your resources? Solo surveillance is hard. A small team is better. A large team is better still. At the height of the Cold War, the Soviets were able to deploy hundreds of agents to watch suspected CIA officers move around Moscow. With that many resources, the Soviets could put in place what’s called “static surveillance” – the equivalent of a zone defense in basketball. As the subject moves, surveillance doesn’t move with him; instead, he just passes from zone to zone. Because static surveillance doesn’t move, it does nothing to reveal itself, and is therefore very hard to detect.

What are your objectives? If you’re a terrorist looking to kidnap or assassinate a foreigner, the purpose of your surveillance is probably only to determine when and where the target is vulnerable. This kind of surveillance is relatively easy, because it can be conducted from a distance no closer than what’s necessary to determine what time the target leaves his house every morning, what car he uses, what route he uses, and whether he’s security-conscious. But if you’re a Chinese domestic operative tailing a suspected CIA officer around Beijing, and you’re trying to catch the officer in the act of a dead drop or other form of clandestine communication, your surveillance needs to be close and constant – a much more difficult operation.

You can see how these variables work together. If your target is surveillance-conscious, you can compensate by having a large, professional team. If the environment is crowded and fluid, you probably can conduct the surveillance alone. And so on.

In any event, when you’re conducting surveillance, you have to avoid marked behavior. Marked means anything that’s not the norm. With regard to personal appearance, excessively long or short hair would be marked. Likewise facial hair. Or visible tattoos. Eyeglasses are ordinary and common enough to be generally safe for surveillance, but an overly stylish pair would be marked.

Some examples of marked clothing are hats, bow ties, and suspenders. Marked cars include anything bright, expensive, stylish, or new. Marked behavior includes an odd gait, like a limp.

The point is, anything that draws attention to itself, anything that is more memorable than necessary, is marked and should be avoided. Pause for a moment and think. What kind of cars do you tend to notice and remember? What kind of clothes? Those are the ones you need to avoid if you’re intent on remaining undetected.

Spy Surveillance

Of course, what’s marked in one setting might not be marked in another. Know your environment and learn to blend into it. The better you know your environment, the better you can adjust your clothing, behavior, and “vibe” so you won’t stand out. And you can use marked behavior as a distraction: start with a baseball cap, for example, and the subject might very well notice it to the exclusion of your other features. Later, when you’ve discarded the cap, you will have effectively disguised yourself.

The same factors by which we measured the difficulty of surveillance (environment, surveillance consciousness of the subject, resources you can deploy, your objectives) apply to countersurveillance, too. The difference lies in the distinct factors countersurveillance controls: while surveillance usually controls the resources it can deploy and its objectives, countersurveillance selects the environment and awareness within that environment. In other words, when conducting countersurveillance, you should manipulate the environment to force surveillance out into the open, and know what to look for so you can spot it.

The goal of countersurveillance is to make surveillance do things that no one else in that environment is doing (again, this is why static surveillance is so hard to beat; you can’t get it to react). But how?

Start by choosing the environment. Unobtrusive countersurveillance is hard if you don’t know the terrain. Spies who want to avoid behavior that could confirm the opposition’s suspicions therefore go to great lengths to plan what are known as surveillance detection routes (SDRs), which are ostensibly normal courses but which in fact make things difficult for a surveillance team.

A good SDR usually combines low cover for a surveillance team with a variety of ingress/egress options for the subject. In a vehicle, this could mean a “shortcut” through neighborhood streets with little covering traffic but with many different outlets. A route like this forces a surveillance team to follow you closely because the team can’t predict which road you’re going to take out of the neighborhood, while the lack of traffic in the neighborhood makes it easier for you to spot the team. On foot, a stroll into a relatively empty park with multiple entrances and exits and perhaps its own subway station has the same effect. Surveillance has to move in close or risk losing the subject at one of the many points of egress, while the lack of pedestrian traffic deprives surveillance of opportunities to conceal its presence.

Objectives matter, too. Do you only want to confirm the presence or absence of surveillance? Do you care whether the people watching you know you’re surveillance-conscious? Do you want to lose surveillance if it’s there? You can think of these three operations as forming a continuum.

Scenario One: Confirm that you’re being followed without the follower recognizing what you’ve done. This is difficult because your countersurveillance moves must all be disguised as ordinary behavior. Stopping suddenly and looking behind you might be effective countersurveillance, but it’s also obvious. Looking behind you for traffic as you turn to cross a street is more subtle, and more difficult.

Scenario Two: If your unobtrusive efforts have failed to flush out surveillance, use provocative techniques – methods that surveillance will have a hard time beating but that will reveal to surveillance, if it’s there, that you are surveillance-conscious. Dramatically changing pace tends to force surveillance to follow suit and reveal itself. Get on several elevators. Get off a train and wait on the platform until it’s clear. Use your imagination: If you were following someone, what would make your job difficult? Do that.

Scenario Three: Decide whether to abort your mission or to evade the surveillance. Aborting requires no further discussion; generally speaking, you just wait until next time. Evasion calls for deception and suddenness.

If you’re trying to spot surveillance, you need to know what kind of interest the opposition has in you. Are you an intelligence agent trying to operate “in the gap” – that is, in the momentary blind spot of enemy surveillance? Are you a foreigner who might be targeted for a kidnapping? An ordinary citizen who’s being sized up for a street crime? Know your enemy and you will learn to recognize him by his behavior.

To put it another way: The secret to good surveillance and countersurveillance, like the secret to effective sales and romance and indeed to life itself, is the ability to put yourself in the other party’s shoes. As you get better at surveillance, you’ll learn what makes surveillance effective and what can make it weak. This understanding will make you better at countersurveillance, too. And as you get better at countersurveillance… you get the picture.

You might be thinking, “This is all a lot of cloak-and-dagger stuff. I’m just a regular person. What does any of this have to do with me?”

Well, you probably won’t find yourself up against something like the old KGB, it’s true. But you might find yourself traveling abroad, perhaps in a place where kidnapping or killing a foreigner like you is worth something. Those operations require surveillance. So do many ordinary street crimes. And the best thing about developing your surveillance consciousness isn’t even that it helps you spot surveillance. The best thing is that someone who’s following and assessing you will see that you’re surveillance-conscious, and decide to kill or kidnap or rob someone easier. Not pretty, but that’s the way it is.

The Secrets of CS

Articles | Posted by (CS)d June 5th, 2009


The Secrets of Counter Surveillance

By Fred Burton

Almost any criminal act, from a purse-snatching to a terrorist bombing, involves some degree of pre-operational surveillance. In fact, one common denominator of all the different potential threats — whether from lone wolves, militant groups, common criminals or the mentally disturbed — is that those planning an operation all monitor their target in advance. However, while pickpockets or purse-snatchers case their victims for perhaps only a few seconds or minutes, a militant organization might conduct detailed surveillance of a target for several weeks or even months.

Regardless of the length of time surveillance is performed, however, the criminal or militant conducting it is exposed, and therefore vulnerable to detection. Because of this, countersurveillance (CS) — the process of detecting and mitigating hostile surveillance — is an important, though often overlooked, element of counterterrorism and security operations. CS is especially important because it is one of the few security measures that allows for threats to be dealt with before they can develop into active attacks.

An effective CS program depends on knowing two “secrets”: first, hostile surveillance is vulnerable to detection because those performing it are not always as sophisticated in their tradecraft as commonly perceived; and second, hostile surveillance can be manipulated and the operatives forced into making errors that will reveal their presence.

The First Secret

Various potential assailants use different attack cycles, which vary depending on the nature and objectives of the plotter. For example, the typical six-step terrorist attack cycle does not always apply to a suicide bomber (who is not concerned about escape) or a mentally disturbed stalker (who is not concerned about escape or media exploitation). It is during the early phases of the attack cycle — the target selection and the planning phases — that the plotters conduct their surveillance, though they even can use a surveillance team during the actual attack to signal that the target is approaching the attack zone.

9/11 bombing

The purpose of pre-operational surveillance is to determine the target’s vulnerabilities. Surveillance helps to quantify the target, note possible weaknesses and even to begin to identify potential attack methods. When the target is a person, perhaps targeted for assassination or kidnapping, surveillants will look for patterns of behavior such as the time the target leaves for work, the transportation method and the route taken. They also will take note of the type of security, if any, the target uses. For fixed targets such as buildings, the surveillance will be used to determine physical security measures as well as patterns of behavior within the guard force, if guards are employed. For example, the plotters will look for fences, gates, locks and alarms, but also will look for times when fewer guards are present or when the guards are about to come on or off their shifts. All of this information will then be used to select the best time and location for the attack, the type of attack and the resources needed to execute it.

Since an important objective of pre-operational surveillance is establishing patterns, the operatives will conduct their surveillance several times, often at different times of the day. Additionally, they will follow a mobile target to different environments and in diverse locations. This is when it is important to know the first “secret” of CS: surveillants are vulnerable to detection. In fact, the more surveillance they conduct, the greater the chances are of them being observed. Once that happens, security personnel can be alerted and the entire plan compromised. Additionally, surveillants who themselves are being watched can unwittingly lead intelligence and law enforcement agencies to other members of their organization.


A large and professional surveillance team can use a variety of fixed and mobile assets, including electronic listening devices and operatives on foot, in vehicles and even in aircraft. Such a large team can be extremely difficult for anyone to spot. A massive surveillance operation, however, requires an organization with vast assets and a large number of well-trained operatives. This level of surveillance, therefore, is usually only found at the governmental level, as most militant organizations lack the assets and the number of trained personnel required to mount such an operation. Indeed, most criminal and militant surveillance is conducted by one person, or by a small group of operatives. This means they must place themselves in a position to see the target — and thus be seen — with far more frequency than would be required in a huge surveillance operation. And the more they show their faces, the more vulnerable they are to detection. This vulnerability is amplified if the operatives are not highly trained.

Sentinel R1

The al Qaeda manual “Military Studies in the Jihad against the Tyrants” and its online training magazines not only instruct operatives planning an attack to conduct surveillance, they also point out the type of information that should be gathered. These documents, however, do not teach jihadist operatives how to go about gathering the required information. In the United States, the Ruckus Society’s Scouting Manual provides detailed instructions for conducting surveillance, or “scouting,” as the society calls it, on “direct action” targets. Following written instructions, however, does not automatically translate into having skilled surveillance operatives on the street. This is because, while some basic skills and concepts can be learned by reading, applying that information to a real-world situation, particularly in a hostile environment, can be exceedingly difficult. This is especially true when the application requires subtle and complex skills that are difficult to master.

The behaviors necessary to master surveillance tradecraft are not intuitive, and in fact frequently run counter to human nature. Because of this, intelligence and security professionals who work surveillance operations receive in-depth training that includes many hours of heavily critiqued practical exercises, often followed by field training with experienced surveillance operatives.

Most militant groups do not provide this level of training, and as a result, poor tradecraft has long proven to be an Achilles’ heel for militants, who typically use a small number of poorly trained operatives to conduct their surveillance operations.

What does “bad” surveillance look like? The U.S. government uses the acronym TEDD to illustrate the principles one can use to identify surveillance. So, a person who sees someone repeatedly over Time, in different Environments and over Distance, or one who displays poor Demeanor can assume he or she is under surveillance. Surveillants who exhibit poor demeanor, meaning they act unnaturally, can look blatantly suspicious, though they also can be lurkers — those who have no reason for being where they are or for doing what they are doing. Sometimes they exhibit almost imperceptible behaviors that the target senses more than observes. Other giveaways include moving when the target moves, communicating when the target moves, avoiding eye contact with the target, making sudden turns or stops, or even using hand signals to communicate with other members of a surveillance team.

The mistakes made while conducting surveillance can be quite easy to catch — as long as someone is looking for them. If no one is looking, however, hostile surveillance is remarkably easy. This is why militant groups have been able to get away with conducting surveillance for so long using bumbling operatives who practice poor tradecraft.

The Second Secret

At the most basic level, CS can be performed by a person who is aware of his or her surroundings and who is watching for people who violate the principles of TEDD. At a more advanced level, the single person can use surveillance detection routes (SDRs) to draw out surveillance. This leads to the second “secret”: due to the nature of surveillance, those conducting it can be manipulated and forced to tip their hand.

It is far more difficult to surveil a mobile target than a stationary one, and an SDR is a tool that takes advantage of this difficulty and uses a carefully designed route to flush out surveillance. The SDR is intended to look innocuous from the outside, but is cleverly calculated to evoke certain behaviors from the surveillant.

When members of a highly trained surveillance team recognize that the person they are following is executing an SDR — and therefore is trying to manipulate them — they will frequently take countermeasures suitable to the situation and their mission. This can include dropping off the target and picking up surveillance another day, bypassing the channel, stair-step or other trap the target is using and picking him or her up at another location along their projected route. It can even include “bumper locking” the target or switching to a very overt mode of surveillance to let the target know that his SDR was detected — and not appreciated. Untrained surveillants who have never encountered an SDR, however, frequently can be sucked blindly into such traps.

Though intelligence officers performing an SDR need to look normal from the outside — in effect appear as if they are not running an SDR — people who are acting protectively on their own behalf have no need to be concerned about being perceived as being “provocative” in their surveillance detection efforts. They can use very aggressive elements of the SDR to rapidly determine whether the surveillance they suspect does in fact exist — and if it does, move rapidly to a pre-selected safe-haven.

Rooftop Surveillance Snipers

At a more advanced level is the dedicated CS team, which can be deployed to determine whether a person or facility is under surveillance. This team can use mobile assets, fixed assets or a combination of both. The CS team is essentially tasked to watch for watchers. To do this, team members identify places — “perches” in surveillance jargon — that an operative would need to occupy in order to surveil a potential target. They then watch those perches for signs of hostile surveillance.

CS teams can manipulate surveillance by “heating up” particular perches with static guards or roving patrols, thus forcing the surveillants away from those areas and toward another perch or perches where the CS team can then focus its detection efforts. They also can use overt, uniformed police or guards to stop, question and identify any suspicious person they observe. This can be a particularly effective tactic, as it can cause militants to conclude that the facility they are monitoring is too difficult to attack. Even if the security forces never realized the person was actually conducting surveillance, such an encounter normally will lead the surveillant to assume that he or she has been identified and that the people who stopped him knew exactly what he was doing.

Confrontational techniques can stop a hostile operation dead in its tracks and cause the operatives to focus their hostile efforts elsewhere. These techniques include overt field interviews, overt photography of suspected hostiles, and the highly under-utilized Terry stop, in which a law enforcement officer in the United States can legally stop, interview and frisk a person for weapons if the officer has a reasonable suspicion that criminal activity is afoot, even if the officer’s suspicions do not rise to the level of making an arrest.

Also, by denying surveillants perches that are close to the target’s point of origin or destination (home or work, for example) a CS team can effectively push hostile surveillance farther and farther away. This injects a great deal ambiguity into the situation and complicates the hostile information-collection effort. For instance, if surveillants do not know what car the target drives, they can easily obtain that information by sitting outside of the person’s home and watching what comes out of the garage or driveway. By contrast, surveillants forced to use a perch a mile down the road might have dozens of cars to choose from. CS teams also can conduct more sophisticated SDRs than the lone individual.

In addition, the CS team will keep detailed logs of the people and vehicles it encounters and will database this information along with photos of possible hostiles. This database allows the team to determine whether it has encountered the same person or vehicle repeatedly on different shifts or at different sites. This analytical component of the CS team is essential to the success of the team’s efforts, especially when there are multiple shifts working the CS operation or multiple sites are being covered. People also have perishable memories, and databasing ensures that critical information is retained and readily retrievable. CS teams also can conduct more sophisticated SDRs than the lone individual.

Although professional CS teams normally operate in a low-key fashion in order to collect information without changing the behaviors of suspected hostiles, there are exceptions to this rule. When the team believes an attack is imminent or when the risk of allowing a hostile operation to continue undisturbed is unacceptable, for example, team members are likely to break cover and confront hostile surveillants. In cases like these, CS teams have the advantage of surprise. Indeed, materializing out of nowhere to confront the suspected surveillant can be more effective than the arrival of overt security assets.

Well-trained CS teams have an entire arsenal of tricks at their disposal to manipulate and expose hostile surveillance. In this way, they can proactively identify threats early on in the attack cycle — and possibly prevent attacks.