Powered by Bravenet Bravenet Blog

Subscribe to Journal

Friday, November 30th 2012


Upcoming Security/LE Events Update

Upcoming Security & LE Events:

This listing will be updated frequently, so check back often for the latest updates!



2013 ILEETA International Training Conference and Expo
April 15-20, 2013
Westin Chicago North Shore in Wheeling, IL.


IALEFI 2013 Annual Training Conference
May 5-10, 2012
Mobile Alabama

Police & Security Expo
June 25 - 26, 2013
Atlantic City, NJ


6th Annual 1 inch to 100 yards Warrior Conference
August 14 - 17, 2012
Reno NV


IACSP 20th Annual Terrorism Trends & Forecasts Conference
September 20, 2012
Mahwah, NJ



This listing of events is provided as a courtesy to our subscribers. We have been told that many in the law enforcement, protective services & military community would like to attend these types of events but often times don't find out about them until to late. This listing is one way we are trying to help! The listing of any event does not constitute an endorsement by the Sykes Group.



For training in Executive/VIP Protection (Bodyguard), High Risk Building Entry and room clearing, Disguised & Unusual Weapons, WMD Awareness, Bail Enforcement... contact us at: www.sykesgroups.com

0 Comment(s) / Post Comment

Thursday, November 29th 2012


Lebanon: Lessons from Two Assassinations

0 Comment(s) / Post Comment

Monday, May 28th 2012


Kidnapping: Expect the Unexpected

Kidnapping: Expect the Unexpected

0 Comment(s) / Post Comment

Sunday, November 20th 2011


The Mexican Drug Cartel Threat in Central America

The Mexican Drug Cartel Threat in Central America

By Karen Hooper

Guatemalan President-elect Otto Perez Molina told Mexican newspaper El Universal on Nov. 9 that he plans to engage drug cartels in a “full frontal assault” when he takes office in 2012. The former general said he will use Guatemala’s elite military forces, known as Los Kaibiles, to take on the drug cartels in a strategy similar to that of the Mexican government; he has asked for U.S. assistance in this struggle.

The statements signal a shifting political landscape in already violent Central America. The region is experiencing increasing levels of crime and the prospect of heightened competition from Mexican drug cartels in its territory. The institutional weakness and security vulnerabilities of Guatemala and other Central American states mean that combating these trends will require significant help, most likely from the United States.

From Sideshow to Center Stage

Central America has seen a remarkable rise in its importance as a transshipment point for cocaine and other contraband bound for the United States. Meanwhile, Mexican organized crime has expanded its activities in Mexico and Central America to include the smuggling of humans and substances such as precursor chemicals used for manufacturing methamphetamine. Substantial evidence also suggests that Central American, and particularly Guatemalan, military armaments including M60 machine guns and 40 mm grenades have wound up being used in Mexico’s drug conflict.

From the 1970s to the 1990s, Colombian cartels transited directly to Miami. After U.S. military aerial and radar surveillance in the Caribbean effectively shut down those routes, Mexico became the last stop on the drug supply chain before the United States, greatly empowering Mexico’s cartels. A subsequent Mexican government crackdown put pressure on Mexican drug trafficking organizations (DTOs) to diversify their transit routes to avoid increased enforcement at Mexico’s airstrips and ports. Central America consequently has become an increasingly significant middleman for South American suppliers and Mexican buyers of contraband.

The methods and routes for moving illicit goods through Central America are diverse and constantly in flux. There is no direct land connection between the coca-growing countries of Colombia, Peru and Bolivia. A region of swampy jungle terrain along the Panamanian-Colombian known as the Darien Gap has made road construction prohibitively expensive and thus barred all but the most intrepid of overland travelers. Instead, aircraft or watercraft must be used to transport South American goods north, which can then be offloaded in Central America and driven north into Mexico. Once past the Darien Gap, the Pan American Highway becomes a critical transportation corridor. Honduras, for example, reportedly has become a major destination for planes from Venezuela laden with cocaine. Once offloaded, the cocaine is moved across the loosely guarded Honduran-Guatemalan border and then moved through Guatemala to Mexico, often through the largely unpopulated Peten department.

Though precise measurements of the black market are notoriously difficult to obtain, these shifts in Central America have been well-documented — and the impact on the region has been stark. While drug trafficking occurs in all Central American countries to some extent, most violence associated with the trade occurs in the historically tumultuous “Northern Triangle” of Guatemala, El Salvador and Honduras. No longer receiving the global attention they did when the United States became involved in their Cold War-era civil wars, these countries remain poverty stricken, plagued by local gangs and highly unstable.

The violence has worsened as the drug traffic has increased. El Salvador saw its homicide rate increase by 6 percent to 66 per 100,000 inhabitants between 2005 and 2010. At the same time, Guatemala’s homicide rate increased 13 percent, to 50 per 100,000 inhabitants. Meanwhile Honduras saw a rise of 108 percent, to 77 per 100,000 inhabitants. These are some of the highest homicide rates in the world.

In comparison, the drug war in Mexico caused murder rates to spike 64 percent, from 11 to 18 deaths per 100,000 between 2005 and 2010. Conservative estimates put the number of dead from gang and military violence in Mexico at 50,000. These numbers are slightly misleading, as Mexican violence is concentrated in scattered pockets where most drug trafficking and competition among drug traffickers occurs. Even so, they demonstrate the disproportionate impact organized criminal groups have had on the societies of the three Northern Triangle countries.

Guatemala’s Outsized Role

Increased involvement by Mexican cartels in Central America inevitably has affected the region’s politico-economic structures, a process most visible in Guatemala. Its territory spans Central America, making it one of several choke points on the supply chain of illicit goods coming north from El Salvador and Honduras bound for Mexico.

Guatemala has a complex and competitive set of criminal organizations, many of which are organized around tight-knit family units. These family organizations have included the politically and economically powerful Lorenzana and Mendoza families. First rising to prominence in trade and agriculture, these families control significant businesses in Guatemala and transportation routes for shipping both legal and illicit goods. Though notorious, these families are far from alone in Guatemala’s criminal organizations. Major drug traffickers like the well-known Mario Ponce and Walther Overdick also have strong criminal enterprises, with Ponce reportedly managing his operations from a Honduran jail.

The relationship of these criminal organizations to Mexican drug cartels is murky at best. The Sinaloa and Los Zetas cartels are both known to have relationships with Guatemalan organized criminal groups, but the lines of communication and their exact agreements are unclear.

Less murky, however, is that Los Zetas are willing to use the same levels of violence in Guatemala to coerce loyalty as they have used in Mexico. Though both Sinaloa and Los Zetas still need Guatemalan groups to access high-level Guatemalan political connections, Los Zetas have taken a particularly aggressive tack in seeking direct control over more territory in Guatemala.

Overdick facilitated Los Zetas’ entry into Guatemala in 2007. The first indication of serious Los Zetas involvement in Guatemala occurred in March 2008 when Leon crime family boss Juan Leon Ardon, alias “El Juancho,” his brother Hector Enrique Leon Chacon and nine associates all died in a gunbattle with Los Zetas, who at the time still worked for the Gulf cartel. The fight severely reduced the influence of the Leon crime family, primarily benefiting Overdick’s organization. The Zetas most flagrant use of force occurred in the May 2011 massacre and mutilation of 27 peasants in northern Guatemala intended as a message to a local drug dealer allegedly tied to the Leon family; the Zetas also killed and mutilated that drug dealer’s niece.

MS-13 and Calle 18

In addition to ramping up relationships with powerful political, criminal and economic players, Sinaloa and Los Zetas have established relationships with Central American street gangs. The two biggest gangs in the region are Mara Salvatrucha (MS-13) and Calle 18. The two groups are loosely organized around local cliques; the Mexican cartels have relationships at varying levels of closeness with different cliques. The U.N. Office on Drugs and Crime estimates that there are 36,000 gang members in Honduras, 14,000 in Guatemala and 10,500 in El Salvador.

They were formed by Los Angeles gang members of Central American origin whose parents had immigrated to the United States to escape the region’s civil wars. After being arrested in the United States, these gang members were deported to Central America. In some cases, the deportees spoke no Spanish and had no significant ties to their ancestral homeland, encouraging them to cluster together and make use of the skills learned on the streets of Los Angeles to make a living in Central America via organized crime.

The gangs have multiplied and migrated within the region. Many have also returned to the United States: U.S. authorities estimate that MS-13 and Calle 18 have a presence in as many as 42 states. Though the gangs are truly transnational, their emphasis is on controlling localized urban turfs. They effectively control large portions of Guatemala City, Guatemala; Tegucigalpa, Honduras; and San Salvador, El Salvador. Competition within and among these gangs is responsible for a great deal of the violence in these three countries.

In a March statement, Salvadoran Defense Minister David Munguia Payes said his government had evidence that both Sinaloa and Los Zetas are active in El Salvador, but that he believes MS-13 and Calle 18 are too anarchic and violent for the Mexican cartels to rely on heavily. According to Honduran Security Minister Pompeyo Bonilla, Mexican cartels primarily hire members of these gangs as assassins. The gangs are paid in drugs, which they sell on the local drug market.

Though limited in their ties to the Mexican cartels, the prevalence of MS-13 and Calle 18 in the Northern Triangle states and their extreme violence makes them a force to be reckoned with, for both the cartels and Central American governments. If Central American street gangs are able to better organize themselves internally, this could result in closer collaboration, or alternately serious confrontations with the Mexican cartels. In either case, the implications for stability in Central America are enormous.

The U.S. Role

The United States has long played an important, complex role in Latin America. In the early 20th century, U.S. policy in the Western Hemisphere was characterized by the extension of U.S. economic and military control over the region. With tactics ranging from outright military domination to facilitating competition between subregional powers Guatemala and Nicaragua to ensuring the dominance of the United Fruit Company in Central American politics and business, the United States used the first several decades of the century to ensure that Central America — and by extension the Caribbean — was under its control. After World War II, Central America became a proxy battleground between the United States and the Soviet Union.

On a strategic level, Central America is far enough away from the United States (thanks to being buffered by Mexico) and made up of small enough countries that it does not pose a direct threat to the United States. U.S. interest in the region did not end after the Cold War, however, as it is critically important to the United States that a foreign global competitor never control Central America or the Caribbean.

The majority of money spent combating drug trafficking from South America to the United States over the past decade has been spent in Colombia on monitoring air and naval traffic in the Caribbean and off the Pacific coasts, though the U.S. focus has now shifted to Mexico. Central America, by contrast, has languished since the Reagan years, when the United States allocated more than $1 billion per year to Central America. Now, the region has been allocated a total of $361.5 million for fiscal years 2008-2011 in security, economic and development aid through the Merida Initiative and the Central America Regional Security Initiative (CARSI). The Obama administration has requested another $100 million for CARSI. Of this allocated funding, however, only 18 percent has been dispersed due to failures in institutional cooperation and efficiency.

The U.S. Drug Enforcement Administration (DEA) has facilitated most U.S.-Central American security cooperation. The DEA operates teams in the Northern Triangle that participate in limited counternarcotic operations. They are also tasked with both vetting and training local law enforcement, a particularly tricky — and most likely doomed — task. As the failure of Guatemala’s highly vetted and lauded Department of Anti-Narcotics Operations shows, preventing local law enforcement from succumbing to the bribes and threats from wealthy and violent DTOs is a difficult, if not impossible, task.

The DEA’s limited resources include five Foreign-deployed Advisory and Support Teams worldwide. These are the agency’s elite operational teams that are equipped to train foreign law enforcement and military personnel and to conduct support operations. Originally established to operate in Afghanistan exclusively, the teams have been deployed to several countries in Central America, including Guatemala and Honduras. These teams are designed to be flexible, however, and do not represent the kind of long-term commitment that would likely be necessary to stabilize the region.

Central America’s Challenge

Central America has no short-term escape from being at the geographical center of the drug trade and from the associated violence. Unless and until technologies shift to allow drugs to flow directly from producer to consumer via ocean or air transport, it appears likely that Central America will only become more important to the drug trade. While the drug trade brings huge amounts of cash (admittedly on the black market) into exceedingly capital-poor countries, it also brings extreme violence.

The billions of dollars drugs command create an insurmountable challenge for the regional counternarcotic campaigns. The U.S. “war on drugs” pits the Guatemalan elite’s political and financial interests against their need to retain a positive relationship with the United States, which views the elites as colluding with drug organizations to facilitate the free passage of drugs and key figures in the drug trade.

For the leaders of Central America, foreign cartel interference in domestic arrangements and increasing violence is the real threat to their power. It is not the black market that alarms a leader like Perez Molina enough to call for greater involvement by the United States: It is the threat posed by the infiltration of Mexico’s most violent drug cartel into Guatemala, and the threat posed to all three countries by further Central American drug gang destabilization, which could lead to even more violence.

Looking Forward

The United States is heavily preoccupied with crises of varying degrees of importance around the world and the significant budget-tightening under way in Congress. This makes a major reallocation of resources to Guatemala or its Central American neighbors for the fight against Mexican drug cartels unlikely in the short term. Even so, key reasons for paying close attention to this issue remain.

First, the situation could destabilize rapidly if Perez Molina is sincere about confronting Mexican DTOs in Guatemala. Los Zetas have proved willing to apply their signature brutality against civilians and rivals alike in Guatemala. While the Guatemalans would be operating on their own territory and have their own significant power bases, they are neither technologically advanced nor wealthy nor unified enough to tackle the challenge posed by heavily armed, well-funded Zetas. At the very least, such a confrontation would ignite extremely destabilizing violence. This violence could extend beyond the Northern Triangle into more stable Central American countries, not to mention the possibility that violence spreading north could open up a new front in Mexico’s cartel war.

Second, the United States and Mexico already are stretched thin trying to control their shared 2,000-mile land border. U.S. counternarcotic activities in Mexico are limited by Mexican sovereignty concerns. For example, carrying weapons and operating independent of Mexican supervision is not allowed. This hampers the interdiction efforts of U.S. agencies like the DEA. The efforts also are hampered by the United States’ unwillingness to share intelligence for fear that corrupt Mexican officials would leak it.

Perez Molina’s invitation for increased U.S. participation in Guatemalan counternarcotic operations presents a possibility for U.S. involvement in a country that, like Mexico, straddles the continent. The Guatemalan choke point has a much shorter border with Mexico — about 600 miles — in need of control, and is far enough north in Central America to prevent insertion of drug traffickers into the supply chain between the blocking force and Mexico. While the United States would not be able to stop the illicit flow of cocaine and people north, it could make it significantly more difficult. And although significantly reducing traffic at the Guatemalan border would not stop the flow of the drugs to the United States, it would radically decrease the value of Central America as a trafficking corridor.

Accomplishing this would require a much more significant U.S. commitment to the drug war, and any such direct involvement would be costly both in money and political capital. Absent significant U.S. help, the current trend of increased Mexican cartel influence and violence in Central America will only worsen.

The Mexican Drug Cartel Threat in Central America is republished with permission of STRATFOR.”
0 Comment(s) / Post Comment

Thursday, October 27th 2011


Dissecting a Mexican Cartel Bombing in Monterrey

Dissecting a Mexican Cartel Bombing in Monterrey 

Will Libya Again Become the Arsenal of Terrorism?

By Scott Stewart

Early Oct. 20, a small sedan apparently filled with cartel gunmen rapidly pulled in front of a military vehicle, drawing the military patrol into a car chase in downtown Monterrey, Mexico. After a brief pursuit, the vehicle carrying the cartel gunmen turned at an intersection. As the military vehicle slowed to negotiate the turn, an improvised explosive device (IED) concealed in a parked car at the intersection detonated. The incident appears to have been intended to lure the military patrol into a designated attack zone. While the ambush did not kill any soldiers, it did cause them to break off their chase.

Though this IED ambush is interesting in itself for a number of reasons, we would like to use it as a lens to explore a deeper topic, namely, how STRATFOR analyzes a tactical incident like this.

Why We Look at an Incident

Hundreds of violent incidents take place every day worldwide, from fuel depot explosions in Sirte, Libya, to shootings in southern Thailand to grenade attacks in Nairobi, Kenya — just a few of the things that happened on a single day this week. Indeed, a typical day sees dozens of incidents in Mexico alone, from shootings and beheadings to kidnappings and cargo theft. Unless one has a method to triage such incidents, they quickly can overwhelm an analyst, dragging him or her down into the weeds struggling to understand the tactical details of every one. This can result in information overload. The details of so many incidents simply overwhelm the analyst’s ability to understand them and place them in a context that allows them to be compared to, and perhaps linked with, other incidents.

STRATFOR’s methodology for placing items in context begins with our interrelated array of net assessments and forecasts. Net assessments are high-level overviews of the significant issues driving the current behavior of nations, regions and other significant international actors. Forecasts can be drawn from these baseline assessments to predict how these actors will behave, and how that behavior will impact regional dynamics. In this way, net assessments and forecasts provide a strategic framework of understanding that can be used to help create assessments and forecasts for tactical-level items.

In the case of Mexico, we have long considered the country’s criminal cartels significant tactical-level actors, and we have established an analytical framework for understanding them. We publish this framework in the form of our annual cartel report. The higher-level framework generally shapes such tactical-level analyses, but at times the analyses can also contradict and challenge the higher-level assessments. We also maintain a regular flow of tactical analyses such as the weekly Mexico Security Memo, which serves to explain how events in Mexico fit into our analytical framework. The items we select as bullets for the second section of the Mexico Security Memo are significant and further the analytical narrative of what is happening in Mexico but do not require deeper analysis. This helps our readers cut through the clutter of the reporting from Mexico by focusing on what we find important. We also strive to eliminate the bias so prevalent in today’s media landscape. Our readers frequently tell us they find this analytical winnowing process quite valuable.

Based upon this tactical framework, we then establish intelligence guidance. This lays out tripwire events that our analysts, regional open-source monitoring team and even our on-the-ground sources are to watch for that either support or refute our forecast. (In STRATFOR’s corporate culture, challenging an assessment or forecast is one of the most important things an employee can do. This ensures we stay intellectually honest and on target. There is nothing more analytically damaging than an analyst who falls in love with his own assessment, or a team of analysts who buy into groupthink.)

When an event, or a combination of events, occurs that does not fit the analytical framework, the framework must undergo a rigorous review to ensure it remains valid. If the framework is found to be flawed, we determine if it needs to be adjusted or scrapped. Due to the rapid shifts we have seen on the ground in Mexico in the past two years in terms of arrests and deaths of major cartel leaders and the emergence of factional infighting and even new cartel groups, we have found it necessary to adjust our framework cartel report more than just annually. In 2011, for example, we have felt compelled to update the framework quarterly.

And this brings us back to our IED attack in Monterrey. When we learn of such an event, we immediately apply our analytical framework to it in an effort to determine if and how it fits. In this case, we have certainly seen previous IED attacks in Mexico and even grenade attacks in Monterrey, but not an IED attack in Monterrey, so this is clearly a geographic anomaly. While we don’t really have a new capability, or a new actor — Los Zetas were implicated in a command-detonated IED attack in January in Tula, Hidalgo state — we do have a new location in Monterrey. We also have a new tactic in using a vehicle chase to lure a military vehicle into an IED ambush. Past IED ambushes in Juarez and Tula have involved leaving a cadaver in a vehicle and reporting it to the authorities.

Some early reports of the Monterrey incident also indicated that the attack involved a vehicle-borne improvised explosive device (VBIED). If true, this would contradict our assessment that the Mexican cartels have refrained from employing large IEDs in their attacks.

Also, according to our analytical framework and the intelligence guidance we have established, Monterrey is a critical Zeta stronghold. We already have asked our tactical analysts to keep a close eye on activity there and the patterns and trends represented by that activity for indications that Los Zetas might be losing control of the city or that other cartels are establishing control there.

Because of all these factors, the Monterrey attack clearly demanded close examination.

How We Look at an Incident

Once we decide to dig into an incident and rip it apart analytically, we task our analysts and regional open-source monitors to find everything they can about the incident. At the same time, we reach out to our network of contacts to see what they can tell us. If we have employees in the city or region we will rely heavily on them, but when we do not, we contact all the relevant sources we have in an area. Depending on the location, we will also talk to our contacts in relevant foreign governments with an interest in the incident. Of course, like open-source reports, information we receive from contacts must be carefully vetted for bias and factual accuracy.

As information begins to flow in following an incident, there are almost always conflicting reports that must be reconciled. In the Monterrey case, we had reports from sources such as the Mexican newspaper El Universal saying the IED had been hidden in a vehicle parked beside the road, while The Associated Press ran a story noting that the car being pursued exploded. In some cases, news stories can even seemingly contradict themselves. In the above-mentioned AP story, the author noted that the vehicle containing the IED almost completely disintegrated, but then added that the bombing caused no other damage. It is rare that an IED large enough to disintegrate a car would cause no other damage. We have found that most journalists do not have much experience dealing with explosives or IEDs, as their reporting often reflects.

Dissecting a Mexican Cartel Bombing in Monterrey
Scene of the Oct. 20 improvised explosive device ambush in Monterrey

Such conflicting accounts highlight the importance of photographs and video when analyzing an attack. Photos and videos are no substitute for investigating the scene firsthand, but traveling to a crime scene takes time and money. Moreover, gaining the kind of crime scene access STRATFOR employees enjoyed when they worked for a government is tough. That said, an incredible amount of information can be gleaned from some decent photos and videos of a crime scene.

In the Monterrey attack, the first thing the photos and video showed us is that the vehicle containing the explosive device had not completely disintegrated. In fact, the chassis of the vehicle was mostly intact. It also appeared that the fire that followed the explosion rather than the explosion itself caused much of the damage to the vehicle. The explosive damage done to the vehicle indicated that the main charge of the IED was relatively small, most likely less than 5 pounds of military-grade high explosive. Some media reports said a fragmentation grenade thrown from the vehicle being pursued caused the explosion, but the damage to the car appeared quite a bit greater than would be expected from a hand grenade. Also, no apparent fragmentation pattern consistent with what a grenade would cause was visible in the metal of the car or on the smooth, painted walls of the auto repair shop the car had been parked near.

The lack of fragmentation damage also made it apparent that the bombmaker had not added shrapnel such as ball bearings, nails or nuts and bolts to enhance the device’s destructiveness. Also, while the repair shop’s garage door did have a hole punched through it, the hole appears to have resulted from part of the car having been propelled through it. The door does not display any significant damage or disfiguration from the blast effect. The painted walls do not either, though they do show some signs from the high heat of the explosion and resulting vehicle fire. This is another indication that the blast was fairly small. Finally, that the bulk of the significant damage to the car is in the rear end of the vehicle makes it appear that the small IED had been placed either in the vehicle’s trunk or perhaps on the vehicle’s backseat.

After analyzing such photos and video, our tactical analysts contact other experienced blast investigators and bomb technicians to get their impressions and ensure that their analysis is not off track. Like doctors, investigators frequently chat with other knowledgeable investigators to confirm their diagnoses.

Of course, the process described above is how things happen in an ideal situation. Frequently, reality intrudes on the ideal and the process can get quite messy— especially in the middle of a large ongoing situation like the 2008 Mumbai attacks. Taming the chaos that tends to reign during such a situation is difficult, and we sometimes have to skip or repeat steps of the process depending on the circumstances. We run a postmortem critique after each of these crisis events to determine what we did well and what we need to do better as we strive for excellence.

Piecing It All Together

When we looked at all the pieces of the Monterrey incident, we were able to determine that due to the location and execution of the incident, Los Zetas most likely were behind the attack. It was also clear that the device was a well-constructed, command-detonated IED and that the Mexican troops were drawn into a carefully executed ambush. From the size and construction of the device, however, it would appear the operational planner of the ambush did not intend to kill the soldiers. Had that been the objective, more explosives would have been used in the IED. (Commercial explosives are cheap and plentiful in Mexico.) Alternatively, the same smaller quantity of explosives could have been fashioned into an improvised claymore mine-type device intended to hurl shrapnel at the military patrol — something likely well within the skill set of a bombmaker capable of building and employing an effective command-detonated IED.

The small explosive charge and lack of fragmentation, then, indicates the ambush was intended more to send a message than to cause a massacre. The Mexican cartels have a history of kidnapping, torturing, and murdering Mexican military personnel, so they normally are not squeamish about killing them. This brings us back to our analysis regarding the cartels’ use of IEDs, and our conclusion that the Mexican cartels have intentionally chosen to limit the size of explosive devices they employ in Mexico.

This incident may also be consistent with our analysis that Los Zetas are feeling pressured by the increased military presence in Mexico’s northeast. The message this incident may have been intended to convey is that the military needs to back off. At the very least, at the very lowest tactical level, it will certainly give the Mexican military second thoughts the next time they consider pursuing apparent cartel vehicles in Zeta territory.

"Dissecting a Mexican Cartel Bombing in Monterrey is republished with permission of STRATFOR."
0 Comment(s) / Post Comment

Thursday, August 11th 2011


Situational Awareness: How Everyday Citizens Can Help Make a Nation Safe

Situational Awareness: How Everyday Citizens Can Help Make a Nation Safe

By Scott Stewart                                                            

Last week’s Security Weekly discussed the important role that grassroots defenders practicing situational awareness play in defending against terrorist attacks by individuals and small cells, what we refer to as grassroots militants. Anyone who reads STRATFOR’s security and terrorism material for any length of time will notice that we frequently mention the importance of situational awareness. The reason we do so, quite simply, is that it works. Situational awareness is effective in allowing people to see potential threats before — and as — they develop. This allows potential victims to take proactive measures to avoid a perceived threat, and it enables them or other observers to alert authorities.

While threats can emanate from a number of very different sources, it is important to recognize that terrorist attacks — and other criminal acts, for that matter — do not materialize out of thin air. In fact, quite the opposite is true. Terrorists and other criminals follow a process when planning their actions, and this process has several distinct steps. The process has traditionally been referred to as the “terrorist attack cycle,” but if you look at the issue thoughtfully, it becomes apparent that the same steps apply to nearly all crimes. Of course, the steps in a complex crime like a kidnapping or car bombing are far more involved than the steps in a simple crime such as purse-snatching or shoplifting, where the steps can be completed quite rapidly. Nevertheless, the same general steps are usually followed.

People planning attacks are vulnerable to detection during various phases of this process, and observant people can often spot such attacks developing. Therefore, situational awareness serves as one of the key building blocks of effective personal security, and when practiced collectively, national security. Since situational awareness is so important, we thought it would be helpful to once again discuss the subject in detail and provide a guide that can help describe what situational awareness is and explain how it can be practiced at a relaxed, sustainable level.


First and foremost, it needs to be noted that being aware of your surroundings and identifying potential threats and dangerous situations is more of a mindset than a hard skill. Because of this, situational awareness is not something so complex and difficult that only highly trained government agents or specialized corporate security countersurveillance teams can practice it. Indeed, situational awareness can be exercised by anyone with the will and the discipline to do so.

An important element of adopting the mindset required to practice situational awareness is to first recognize that threats exist. Ignorance or denial of a threat — or completely tuning out one’s surroundings while in a public place — makes a person’s chances of quickly recognizing the threat and avoiding it slim to none. This is why apathy, denial and complacency can be (and often are) deadly. A second important element is understanding the need to take responsibility for one’s own security. The resources of all governments are finite and the authorities simply cannot be everywhere and cannot stop every criminal act. The same principle applies to private security at businesses or other institutions, such as places of worship. Therefore, people need to look out for themselves and their neighbors.

Another important facet of this mindset is learning to trust your “gut” or intuition. Many times a person’s subconscious can notice subtle signs of danger that the conscious mind has difficulty quantifying or articulating. Many people who are victimized frequently experience such feelings of danger prior to an incident but choose to ignore them. People who heed such perceptions are seldom caught off guard.

Levels of Awareness

People typically operate on five distinct levels of awareness. There are many ways to describe these levels (“Cooper’s colors,” for example, is a system frequently used in law enforcement and military training). But perhaps the most effective way to illustrate the differences between the various levels of awareness is to compare them to the distinct degrees of attention we practice while driving. For our purposes here we will refer to the five levels of awareness as “tuned out,” “relaxed awareness,” “focused awareness,” “high alert” and “comatose.”

Practicing Effective Situational Awareness

The first level, tuned out, is the state of awareness a person exercises when he or she is driving in a very familiar environment or is engrossed in thought, a daydream, a song on the radio or even the kids fighting in the backseat. Increasingly, cellphone calls and texting are also causing people to tune out while they drive. Have you ever gotten into the car and arrived somewhere without even really thinking about your drive there? If so, then you’ve experienced being tuned out.

The second level of awareness, relaxed awareness, is comparable to defensive driving. This is a state in which you are relaxed but are also watching the other cars on the road and are looking well ahead for potential road hazards. If another driver looks as though he may not stop at the intersection ahead, you tap your brakes to slow your car in case he does not. Defensive driving does not make you weary, and you can drive this way for a long time if you have the discipline to keep yourself at this level, but it is very easy to slip into the tuned-out mode. If you are practicing defensive driving you can still enjoy the trip, look at the scenery and listen to the radio, but you do not allow yourself to get so engrossed in those distractions that they exclude everything else. You are relaxed and enjoying your drive, but you are still watching for road hazards, maintaining a safe following distance and keeping an eye on the behavior of the drivers around you.

The next level, focused awareness, is like driving in hazardous road conditions. You need to practice this level of awareness when you are driving on icy or slushy roads, or when the roads are infested with potholes and erratic drivers that exist in many Third World countries. When you are driving in such an environment, you need to keep two hands on the wheel at all times and have your attention totally focused on the road and the other drivers. You don’t dare take your eyes off the road or let your attention wander. There is no time for cellphone calls or other distractions. The level of concentration required for this type of driving makes it extremely tiring and stressful. A drive that you normally would not think twice about will totally exhaust you under these conditions because it demands your prolonged and total concentration.

The fourth level of awareness is high alert. This is the level that induces an adrenaline rush, a prayer and a gasp for air all at the same time — “Watch out! There’s a cow in the road! Hit the brakes!” This also happens when that car you are watching doesn’t stop at the stop sign and pulls out right in front of you. High alert can be scary, but at this level you are still able to function and quickly respond to danger. You can hit your brakes and keep your car under control. In fact, the adrenaline rush you get at this stage sometimes even aids your reflexes. But the human body can tolerate only short periods of high alert before becoming physically and mentally exhausted.

The last level of awareness, comatose, is what happens when you literally freeze at the wheel and cannot respond to stimuli, either because you have fallen asleep or, at the other end of the spectrum, because you are petrified from panic. It is this panic-induced paralysis that concerns us most in relation to situational awareness. The comatose level of awareness — or perhaps more accurately, lack of awareness — occurs when a person goes into shock, his or her brain ceases to process information and the person simply cannot react to the reality of the situation. Often when this happens, a person can go into denial, believing that “this can’t be happening to me,” or the person can feel as though he or she is observing rather than actually participating in the event. Often, the passage of time will seem to grind to a halt. Crime victims frequently report experiencing this sensation and being unable to act or react during an unfolding crime.

Finding the Right Level

Now that we’ve discussed the different levels of awareness, let’s focus on identifying what level is ideal at a given time. The body and mind both require rest, so we have to spend several hours each day at the comatose level while asleep. When we are sitting at our homes watching a movie or reading a book, it is perfectly fine to operate in the tuned-out mode. However, some people will attempt to maintain the tuned-out mode in decidedly inappropriate environments (e.g., when they are out on the street at night in a Third World barrio), or they will maintain a mindset wherein they deny that criminals can victimize them. “That couldn’t happen to me, so there’s no need to watch for it.” They are tuned out.

Some people are so tuned out as they go through life that they miss even blatant signs of pending criminal activity directed specifically at them. People can also be tuned out due to intoxication or exhaustion. It is not at all unusual to see some very tuned-out people emerge from airports after long, transoceanic flights. Criminals also frequently prey on intoxicated people.

If you are tuned out while you are driving and something happens — for instance, a child runs out into the road or a car stops quickly in front of you — you will not see the problem coming. This usually means that you either do not see the hazard in time to avoid it and you hit it, or you totally panic and cannot react to it — neither is good. These reactions (or lack of reactions) occur because it is very difficult to change mental states quickly, especially when the adjustment requires moving several steps, such as from tuned out to high alert. It is like trying to shift your car directly from first gear into fifth and it shudders and stalls.

Many times, when people are forced to make this mental jump and they panic and stall, they go into shock and will actually freeze and be unable to take any action — they go comatose. This happens not only when a person is driving but also when a criminal catches someone totally unaware and unprepared. While training does help people move up and down the awareness continuum, it is difficult for even highly trained individuals to transition from tuned out to high alert. This is why police officers, federal agents and military personnel receive so much training on situational awareness.

It is critical to stress that situational awareness does not mean being paranoid or obsessively concerned about your security. It does not mean living with the irrational expectation that there is a dangerous criminal lurking behind every bush. In fact, people simply cannot operate in a state of focused awareness for extended periods, and high alert can be maintained only for very brief periods before exhaustion sets in. The “fight or flight” response can be very helpful if it can be controlled. When it gets out of control, however, a constant stream of adrenaline and stress is simply not healthy for the body or the mind. When people are constantly paranoid, they become mentally and physically burned out. Not only is this dangerous to physical and mental health, but security also suffers because it is very hard to be aware of your surroundings when you are a complete basket case. Therefore, operating constantly in a state of high alert is not the answer, nor is operating for prolonged periods in a state of focused alert, which can also be overly demanding and completely enervating. This is the process that results in alert fatigue. People, even highly skilled operators, require time to rest and recover.

Because of this, the basic level of situational awareness that should be practiced most of the time is relaxed awareness, a state of mind that can be maintained indefinitely without all the stress and fatigue associated with focused awareness or high alert. Relaxed awareness is not tiring, and it allows you to enjoy life while rewarding you with an effective level of personal security. When you are in an area where there is potential danger (which is almost anywhere), you should go through most of your day in a state of relaxed awareness. Then if you spot something out of the ordinary that could be a threat, you can “dial yourself up” to a state of focused awareness and take a careful look at that potential threat — and also look for other threats in the area.

If the potential threat proves innocuous or is simply a false alarm, you can dial yourself back down into relaxed awareness and continue on your way. If, on the other hand, you look and determine that the potential threat is a probable threat, seeing it in advance allows you to take actions to avoid it. You may never need to elevate to high alert, since you have avoided the problem at an early stage. However, once you are in a state of focused awareness you are far better prepared to handle the jump to high alert if the threat does change from potential to actual — if the three suspicious-looking guys lurking on the corner do start coming toward you and look as if they are reaching for weapons. The chances that you will go comatose are far less if you jump from focused awareness to high alert than if you are caught by surprise and your mind is forced to go into high alert from tuned out. An illustration of this would be the difference between a car making a sudden stop in front of a driver who is practicing defensive driving and a car making a sudden stop in front of a driver who is sending a text message.

Of course, if you know that you must go into an area that is very dangerous, you should dial yourself up to focused awareness when you are in that area. For example, if there is a specific section of highway where a lot of improvised explosive devices detonate and ambushes occur, or if there is a part of a city that is controlled (and patrolled) by criminal gangs — and you cannot avoid these danger areas for whatever reason — it would be prudent to heighten your level of awareness when you are in those areas. An increased level of awareness also is prudent when engaging in common or everyday tasks, such as visiting an ATM or walking to the car in a dark parking lot. The seemingly trivial nature of these common tasks can make it all too easy to go on autopilot and thus expose yourself to avoidable threats. When the time of potential danger has passed, you can then go back to a state of relaxed awareness.

Clearly, few of us are living in the type of intense threat environment currently found in places like Mogadishu, Juarez or Kandahar. Nonetheless, average citizens all over the world face many different kinds of threats from a variety of criminal actors on a daily basis, from common thieves and assailants to militants planning terrorist attacks. Situational awareness can and does help individuals protect themselves in any environment. When practiced corporately, it can also prevent terrorist acts intended to shock and destabilize an entire society.

0 Comment(s) / Post Comment

Thursday, July 28th 2011


Norway: Lessons from a Successful Lone Wolf Attacker

Norway: Lessons from a Successful Lone Wolf Attacker July 28, 2011

By Scott Stewart 

On the afternoon of July 22, a powerful explosion ripped through the streets of Oslo, Norway, as a large improvised explosive device (IED) in a rented van detonated between the government building housing the prime minister’s office and Norway’s Oil and Energy Department building. According to the diary of Anders Breivik, the man arrested in the case who has confessed to fabricating and placing the device, the van had been filled with 950 kilograms (about 2,100 pounds) of homemade ammonium nitrate-based explosives.

After lighting the fuse on his IED, Breivik left the scene in a rented car and traveled to the island of Utoya, located about 32 kilometers (20 miles) outside of Oslo. The island was the site of a youth campout organized by Norway’s ruling Labor Party. Before taking a boat to the island, Breivik donned body armor and tactical gear bearing police insignia (intended to afford him the element of tactical surprise). Once on the island he opened fire on the attendees at the youth camp with his firearms, a semiautomatic 5.56-caliber Ruger Mini-14 rifle and a 9 mm Glock pistol. Due to the location of the camp on a remote island, Breivik had time to kill 68 people and wound another 60 before police responded to the scene.

Shortly before the attack, Breivik posted a manifesto on the Internet that includes his lengthy operational diary. He wrote the diary in English under the Anglicized pen name Andrew Berwick, though a careful reading shows he also posted his true identity in the document. The document also shows that he was a lone wolf attacker who conducted his assault specifically against the Labor Party’s current and future leadership. Breivik targeted the Labor Party because of his belief that the party is Marxist-oriented and is responsible for encouraging multiculturalism, Muslim immigration into Norway and, acting with other similar European governments, the coming destruction of European culture. Although the Labor Party members are members of his own race, he considers them traitors and holds them in more contempt than he does Muslims. In fact, in the manifesto, Breivik urged others not to target Muslims because it would elicit sympathy for them.

Breivik put most of his time and effort into the creation of the vehicle-borne IED (VBIED) that he used to attack his primary target, the current government, which is housed in the government building. It appears that he believed the device would be sufficient to destroy that building. It was indeed a powerful device, but the explosion killed only eight people. This was because the device did not bring down the building as Breivik had planned and many of the government employees who normally work in the area were on summer break. In the end, the government building was damaged but not destroyed in the attack, and no senior government officials were killed. Most of the deaths occurred at the youth camp, which Breivik described as his secondary target.

While Breivik’s manifesto indicated he planned and executed the attack as a lone wolf, it also suggests that he is part of a larger organization that he calls the “Pauperes Commilitones Christi Templique Solomonici (PCCTS, also known as the Knights Templar,) which seeks to encourage other lone wolves (which Brevik refers to as “Justiciar Knights”) and small cells in other parts of Europe to carry out a plan to “save” Europe and European culture from destruction.

Because of the possibility that there are other self-appointed Justiciar Knights in Norway or in other parts of Europe and that Breivik’s actions, ideology and manifesto could spawn copycats, we thought it useful to examine the Justiciar Knights concept as Breivik explains it to see how it fits into lone wolf theory and how similar actors might be detected in the future.

An Opening Salvo?

From reading his manifesto, it is clear that Breivik, much like Oklahoma City bomber Timothy McVeigh, believes that his attack is the opening salvo in a wider campaign, in this case to liberate Europeans from what Breivik views as malevolent, Marxist-oriented governments. These beliefs are what drove Breivik to attack the Norwegian Labor Party. As noted above, it is also clear that Breivik planned and executed his attack alone.

However, he also discusses how he was radicalized and influenced by a Serbian living in Liberia whom he visited there. And Breivik claims to have attended a meeting in London in 2002 to “re-found the Knights Templar.” This organization, PCCTS, which was founded in 2002, is not related to the much older official and public chivalric order also known as the Knights Templar. According to Breivik, the PCCTS was formed with the stated purpose of fighting back against “European Jihad” and to defend the “free indigenous peoples of Europe.” To achieve this goal, the PCCTS would implement a three-phase plan designed to seize political and military power in Europe. In his manifesto Breivik outlines the plan as follows:

  • Phase 1 (1999-2030): Cell-based shock attacks, sabotage attacks, etc.
  • Phase 2 (2030-2070): Same as above but bigger cells/networks, armed militias.
  • Phase 3 (2070-2100): Pan-European coup d’etats, deportation of Muslims and execution of traitors.

As outlined in Breivik’s manifesto, the 2002 meeting was attended by seven other individuals, two from England and one each from France, Germany, the Netherlands, Greece and Russia. He also asserts that the organization has members from Serbia (his contact living in Liberia), Sweden, Belgium and the United States who were unable to attend the meeting. Brevik states that all the members of the PCCTS were given code names for security, that his code name was “Sigurd,” and that he was mentored by a member with the code name “Richard the Lionhearted” (presumably a Briton). Breivik claims that after meeting these individuals via the Internet he was carefully vetted before being allowed to join the group.

The diary section of Breivik’s manifesto reveals that during the planning process for the attack Breivik traveled to Prague to obtain firearms and grenades from Balkan organized-crime groups there (he had hoped to obtain a fully-automatic AK-47). Breivik was not able to procure weapons in Prague and instead was forced to use weapons he was able to obtain in Norway by legal means. It is interesting that he did not contact the Serbian member of the PCCTS for assistance in making contact with Balkan arms dealers. Breivik’s lawyer told the media July 26 that although Breivik acted alone in conducting his attack, he had been in contact with two terror cells in Norway and other cells abroad. Certainly, Norway and its partners in EUROPOL and the United States will try to identify these other individuals, if they do in fact exist.

In phase one of the PCCTS plan, shock attacks were to be carried out by individuals operating as lone wolves or small cells of Breivik’s so-called Justiciar Knights, which are self-appointed guardians who decide to follow the PCCTS code outlined in Breivik’s manifesto and who are granted the authority to act as “a judge, jury and executioner until the free, indigenous peoples of Europe are no longer threatened by cultural genocide, subject to cultural Marxist/Islamic tyranny or territorial or existential threats through Islamic demographic warfare.”

Breivik’s manifesto notes that he does not know how many Justiciar Knights there are in Western Europe but estimates their number to be from 15 to 80. It is unclear if this is a delusion on his part and there are no other Justiciar Knights or if Breivik has some factual basis for his belief that there are more individuals like him planning attacks.

While some observers have noted that the idea of Justiciar Knights operating as lone wolves and in small cells is similar to the calls in recent years for grassroots jihadists to adopt lone wolf tactics, it is important to understand that leaderless resistance has been a central theme of white supremacist groups in the United States since the early 1990s. While Breivik did not express any anti-Semitism in his manifesto (something he has been heavily criticized for on U.S. anti-Semitic websites), clearly the anti-immigration and anti-Marxist ideology of the PCCTS has been influenced more by white hate groups than by al Qaeda.

Moreover, the concept of a self-identified Justiciar Knight is quite similar to the idea of a “Phineas Priest” in the leaderless resistance model propagated by some white supremacists in the United States who adhere to “Christian Identity” ideology. In this model, Phineas Priests see themselves as lone wolf militants chosen by God and set apart to be his “agents of vengeance” upon the earth. Phineas Priests also believe that their attacks will serve to ignite a wider “racial holy war” that will ultimately lead to the salvation of the white race.

Leaderless resistance has also been advocated by militant anarchists as well as animal rights and environmentalist activists who belong to such groups as the Animal Liberation Front and the Earth Liberation Front. So it is not correct to think of leaderless resistance merely as a jihadist construct — it has long been used by a variety of militant actors.

Lone Wolf Challenges

One of the great strengths of our enemies, the Western European cultural Marxist/multiculturalist regimes is their vast resources and their advanced investigation/forensic capabilities. There are thousands of video cameras all over European major cities and you will always risk leaving behind dna, finger prints, witnesses or other evidence that will eventually lead to your arrest. They are overwhelmingly superior in almost every aspect. But every 7 headed monster has an Achilles heel. This Achilles heel is their vulnerability against single/duo martyr cells. — Anders Breivik

As STRATFOR has long discussed, the lone wolf operational model presents a number of challenges for law enforcement, intelligence and security officers. The primary challenge is that, by definition, lone wolves are solitary actors and it can be very difficult to determine their intentions before they act because they do not work with anyone else. When militants are operating in a cell consisting of more than one person, there is a larger chance that one of them will get cold feet and reveal the plot to authorities, that law enforcement and intelligence personnel will intercept a communication between conspirators, or that the authorities will be able to insert an informant into the group.

This ability to fly solo and under the radar of law enforcement has meant that some lone wolf militants such as Joseph Paul Franklin, Theodore Kaczynski and Eric Rudolph were able to operate for years before being identified and captured. Indeed, from Breivik’s diary, we know he took several years to plan and execute his attack without detection.

As the Breivik case illustrates, lone wolves also pose problems because they can come from a variety of backgrounds with a wide range of motivations. While some lone wolves are politically motivated, others are religiously motivated and some are mentally unstable.

In addition to the wide spectrum of ideologies and motivations among lone wolves, there is also the issue of geographic dispersal. As we’ve seen from past cases, their plots and attacks have occurred in many different locations and are not confined just to Manhattan, London or Washington. Lone wolf attacks can occur anywhere.

Furthermore, it is extremely difficult to differentiate between those extremists who intend to commit attacks from those who simply preach hate or hold radical beliefs (things that are not in themselves illegal in many countries). Therefore, to single out likely lone wolves before they strike, authorities must spend a great deal of time and resources looking at individuals who might be moving from radical beliefs to radical actions. This is a daunting task given the large universe of potential suspects.


In spite of the challenges presented by lone wolf operatives, they are vulnerable to detection at several different stages of their attack cycle. One of these vulnerabilities comes during the planning stage when weapons are acquired. From reading Breivik’s diary, it is clear that he felt exposed as he tried to purchase the chemicals he needed to build his IED. Because of this vulnerability, Breivik created an extensive cover story that included renting a farm in order to explain his purchase of a large quantity of ammonium nitrate fertilizer. The farm also provided a private, spacious place for him to construct his IED.

Breivik also exposed himself to potential detection when he traveled to Prague to attempt to purchase weapons. One of the criminals he contacted could have turned him in to authorities. (In June 2011 we saw a jihadist cell in Seattle detected and arrested while attempting to buy guns from a criminal acquaintance. Another small cell was arrested in New York in May 2011, also while attempting to obtain weapons.) Even if Breivik had succeeded in purchasing weapons in Prague, he would still have been vulnerable as he smuggled the weapons back into Norway in his car (though it is important to remember that EU countries have open borders so security checks would not have been too stringent).

Breivik also exposed himself to detection as he conducted surveillance on his targets. Interestingly, in his diary, Breivik goes into excruciating detail discussing how he manufactured his device based on information he was able to obtain from the Internet, but he mentions very little about how he selected specific targets or how he conducted surveillance on them. He mentions only that he visited the sites and programmed the locations into his GPS. He also discusses using a video camera to record his attack but does not mention if he used still or video cameras in his target surveillance. How Breivik specifically chose his targets and how he conducted surveillance on them will be important for the Norwegian authorities to examine.

Finally, Breivik mentions several times in his diary that the steps he was taking would be far more difficult if he were a foreign-born Muslim instead of a Caucasian Norwegian. This underscores a problem we have discussed with profiling suspects based on their ethnicity or nationality. In an environment where potential threats are hard to identify, it is doubly important to profile individuals based on their behavior rather than their ethnicity or nationality — what we refer to as focusing on the “how” rather than the “who.”

Not All Lone Wolves are Equal

Finally, in the Breivik case we need to recognize that Norwegian authorities were dealing with a very capable lone wolf operator. While lone wolf theory has been propagated for many years now, there have been relatively few successful lone wolf attacks. This is because it takes a special individual to be a successful lone wolf assailant. Unlike many lone wolves, Breivik demonstrated that he possessed the intelligence and discipline to plan and carry out an attack that spanned several years of preparation. For example, he joined a pistol club in 2005 just in case he ever needed to buy a gun through legal means in Norway, and was able to rely on that alternate plan when his efforts to purchase firearms in Prague failed. Breivik was also driven, detail-oriented and meticulous in his planning. His diary documents that he was also extremely patient and careful during the dangerous trial-and-error process of manufacturing explosives.

It is rare to find a lone wolf militant who possesses all those traits, and Breivik stands in stark contrast to other European grassroots operatives like Nick Reilly or Bilal Abdullah and Kafeel Ahmed, who made amateurish attempts at attacks. Breivik appears to have been a hard worker who claims to have amassed some 500,000 euros by working a variety of jobs and selling a communications company. After some unsuccessful speculation on the stock market he still had enough money and credit to rent the farm and the vehicles he used in the attack and to buy the required bomb components, weapons and body armor. In his diary he says that he began his two tasks — writing the manifesto and conducting the attack — with a war chest of 250,000 euros and several credit cards.

Breivik also is somewhat unique in that he did not attempt to escape after his attacks or become a martyr by his own hand or that of the authorities. Instead, as outlined in his manifesto, he sought to be tried so that he could turn his trial into a grandstand for promoting his ideology beyond what he did with his manifesto and video. He was willing to risk a long prison sentence in order to communicate his principles to the public. This means that the authorities have to be concerned not only about other existing Justiciar Knights but also anyone who may be influenced by Breivik’s message and follow his example.

There is also the possibility that individuals who do not adhere to Breivik’s ideology will seek to exploit the loopholes and security lapses highlighted by this incident to conduct their own attacks. Breivik’s diary provides a detailed step-by-step guide to manufacturing a successful VBIED, and the authorities will be scrutinizing it carefully to address the vulnerabilities Breivik exposed before those instructions can be used again.

"Norway: Lessons from a Successful Lone Wolf Attacker is republished with permission of STRATFOR."

0 Comment(s) / Post Comment

Saturday, July 23rd 2011


Rupert Murdoch Pie Attack Thwarted

0 Comment(s) / Post Comment

Thursday, June 2nd 2011


Protective Intelligence Lessons from an Ambush in Mexico

Protective Intelligence Lessons from an Ambush in Mexico

June 2, 2011

By Scott Stewart

On the afternoon of May 27, a convoy transporting a large number of heavily armed gunmen was ambushed on Mexican Highway 15 near Ruiz, Nayarit state, on Mexico’s Pacific coast. When authorities responded they found 28 dead gunmen and another four wounded, one of whom would later die, bringing the death toll to 29. This is a significant number of dead for one incident, even in Mexico.

According to Nayarit state Attorney General Oscar Herrera Lopez, the gunmen ambushed were members of Los Zetas, a Mexican drug cartel. Herrera noted that most of the victims were from Mexico’s Gulf coast, but there were also some Guatemalans mixed into the group, including one of the wounded survivors. While Los Zetas are predominately based on the Gulf coast, they have been working to provide armed support to allied groups, such as the Cartel Pacifico Sur (CPS), a faction of the former Beltran Leyva Organization that is currently battling the Sinaloa Federation and other cartels for control of the lucrative smuggling routes along the Pacific coast. In much the same way, Sinaloa is working with the Gulf cartel to go after Los Zetas in Mexico’s northeast while protecting and expanding its home turf. If the victims in the Ruiz ambush were Zetas, then the Sinaloa Federation was likely the organization that planned and executed this very successful ambush.

Protective Intelligence Lessons from an Ambush in Mexico
(click here to enlarge image)

Photos from the scene show that the purported Zeta convoy consisted of several pickup trucks and sport utility vehicles (two of which were armored). The front right wheel on one of the armored vehicles, a Ford Expedition, had been completely blown off. With no evidence of a crater in the road indicating that the damage had been caused by a mine or improvised explosive device (IED), it would appear that the vehicle was struck and disabled by a well-placed shot from something like a rocket-propelled grenade (RPG) or M72 LAW rocket, both of which have been seen in cartel arsenals. Photos also show at least one heavy-duty cattle-style truck with an open cargo compartment that appears to have been used as a troop transport. Many of the victims died in the vehicles they were traveling in, including a large group in the back of the cattle truck, indicating that they did not have time to react and dismount before being killed.

Unlike many other incidents we have examined, such as the ambush by CPS and Los Zetas against a Sinaloa Federation convoy on July 1, 2010, near Tubutama, Sonora state, the vehicles involved in this incident did not appear to bear any markings identifying them as belonging to any one cartel. In the Tubutama incident, the vehicles were all marked with large, highly visible “X”s on the front, back and side windows to denote that they were Sinaloa vehicles.

Most of the victims were wearing matching uniforms (what appear to be the current U.S. Marine Corps camouflage pattern) and black boots. Many also wore matching black ballistic vests and what appear to be U.S.-style Kevlar helmets painted black. From the photos, it appears that the victims were carrying a variety of AR-15-variant rifles. Despite the thousands of spent shell casings recovered from the scene, authorities reportedly found only six rifles and one pistol. This would seem to indicate that the ambush team swept the site and grabbed most of the weapons that may have been carried by the victims.

Guns may not have been the only things grabbed. A convoy of this size could have been dispatched by Los Zetas and CPS on a military raid into hostile Sinaloa territory, but there is also a possibility that the gunmen were guarding a significant shipment of CPS narcotics passing through hostile territory. If that was the case, the reason for the ambush may have been not only to kill the gunmen but also to steal a large shipment, which would hurt the CPS and could be resold by Sinaloa at a substantial profit.

Whether the objective of the ambush was simply to trap and kill a Zeta military team conducting a raid or to steal a high-value load of narcotics, a look at this incident from a protective intelligence point of view provides many lessons for security professionals operating in Mexico and elsewhere.

Lesson One: Size Isn’t Everything

Assuming that most of the 29 dead and three wounded gunmen were Zetas, and that most of the 14 vehicles recovered at the scene also belonged to the convoy that was attacked, it would appear that the group believed it was big enough to travel without being attacked, but, as the old saying goes, pride goeth before destruction.

In an environment where drug cartels can mass dozens of gunmen and arm them with powerful weapons like machine guns, .50-caliber sniper rifles, grenades and RPGs, there is no such thing as a force that is too big to be ambushed. And that is not even accounting for ambushes involving explosives. As evidenced by events in places like Iraq and Afghanistan, even convoys of heavily armored military vehicles can be ambushed using large IEDs and smaller, sophisticated explosive devices like explosively formed projectiles.

There are people in both the private and public sectors who cling to the erroneous assumption that the mere presence of armed bodyguards provides absolute security. But this is simply not true, and such a misconception often proves deadly. Indeed, there are very few protective details in all of Mexico that employ more than two dozen agents for a motorcade movement — most are smaller and less well-equipped than the Zeta force that was destroyed May 27. Most protective details do not wear heavy raid vests and Kevlar helmets. This means that government and private-sector protective details in Mexico cannot depend on their size alone to protect them from attack — especially if the attackers are given free rein to conduct surveillance and plan their ambush.

In an environment where the threat is so acute, security managers must rely on more than just big men carrying guns. The real counter to such a threat is a protective detail that practices a heightened state of situational awareness and employs a robust surveillance-detection/countersurveillance program coupled with careful route and schedule analysis.

Indeed, many people — including police and executive protection personnel — either lack or fail to employ good observation skills. These skills are every bit as important as marksmanship (if not more) but are rarely taught or put into practice. Additionally, even if a protection agent observes something unusual, in many cases there is no system in place to record these observations and no efficient way to communicate them or to compare them to the observations of others. There is often no process to investigate such observations in attempt to determine if they are indicators of something sinister.

In order to provide effective security in such a high-threat environment, routes and traveling times must be varied, surveillance must be looked for and those conducting surveillance must not be afforded the opportunity to operate at will. In many cases it is also far more prudent to maintain a low profile and fade into the background rather than utilize a high-profile protective detail that screams “I have money.” Suspicious events must be catalogued and investigated. Emphasis must also be placed on attack recognition and driver training to provide every possibility of spotting a pending attack and avoiding it before it can be successfully launched. Proper training also includes immediate action drills in the event of an attack and practicing what to do in the event of an ambush.

Action is always faster than reaction. And even a highly skilled protection team can be defeated if the attacker gains the tactical element of surprise — especially if coupled with overwhelming firepower. If assailants are able to freely conduct surveillance and plan an attack, they can look for and exploit vulnerabilities, and this leads us to lesson two.

Lesson Two: Armored Vehicles Are Vulnerable

Armored vehicles are no guarantee of protection in and of themselves. In fact, like the presence of armed bodyguards, the use of armored vehicles can actually lead to a false sense of security if those using them do not employ the other measures noted above.

If assailants are given the opportunity to thoroughly assess the protective security program, they will plan ways to defeat the security measures in place, such as the use of an armored vehicle. If they choose to attack a heavy target like the Los Zetas convoy, they will do so with adequate resources to overcome those security measures. If there are protective agents, the attackers will plan to neutralize them first. If there is an armored vehicle, they will find ways to defeat the armor — something easily accomplished with the RPGs, LAW rockets and .50-caliber weapons found in the arsenals of Mexican cartels. The photographs and video of the armored Ford Excursion that was disabled by having its front right wheel blown off in the Ruiz ambush remind us of this. Even the run-flat tires installed on many armored vehicles will not do much good if the entire wheel has been blown off by an anti-tank weapon.

Armored vehicles are designed to protect occupants from an initial attack and to give them a chance to escape from the attack zone. It is important to remember that even the heaviest armored vehicles on the market do not provide a mobile safe-haven in which one can merely sit at the attack site and wait out an attack. If assailants know their target is using an armored vehicle, they will bring sufficient firepower to bear to achieve their goals. This means that if the driver freezes or allows his vehicle to somehow get trapped and does not “get off the X,” as the attack site is known in the protection business, the assailants can essentially do whatever they please.

It is also important to recognize that high-profile armored vehicles are valued by the cartels, and the types of vehicles usually armored generally tend to be the types of vehicles the cartels target for theft. This means that the vehicle you are riding in can make you a target for criminals.

While armored vehicles are valuable additions to the security toolbox, their utility is greatly reduced if they are not being operated by a properly trained driver. Good tactical driving skills, heightened situational awareness and attack recognition are the elements that permit a driver to get the vehicle off the X and to safety.

Lesson Three: Protect Your Schedule

Even for an organization as large and sophisticated as the Sinaloa Federation, planning and executing an operation like the Ruiz ambush took considerable time and thought. An ambush site needed to be selected and gunmen needed to be identified, assembled, armed, briefed and placed into position. Planning that type of major military operation also requires good, actionable intelligence. The planner needed to know the size of the Zeta convoy, the types of vehicles it had and its route and time of travel.

The fact that Los Zetas felt comfortable running that large a convoy in broad daylight demonstrates that they might have taken some precautionary measures, such as deploying scouts ahead of the convoy to spot checkpoints being maintained by Mexican authorities or a competing cartel. It is highly likely that they consulted with their compromised Mexican government sources in the area to make sure that they had the latest intelligence about the deployment of government forces along the route.

But the route of the Zeta convoy must have been betrayed in some way. This could have been due to a pattern they had established and maintained for such convoys, or perhaps even a human source inside the CPS, Los Zetas or Mexican government. There was also an unconfirmed media report that Los Zetas may have had a base camp near the area where the ambush occurred. If that is true, and if the Sinaloa Federation learned the location of the camp, they could have planned the ambush accordingly — just as criminals can use the known location of a target’s home or office to plan an attack.

If an assailant has a protectee’s schedule, it not only helps in planning an attack but it also greatly reduces the need of the assailant to conduct surveillance — and potentially expose himself to detection. For security managers, this is a reminder not only that routes and times must be varied but that schedules must be carefully protected from compromise.

While the Ruiz ambush involved cartel-on-cartel violence, security managers in the private and public sectors would be well-served to heed the lessons outlined above to help protect their personnel who find themselves in the middle of Mexico’s cartel war.

"Protective Intelligence Lessons from an Ambush in Mexico is republished with permission of STRATFOR."

0 Comment(s) / Post Comment

Thursday, May 12th 2011


Sykes Group - It's what we do!

Sykes Group - It's what we do!        www.sykesgroups.com

"Failure Is Not An Option"



0 Comment(s) / Post Comment

Wednesday, May 11th 2011


A Look at Kidnapping through the Lens of Protective Intelligence

By Scott Stewart

Looking at the world from a protective-intelligence perspective, the theme for the past week has not been improvised explosive devices or potential mass-casualty attacks. While there have been suicide bombings in Afghanistan, alleged threats to the World Cup and seemingly endless post-mortem discussions of the failed May 1 Times Square attack, one recurring and under-reported theme in a number of regions around the world has been kidnapping.

For example, in Heidenheim, Germany, Maria Boegerl, the wife of German banker Thomas Boegerl, was reportedly kidnapped from her home May 12. The kidnappers issued a ransom demand to the family and an amount was agreed upon. Mr. Boegerl placed the ransom payment at the arranged location, but the kidnappers never picked up the money (perhaps suspecting or detecting police involvement). The family has lost contact with the kidnappers, and fear for Mrs. Boegerl’s fate has caused German authorities to launch a massive search operation, which has included hundreds of searchers along with dogs, helicopters and divers.

Two days after the Boegerl kidnapping, al Qaeda in the Islamic Maghreb (AQIM) posted a message on the Internet claiming to have custody of French citizen Michel Germaneau, a retired engineer who had previously worked in Algeria’s petroleum sector. Germaneau was reportedly kidnapped April 22, in northern Niger, close to the border with Mali and Algeria. The AQIM video contained a photo of Germaneau and of his identification card. The group demanded a prisoner exchange and said that French President Nicolas Sarkozy would be responsible for the captive’s well-being.

Also on May 14, Diego Fernandez de Cevallos, a high-profile attorney and former presidential candidate, was kidnapped near his ranch in the Mexican state of Queretaro. Fernandez had left his home in Mexico City to drive to his ranch but never arrived. His vehicle was found abandoned near the ranch on Saturday morning and the vehicle reportedly showed signs of a struggle. It is not known who kidnapped Fernandez or what the motivation for the kidnapping was.

At the moment a kidnapping occurs, the abduction team usually has achieved tactical surprise and usually employs overwhelming force. To the previously unsuspecting victim, the abductors seemingly appear out of nowhere. But when examined carefully, kidnappings are, for the most part, the result of a long and carefully orchestrated process. They do not arise from a vacuum. There are almost always some indications or warnings that the process is in motion prior to the actual abduction, meaning that many kidnappings are avoidable. In light of this reality, let’s take a more detailed look at the phenomenon of kidnappings.

Types of Kidnappings

There are many different types of kidnappings. Although kidnappings for ransom and political kidnappings generate considerable news interest, most kidnappings have nothing to do with money or political statements. They are typically kidnappings conducted by family members in custody disputes, emotionally disturbed strangers wanting to take a child to raise or strangers who abduct a victim for sexual exploitation.

Even in financially motivated kidnappings, there are a number of different types. The stereotypical kidnapping of a high-value target comes most readily to mind, but there are also more spur-of-the-moment express kidnappings, where a person is held until his bank account can be drained using an ATM card, and even virtual kidnappings, where no kidnapping occurs at all but the victim is frightened by a claim that a loved one has been kidnapped and pays a ransom to the alleged abductors. Some of the piracy incidents in Somalia also move into the economic kidnapping realm, especially in cases where the crew or passengers are seen as being more valuable than the boat or its cargo.

Since kidnapping is such a broad topic, for the sake of this discussion, we will focus primarily on kidnappings that are financially motivated and those that are politically motivated. Financially motivated kidnappings can be conducted by a variety of criminal elements. At the highest level are highly trained professional kidnapping gangs that specialize in abducting high-net-worth individuals and who will frequently demand ransoms in the millions of dollars. Such groups often employ teams of specialists who carry out a variety of specific tasks such as collecting intelligence, conducting surveillance, snatching the target, negotiating with the victim’s family and establishing and guarding the safe-houses.

At the other end of the spectrum are gangs that randomly kidnap targets of opportunity. These gangs are generally far less skilled than the professional gangs and often will hold a victim for only a short time, as in an express kidnapping. Sometimes express kidnapping victims are held in the trunk of a car for the duration of their ordeal, which can sometimes last for days if the victim has a large amount in a checking account and a small daily ATM withdrawal limit. Other times, if an express kidnapping gang discovers it has grabbed a high-value target by accident, the gang will hold the victim longer and demand a much higher ransom. Occasionally, these express kidnapping groups will even “sell” a high-value victim to a more professional kidnapping gang. (On a side note, most express kidnapping victims tend to be male and are most frequently abducted while walking on the street after dark, and many have impaired their senses by consuming alcohol.)

In the United States, it is far more common for a relatively poor person to be kidnapped for financial motives than it is for a high-net-worth individual. This is because kidnapping groups frequently target groups of illegal immigrants, who they believe are far less likely to seek help from the authorities. In some cases, the police have found dozens of immigrant hostages being held in safe-houses.

Between the two extremes of kidnapping groups — those targeting the rich and those targeting the poor — there is a wide range of kidnapping gangs that might target a bank vice president or branch manager rather than the bank’s CEO, or that might kidnap the owner of a restaurant or other small business rather than an industrialist.

In the realm of political kidnappings, there are abductions that are very well-planned, such as the December 1981 kidnapping of Gen. James Dozier by the Italian Red Brigades, or Hezbollah’s March 1985 kidnapping of journalist Terry Anderson. However, there are also opportunistic cases of politically motivated kidnappings, such as when foreigners are abducted at a Taliban checkpoint in Afghanistan or AQIM militants grab a European tourist in the Sahel area of Africa. Of course, in the case of both the Taliban and AQIM, the groups see kidnapping as an important source of funding as well as a politically useful tool.

Understanding the Process

In deliberate (as opposed to opportunistic) kidnappings based on financial or political motives, the kidnappers generally follow a process that is very similar to what we call the terrorist attack cycle: target selection, planning, deployment, attack, escape and exploitation. In a kidnapping, this means the group must identify a victim; plan for the abduction, captivity and negotiation; conduct the abduction and secure the hostage; successfully leverage the life of the victim for financial or political gain; and then escape.

During some phases of this process, the kidnappers may not be visible to the target, but there are several points during the process when the kidnappers are forced to expose themselves to detection in order to accomplish their mission. Like the perpetrators of a terrorist attack, those planning a kidnapping are most vulnerable to detection while they are conducting surveillance — before they are ready to deploy and conduct their attack. As we have noted several times in past analyses, one of the secrets of countersurveillance is that most criminals are not very good at conducting surveillance. The primary reason they succeed is that no one is looking for them.

Of course, kidnappers are also very easy to spot once they launch their attack, pull their weapons and perhaps even begin to shoot. By this time, however, it might very well be too late to escape their attack. They will have selected their attack site and employed the forces they believe they need to overpower their victim and complete the operation. While the kidnappers could botch their operation and the target could escape unscathed, it is simply not practical to pin one’s hopes on that possibility. It is clearly better to spot the kidnappers early and avoid their trap before it is sprung and the guns come out.

Kidnappers, like other criminals, look for patterns and vulnerabilities that they can exploit. Their chances for success increase greatly if they are allowed to conduct surveillance at will and are given the opportunity to thoroughly assess the security measures (if any) employed by the target. We have seen several cases in Mexico in which the criminals even chose to attack despite security measures such as armored cars and armed security guards. In such cases, criminals attack with adequate resources to overcome existing security. For example, if there are protective agents, the attackers will plan to neutralize them first. If there is an armored vehicle, they will find ways to defeat the armor or grab the target when he or she is outside the vehicle. Because of this, criminals must not be allowed to conduct surveillance at will. Potential targets should practice a heightened but relaxed state of situational awareness that will help them spot hostile surveillance.

Potential targets should also conduct simple pattern and route analyses to determine where they are most predictable and vulnerable. Taking an objective look at your schedule and routes is really not as complicated as it may seem. While the ideal is to vary routes and times to avoid predictable locations, this is also difficult and disruptive and warranted only when the threat is extremely high. A more practical alternative is for potential targets to raise their situational awareness a notch as they travel through such areas at predictable times.

Of course, using the term “potential targets” points to another problem. Many kidnapping victims simply don’t believe they are potential targets until after they have been kidnapped, and therefore do not take commonsense security measures. Frequently, when such people are debriefed after their release from captivity, they are able to recall suspicious activity before their abduction that they did not take seriously because they did not consider themselves targets. One American businessman who was kidnapped in Central America said upon his release that he knew there was something odd about the behavior of a particular couple he saw frequently sitting on a park bench near his home prior to his kidnapping, but he didn’t think he was rich enough to be targeted for kidnapping. As soon as he was abducted, he said that he immediately knew that the awkward couple had been observing him to determine his pattern. He said that he often thought about that couple during his two months in captivity, and how a little bit of curiosity could have saved him from a terrifying ordeal and his family a substantial sum of money.

The same steps involved in a deliberate kidnapping are also followed in ad hoc, opportunistic kidnappings — though the steps may be condensed and accomplished in seconds or minutes rather than the weeks or months normally associated with a well-planned kidnapping operation. And the same problems with lack of awareness often apply. It is not uncommon to talk to someone who was involved in an express kidnapping and hear the person say, “I got a bad feeling about those three guys standing near that car when I started walking down that block, but I kept walking anyway.” This frequent occurrence highlights the importance of situational awareness, attack recognition and proper mindset maintenance.

Potential targets do not have to institute security measures that will make them invulnerable to such crimes — something that is very difficult and that can be very expensive. Rather, the objective is to take measures that make them a harder target than other members of the specific class of individuals to which they belong. Groups conducting pre-operational surveillance, whether for an intentional kidnapping or an opportunistic kidnapping, prefer a target that is unaware and easy prey. Taking some basic security measures such as maintaining a healthy state of situational awareness will, in many cases, cause the criminals to choose another target who is less aware and therefore more vulnerable.

Also, most people who are kidnapped in places like Afghanistan or the Sahel know they are going into dangerous places and disregard the warnings not to go to those places. Many of these people, like journalists and aid workers, take the risk as part of their jobs. Others, like the European tourists abducted in the Sahel (and some of the pleasure boaters kidnapped by Somali pirates), appear to naively disregard the risk or to be thrill-seekers. In the recent Germaneau case in Niger, due to the number of highly publicized kidnappings in the Sahel region over the past eight years, and Germaneau’s personal history of working in Algeria, it would be hard to argue that he did not know what he could be getting himself into (though we are unsure at this point what motivated him to run that risk). After Germaneau’s kidnapping, his driver was subsequently arrested, raising the possibility that he was somehow complicit in the abduction. This is a reminder that it is not at all unusual for kidnapping gangs to have inside help, whether a maid, bodyguard, interpreter or taxi driver.

In retrospect, almost every person who is kidnapped either missed or ignored some indication or warning of danger. These warnings can range from observable criminal behavior to a consular information bulletin specifically warning people not to drive outside of cities in Guatemala after dark, for example. This means that, while kidnapping can be a devastating crime, it can also be an avoidable one.

"A Look at Kidnapping through the Lens of Protective Intelligence is republished with permission of STRATFOR."
0 Comment(s) / Post Comment

Thursday, April 28th 2011


The Kaspersky Kidnapping - Lessons Learned

The Kaspersky Kidnapping - Lessons Learned
April 28, 2011

By Scott Stewart

On April 24, officers from the anti-kidnapping unit of Moscow’s Criminal Investigation Department and the Russian Federal Security Service (FSB) rescued 20-year-old Ivan Kaspersky from a dacha in Sergiev Posad, a small town about 40 miles northeast of Moscow. Kaspersky, the son of Russian computer software services billionaire Eugene Kaspersky (founder of Kaspersky Lab), was kidnapped on April 19 as he was walking to work from his Moscow apartment. A fourth-year computer student at Moscow State University, Kaspersky was working as an intern at a software company located near Moscow’s Strogino metro station.

Following the abduction, Kaspersky was reportedly forced to call his father and relay his captors’ demands for a ransom of 3 million euros ($4.4 million). After receiving the ransom call, the elder Kaspersky turned to Russian law enforcement for assistance. On April 21, news of the abduction hit the Russian and international press, placing pressure on the kidnappers and potentially placing Kaspersky’s life in jeopardy. In order to defuse the situation, disinformation was leaked to the press that a ransom had been paid, that Kaspersky had been released unharmed and that the family did not want the authorities involved. Kaspersky’s father also contacted the kidnappers and agreed to pay the ransom. Responding to the ruse, four of the five members of the kidnapping gang left the dacha where Kaspersky was being held to retrieve the ransom and were intercepted by Russian authorities as they left. The authorities then stormed the dacha, arrested the remaining captor and released Kaspersky. The five kidnappers remain in custody and are awaiting trial.

According to Russia’s RT television network, Russian officials indicated that the kidnapping was orchestrated by an older couple who were in debt and sought to use the ransom to get out of their financial difficulties. The couple reportedly enlisted their 30-year-old son and two of his friends to act as muscle for the plot. Fortunately for Kaspersky, the group that abducted him was quite unprofessional and the place where he was being held was identified by the cell phone used to contact Kaspersky’s father. Reports conflict as to whether the cell phone’s location was tracked by the FSB, the police anti-kidnapping unit or someone else working for Kaspersky’s father, but in any case, in the end the group’s inexperience and naivete allowed for Kaspersky’s story to have a happy ending.

However, the story also demonstrates that even amateurs can successfully locate and abduct the son of a billionaire, and some very important lessons can be drawn from this case.

The Abduction

According to the Russian news service RIA Novosti, Kaspersky’s abductors had been stalking him and his girlfriend for several months prior to the kidnapping. This pre-operational surveillance permitted the kidnappers to determine Kaspersky’s behavioral patterns and learn that he did not have any sort of security detail protecting him. Media reports also indicate that the kidnappers were apparently able to obtain all the information they required to begin their physical surveillance of the victim from information Kaspersky himself had posted on Vkontakte.ru, a Russian social networking site. According to RT, Kaspersky’s Vkontakte profile contained information such as his true name, his photo, where he was attending school, what he was studying, who he was dating, where we was working for his internship and even the addresses of the last two apartments where he lived.

Armed with this cornucopia of information, it would be very easy for the criminals to establish physical surveillance of Kaspersky in order to gather the additional behavioral information they needed to complete their plan for the abduction. Kaspersky also appears to have not been practicing the level of situational awareness required to detect the surveillance being conducted against him — even though it was being conducted by amateurish criminals who were undoubtedly clumsy in their surveillance tradecraft. This lack of awareness allowed the kidnappers to freely follow him and plot his abduction without fear of detection. Kaspersky made himself an easy target in a dangerous place for high net worth individuals and their families. While kidnapping for ransom is fairly rare in the United States, Russian law enforcement sources report that some 300 people are kidnapped for ransom every year in Russia.


In terms of being an easy target, Kaspersky was not alone. It is not uncommon for the children of high net worth families to want to break free of their family’s protective cocoon and “live like a regular person.” This means going to school, working, dating and living without being insulated from the world by the security measures in place around their parents and their childhood homes. This tendency was exemplified by the well-publicized example of George W. Bush’s twin daughters “ditching” their Secret Service security details so they could go out and party with their friends when they were in college.

Having personally worked as a member of an executive protection detail responsible for the security of a high net worth family, I have seen firsthand how cumbersome and limiting an executive protection detail can be — especially a traditional, overt-security detail. A low-key, “bubble-type” detail, which focuses on surveillance detection and protective intelligence, provides some space and freedom, but it, too, can be quite limiting and intrusive — especially for a young person who wants some freedom to live spontaneously. Because of the very nature of protective security, there will inevitably be a degree of tension between personal security and personal freedom.

However, when reacting to this tension, those protected must remember that there are very real dangers in the world — dangers that must be guarded against. Unfortunately, many people who reject security measures tend to live in a state of denial regarding the potential threats facing them, and that denial can land them in trouble. We have seen this mindset most strongly displayed in high net worth individuals who have recently acquired their wealth and have not yet been victimized by criminals. A prime example of this was U.S billionaire Eddie Lampert, who at the time of his abduction in 2003 did not believe there was any threat to his personal security. His first encounter with criminals was a traumatic kidnapping at gunpoint. But this mindset can also appear in younger members of well-established families of means who have not personally been victimized by criminals.

It is important to realize, however, that the choice between security and freedom does not have to be an either/or equation. There are measures that can be taken to protect high net worth individuals and children without employing a full protective security detail. These same measures can also be applied by people of more modest means living in places such as Mexico or Venezuela, where the kidnapping threat is pervasive and extends to almost every strata of society, from middle-class professionals and business owners to farmers.

In this type of environment, the threat also applies to mid-level corporate employees who serve tours as expatriate executives in foreign cities. Some of the cities they are posted in are among the most crime-ridden in the world, including such places as Mexico City, Caracas, Sao Paulo and Moscow. When placed in the middle of an impoverished society, even a mid-level executive or diplomat is, by comparison, incredibly rich. As a result, employees who would spend their lives under the radar of professional criminals back home in the United States, Canada or Europe can become prime targets for kidnapping, home invasion, burglary and carjacking in their overseas posts.

The Basics

Before anything else can be done to address the criminal threat, like any other issue, the fact that there is indeed a threat must first be recognized and acknowledged. As long as a potential target is in a state of denial, very little can be done to protect him or her.

Once the threat is recognized, the next step in devising a personal protection system is creating a realistic baseline assessment of the threat — and exposure to that threat. This assessment should start with some general research on crime and statistics for the area where the person lives, works or goes to school, and the travel corridors between these places. The potential for natural disasters, civil unrest — and in some cases the possibility of terrorism or even war — should also be considered. Based on this general crime-environment assessment, it might be determined that the kidnapping risk in a city such as Mexico City or Moscow will dictate that a child who has a desire to attend university without a protective security detail might be better off doing so in a safer environment abroad.

Building on these generalities, then, the next step should be to determine the specific threats and vulnerabilities by performing some basic analyses and diagnostics. In some cases, these will have to be performed by professionals, but they can also be undertaken by the individuals themselves if they lack the means to hire professional help. These analyses should include:

  • In-depth cyberstalking report. Most of the people for whom we have conducted such reports have been shocked to see how much private information analysts are able to dig up on the Internet. This information is available for free (or for a few dollars) to anyone, including criminals, who might be targeting people for kidnapping, extortion or other crimes. The problem of personal information being available on the Internet is magnified when potential targets gratuitously post personal information online, as in the Kaspersky case. Even in cases where personal information is available only to online “friends,” it is quite easy for savvy Internet users to use a false social networking account with an attractive photo to social engineer their way into a circle of friends using common pretexting tactics. Therefore, potential targets need to be extremely careful what they post online, and they also must be aware of what information about them is publicly available on the Internet and how that information may make them vulnerable to being targeted. If it is determined that the information available makes them too vulnerable, changes may have to be made.
  • Baseline surveillance diagnostics. Surveillance diagnostics is a blend of surveillance-detection techniques that are designed to determine if an individual is under systematic criminal surveillance. This can be conducted by the potential targets themselves, if they receive the necessary training, or by a specialized professional surveillance-detection team. As the name suggests, this diagnostic level helps establish a baseline from which to plan future security and surveillance-detection operations.
  • Route analysis. This type of analysis examines the regular travel routes of a potential target in order to identify locations such as choke points that can be used by criminals for surveillance or to conduct an attack. Route analysis can be performed by the same team that conducts surveillance diagnostics, or even by a potential target if the person will thoughtfully examine his or her daily travel routes. Such an analysis allows the potential target to be cognizant of such locations and of the need to increase situational awareness for signs of surveillance or a potential attack as he or she passes through them — especially during a highly predictable move like the morning home-to-work commute.
  • Physical security surveys. Such surveys are performed for the home, workplace or school of the potential target. While individuals can effectively conduct such surveys using common sense, a professional assessment can be useful and will often be performed for free by alarm companies. Obviously, any security upgrades required at a workplace or school will require coordination with the security managers for these locations.
  • Response capability assessment. This is a realistic assessment of the capabilities and responsiveness of the local police and security forces as well as fire and medical first-responders. In some places, security personnel themselves may be involved in criminal activity, or prove to be generally unresponsive or incompetent. Knowing their true capabilities is necessary to create a realistic security plan.

There are some very good private training facilities that can provide individuals with training in things like attack recognition/avoidance, surveillance detection and route analysis as well hands-on skills like tactical driving.

Guns Alone Are Not the Answer

Even if a potential target is being afforded a protection detail, it must be remembered that guards with guns are not in and of themselves a guarantee of security. If a group is brazen enough to undertake a kidnapping, they will in many cases and many places not hesitate to use deadly force in the commission of their crime. If they are given free rein to conduct pre-operational surveillance, they will be able to make plans to overcome any security measures in place, including the neutralizing of armed security personnel.

After recognizing that a threat indeed exists, the next key concept that potential targets need to internalize is that criminals are vulnerable to detection as they plan their crimes, and that ordinary people can develop the skills required to detect criminal activity and take measures to avoid being victimized. The fact is, most criminals practice terrible surveillance tradecraft. They are permitted to succeed in spite of their lack of skill because, for the most part, people simply do not practice good situational awareness.

The good news for potential targets is that being aware of one’s surroundings and identifying potential threats and dangerous situations is more a mindset or attitude than a hard skill. Because of this, situational awareness is not something that can be practiced only by highly trained government agents or specialized surveillance detection teams — it is something that can be practiced by anyone with the will and the discipline to do so. In the Kaspersky case, it is very likely that had the young man been practicing good situational awareness, he would have been able to note the criminals conducting surveillance on him and to take appropriate action to avoid being kidnapped.

Armed guards, armored vehicles and other forms of physical security are all valuable protective tools, but they can all be defeated by kidnappers who are allowed to form a plan and execute it at the time and place of their choosing. Clearly, a way is needed to deny kidnappers the advantage of striking when and where they choose or, even better, to stop a kidnapping before it can be launched. This is where the intelligence tools outlined above come into play. They permit the potential target, and any security officers working to protect them, to play on the action side of the action/reaction equation rather than passively waiting for something to happen.

"The Kaspersky Kidnapping - Lessons Learned is republished with permission of STRATFOR."

Read more: The Kaspersky Kidnapping - Lessons Learned STRATFOR

0 Comment(s) / Post Comment

Thursday, April 14th 2011


The Perceived Car Bomb Threat in Mexico

The Perceived Car Bomb Threat in Mexico
April 13, 2011

By Scott Stewart

On April 5, Mexican newspaper El Universal reported that a row of concrete Jersey barriers was being emplaced in front of the U.S. Consulate General in Monterrey, Mexico. The story indicated that the wall was put in to block visibility of the facility, but being only about 107 centimeters (42 inches) high, such barriers do little to block visibility. Instead, this modular concrete wall is clearly being used to block one lane of traffic in front of the consulate in an effort to provide the facility with some additional standoff distance from the avenue that passes in front of it.

Due to the location and design of the current consulate building in Monterrey, there is only a narrow sidewalk separating the building’s front wall from the street and very little distance between the front wall and the building. This lack of standoff has been long noted, and it was an important factor in the decision to build a new consulate in Monterrey (construction began in June 2010 and is scheduled to be completed in January 2013).

The U.S. Consulate in Monterrey has been targeted in the past by cartels using small arms and grenades. The last grenade attack near the consulate was in October 2010. However, the Jersey barriers placed in front of the consulate will do little to protect the building against small arms fire, which can be directed at portions of the building above the perimeter wall, or grenades, which can be thrown over the wall. Rather, such barriers are used to protect facilities against an attack using a car bomb, or what is called in military and law enforcement vernacular a vehicle-borne improvised explosive device (VBIED).

That such barriers have been employed (or re-employed, really, since they have been used before at the U.S. Consulate in Monterrey) indicates that there is at least a perceived VBIED threat in Mexico. The placement of the barriers was followed by a Warden Message issued April 8 by the U.S. Consulate General in Monterrey warning that “the U.S. government has received uncorroborated information Mexican criminal gangs may intend to attack U.S. law enforcement officers or U.S. citizens in the near future in Tamaulipas, Nuevo Leon and San Luis Potosi.” It is quite possible that the placement of the barriers at the consulate was related to this Warden Message.

The Mexican cartels have employed improvised explosive devices (IEDs) in the past, but the devices have been small. While their successful employment has shown that the cartels could deploy larger devices if they decided to do so, there are still some factors causing them to avoid using large VBIEDs.

Some History

The use of IEDs in Mexico is nothing new. Explosives are plentiful in Mexico due to their widespread use in the country’s mining and petroleum sectors. Because of Mexico’s strict gun laws, it is easier and cheaper to legally procure explosives — specifically commercial explosives such as Tovex — in Mexico than it is firearms. We have seen a number of different actors use explosive devices in Mexico, including left-wing groups such as the Popular Revolutionary Army and its various splinters, which have targeted banks and commercial centers (though usually at night and in a manner intended to cause property damage and not human casualties). An anarchist group calling itself the Subversive Alliance for the Liberation of the Earth, Animals and Humans has also employed a large number of small IEDs against banks, insurance companies, car dealerships and other targets.

Explosives have also played a minor role in the escalation of cartel violence in Mexico. The first cartel-related IED incident we recall was the Feb. 15, 2008, premature detonation of an IED in Mexico City that investigators concluded was likely a failed assassination attempt against a high-ranking police official. Three months later, in May 2008, there was a rash of such assassinations in Mexico City targeting high-ranking police officials such as Edgar Millan Gomez, who at the time of his death was Mexico’s highest-ranking federal law enforcement officer. While these assassinations were conducted using firearms, they supported the theory that the Feb. 15, 2008, incident was indeed a failed assassination attempt.

Mexican officials have frequently encountered explosives, including small amounts of military-grade explosives and far larger quantities of commercial explosives, when they have uncovered arms caches belonging to the cartels. But it was not until July 2010 that IEDs began to be employed by the cartels with any frequency.

On July 15, 2010, in Juarez, Chihuahua state, the enforcement wing of the Juarez cartel, known as La Linea, remotely detonated an IED located inside a car as federal police agents were responding to reports of a dead body inside a car. The attack killed two federal agents, one municipal police officer and an emergency medical technician and wounded nine other people. Shortly after this well-coordinated attack, La Linea threatened that if the U.S. Drug Enforcement Administration and Federal Bureau of Investigation did not investigate and remove the chief of the Chihuahua state police intelligence unit — who La Linea claimed was working for the Sinaloa Federation — the group would deploy a car bomb containing 100 kilograms (220 pounds) of explosives. The threat proved to be an empty one, and since last July, La Linea has deployed just one additional IED, which was discovered by police on Sept. 10, 2010, in Juarez.

The Sept. 10 incident bore a striking resemblance to the July 15 Juarez bombing. The device was hidden in a vehicle parked near another vehicle that contained a dead body that was reported to police. The Sept. 10 device appears to have malfunctioned, since it did not detonate as first responders arrived. The device was noticed by authorities and rendered safe by a Mexican military explosive ordnance disposal team. This device reportedly contained a main charge of 16 kilograms of Tovex, and while that quantity of explosives was far smaller than the 100-kilogram device La Linea threatened to employ, it was still a significant step up in size from the July 15 IED. Based upon the amount of physical damage done to buildings and other vehicles in the area where the device exploded, and the lack of a substantial crater in the street under the vehicle containing the device, the July 15 IED appears to have contained at most a couple of kilograms of explosives.

Seemingly taking a cue from La Linea, the Gulf cartel also began deploying IEDs in the summer of 2010 against law enforcement targets it claimed were cooperating with Los Zetas, which is currently locked in a heated battle with the Gulf cartel for control of Mexico’s northeast (see the map here for an understanding of cartel geographies). Between August and December 2010, Gulf cartel enforcers deployed at least six other IEDs against what they called the “Zeta police” and the media in such cities as Ciudad Victoria in Tamaulipas state and Zuazua in Nuevo Leon. However, these attacks were all conducted against empty vehicles and there was no apparent attempt to inflict casualties. The devices were intended more as messages than weapons.

The employment of IEDs has not been confined just to the border. On Jan. 22, a small IED placed inside a car detonated near the town of Tula, Hidalgo state, injuring four local policemen. Initial reports suggested that local law enforcement received an anonymous tip about a corpse in a white Volkswagen Bora. The IED reportedly detonated when police opened one of the vehicle’s doors, suggesting either some sort of booby trap or a remotely detonated device.

The damage from the Tula device is consistent with a small device placed inside a vehicle, making it similar to the IEDs deployed in Juarez and Ciudad Victoria in 2010. The setup and the deployment of the IED in Tula also bear some resemblance to the tactics used by La Linea in the July 2010 Juarez attack; in both cases, a corpse was used as bait to lure law enforcement to the scene before the device was detonated. Despite these similarities, the distance between Tula and Juarez and the makeup of the cartel landscape make it unlikely that the same group or bombmaker was involved in these two incidents.

Car Bombs vs. Bombs in Cars

The IEDs that have been detonated by the Mexican cartels share a very common damage profile. The frames of the vehicles in which the devices were hidden remained largely intact after detonation and damage to surrounding structures and vehicles was relatively minor, indicating the devices were rather small in size. The main charges were probably similar to the device found in a vehicle recovered from an arms cache in Guadalajara, Jalisco state, on Sept. 10, 2010 — a liquor bottle filled with no more than a kilogram of commercial explosives.

In fact, most of the devices we have seen in Mexico so far have been what we consider “bombs in cars” rather than “car bombs.” The difference between the two is one of scale. Motorcycle gangs and organized crime groups frequently place pipe bombs and other small IEDs in vehicles in order to kill enemies or send messages. However, it is very uncommon for the police investigating such attacks to refer to these small devices as car bombs or VBIEDs. As the name implies, “vehicle borne” suggests that the device is too large to be borne by other means and requires a vehicle to convey it to the target. This means the satchel device that prematurely detonated in Mexico City in February 2008 or the liquor-bottle charge recovered in Guadalajara in September 2010 would not have been considered VBIEDs had they been detonated in vehicles. None of the devices we have seen successfully employed in Mexico has been an actual VBIED, as defined by those commonly used in Iraq, Pakistan or Afghanistan — or even Colombia in the late 1980s and early 1990s.

The only explosive device we have seen that even remotely approached being considered a VBIED was the 16-kilogram device discovered in Juarez in September 2010. This means that those who are referring to the devices deployed in Mexico as VBIEDs are either mistaken or are intentionally hyping the devices. Claiming that the cartels are using “car bombs” clearly benefits those who are trying to portray the cartels as terrorists. As we’ve discussed elsewhere, there are both political and practical motives for labeling the Mexican drug cartels terrorists rather than just vicious criminals.

That said, the Vicente Carrillo Fuentes organization and the Gulf cartel have demonstrated that they can construct small devices and remotely detonate them using cellphones, Futaba radio-control transmitters and servos (as have the still unidentified groups responsible for the Tula attack and the radio-controlled device recovered in Guadalajara in September 2010). Once an organization possesses the ability to do this, and has access to large quantities of explosives, the only factor that prevents it from creating and detonating large VBIED-type devices is will.

In the late 1980s and early 1990s in Colombia, powerful Colombian drug trafficking organizations such as the Medellin cartel used large-scale terrorist attacks in an effort to get the Colombian government to back off on its counternarcotics efforts. Some of the attacks conducted by the Medellin cartel, such as the December 1989 bombing of the Colombian Administrative Department of Security, utilized at least 450 kilograms of explosives and were incredibly devastating. However, these attacks did not achieve their objective. Instead, they served to steel the will of the Colombian government and also caused the Colombians to turn to the United States for even more assistance in their battle against the Colombian cartels.

A U.S. government investigator who assisted the Colombian government in investigating some of the large VBIED attacks conducted by the Medellin cartel notes that Medellin frequently employed Futaba radio-control devices in its VBIEDs like those used for model aircraft. A similar Futaba device was recovered in Guadalajara in September 2010, found wired to the explosives-filled liquor bottle inside the car. This may or may not provide the Mexican authorities with any sort of hard forensic link between the Mexican and Colombian cartels, but it is quite significant that the Futaba device was used in an IED in Mexico with a main explosive charge that was much smaller than those used in Colombia.

On April 1, 2011, the Mexican military discovered a large arms cache in Matamoros. In addition to encountering the customary automatic weapons, grenades and rocket-propelled grenade launchers, the military also seized 412 chubs (plastic sleeves) of hydrogel commercial explosives, 36 electric detonators and more than 11 meters of detonation cord. (The Mexican government did not provide photos of the explosives nor the weight of the material recovered, but chubs of gel explosives can range in size from less than half a kilogram to a couple of kilograms in weight.) This means there were at least a hundred kilograms of explosives in the cache, enough to make a sizable VBIED. Given that the cache was located in Matamoros and appears to have been there for some time, it is likely that it belonged to the Gulf cartel. This, like other seizures of explosives, indicates that the reason the Gulf cartel has used small explosive devices in its past attacks is not due to lack of explosives or expertise but lack of will.

Assessing the Threat

When assessing any threat, two main factors must be considered: intent and capability. So far, the Mexican cartels have demonstrated they have the capability to employ VBIEDs but not the intent. Discerning future intent is difficult, but judging from an actor’s past behavior can allow a thoughtful observer to draw some conclusions. First, the Juarez cartel has been hard-pressed by both the Mexican government and the Sinaloa Federation, and it is desperately struggling to survive. Despite this, the leaders of that organization have decided not to follow through with their threats from last July to unleash a 100-kilogram VBIED on Juarez. The Juarez cartel is not at all squeamish about killing people and it is therefore unlikely that the group has avoided employing VBIEDs for altruistic or benevolent reasons. Clearly, they seem to believe that it is in their best interests not to pop off a VBIED or a series of such devices.

Although the Juarez cartel is badly wounded, the last thing it wants to do is invite the full weight of the U.S. and Mexican governments down upon its head by becoming the Mexican version of Pablo Escobar’s Medellin cartel, which would likely happen should it begin to conduct large terrorist-style bombings. Escobar’s employment of terrorism backfired on him and resulted not only in his own death but also the dismantlement of his entire organization. A key factor in Escobar’s downfall was that his use of terrorism not only affected the government but also served to turn the population against him. He went from being seen by many Colombians as almost a folk hero to being reviled and hated. His organization lost the support of the population and found itself isolated and unable to hide amid the populace.

Similar concerns are likely constraining the actions of the Mexican cartels. It is one thing to target members of opposing cartels, or even law enforcement and military personnel, and it is quite another to begin to indiscriminately target civilians or to level entire city blocks with large VBIEDs. While the drug war — and the crime wave that has accompanied it — has affected many ordinary Mexicans and turned sentiment against the cartels, public sentiment would be dramatically altered by the adoption of true terrorist tactics. So far, the Mexican cartels have been very careful not to cross that line.

There is also the question of cost versus benefit. So far, the Mexican cartels have been able to use small IEDs to accomplish what they need — essentially sending messages — without having to use large IEDs that would require more resources and could cause substantial collateral damage that would prompt a public-opinion backlash. There is also considerable doubt that a larger IED attack would really accomplish anything concrete for the cartels. While the cartels will sometimes conduct very violent actions, most of those actions are quite pragmatic. Cartel elements who operate as loose cannons are often harshly disciplined by cartel leadership, like the gunmen involved in the Falcon Lake shooting.

So while the U.S. Consulate in Monterrey may be erecting Jersey barriers to protect it from VBIED attacks, it is likely doing so based on an abundance of caution or some bureaucratic mandate, not hard intelligence that the cartels are planning to hit the facility with a VBIED.

"The Perceived Car Bomb Threat in Mexico is republished with permission of STRATFOR."
0 Comment(s) / Post Comment

Thursday, March 24th 2011


Detroit police video of precinct shoot-out in Precinct

0 Comment(s) / Post Comment

Wednesday, March 16th 2011


Distracted Driving?

0 Comment(s) / Post Comment

Wednesday, March 16th 2011


An Infographic: How to Spot a Liar

0 Comment(s) / Post Comment

Wednesday, December 22nd 2010


Dispatch: Organized Crime vs. Terrorism

Dispatch: Organized Crime vs. Terrorism

Analyst Reva Bhalla uses the Mexican drug cartel war to examine the differences between an organized criminal group and a terrorist organization.

Editor’s Note: Transcripts are generated using speech-recognition technology. Therefore, STRATFOR cannot guarantee their complete accuracy.

Mexican lawmakers recently passed legislation defining punishment for acts of terrorism. The most interesting aspect of this law is what was encompassed in that definition of terrorism, which could apply to cartel-related activities. This could be an emerging tactic by the Mexican government to politically characterize cartel-related activities as terrorism and use that as a way to undermine popular support for organized criminal activity in Mexico.

There are some very clear distinctions between organized crime and terrorism. Organized criminal groups can engage in terrorist tactics. Terrorist groups can engage in organized criminal activity. These two sub state actors have very different aims, and these aims can place very different constraints on each.

An organized crime group cannot exist without an extensive peripheral network. In that peripheral network that will involve the bankers, politicians and police; basically the portals into the illicit world that protects the core of the organized crime group, which revolves around business activity. In this case being drug trafficking that the Mexican cartels are engaged in. With such a network territorial possessions come into play, and again, popular support is needed. That doesn’t necessarily mean population condones the violence committed by the cartels but it does mean that the cartels can effectively intimidate the population to tolerate activity and allow business to go up on as usual.

By contrast a terrorist group does not need to rely on as extensive network. By definition terrorism is primarily driven by political aims. The financial aspect of their activities is a means to an end, so this place is very different constraints on the terrorist group and allows the terrorist group to engage in much bolder, riskier and violent acts then an organized crime group would. What’s important about a terrorist act is that it’s used to draw attention to their political objectives. Essentially terrorism is theater.

An interesting dynamic that we haven’t seen quite play out yet in Mexico is when an organized crime group starts to adopt terrorist tactics. We have seen examples of where some cartels have engaged in beheadings and IED usage but not to a degree yet where there’s been a big public backlash. In fact, in Mexico we’ve seen the population and major business groups come out against the government calling on the government to stop the offensive against the cartels and to allow business to go on as usual.

We have seen international examples of where this line has been crossed. For example, in 1992 the Sicilian Mafia La Cosa Nostra crossed a big line when they launched a massive car bombing against an important official. That unleashed a huge wave of public backlash. We also saw this in Colombia with Pablo Escobar and the huge IED campaign that swept across Colombia and that eventually turned people against the cartel dominance and resulted in intelligence sharing that led to the downfall of some of those key cartels. What we may be seeing here is a more subtle tactic by the Mexican government to deal with the cartels.

Despite the very important distinctions between organized crime groups and terrorist groups, the branding of an organized crime group like the Mexican cartels as terrorists could be a way to undermine the public tolerance for a lot of their activity in the country. Again, we have not seen this line crossed in Mexico and I don’t think we’re quite there yet but it will be interesting to see how the Mexican government attempts to re-brand the cartel war.

This report re-posted with permission of www.stratfor.com

0 Comment(s) / Post Comment

Thursday, October 7th 2010


How to Respond to Terrorism Threats and Warnings

How to Respond to Terrorism Threats and Warnings

Gauging the Threat of an Electromagnetic Pulse (EMP) Attack

By Scott Stewart

In this week’s Geopolitical Weekly, George Friedman wrote that recent warnings by the U.S. government of possible terrorist attacks in Europe illustrate the fact that jihadist terrorism is a threat the world will have to live with for the foreseeable future. Certainly, every effort should be made to disrupt terrorist groups and independent cells, or lone wolves, and to prevent attacks. In practical terms, however, it is impossible to destroy the phenomenon of terrorism. At this very moment, jihadists in various parts of the world are seeking ways to carry out attacks against targets in the United States and Europe and, inevitably, some of these plots will succeed. George also noted that, all too often, governments raise the alert level regarding a potential terrorist attack without giving the public any actionable intelligence, which leaves people without any sense of what to do about the threat.

The world is a dangerous place, and violence and threats of violence have always been a part of the human condition. Hadrian’s Wall was built for a reason, and there is a reason we all have to take our shoes off at the airport today. While there is danger in the world, that does not mean people have to hide under their beds and wait for something tragic to happen. Nor should people count on the government to save them from every potential threat. Even very effective military, counterterrorism, law enforcement and homeland security efforts (and their synthesis — no small challenge itself) cannot succeed in eliminating the threat because the universe of potential actors is simply too large and dispersed. There are, however, common-sense security measures that people should take regardless of the threat level.

Situational Awareness

The foundation upon which all personal security measures are built is situational awareness. Before any measures can be taken, one must first recognize that threats exist. Ignorance or denial of a threat and paying no attention to one’s surroundings make a person’s chances of quickly recognizing a threat and then reacting in time to avoid it quite remote. Only pure luck or the attacker’s incompetence can save such a person. Apathy, denial and complacency, therefore, can be (and often are) deadly. A second important element is recognizing the need to take responsibility for one’s own security. The resources of any government are finite and the authorities simply cannot be everywhere and stop every terrorist act.

As we’ve mentioned previously, terrorist attacks do not magically materialize. They are part of a deliberate process consisting of several distinct steps. And there are many points in that process where the plotters are vulnerable to detection. People practicing situational awareness can often spot this planning process as it unfolds and take appropriate steps to avoid the dangerous situation or prevent it from happening altogether. But situational awareness can transcend the individual. When it is exercised by a large number of people, situational awareness can also be an important facet of national security. The citizens of a nation have far more capability to notice suspicious behavior than the intelligence services and police, and this type of grassroots defense is growing more important as the terrorist threat becomes increasingly diffuse and as attackers focus more and more on soft targets. This is something we noted in last week’s Security Weekly when we discussed the motives behind warnings issued by the chief of France’s Central Directorate of Interior Intelligence regarding the terrorist threat France faces.

It is important to emphasize that practicing situational awareness does not mean living in a state of constant fear and paranoia. Fear and paranoia are in fact counterproductive to good personal security. Now, there are times when it is prudent to be in a heightened state of awareness, but people are simply not designed to operate in that state for prolonged periods. Rather, situational awareness is best practiced in what we refer to as a state of relaxed awareness. Relaxed awareness allows one to move into a higher state of alert as the situation requires, a transition that is very difficult if one is not paying any attention at all. This state of awareness permits people to go through life attentively, but in a relaxed, sustainable and less-stressful manner. (A detailed primer on how to effectively exercise situational awareness can be found here.)


In the immediate wake of a terrorist attack or some other disaster, disorder and confusion are often widespread as a number of things happen simultaneously. Frequently, panic erupts as people attempt to flee the immediate scene of the attack. At the same time, police, fire and emergency medical units all attempt to respond to the scene, so there can be terrible traffic and pedestrian crowd-control problems. This effect can be magnified by smoke and fire, which can impair vision, affect breathing and increase the sense of panic. Indeed, frequently many of the injuries produced by terrorist bombings are not a direct result of the blast or even shrapnel but are caused by smoke inhalation and trampling.

In many instances, an attack will damage electrical lines or electricity will be cut off as a precautionary measure. Elevators also can be reserved for firefighters. This means people are frequently trapped in subway tunnels or high-rises and might be forced to escape through smoke-filled tunnels or stairwells. Depending on the incident, bridges, tunnels, subway lines and airports can be closed, or merely jammed to a standstill. For those driving, this gridlock could be exacerbated if the power is out to traffic signals.

In the midst of the confusion and panic, telephone and cell phone usage will soar. Even if the main trunk lines and cell towers have not been damaged by the attack or taken down by the loss of electricity, a huge spike in activity will quickly overload the exchanges and cell networks. This causes ripples of chaos and disruption to roll outward from the scene as people outside the immediate vicinity of the attack zone hear about the incident and wonder what has become of loved ones who were near the attack site.

Those caught in the vicinity of an attack have the best chance of escaping and reconnecting with loved ones if they have a personal contingency plan. Such plans should be in place for each regular location — home, work and school — that each member of the family frequents and should cover what that person will do and where he or she will go should an evacuation be necessary. Obviously, parents of younger children need to coordinate more closely with their children’s schools than parents of older children. Contingency plans need to establish meeting points for family members who might be split up — and backup points in case the first or second point is also affected by the disaster.

The lack of ability to communicate with loved ones because of circuit overload or other phone-service problems can greatly enhance the sense of panic during a crisis. Perhaps the most value derived from having personal and family contingency plans is a reduction in the stress that results from not being able to immediately contact a loved one. Knowing that everyone is following the plan frees each person to concentrate on the more pressing issue of evacuation. Additionally, someone who waits until he or she has contacted all loved ones before evacuating might not make it out. Contingency planning should also include a communication plan that provides alternate means of communication in case the telephone networks go down.

People who work or live high-rises, frequently travel or take subways should consider purchasing and carrying a couple of pieces of equipment that can greatly assist their ability to evacuate such locations. One of these is a smoke hood, a protective device that fits over the head and provides protection from smoke inhalation. The second piece of equipment is a flashlight small enough to fit in a pocket, purse or briefcase. Such a light could prove invaluable in a crisis situation at night or when the power goes out in a large building or subway. Some of the small aluminum flashlights also double as a handy self-defense weapon.

It is also prudent to maintain a small “fly-away” kit containing clothes, water, a first aid kit, nutritional bars, medications and toiletry items for you and your family in your home or office. Items such as a battery- or hand-powered radio, a multitool knife and duct tape can also prove quite handy in an emergency. The kit should be kept in convenient place, ready to grab on the way out.

Contingency planning is important because, when confronted with a dire emergency, many people simply do not know what to do. Not having determined their options in advance — and in shock over the events of the day — they are unable to think clearly enough to establish a logical plan and instead wander aimlessly around, or simply freeze in panic.

The problems are magnified when there are large numbers of people caught unprepared, trying to find solutions, and scrambling for the same emergency materials you are. Having an established plan in place gives even a person who is in shock or denial and unable to think clearly a framework to lean on and a path to follow. It also allows them to get a step ahead of everybody else and make positive progress toward more advanced stages of self-protection or evacuation rather than milling around among the dazed and confused. (A detailed primer on contingency planning can be found here.)

Travel Security

Of course, not all emergencies occur close to home, and the current U.S. government warning was issued for citizens traveling in Europe, so a discussion here of travel security is certainly worthwhile. Obviously, the need to practice situational awareness applies during travel as much as it does anywhere else. There are, however, other small steps that can be taken to help keep one safe from criminals and terrorists when away from home.

In recent years, terrorists have frequently targeted hotels, which became attractive soft targets when embassies and other diplomatic missions began hardening their security. This means that travelers should not only look at the cost of a hotel room but also carefully consider the level of security provided by a hotel before they make a choice. In past attacks, such as the November 2005 hotel bombings in Amman, Jordan, the attackers surveilled a number of facilities and selected those they felt were the most vulnerable. Location is also a critical consideration. Hotels that are close to significant landmarks or hotels that are themselves landmarks should be considered carefully.

Travelers should also request rooms that are somewhere above the ground floor to prevent a potential attacker from easily entering the room but not more than several stories up so that a fire department extension ladder can reach them in an emergency. Rooms near the front of the hotel or facing the street should be avoided when possible; attacks against hotels typically target the foyer or lobby at the front of the building. Hotel guests should also learn where the emergency exits are and physically walk the route to ensure it is free from obstruction. It is not unusual to find emergency exits blocked or chained and locked in Third World countries. And it is prudent to avoid lingering in high-risk areas such as hotel lobbies, the front desk and entrance areas and bars. Western diplomats, business people and journalists who frequently congregate in these areas have been attacked or otherwise targeted on numerous occasions in many different parts of the world.

There are also a number of practical steps than can be taken to stay safe at foreign airports, aboard public transportation and while on aircraft; more information on that topic can be found here.


Finally, it is important to keep the terrorist threat in perspective. As noted above, threats of violence have always existed, and the threat posed to Europe by jihadist terrorists today is not much different from that posed by Marxist or Palestinian terrorists in the 1970s. It is also far less of a threat than the people of Europe experienced from the army of the Umayyad Caliphate at Tours in 732, or when the Ottoman Empire attacked Vienna in 1683. Indeed, far more people (including tourists) will be affected by crime than terrorism in Europe this year, and more people will be killed in European car accidents than terrorist attacks.

If people live their lives in a constant state of fear, those who seek to terrorize them have won. Terror attacks are a tactic used by a variety of militant groups for a variety of ends. As the name implies, terrorism is intended to produce a psychological impact that far outweighs the actual physical damage caused by the attack itself. Denying would-be terrorists this multiplication effect, as the British largely did after the July 2005 subway bombings, prevents them from accomplishing their greater goals. Terror can be countered when people assume the proper mindset and then take basic security measures and practice relaxed awareness. These elements work together to dispel paranoia and to prevent the fear of terrorism from robbing people of the joy of life.

"How to Respond to Terrorism Threats and Warnings is republished with permission of STRATFOR."
0 Comment(s) / Post Comment

Thursday, October 7th 2010


Terrorism, Vigilance and the Limits of the War on Terror

Terrorism, Vigilance and the Limits of the War on Terror

By George Friedman

The U.S. government issued a warning Oct. 3 advising Americans traveling to Europe to be “vigilant.” U.S. intelligence apparently has acquired information indicating that al Qaeda is planning to carry out attacks in European cities similar to those carried out in Mumbai, India, in November 2008. In Mumbai, attackers armed with firearms, grenades and small, timed explosive devices targeted hotels frequented by Western tourists and other buildings in an attack that took three days to put down.

European security forces are far better trained and prepared than their Indian counterparts, and such an attack would be unlikely to last for hours, much less days, in a European country. Still, armed assaults conducted by suicide operatives could be expected to cause many casualties and certainly create a dramatic disruption to economic and social life.

The first question to ask about the Oct. 3 warning, which lacked specific and actionable intelligence, is how someone can be vigilant against such an attack. There are some specific steps that people can and should take to practice good situational awareness as well as some common-sense travel-security precautions. But if you find yourself sleeping in a hotel room as gunmen attack the building, rush to your floor and start entering rooms, a government warning simply to be vigilant would have very little meaning.

The world is awash in intelligence about terrorism. Most of it is meaningless speculation, a conversation intercepted between two Arabs about how they’d love to blow up London Bridge. The problem, of course, is how to distinguish between idle chatter and actual attack planning. There is no science involved in this, but there are obvious guidelines. Are the people known to be associated with radical Islamists? Do they have the intent and capability to conduct such an attack? Were any specific details mentioned in the conversation that can be vetted? Is there other intelligence to support the plot discussed in the conversation?

The problem is that what appears quite obvious in the telling is much more ambiguous in reality. At any given point, the government could reasonably raise the alert level if it wished. That it doesn’t raise it more frequently is tied to three things. First, the intelligence is frequently too ambiguous to act on. Second, raising the alert level warns people without really giving them any sense of what to do about it. Third, it can compromise the sources of its intelligence.

The current warning is a perfect example of the problem. We do not know what intelligence the U.S. government received that prompted the warning, and I suspect that the public descriptions of the intelligence do not reveal everything that the government knows. We do know that a German citizen was arrested in Afghanistan in July and has allegedly provided information regarding this threat, but there are likely other sources contributing to the warning, since the U.S. government considered the intelligence sufficient to cause concern. The Obama administration leaked on Saturday that it might issue the warning, and indeed it did.

The government did not recommend that Americans not travel to Europe. That would have affected the economy and infuriated Europeans. Leaving tourism aside, since tourism season is largely over, a lot of business is transacted by Americans in Europe. The government simply suggested vigilance. Short of barring travel, there was nothing effective the government could do. So it shifted the burden to travelers. If no attack occurs, nothing is lost. If an attack occurs, the government can point to the warning and the advice. Those hurt or killed would not have been vigilant.

I do not mean to belittle the U.S. government on this. Having picked up the intelligence it can warn the public or not. The public has a right to know, and the government is bound by law and executive order to provide threat information. But the reason that its advice is so vague is that there is no better advice to give. The government is not so much washing its hands of the situation as acknowledging that there is not much that anyone can do aside from the security measures travelers should already be practicing.

The alert serves another purpose beyond alerting the public. It communicates to the attackers that their attack has been detected if not penetrated, and that the risks of the attack have pyramided. Since these are most likely suicide attackers not expecting to live through the attack, the danger is not in death. It is that the Americans or the Europeans might have sufficient intelligence available to thwart the attack. From the terrorist point of view, losing attackers to death or capture while failing to inflict damage is the worst of all possible scenarios. Trained operatives are scarce, and like any strategic weapon they must be husbanded and, when used, cause maximum damage. When the attackers do not know what Western intelligence knows, their risk of failure is increased along with the incentive to cancel the attack. A government warning, therefore, can prevent an attack.

In addition, a public warning can set off a hunt for the leak within al Qaeda. Communications might be shut down while the weakness is examined. Members of the organization might be brought under suspicion. The warning can generate intense uncertainty within al Qaeda as to how much Western intelligence knows. The warning, if it correlates with an active plot, indicates a breach of security, and a breach of security can lead to a witch-hunt that can paralyze an organization.

Therefore, the warning might well have served a purpose, but the purpose was not necessarily to empower citizens to protect themselves from terrorists. Indeed, there might have been two purposes. One might have been to disrupt the attack and the attackers. The other might have been to cover the government if an attack came.

In either case, it has to be recognized that this sort of warning breeds cynicism among the public. If the warning is intended to empower citizens, it engenders a sense of helplessness, and if no attack occurs, it can also lead to alert fatigue. What the government is saying to its citizenry is that, in the end, it cannot guarantee that there won’t be an attack and therefore its citizens are on their own. The problem with that statement is not that the government isn’t doing its job but that the job cannot be done. The government can reduce the threat of terrorism. It cannot eliminate it.

This brings us to the strategic point. The defeat of jihadist terror cells cannot be accomplished defensively. Homeland security can mitigate the threat, but it can never eliminate it. The only way to eliminate it is to destroy all jihadist cells and prevent the formation of new cells by other movements or by individuals forming new movements, and this requires not just destroying existing organizations but also the radical ideology that underlies them. To achieve this, the United States and its allies would have to completely penetrate a population of about 1.3 billion people and detect every meeting of four or five people planning to create a terrorist cell. And this impossible task would not even address the problem of lone-wolf terrorists. It is simply impossible to completely dominate and police the entire world, and any effort to do so would undoubtedly induce even more people to turn to terrorism in opposition to the global police state.

Will Rogers was asked what he might do to deal with the German U-boat threat in World War I. He said he would boil away the Atlantic, revealing the location of the U-boats that could then be destroyed. Asked how he would do this, he answered that that was a technical question and he was a policymaker.

The idea of suppressing jihadist terrorism through direct military action in the Islamic world would be an idea Will Rogers would have appreciated. It is a superb plan from a policymaking perspective. It suffers only from the problem of technical implementation. Even native Muslim governments motivated to suppress Islamic terrorism, like those in Egypt, Saudi Arabia, Algeria or Yemen, can’t achieve this goal absolutely. The idea that American troops, outnumbered and not speaking the language or understanding the culture, can do this is simply not grounded in reality.

The United States and Europe are going to be attacked by jihadist terrorists from time to time, and innocent people are going to be killed, perhaps in the thousands again. The United States and its allies can minimize the threat through covert actions and strong defenses, but they cannot eliminate it. The hapless warning to be vigilant that was issued this past weekend is the implicit admission of this fact.

This is not a failure of will or governance. The United States can’t conceivably mount the force needed to occupy the Islamic world, let alone pacify it to the point where it can’t be a base for terrorists. Given that the United States can’t do this in Afghanistan, the idea that it might spread this war throughout the Islamic world is unsupportable.

The United States and Europe are therefore dealing with a threat that cannot be stopped by their actions. The only conceivably effective actions would be those taken by Muslim governments, and even those are unlikely to be effective. There is a deeply embedded element within a small segment of the Islamic world that is prepared to conduct terror attacks, and this element will occasionally be successful.

All people hate to feel helpless, and this trait is particularly strong among Americans. There is a belief that America can do anything and that something can and should be done to eliminate terrorism and not just mitigate it. Some Americans believe sufficiently ruthless military action can do it. Others believe that reaching out in friendship might do it. In the end, the terrorist element will not be moved by either approach, and no amount of vigilance (or new bureaucracies) will stop them.

It would follow then that the West will have to live with the terrorist threat for the foreseeable future. This does not mean that military, intelligence, diplomatic, law-enforcement or financial action should be stopped. Causing most terrorist attempts to end in failure is an obviously desirable end. It not only blocks the particular action but also discourages others. But the West will have to accept that there are no measures that will eliminate the threat entirely. The danger will persist.

Effort must be made to suppress it, but the level of effort has to be proportional not to the moral insult of the terrorist act but to considerations of other interests beyond counterterrorism. The United States has an interest in suppressing terrorism. Beyond a certain level of effort, it will reach a point of diminishing returns. Worse, by becoming narrowly focused on counterterrorism and over-committing resources to it, the United States will leave other situations unattended as it focuses excessively on a situation it cannot improve.

The request that Americans be vigilant in Europe represents the limits of power on the question of terrorism. There is nothing else that can be done and what can be done is being done. It also drives home the fact that the United States and the West in general cannot focus all of its power on solving a problem that is beyond its power to solve. The long war against terrorism will not be the only war fought in the coming years. The threat of jihadism must be put in perspective and the effort aligned with what is effective. The world is a dangerous place, as they say, and jihadism is only one of the dangers.

"Terrorism, Vigilance and the Limits of the War on Terror is republished with permission of STRATFOR."
0 Comment(s) / Post Comment

Wednesday, July 14th 2010


Be Good or Be Gone

Be Good or Be Gone

All of the events listed below have something in common:

11-01-50 Attempted assassination of Harry S. Truman, President of the United States.

05-15-72 Attempted assassination of George Wallace, Governor of Alabama.

03-20-74 Attempted kidnapping of Princess Anne of England.

09-05-77 Kidnapping & assassination of Hanns-Martin Schleyer, West German Industrialist.

03-16-78 Kidnapping & assassination of Aldo Moro, Former Prime Minister of Italy.

03-30-81 Attempted assassination of Ronald Reagan, President of the United States.

06-14-95 Attempted assassination of Robert Kruger, U.S. Ambassador to Burundi.

11-04-95 Assassination of Yitzhak Rabin, Prime Minister of Israel.

08-29-95 Attempted assassination 1 of Eduard Shevardnadze, President of Georgia.

02-09-98 Attempted assassination 2 of Eduard Shevardnadze, President of Georgia.

07-23-98 Attempted assassination of Asian Naskhadov, President of Chechnya

01-03-99 Attempted assassination of Nawaz Sharif, Prime Minister of Pakistan.

09-06-99 Attempted assassination of Hosni Mubarak, President of Egypt.

07-03-00 Assassination of Jean Leopold Dominque, Owner of Radio Haiti.

12-19-00 Attempted assassination of Iosif Ordzhonikidze, Deputy Mayor of Moscow.

01-31-01 Attempted assassination of Akhmad Kadyrov, Head of the Civil Administration in Chechnya.

04-11-01 Assassination of Habib Sanginov, First Deputy Minister of the Interior of Tajikistan.

04-18-01 Assassination of Teodoro Hernaez, Mayor of Santa Lucia, Philipines.

07-25-01 Assassination of Phoolan (“Bandit Queen”) Devi, Member of Parliament, India.

07-26-01 Assassination of Shaukat Mirza, Director Pakistan State Oil Company.

These events transpired in various countries around the world. The protected individuals were from the public and the private sectors. Some had one protector while others had many.

The activities of the principals at the time of the attacks were:

Riding in vehicle – 12 incidents
Walking to car – 3 incidents
Walking through crowd – 1 incident
Giving speech – 1 incident
Arriving at work – 1 incident
In residence – 1 incident

The weapons used by the attackers were as follows:

Knife – 1 incident
Firearms – 14 incidents
Explosives  - 4 incidents

The common thread in all of these events is that bodyguards and or law enforcement personnel assigned to protect the individuals mentioned were either injured or killed when the attacks on their principals occurred.

Whether the goal of the attacker is kidnapping or assassination, you the protection agent are also a target simply because the attacker that chooses to attack your client in your presence views you as an obstacle to success that needs to be neutralized.  

If you need additional motivation go to any news search and type in assassination, kidnapping or bombings and you will see that these events are still occurring on a daily basis all over the world.

Therefore it is in your best interest to be very good at the art of personal protection or one day you too may be gone!

"You are not paid for what you do, you are paid for what you may have to do, and when that time comes, you will be highly underpaid."

copyright  L. Altman 2010
Leopold T. Altman III - Member IALEFI, ILEETA, IACSP, ICTOA, etc...
Instructor, Sykes Group LLC - Law Enforcement Training Division
http://www.sykesgroups.com (Failure is not an option)

Instructor, Community Anti-Terrorism Training Institute

Moderator - Security Specialist (yahoo group)
0 Comment(s) / Post Comment