(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

STRATFOR: “Watching for Watchers” aka Tradecraft in Surveillance and Counter Surveillance

with one comment

Situational awareness is a term that I posted about last week and it seems that Stratfor, the site that I yanked the post’s genesis from, has continued on in that vein to teach us all more about it. In this next article though, they went deeper into the operational aspect of “SA” and writes a nice little piece on surveillance and counter-surveillance.

The article starts out talking about the basic premise that is their aegis in writing and posting this article. The terrorist threat today is the one that they concern themselves off the bat with. Terrorists, like any other group or entity perform surveillance of their target before they attack. This is an operational standard that the terrorists learned from the intelligence agencies of the past and today. By using some of the techniques “poorly evidently by Stratfor’s account” they indeed did perform surveillance against not only the twin towers, but also as has been seen, nuclear facilities, bridges, and other important buildings with video cameras pretending to be tourists. Thus you had that spate of photographer harassment in NYC and other places post 9/11.

In the article though, the start with the common criminal and work their way toward the Jihadist terrorist in this way;

On the other extreme are the criminals who behave more like stalking predators. Such a criminal is like a lion on the savannah that carefully looks over the herd and selects a vulnerable animal believed to be the easiest to take down. A criminal who operates like a stalking predator, such as a kidnapper or terrorist, may select a suitable target and then take days or even weeks to follow the target, assess its vulnerabilities and determine if the potential take is worth the risk. Normally, stalking criminals will prey only on targets they feel are vulnerable and can be successfully hit, although they will occasionally take bigger risks on high-value targets.

Of course, there are many other criminals who fall somewhere in the middle, and they may take anywhere from a few minute to several hours to watch a potential target. Regardless of the time spent observing the target, all criminals will conduct this surveillance and they are vulnerable to detection during this time.

Given that surveillance is so widely practiced, it is quite amazing to consider that, in general, criminals and terrorists are terrible at conducting surveillance.

There are some exceptions, such as the relatively sophisticated surveillance performed by Greenpeace and some of the other groups trained by the Ruckus Society, or the low-key and highly detailed surveillance performed by some high-end art and jewelry thieves, but such surveillance is the exception rather than the rule.

Now in the above snippet they make the generality that most criminals are just bad at this and are not properly trained. Of course there are differences in the likes of the “art thief” or the “Greenpeace” activist. These though, are the exception now, but, given time and the desire of the parties involved, I am sure this could be an operational standard in the future for the smart criminal and the well funded and operations savvy terrorist.

The case of the 19 who attacked on 9/11 were such a case.

The article moves on to the more defined and practiced skills of surveillance and counter-surveillance/evasion to include TEDD (time, environment, distance and demeanor) which is an operational term for a practice that one must carry out if they are in the business and bound to be surveilled. This is not something the every day person really will use but, is an interesting point of fact for consideration if you as Joe Q Public, are going to be “Situationally Aware” for such things as a terrorist surveilling your local subway stop, nevermind the criminal looking to score by robbing you in an alleyway or dark corner on the street you usually travel.

The U.S. government often uses the acronym “TEDD” to illustrate the principles that can be used to identify surveillance conducted by counterintelligence agencies, but these same principles also can be used to identify criminal and terrorist surveillance. TEDD stands for time, environment, distance and demeanor. In other words, if a person sees someone repeatedly over time, in different environments and over distance, or someone who displays poor surveillance demeanor, then that person can assume he or she is under surveillance. If a person is being specifically targeted for a planned attack, he or she might be exposed to the time, environment and distance elements of TEDD, but if the subway car the person is riding in or the building where the person works is the target, he or she might only have the demeanor of the attacker to key on because the attacker will not be seen by the observer over time and distance or in different environments. Time, environment and distance are also not applicable in cases involving criminals who behave like ambush predators. Therefore, when we are talking about criminal surveillance, demeanor is the most critical of the four elements. Demeanor will also often work in tandem with the other elements, and poor demeanor will often help the target spot the surveillant at different times and places.

The short and long of it is that you need to be aware of your surroundings, the terrain, the choke points, and the usual faces that are there in order to notice when things are amiss and know a way to escape should it be necessary. This all takes some knowledge of the “Tradecraft” of spying and surveillance. I have written before about this subject and think it is important. Stratfor had this to say on this subject where surveillance is concerned;

The term “tradecraft” is an espionage term that refers to techniques and procedures used in the field, but term also implies quite a bit of finesse in the practice of these techniques. Tradecraft, then, is really more of an art rather than a science, and surveillance tradecraft is no exception. Like playing the violin or fencing with a foil, it takes time and practice to become a skilled surveillance practitioner. Most individuals involved in criminal and terrorist activity simply do not devote the time necessary to master this skill. Because of this, they have terrible technique, use sloppy procedures and lack finesse when they are watching people.

Surveillance is an unnatural activity, and a person doing it must deal with strong feelings of self-consciousness and of being out of place. People conducting surveillance frequently suffer from what is called “burn syndrome,” the erroneous belief that the people they are watching have spotted them. Feeling “burned” will cause surveillants to do unnatural things, such as suddenly ducking back into a doorway or turning around abruptly when they unexpectedly come face to face with the target. People inexperienced in the art of surveillance find it difficult to control this natural reaction. Even experienced surveillance operatives occasionally have the feeling of being burned; the difference is they have received a lot of training and they are better able to control their reaction and work through it. They are able to maintain a normal looking demeanor while their insides are screaming that the person they are surveilling has seen them.

In the end, I think that some people may find this information helpful. Some may see it as a fun game they can play to become more situationally aware. Some may actually take these gleanings and use them to perhaps someday save others from being a victim of a terrorist act. Who knows… I think though that these are important skills that can be applied in many ways. Whether or not you live in the city or are just visiting, if you are self aware enough, you can at the very least protect yourself from crime.

In another context though, anyone in the business of information security, physical security, and or any job where you handle information that may be considered important enough to classify, then these skills can be adapted to your particular “situations” for security purposes. In essence, your place of business may in fact be a target of criminal and or state sponsored actors and YOU might be able to detect this and stop it.


Well, let me elucidate.

You see, just yesterday I posted an article on the fact that there seemed to be a rash of physical intrusions and thefts at government buildings recently. Had the people at these offices been situationally aware, then perhaps they would have stopped these people and asked some questions. Perhaps they might even have stopped them from coming through the door in the first place huh? Instead, they paid no attention and the thieves went on their way with hardware and potentially, data that could be damaging to the country.

I myself have taken advantage of this lack of situational awareness many times while auditing facilities. I have created bogus badges, I have used no badges, I have used the old “I’m new here” routine and never have I been stopped by anyone. In fact, its been quite the opposite. People have helped me get onto their networks, into denied areas of buildings, and given me tidbits of data that have been key to opening doors to data and physical access later on.

People are just not situationally aware generally.

So what do we do now? How do we fix this? Well, I suggest for a start that more companies actually have security awareness programs that enlighten on these issues. They need not go into the detail of a TEDD exercise, but, at least cover the facts that in every day life at work, someone may want to gain access to their desk and their terminal if not get through the front door unchecked.

You see that guy with the cigarette out back just smoking and hanging out by the locked door? You know him? If not, then you make him badge in. If he can’t, then its time to go to the security desk out front and NOT let him through that door.

Situational Awareness…


Full article HERE

Written by Krypt3ia

2010/06/17 at 15:50

One Response

Subscribe to comments with RSS.


    Slim slidder

    2010/08/09 at 14:34

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: