Friday, May 31, 2013

INFOGRAPHIC: Syria's S-300s

You may heard by now of the S-300 missiles Russia has pledged to sell to the Syrian regime. There has been a great deal of speculation from the White House and other interested entities as to whether this could prolong or even send the crisis in an even greater spiral. In an effort to provide you with the facts about the S-300, I included this pretty cool infographic from a Twitter user who has demonstrated a wealth of knowledge when it comes to missiles and all things that go "boom":

Water Wars - It Has Nothing To Do With Kevin Costner

Glass Half Empty: The Coming Water Wars

While most of the developing world has focused on oil being the resource that fuels most global conflicts, many groups have voiced concern we're missing a very important resource that is rapidly depleting - water. That's right, folks. The resource we all need to sustain our lives is going away very quickly in some places where conflicts are already occurring due to resource depletion and lack of supply to meet demand. There are LOADS of reasons why this is and I don't want to fill this space with conjecture and debate on topics I'm sure we could pontificate on endlessly. I included the infographic above for you to look at to give you some situational awareness. I've also included some links and the video below that describe the issue in greater detail. Have a look at any of these. What are your thoughts? Do you think this is something we need to concerned with? Is this something security practitioners need to be aware of when operating outside of the developing world or in water-depletion areas?

Water Wars Resources

Saturday, May 25, 2013

Loose Lips Just Don't Sink Ships - How Leaks Compromise More Than Just Secrets

This is how the Taliban handles spies.

I'll preface this piece by saying for the record "I am NOT a spy nor have I EVER been a spy. I have NEVER worked inside the intelligence community. What you read here is my opinion backed up by historically factual information." Whew! Now that I've gotten that out of the way, we can discuss a topic I've been meaning to cover - why unauthorized disclosure of sensitive information should remain illegal without legal protections for anyone.

Most people have no clue how the United States and other countries obtain their human intelligence. They assume we send American spies into foreign lands who sneak around embassies and high-end hotels and casinos battling terrorists and criminal kingpins. Most students of modern US intelligence will tell you that is NOT the case. In fact, how we get that intelligence is by sending American intelligence officers who are trained to be clandestine but who do not steal information themselves. That's right. Most human intelligence officers are highly-trained salesmen and recruiters who work diligently to get citizens from target countries to spy on their respective countries. In other words, our HUMINT officers convince other people to betray target states and organizations. We can also get that information by using third-party human intelligence from another country who may be more ethnically credible to penetrate certain denied areas. We'll touch on that later.

This week you have no doubt heard about the Associated Press debacle with the Department of Justice. What you may not be aware of is the "leak" in question is about the alleged penetration of our government  and the Saudi government into the terrorist organization al Qaeda of the Arab Peninsula (AQAP). This was a highly classified operation which I can only assume involved undercover assets who were willing to betray this very dangerous organization. Someone in the Obama administration took it upon themselves to reveal this operation to the Associated Press. This, of course, is VERY illegal and for good reason. Remember those undercover assets I mentioned previously? What do you think would happen to those assets who were operating without the expectation their involvement would be made public to the largest news source in the world? Take a wild guess.

Do you remember Aldrich Ames? He's the guy who betrayed his country and sold secrets to the USSR. What you may not know is that through his leak, he inadvertently killed 10 Russian citizens who fed the Central Intelligence Agency information. How about Valerie Plame? She's another asset who was "burned" (her covert identity revealed publicly) for very political reasons allegedly. I can assure the target country she worked in, Iraq, deployed several counterintelligence agents to contacts she  had in that country. Once an operation has been "burned", all of the assets involved are compromised and can no longer conduct their missions.

Given what you watched above, take a few things into consideration:

  • The very real danger they pose throughout the region they operate in. 
  • How recluse and difficult such organizations can be and the difficulty to get someone to betray this organization. 
  • The operations we were able to stop because of this operation. One of which was the latest plane plot by AQAP. 
  • The potential for further penetration and more insightful intelligence disappearing because a bureaucrat in D.C. took it upon themselves to deliver to the Associated Press information about the success of this ongoing operation. 
  • The likelihood the assets were compromised and the likelihood of their survival and those with whom they had contact.

So you can imagine my surprise to learn of the AP's outrage that the DoJ was investigating their contacts with various people who had knowledge of this operation. You've heard, no doubt, the DoJ subpoenaed the AP's call records for over two months and then those of reporters who may have been the source's contact. I have 11 years of criminal investigations experience and will be the first to attest that this is very customary when you're looking to connect people from one area to another. Whether or not, the DoJ should have subpoenaed the AP's phone company is a different story and "way above my pay grade".

As you can guess, unauthorized disclosure of classified information is a crime. It's actually a very serious crime. Don't believe me. Here's the statute. You'll do good to note there is zero accommodation or exemption for releases to the press.

(a) Whoever knowingly and willfully communicates, furnishes, transmits, or otherwise makes available to an unauthorized person, or publishes, or uses in any manner prejudicial to the safety or interest of the United States or for the benefit of any foreign government to the detriment of the United States any classified information—(1) concerning the nature, preparation, or use of any code, cipher, or cryptographic system of the United States or any foreign government; or
(2) concerning the design, construction, use, maintenance, or repair of any device, apparatus, or appliance used or prepared or planned for use by the United States or any foreign government for cryptographic or communication intelligence purposes; or
(3) concerning the communication intelligence activities of the United States or any foreign government; or
(4) obtained by the processes of communication intelligence from the communications of any foreign government, knowing the same to have been obtained by such processes—
Shall be fined under this title or imprisoned not more than ten years, or both.
(b) As used in subsection (a) of this section—
The term “classified information” means information which, at the time of a violation of this section, is, for reasons of national security, specifically designated by a United States Government Agency for limited or restricted dissemination or distribution;
The terms “code,” “cipher,” and “cryptographic system” include in their meanings, in addition to their usual meanings, any method of secret writing and any mechanical or electrical device or method used for the purpose of disguising or concealing the contents, significance, or meanings of communications;
The term “foreign government” includes in its meaning any person or persons acting or purporting to act for or on behalf of any faction, party, department, agency, bureau, or military force of or within a foreign country, or for or on behalf of any government or any person or persons purporting to act as a government within a foreign country, whether or not such government is recognized by the United States;
The term “communication intelligence” means all procedures and methods used in the interception of communications and the obtaining of information from such communications by other than the intended recipients;
The term “unauthorized person” means any person who, or agency which, is not authorized to receive information of the categories set forth in subsection (a) of this section, by the President, or by the head of a department or agency of the United States Government which is expressly designated by the President to engage in communication intelligence activities for the United States.
(c) Nothing in this section shall prohibit the furnishing, upon lawful demand, of information to any regularly constituted committee of the Senate or House of Representatives of the United States of America, or joint committee thereof.
(1) Any person convicted of a violation of this section shall forfeit to the United States irrespective of any provision of State law—
(A) any property constituting, or derived from, any proceeds the person obtained, directly or indirectly, as the result of such violation; and
(B) any of the person’s property used, or intended to be used, in any manner or part, to commit, or to facilitate the commission of, such violation.
(2) The court, in imposing sentence on a defendant for a conviction of a violation of this section, shall order that the defendant forfeit to the United States all property described in paragraph (1).
(3) Except as provided in paragraph (4), the provisions of subsections (b), (c), and (e) through (p) ofsection 413 of the Comprehensive Drug Abuse Prevention and Control Act of 1970 (21 U.S.C. 853 (b), (c), and (e)–(p)), shall apply to—
(A) property subject to forfeiture under this subsection;
(B) any seizure or disposition of such property; and
(C) any administrative or judicial proceeding in relation to such property,
if not inconsistent with this subsection.
(4) Notwithstanding section 524 (c) of title 28, there shall be deposited in the Crime Victims Fund established under section 1402 of the Victims of Crime Act of 1984 (42U.S.C. 10601) all amounts from the forfeiture of property under this subsection remaining after the payment of expenses for forfeiture and sale authorized by law.(5)As used in this subsection, the term “State” means any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any territory or possession of the United States.
As you can tell, the law is very specific and for good reason, as I outlined before. The business of deriving the intelligence we need from terrorist organization and rogue states requires secrecy. The best way I can describe the importance of keeping clandestine operations secret is to have you watch my child and I play "hide-and-go seek". Children love to tell you where they're going to hide because it makes it easier for you to catch them. Imagine if your child was very clever and never told you where they were hiding. Better yet, what if you never knew they were playing the game. Then, imagine if the stakes were higher - much higher than preempting a really good game. The same could be said of the modern spy game were exponentially more lives are at risk.

Friday, May 24, 2013

Security Officers Wanted For Reality Show

So while doing my daily perusal of the Internet, I came across this advertisement for a reality television show based on the lives of security officers. Folks, I can't make this stuff up. See for yourself.
Are you a security guard who has truly "seen it all?"

Zodiak Media is casting larger-than-life characters who work in unique, demanding careers…the ultimate professionals who manage to keep cool as cucumbers, no matter what stress or "drama" comes their way during their difficult jobs. This documentary-style show will feature the work lives of people in a wide variety of businesses and careers across the country and our goal is to find a dynamic security team to show us what it takes to stay cool under pressure while people consistently test your patience, willpower and sanity! We know that you must have plenty of funny/dramatic stories to share!
I know many of you are waiting for a link to click so you can join the ranks of other "esteemed" security professionals who have gone the reality show route like Dog the Bounty Hunter and South Beach Tow. Seriously, it can do "great" things for our profession. It's not like those "large-than-life" characters wouldn't be consummate professionals. Please tell me you saw that sarcasm. If you didn't, feel free to apply.

Thursday, May 23, 2013

INFOGRAPHIC: Pew Institute Poll - Sharing, Connections, & Privacy In The World Of Teen Social Media

This infographic from the Pew Institute provides some amazing insight into how teens view their social media privacy. As an investigator, I can share with you the value that social media has in gathering information on a person. Teens have historically been the most active users of social media and therefore their online "lives" traditionally have been insightful to say the least.

                      (click to enlarge)

INFOGRAPHIC: The Cybercriminal Underground

TrendLabs, a leading information security firm, published this really awesome infographic about the cybercriminal underworld. It's certainly worth a look.

                                                    (click to enlarge)

Thursday, May 16, 2013

The Business of War: SOFEX by vice

SOFEX is where the world's leading generals come to buy everything from handguns to laser-guided missile systems. It stands for "Special Operations Forces Exhibition Conference" and it's essentially a trade-show where just about anyone with enough money can buy the most powerful weapons in the world. Hosted by Shane Smith | Originally released in 2012 at Check out the VICE Guide to Karachi here: Subscribe for videos that are actually good: Check out our full video catalog: Videos, daily editorial and more: Like VICE on Facebook: Follow VICE on Twitter: Read our tumblr:

The Taliban in Pakistan by vice

We went to Pakistan to invesitage why suicide bombings, IED use, and the Taliban are all growing at alarming rates. In a recent trip to Pakistan to report on the recent spike in the region's violence and bloodshed, Suroosh Alvi heard over and over the same sentiment from people on the ground: America's war on terror is falling flat on its face. The military conflict in neighboring Afghanistan, repeatedly cited by locals, sends a constant flood of guns, refugees, militants, and heroin flowing into Pakistan. Heroin is now actually cheaper than hashish in cities like Lahore, and the Kalashnikov culture, the foundation of which was laid 30 years ago when the CIA financed the mujahideen, is all-consuming. According to the Pakistanis he spoke to, it's all taken a devastating toll on the country and is creating the next generation of militants. Hosted by Suroosh Alvi | Originally released in 2010 on Follow Suroosh Alvi on Twitter - Watch "The Gun Markets of Pakistan": Subscribe for videos that are actually good: Check out our full video catalog: Videos, daily editorial and more: Like VICE on Facebook: Follow VICE on Twitter: Read our tumblr:

How to Get Away with Stealing by vice

Learn how easy it is to make fake passports and scam the rich into trusting you with thousands of dollars. If the fraud industry were its own country, it would have the fifth strongest economy in the world, just ahead of the UK. Come and meet the fraudsters who're making a killing from the fastest growing crime on Earth. Check out "How to Sell Drugs" here: Subscribe for videos that are actually good: Check out our full video catalog: Videos, daily editorial and more: Like VICE on Facebook: Follow VICE on Twitter: Read our tumblr:

CIA suggests gmail to its agents by RTAmerica

On Monday night, Ryan Fogle was arrested in Moscow after he allegedly attempted to recruit a Russian secret service agent to work for the United States. Russian officials claim that Fogle was working for the CIA, but was posing as a third secretary at the US Embassy in Moscow. Ray McGovern, retired CIA officer, gives us some insight on what this incident means for US/Russian relations. Find RT America in your area: Or watch us online: Like us on Facebook Follow us on Twitter

Tuesday, May 14, 2013

What A Burned CIA Officer and A Patriot Hacktivist Can Teach Us About Cover Discipline

Ryan Fogle, an alleged CIA officer being detained by Russian
counterintelligence after his cover was "blown" (Source: AFP)
In light of the news a Central Intelligence Agency officer was detained by Russian counterintelligence, I felt it would be good to examine what it means to have good "cover discipline". In order to accomplish missions that require stealth in plain sight, intelligence operatives use what is commonly referred to as "cover" which is a fictional persona adopted by individual officers so that their true identity and purpose remain unknown to their target. "Cover" takes a significant amount of time to develop and assimilate into the officer. Persons who operate "undercover" will spend a great deal of time studying and perfecting their "cover". Where most officers get caught is when they lose "cover discipline". This could be something as simple as confusing one's "cover" name with their "real" name. In some cases, like the one depicted in this film, "cover" is often lost due to carelessness.

A recent display of good "cover" discipline came coincidentally during an exchange with a "hacktivist" known as The Jester and Jeff Bardin, a leading information security expert. The Jester and Bardin engaged in a phony confrontation regarding The Jester's alleged betrayal of Bardin's "cover" during an information security intelligence operation. The "feud" ended with Bardin "revealing" The Jester's "real" name which was actually a "cover" he developed for this operation over two years ago. It was very elaborate but according to those involved, it was a success.

Here's a snippet from The Jester and Bardin's "feud":
The Jester posted this with regards to his "cover" on another website:
For just such an occasion.....
On the 1st July 2011 - I myself left this on pastebin >>
I also purposely left this in source code of my blog:
Later I created this:
and to bolsert I also created this
It's taken almost 2 years for anyone to spot the deliberate mistake. Well Done.
He doesn't exist. It's a decoy. Good to know who's who though. Thanks.

You will notice the meticulousness of the preparation involved in developing a good cover. The Jester has been active for a few years and has yet to be successfully unmasked because of his adherence to good "cover discipline".

I'm not an intelligence expert nor have I ever claimed to be. However, I have studied intelligence gathering and espionage for quite some time. What I have learned is that spies on rely on secrecy, deception, and disguise to conduct clandestine operations. In order to be successful, spies must "live, eat, and breathe" their cover story. As it's stated in this article, "Cover is a mosaic, it's a puzzle," said James Marcinkowski, a former CIA case officer who attended the dinner. "Every piece is important [to protect] because you don't know which pieces the bad guys are missing."

For more information on "cover":

VIDEO: Defenses Against Espionage

It never ceases to amaze me how many of the cardinal rules of security and threat mitigation are relevant know matter which era or platform they are adhered to in. This video is a perfect illustration of that. It's a video produced by the National Security Council for government contractors who worked with classified projects. It follows a fictional case wherein a company loses a key piece of classified information they produced.  Of interest to security practitioners are the human security vulnerabilities exposed. Many of the fictional characters are exploited using social engineering. While the manner in which the information is much more elaborate than what we say in modern corporate espionage, the lessons are the same.

Monday, May 13, 2013

VIDEO: Espionage Target - You (June 15, 1964)

This video is a classic from the Cold War. While some of the material is outdated, those same human security vulnerabilities still exist whether it be financial, sex, or peer pressure. The only difference between when this film was produced and now is the theater of operations has changed from being solely in an analog world to a digital, multi-spectrum world.

Here's the synopsis from
Exposes the worldwide operation of the Sino-Soviet espionage system and shows how Communist agents used any means to obtain vital information from military personnel. Reconstructs three actual cases to demonstrate various facets of espionage techniques. Explains how agents of different nationalities probe for vulnerable areas, such as loneliness, indebtedness, fast money, sex and the sporting life. Portrays the agent as he subtly approaches, ensnares and involves his victim until it is too late for the victim to retreat. Purpose: Information on communist espionage methods.

VIDEO: IED Mitigation Cartoon From World War 2

One of the most entertaining and unusual pieces of improvised explosive device  mitigation pieces I've ever watched. It hails from World War II. Warning: This video is from an era when political correctness was not a part of modern society.

From the site where I found this gem of American military history:
Private Snafu learns about the hazards of enemy booby traps the hard way.

This is one of 26 Private SNAFU ('Situation Normal, All Fouled Up) cartoons made by the US Army Signal Corps to educate and boost the morale the troops. Originally created by Theodore Geisel (Dr. Seuss) and Phil Eastman, most of the cartoons were produced by Warner Brothers Animation Studios - employing their animators, voice actors (primarily Mel Blanc) and Carl Stalling's music.

POLICE WEEK: In Memory of All Those Who Wore The Badge

Remember our fallen....

United States Air Force Security Forces
EOW: Wednesday, March 2, 2011
Cause: Gunfire

United States Air Force Security Forces
EOW: Saturday, September 16, 2006
Cause: Automobile accident

United States Air Force Security Forces
EOW: Monday, March 13, 2006
Cause: Automobile accident

United States Air Force Security Forces
EOW: Friday, November 19, 1999
Cause: Struck by vehicle

United States Air Force Security Forces
EOW: Saturday, May 8, 1999
Cause: Accidental

United States Air Force Security Forces
EOW: Wednesday, October 14, 1998
Cause: Automobile accident

United States Air Force Security Forces
EOW: Wednesday, October 14, 1998
Cause: Automobile accident

United States Air Force Security Forces
EOW: Saturday, January 10, 1998
Cause: Gunfire

United States Air Force Security Forces
EOW: Wednesday, January 1, 1992
Cause: Assault

United States Air Force Security Forces
EOW: Wednesday, December 11, 1991
Cause: Electrocuted

United States Air Force Security Forces
EOW: Monday, August 12, 1991
Cause: Training accident

United States Air Force Security Forces
EOW: Saturday, November 15, 1980
Cause: Gunfire

United States Air Force Security Forces
EOW: Sunday, March 18, 1979
Cause: Vehicular assault

United States Air Force Security Forces
EOW: Sunday, March 26, 1978
Cause: Gunfire

United States Air Force Security Forces
EOW: Friday, January 6, 1978
Cause: Stabbed

United States Air Force Security Forces
EOW: Thursday, April 17, 1969
Cause: Gunfire

United States Air Force Security Forces
EOW: Wednesday, February 27, 1963
Cause: Aircraft accident

Identity Theft Victim Fights Back to Recover Good Credit | Nightly Business Report | NBR | PBS by PBS


CARRIER | Security Drill | PBS by PBS A security drill aboard the USS Nimitz. Scenario: security must deal with a member of the film production team who has lost his marbles and is wielding a gun. CARRIER follows a core group of participants aboard the USS Nimitz, from the elite fighter pilots to the youngest sailors and everyone in between, as they navigate personal conflicts around their jobs, families, faith, patriotism, love and the war on terror. CARRIER premieres Sunday-Thursday, April 27-May 1, 2008, 9:00-11:00 p.m. ET on PBS (check local listings). For more information, visit Help us tell stories like CARRIER on-air and online. Support PBS

VIDEO: NOVA: Quantum Confidential

If you were a spy, how could you ensure that an encrypted message got safely to your allies? Send it using entangled particles! Here, watch how a technique called quantum cryptography could save a state secret from falling into enemy hands.

Watch Quantum Confidential on PBS. See more from NOVA.

Tuesday, May 7, 2013

INTERVIEW: Geoff Howe of Howe and Howe Technologies Who Made The SWAT-BOT

I really like being a blogger. I get to explore all of my favorite topics and I get to be very passionate about security. That being said, it is a joy to find people who share my passion and make it evident in their work. The folks at Howe and Howe Technologies have found themselves in that very elite group. For the unfamiliar, I recently did an article about a remote piloted robot developed by the company. The other day, I decided to contact the Maine-based company for an interview to get some additional information. I knew right away upon speaking to Geoff Howe I'd called the right place.

Me: Can you tell me how the SWAT-Bot was developed?
Geoff: Two and a half years ago we started. Before that, in 2006, we were already developing unmanned ground vehicles for the US military. It was during the Fukishima reactor incident that we noticed something very troubling and quite frankly - frustrating. You see we had already developed a firefighting robot called Thermite. There was this incident and we had the technology in our facility to help. However, the infrastructure was not in place at the time. Shortly after that, we had a Department of Homeland Security Testing and Evaluation demonstration for FEMA at the Massachusetts Fire Academy.  The Massachusetts State Police STOP team was there and observed the Thermite and approached us about doing something for SWAT. We immediately began the dialogue and got great feedback from them. By 2012, we had a prototype developed. What was really frustrating was watching the West, Texas fire that killed all of those firemen and knowing we had technology here that could have taken them out of harms way.

Me: What are some of the robot's capabilities?
Geoff:  Well, it weighs 2300 lbs and can be transported in the bed of a pickup truck. Within 3 seconds, it can be operational. Within 15 seconds, the robot is ready to go with the ballistic shield mounted. It has several tools to include the DragonTail which shoots a projectile at a vehicle with a grappling hook and can drag cars. It also has a door breacher that can act as ram also, a tire deflator which was developed out of a request by Southern Maine Special Reaction Team, a negotiating basket, and HD video transmission. The HD video is done 1080p and is real-time. It was developed from technology used in sportscasting. There's also a light that has 16000 lumens.

Me: I'm really impressed by how cool the tech is behind this. Where does the person who pilots this operate from?
Geoff: The cool thing is he can be anywhere in the SWAT formation known as the stack. The best part is it can controlled by tether from a command vehicle with 300 foot tether.

Me: How long does it take to train operators? Maintenance?
Geoff: Maybe an hour. It's very easy to learn how to pilot. Maintenance can be done by the end-user and is very minor or we can send one of our field service reps out on an as needed basis.

Me: Geoff, this sounds like an amazing robot. I hope I make it to Maine to test this out. Any parting words?
Geoff: Thanks. We just want the product to be in the hands of people who need it the most. After Boston and all these other shootings, we can't help but see the demand and need for this. We're an R&D company so making things like this is what we do. I don't want to see another tragedy where we have the technology in our facility and not in the hands of first responders.

For more information:

Monday, May 6, 2013

VIDEO: Billboard That Displays A Hidden Message For Abused Children

The video you're watching above is a viral piece created by a Spanish organization called the Aid to Children and Adolescents at Risk Foundation. Basically, it's an ad created that "displays a different message for adults and children at the same time." It does this in the same way 3D illusions are created for children's toys. From different angles, each viewer gets to see a different image. Adults will see a child and message about abuse while children can see an abused child with a message just for them. It's a very cool crime prevention tool I think that could be useful in the United States. Imagine if there was a similar ad but also displayed safe locations or a hidden telephone number.

For more information:

Friday, May 3, 2013

How CARVER And Site Surveys Can Better Protect Your Assets (and your rear) + [VIDEO]

USAF Security Forces members conducting a site survey (Source: USAF)

"Come on, dude. It's Idaho! No one is ever going to attack us" was a common talking point at my first duty station in the military. It can be difficult when you spend everyday near multi-million dollar aircraft to see their strategic importance particularly when they're located in the "middle of nowhere". Sadly, before 9/11, this attitude was more commonplace than some would care to admit. Nowhere was that more apparent than our original perimeter fence which consisted of two rusted barbed wires, humongous decorative rocks, and almost nonexistent perimeter patrols. On September 11, 2001, the way we and countless other military bases thought of security changed. The base's security posture changed within hours and our "sleepy" installation soon seemed better fitted in Tel Aviv than Idaho. As time went on, that posture too changed. However, a process was adopted to address the dynamic security environment.

One of my jobs in the military was as the Non-Commissioned Officer In-Charge of Physical Security. In short, I managed the physical security program which provided protection for all of the military base's critical weapon systems and their support elements. A key component to that job was conducting various site surveys to evaluate the security already in-place and to make recommendations as to what could be done to enhance it and to address any deviations from accepted security protocols. Basically, I ran around the base thinking of ways I could break and steal things. Over time, I got to be pretty good at seeing what I later called the "security landscape" from my adversary's point-of-view. A good security practitioner does this in a few ways.
  • Knowing the threat
  • Knowing the importance of the asset
  • Talk to subject matter experts regarding the asset
  • Knowing the existing defensive measures for the asset
  • Knowing what the accepted security practices were for the asset
  • Examining the asset and its defensive measures in person
  • Testing those measures with exercises using probable attack patterns
This methodology is not new. Site surveys have been around since before Roman times. Supposedly, Caesar would conduct special patrols of his defenses. When he would catch soldiers without their shields or being proactive, they were dealt with severely. Today, many in the public and private sector use what's commonly referred to as the CARVER model which was originally developed as a targeting tool for used by US Special Operations Forces to quickly and thoroughly analyze enemy critical infrastructure to identify a critical node against which a small well-trained force can launch an attack to disable or destroy that infrastructure. CARVER uses a matrix to determine the likelihood of an attack based on several factors:

  • Criticality
  • Accessibility
  • Recuperability
  • Vulnerability
  • Effect
  • Recognizability
Here's a model of that matrix:

I can't stress enough the need to actually see the asset and the area around it in order to make a proper assessment. To do this, you must first go in looking at every conceivable attack venue whether it be cyber or an intrusion. Get a tour and walk around. Next, talk to the experts to determine what's critical to the assets operation. Next, look at similar attacks on similar assets. Then determine how an untrained and a skilled attacker would approach the target. Identify surveillance locations, chokepoints, and avenues of approach. Look for existing defensive measures. Are they adequate? Are they outdated? Finally, sit down and do the most dreaded part of this job - make a report to the decisionmankers. 

In the video below, you'll see a counterintelligence site survey being depicted in the Cold War. It's interesting to see the similarities behind my approach and theirs. Would you do something different?

VIDEO: Sabotage: Perfecting the Art of Surprise (as told by the CIA)

The Office of Strategic Services, founded June 13, 1942, was the precursor to the Central Intelligence Agency. It was America's wartime espionage and special operations arm during World War II. That being said, an area where it performed rather successfully was sabotage. The CIA released the video below to demonstrate some of the ingenuity agents had to employ in order to complete these challenging missions.

Thursday, May 2, 2013

Security Officer vs Rent-A-Cop - Knowing the Difference Could Be Life or Death

"You're just a rent-a-cop", they said as I chased them from one end of the property to another. These particular trespassers had breached our property before and were stealing bikes from residents while they slept. But this day, I would not let them escape. As we got to the rear of the property, a large concrete wall appeared separating the property I was protecting and an adjacent housing area. Darn it. They were going to get away. I watched them scale that fence like the little, juvenile delinquent ninjas I knew them to be. The last one looked at me as he climbed the wall and yelled "Man, how can you be a rent-a-cop and live with yourself?. He then tossed several oranges at me and laughed. This was a weekly occurrence, as school recessed. That night, we lost an officer in the line of duty at another property doing the same thing I was doing.

I have countless stories like this from my time as a security officer. They all taught me a very valuable lesson - there is no such thing as a "rent-a-cop" or a guard. What security officers do and what they're responsible for requires a professional attitude and reception from both the people they protect and the public at large. However, that does not happen in the age where those who work security are often viewed as "wanna-be's", "rent-a-cops", "flashlight cops", and guards. We've all done it. I did it too. We go to our favorite shopping area and encounter a person who is obviously security. All we need is their physical appearance and a view of their demeanor for about five seconds to determine what category they fit. Yet none of us has ever contemplated the reasons why we have these officers in place. 

Often, officers are viewed as a "necessary evil" deployed at the behest of an unknown proprietor who just wants to protect his property. Although, I have met managers and proprietors who treated security as though it was something they didn't want but felt they had to have for whatever reason. This perception of officers then makes its way to officers as well who view themselves as what they portrayed. This leads to a cadre of officers who either don't work to change that perception or who really do personify it to become employed in the field as a refuge.

So how do we change that perception? Well, we need standardization - the ugliest word in security. We need to set clear and concise guidelines as to what constitutes the duties, responsibilities, and authority of officers. Many proprietors and officers have no clue what their job is other than to "protect stuff and stay out of the boss' way". You see this commonly in establishments where officers have a very lackadaisical attitude to situation awareness and who lack a proactive approach to security. They walk around with glazed eyes, reading the latest crossword section, and not paying any attention or having any investment into having a secure environment. Supervisors of these officers are scarcely seen and are often reluctant to dispel the perception as well. Managers, proprietors, and security supervisors should have written guidelines and procedures for officers to study, be knowledgeable about, and follow strictly.  They should also understand what authority they convey over occupants, tenants, and others on the property that extend to trespass warnings or even effecting arrests in some circumstances.

Next, better screening of officers to perform the duties required is needed. Why hire a senior citizen who can barely walk without assistance to patrol a strip mall on foot? You're certainly not deterring crime and are providing a presumably inadequate response element when an incident occurs. This screen should take into account the usual - felonies, misdemeanors, drugs, theft, etc. It should also recognize military and law enforcement service, previous security experience, and expectations for the job. That last item is very critical. When I worked security, I was appalled by the number of people I encountered who saw this as a just another job and not a potential career. Many believed the job was "beneath" them or was too tedious and felt underwhelmed. Managers should hire employees who see security as being an integral part of how companies protect their assets and their customers and who don't see the job in the same light as they do cooking burgers at a chain-restaurant. 

We also need to change how proprietors view the profession. Some see those who do the jobs as something anyone can do. There is perhaps nothing that caused me more frustration than this attitude. Many times working security can be very hazardous and life-ending. My nights were often filled with "shots fired" calls and armed assailants. I was surrounded by drug dealers and other nefarious people daily. I had to learn a second language just to be able to do my job. I had to train in non-lethal techniques, hand-to-hand combat, marksmanship, first aid, and fire suppression. Tell me again how anyone can do this job.

Don't get me wrong. I realize not all companies or proprietors are like this. There are  many who screen their officers, who deploy them with the expectation they will be utilized fully, and properly supervise them. There are some, though, who perpetuate the stereotype of "flashlight cops" by employing officers who conduct their duties in that manner. There are also proprietors who contract these companies because they are often the cheapest. This does little to provide meaningful protection nor does it provide an accurate portrayal of how professional officers conduct themselves. Many would say the easiest way to change this is with effective national legislation or at the very least legislation in states who have none for officers. Some states don't even make it a requirement to have officers be licensed. Having worked in a state that does, I can't imagine doing it without one let alone hiring a company that wasn't. 

Nothing is perhaps more telling than the hazards officers face in this line of work. Take a look at these statistics from Private Officer International from 2011:
  • Injuries and assaults saw a 17 percent increase over 2011.
  • There were 112 on-duty deaths.
  • 103 killed were male; nine were female.
  • The media age of those killed was 46 years old; the youngest was 19.
  • The top three places officers were killed were: nightclubs, residential areas, and retail centers.
  • The top three places officers were assaulted were: retail centers, nightclubs, and hospitals.
  • Top three causes of death were gunshots (65), trauma (14), and stabbing (9).
  • There were four on-duty confirmed suicides

What I've outlined is a comprehensive plan to standardize, professionalize, and enhance the job of asset protection.  The American Society for Industrial Security is at the forefront of this. They have published a guideline that is a standard-bearer in some organizations. We can no longer accept the mantra that those who work on the frontlines of crime are mere "rent-a-cops". If there is one thing we've learned in recent years, more and more officers are making the ultimate sacrifice. The shameful part of all of it is not their deaths but our apathy towards recognizing the distinct professionalism required to do this job.

Wednesday, May 1, 2013

Al-Shabaab vs The Security Dialogue: Round 3 - The Hilarity Continues

Well, folks. It's that time of year when our favorite little jihadis decide to engage me on Twitter. Our contest is always one-sided and really quite funny. For a bunch of murdering, raping, degenerates they do a hell of a job of setting up a great punch line. I'll stop teasing and let you see for yourself. Ding ding!

About Us