Mosby Underground Trade-Craft: An Introductory Discussion

Preparedness advocates, whether they label themselves “survivalists” or “preppers,” fall along a wide spectrum of intensity and preparations, ranging from a total cataclysmic breakdown in the social fabric that will result in a Mad Max-type of tribalism, to those who look to previous socio-economic collapses, such as that suffered by Argentina in the last decade, where crime and violence and discomfort was certainly prevalent, but there was still some semblance of a social order (“Why, no James, actually, you cannot go out and kill all the people who looked askance at you in grade school!”).

Barring a complete tearing asunder of the social fabric, a la Cormac McCarthy’s “The Road,” which while possible, most learned observers agree is unlikely, one aspect of security preparedness that has to be dealt with is the development of training and planning to deal with attacks that are less than the Cannibalistic San Franciscan hordes storming the walls of your survival retreat-cum castle.

As the train falls further off the tracks, and law enforcement and government find themselves more and more irrelevant in people’s daily lives, people will increasingly find themselves more subject to threats ranging from “simple” robbery and home invasion, to unlawful detention (what we used to call simply “kidnapping”…..), or even outright murder and assassination. Additionally, there are those within the patriot movement of course, who firmly believe that they are subject to those types of attacks from the regime itself as well.

I’ve often been chastised by readers with no experience and resultant comprehension, for seeming to focus this blog on traditional field-craft, rather than focusing the development of skills specific to application in built-up areas. They are correct, but that lack of experience and training prevents themit from understanding the reasons behind that focus. If you can conduct operations successfully in rural/wilderness areas, you can conduct operations successfully in urban/built-up areas with only minor changes to specific TTPs. At the same time, if you cannot conduct operations successfully in rural/wilderness areas, you’re going to find yourself fucked in the ass when you try and perform in urban/built-up areas.

The two U.S. military units that are tasked most often with the conduct of clandestine or covert special operations in urban areas, CAG and DEVGRU, do not recruit off the street, regardless of the comic-book fantasies of some people. Even the Special Activities Division of the CIA prefers to recruit former military special operations personnel. This is for one very sound reason: those candidates already possess experience and a mental framework for the conduct of operations developed through the conduct of traditional small-unit combat operations in traditional field environments.

The truth is, with very few exceptions (and most of those were prior service), I’ve seen very few participants in classes who came into it with even a basic grasp of the subject matter that wasn’t flat wrong. It’s not something you can pick up from reading a couple of old field manuals. Urban trade-craft, further, is not something that you just “pick up” although like the farm kid/hunter who picks up a trick here and there that makes traditional field-craft “easier” to grasp, the urban dweller may find elements of urban trade-craft intuitively make sense, based on his life experiences.

Nevertheless, a solid grasp of understanding regarding the nature of urban trade-craft is absolutely critical, including the hostile planning cycle, types and methods of surveillance and counter-surveillance methods, and more.

From simple robbery and home invasions to kidnapping, carjacking, and bombings, to outright murder/assassination, during a breakdown in the social order, it is important, when discussing the methods of countering these threats, that we understand the planning and preparation processes behind them, in order to interdict such operations as early in the process as possible. Going to guns to elude exploitation by the bad guys, should he your last resort, especially with limited medical care, and when the bad people have more people and bigger guns.

Fortunately, studies of attacks throughout modern history, ranging from international terrorist groups, cartels, common criminal enterprise groups, and even formally trained government agencies, have illustrated that successful attacks are generally executed by groups and organizations who are “professional” in their planning and execution, and that “professionals” share common traits in the planning and execution of certain types of operations. Recognition of the existence of these patterns, as well as methods of interdicting the cycle of patterns, is the critical element in urban trade-craft, just as it is in traditional field-craft operations.

Understanding the planning and execution processes used will assist you in not only recognizing patterns of behavior that have the potential to influence you in a negative manner; they also allow you to utilize that recognition in order to interdict the enemy’s activities unexpectedly, thereby getting “inside his OODA Cycle,” and putting the odds more in your favor.

The Hostile Planning Cycle

Contrary to popular mythology, attacks, whether military, government agency, terrorist group, or criminal cartel, are not random, indiscriminate acts of spontaneous violence. Nor are they conducted by completely insane fanatic individuals. The reality is, despite the mythology, that numerous serious academic studies of hundred and thousands of attacks by terrorist groups and criminal cartels, from around the globe, have repeatedly revealed that violent criminal actors (VCA), liked trained military personnel and government operatives, follow a meticulous structured approach to intelligence gathering and planning in their attacks against potential targets and individuals. Doctrinally, we refer to this as the “hostile planning cycle,” and include eight steps: preliminary target selection (“Hey, we think this guy might be a potential target!“), initial surveillance (“Well, let’s see if he’s worth looking at further. Anything suspicious in his behavior? Can we grab him if we needed to?”), final target selection (“Yeah, this dude is definitely one of them. Let’s grab him!”), pre-attack surveillance (“Okay, so we know we need to grab him, how and where and when can we grab him?”), planning (because prior proper planning prevents piss-poor performance), rehearsals, execution, and finally, escape and exploitation (“Wow, that shit actually worked! I never would’ve thought it would…Oh, let’s get out of here now!”).

Operations do not occur inside a vacuum and in order to successfully execute any operation, it is necessary to understand the surrounding environment. A critical need in attack planning is the gathering of information about the target’s activities, habits, and routines. Surveillance is the tool used to gather this information. The hostile planning cycle is used to recognize and describe how hostile organizations use surveillance as a tool to identify and select targets, identify the vulnerabilities of those targets, and plan attacks that take advantage of perceived weaknesses in the target’s security preparations. Understanding how hostile acts are planned and executed will provide an opportunity to identify and develop defensive countermeasures to interrupt the hostile planning cycle.



Generally speaking, the first step in a targeted operation is the identification of potential targets. The idea is to identify potential targets whom attacking will decisively help achieve the ultimate aims and goals of the organization. A terrorist group operation in a foreign country for example, will target the US mission in that country, whereas a common criminal cartel may simply want to elicit terror in the general population or gain needed operational funds by targeting a wealthy individual or corporation. In a totalitarian regime, key personnel in a resistance movement may be the target. In order to develop this list, potential target names may be drawn from newspapers, the internet, or other media sources, or other sources of intelligence, ranging from identification by “snitches” to the development of a target list through technical surveillance of a group through eavesdropping and intelligence analysis.

It is critical to recognize however, that just because a person or facility is on the list does not mean they will necessarily be attacked. The objective of developing a preliminary list is to determine potential targets. Only through follow-on initial surveillance can the organization select the victim that will produce the greatest results, in view of the organization’s goals, with the least amount of possible risk. The highest profile individual or location, with the weakest security measures in place, will always be the target of choice. Hostile organizations will generally select targets that can be exploited for propaganda value who represent views and beliefs that are inimical to the organization’s goals or beliefs. While there are large numbers of people within the Patriot Movement who consider themselves high-profile targets of the regime, this is largely hubris on their part. Grabbing a middle-age accountant who occasionally posts comments on WRSA is of little value to the regime. On the other hand, those who make public spectacles of themselves, make themselves targets, if their personal security measures are inadequate. The recent arrest of Adam Kokesh (regardless of my personal beliefs that the dude is pretty much a complete fucking idiot) is an example of this. Here is a guy who has forced himself into the public limelight by openly challenging the power structure, and attempting to organize public resistance inimical to that power structure, while apparently having fuck-all for security arrangements.

Ultimately, the preliminary target selection list, as well as the follow-on initial surveillance to determine the suitability of those names as actual targets, is a cost-benefit analysis. What are the potential rewards for the organization, in targeting said individual, versus what are the potential costs of the attack failing, or in terms of blowback.

Ultimately, the objectives of the organization will determine if a subject is a suitable target or not. Kidnapping or assassination of an extremely high-profile target who has, or can elicit, a great deal of public sympathy, may not be in the best interests of the organization, regardless of how perfect or desirable a target the subject may otherwise appear to be. As an example, a government organization kidnapping or assassinating a high-profile cartel leader may elicit the supposedly desired response of slowing down the production and disbursement of illicit narcotics, or creating a temporary lull in cartel violence. On the other hand, if the subject has developed a wide base of support within the community (something Kokesh, for example, has never been able to do), it may actually result in the opposite result than desired, referred to as “blowback,” leading to increased violence, or even violence targeted at the organization and its sponsors specifically.

At the preliminary target selection phase, the simplest way to potentially avoid being targeted is to present as low a profile as possible. Looking like everyone around you makes you harder to pick out of the crowd. This is the traditionally espoused “grey man” approach. You dress like the locals, your mannerisms mimic those of the locals, and you do nothing in your daily activities that would arouse even the slightest suspicions that you are anything but exactly the same as all the people around you.

On the other hand, this grey man approach, for our purposes, has some serious drawbacks. It can result in an increase in the hostile organization’s power, as the general public realizes that no one is willing to resist, lending legitimacy to the organization, simply because they become so powerful that they begin to realize that everyone is too afraid of them to resist. This leads to the result that, ultimately, everyone, even the most benign-appearing individual, becomes a target of the organization’s hostilities. This results in such a loss of freedom of thought, movement, and operations, that the enemy ends up the de facto victor anyway.

The opposite approach, sometimes referred to as the “strong-point defense,” is an alternative to the grey man approach, wherein you present yourself as a hard target. In the simplest terms, that means recognizing that you might, in fact, be targeted, so you’re going to try and appear to be entirely too hard a target for them to hit without suffering unacceptably high-profile losses. An infantry unit, kitted up in a full-suite body armor and riding in Strykers and MRAPs can, initially, appear this way. To the hostile force armed with nothing more potent than individual small-arms, such an element can appear to be impregnable. On the other hand, just as insurgents throughout Iraq figured out rather quickly, even the hardest target is eventually vulnerable, if you’re willing to put forth the effort to conduct effective surveillance and information-gathering to determine where and when those vulnerabilities exist, and are willing to up the ante sufficiently. Hiding out in an urban ethnic enclave, as an example, works well, right up until the enemy decides that the public opinion hit they will take is outweighed by the tactical benefits of bulldozing the neighborhood around your happy ass.



Initial Surveillance

Initial surveillance is used to gather information about a potential target’s habits over time, including their common practices and routines, where they live, work, and play, and how they get to those places and when. It is also used to attempt to determine what security measures they have in place, if any. This helps narrow the preliminary potential target list into realistic target lists of subjects that can be effectively attacked at minimal risk of loss. It is critically important to realize that simply getting yourself placed on a preliminary target list, whether by a terrorist group, criminal cartel, or regime agency, is not enough to result in your being targeted for attack.

Webster’s Dictionary defines surveillance as, “surreptitious close watch kept over someone or something. More specific to our applications, surveillance is systematic, generally discreet, observaton of a subject, in order to develop detailed information about that subject’s activities and/or routines.

The objective of initial surveillance is to gather or develop detailed information on a person, location, or facility that has been identified as a potential target of an organization or group, that cannot be obtained through other sources.

We need to thoroughly understand the fundamental concepts and TTPs underlying physical surveillance of a target. Within your life, a surveillance operation could be targeted on a person, whether yourself, a family member or preparedness group member, the vehicles operated by any of those people, or the home, office, or retreat locations of those people. Rather than focus on the practice of active surveillance (although that’s obviously a pretty crucial skill set in itself), we need to focus on how to utilize our knowledge of surveillance in order to identify hostile surveillance of ourselves and/or family members and friends. Through a solid grasp of understanding of surveillance TTPs and suitable counter-measures, we can more effectively counter those surveillance attempts, and thus maximize our ability to live and function independently, without interference.

Surveillance in the initial surveillance phase of the hostile planning cycle is concerned with identifying which potential targets can successfully be attacked. It concentrates on learning the routines and habits of the identified subjects, determining routes traveled, and evaluating the security measures practiced (or not practiced in most cases), by the subject. The goal is to determine if vulnerabilities exist that can be exploited (and they always do. It doesn’t matter how tough you are, or how perfect your security plan is).

Fortunately, the initial surveillance phase is also the weakest link in the hostile planning phase for most organizations. The individuals tasked to conduct initial surveillance will generally be new personnel or even outside contracted individuals who may or may not be well versed in surveillance trade-craft. Even well-trained surveillance operatives however, place themselves at risk of compromise initially, due to the time necessary to learn about the area they will be conducting surveillance in.

Surveillance operations, specifically in the initial surveillance phase, can be broadly divided into two separate steps. The first is general area familiarization, while the second is specific target study and pattern analysis.

General area familiarization is conducted prior to the commencement of surveillance on a specific target. Operatives will study the general area surrounding where the surveillance operation will be conducted. This is the trade-craft equivalent of conducting a map reconnaissance in traditional operations. It is conducted in order to gather the basic background information needed for the specific target study. It is used to determine the general activity patterns of the local civilian population, including common dress and mannerisms of behavior, vehicle types and usage patterns in the area, and the availability of local-type transportation assets. Potential specific target study surveillance positions will also be identified during area familiarization.

Arguably, the simplest way to counter effective surveillance of your activities is to interdict the general area familiarization phase successfully. While some would argue that living in a large, well-populated area of an ethnic urban enclave, with the proverbial local neighborhood busybodies present who notice everyone and quickly pass the word around about strangers in the area, is the surest way to avoid or counter a surveillance effort, that’s not necessarily true. First off, living in a close-knit suburban-type area can provide many of the same benefits. Second, the densely-populated urban enclave offers far more hiding places for a surveillance team, and even in the most “isolated” urban areas, there are always enough outsiders passing through at any given moment, day and night, that it becomes relatively easier for the surveillance effort to hide themselves in plain sight, through the use of local appearances in their mannerisms, dress, and accouterments, such as their vehicle selection. Further, it can be difficult for an outsider to make inroads into the urban culture to the point where the natives and old-timers will consider you a fellow local.

Living in a rural, sparsely populated are, where everyone knows everyone, and strangers are easily identified, even at a distance, can provide many of the same benefits as living in the urban enclave. In this latter case however, you also have to have been accepted as a local, in order to be a recipient of the benefits of the “bush telegraph.” I’ve lived in rural areas where this took a minimum of three generations, and I’ve lived in rural areas where 5-10 years was adequate, as long as you “proved” yourself by being a good neighbor, with shared interests, and a willingness to work hard and help out your neighbors. On the other hand, the sparse population in rural areas can make the facilitation of fixed surveillance positions and hide-sites far simpler than in urban areas, with far less chance of compromise (unless, you know…you conduct security patrols….crazy fucking shit, huh?)

Ultimately, there is no ideal location. It is a matter of developing the community and networks to expose outsiders who are acting peculiarly. As with everything in UW, it really does fall back to building community and not pissing off the local civilian population, if you want to survive.



Specific target study, including pattern analysis, is what most novices think of when they consider surveillance as an aspect of trade-craft. It is conducted in an attempt to determine the target’s personal habits and routines, such as modes of transportation, routes of travel, including regular arrival and departure times and patterns, as well as overall apparent security awareness and discipline, as well as any specific security procedures that seem to be in place. The hostile organization will use the information gathered in this phase to help determine if the preliminary target is a legitimate and executable target or not.

While interdicting the general area familiarization is probably the surest way to stop a hostile surveillance effort, since they never get the opportunity to get close enough to you to conduct specific target study, the reality is, the specific target study phase of the initial surveillance is the simplest place to interdict hostile surveillance, because it is the aspect that you have direct control over. Through the use of observation, random travel patterns and irregular scheduling, as well as the presence of a robust passive and active security effort, you have the option of creating the impression of a target too hard to bother with in the hostile organization’s cost-benefit analysis.



Surveillance can be broadly categorized into either discreet or close-type surveillance. In the initial surveillance phase, a well-trained surveillance team will generally limit itself to discreet surveillance. This is the type of surveillance used to observe the target’s activities clandestinely or covertly. If it seems that the surveillance will be compromised, in a discreet surveillance operation, the operatives will terminate or break off their surveillance temporarily (this of course, leads novices to the false impression that if they can make the surveillance team believe they have been compromised, they will leave, and all will be well. On the contrary, this may make you appear a more attractive target, or at least, worthy of more in-depth study. The only thing the surveillance team has to do, is make themselves more difficult to notice….). Discsreet surveillance will often be used by terrorists or governmental organizations, in order to aid in target selection and identification, without risking the compromise of an anticipated follow-on operation. If it looks as if the operation is going to be compromised, breaking off surveillance temporarily is the sensible thing to do, in order to allow for a future resumption of surveillance without compromise, as noted above.

Close surveillance is the type of surveillance often used by law enforcement agencies against known criminal actors, as much as a deterrent to potential criminal activity, as to gather useful intelligence information (sort of a “pre-crime” sort of thing….). It is sometimes described as a harassing, smothering type of surveillance action. In the initial stages, the surveillance team may even be discreet, and attempt to observe the target without compromise. However, the ultimate purpose of this type of surveillance is to keep the target under surveillance, no matter what, so if necessary, the surveillance team will allow its presence to be revealed to the target. While this type of surveillance can be much harder to evade, since they don’t care if they have to squeal tires and race through stoplights, it also poses benefits to the target. If you simply behave perfectly, then the surveillance team never gets to gather any real information on you.

Whether discreet or close-type surveillance, the methods may include mobile, fixed point (or “stationary” or “static”) surveillance, either of which may be enhanced with technical or photographic methods of surveillance. Mobile surveillance is what most novices think of when they think of surveillance. It is the method used when the target travels, and may be conducted on foot, or utilize any type of vehicle, based on METT-TC, ranging from automobiles and motorcycles, to public transportation, helicopters or fixed-wing aircraft, or that great bogeyman of the Patriot Movement, UAVs.

Fixed-point, or static surveillance is generally thought of as being largely a rural-based method of surveillance, with the establishment of hide-sites in over-watch positions. While that is certainly one method of static surveillance, static surveillance posts can also be established in urban areas, in the vicinity of a target’s home, workplace, or other locations frequented by the target on a regular bases, including restaurants, bars, churches, gyms, etc. Additionally, static surveillance may be established along a portion of a travel route the subject uses regularly, in order to help determine time schedules used, or to enable mobile surveillance teams to “pick-up” a target, without them having to sit in an exposed position waiting for the target to leave a given location.

Operatives conducting static surveillance will typically attempt to establish some sort of a cover for their presence, in order to allow them to remain in a fixed position and conduct their surveillance without arousing undesirable attention from the local population (and no, Joe Friday, sitting in a car, with the heat running, when it’s snowing outside, is not fooling anyone…). This cover may range, in the short-term, from simply sitting on a park bench apparently engrossed in a book or conversation, standing and talking on a cell-phone, or sitting in a bar or restaurant, lingering over a meal, to more elaborate, longer-term options ranging from having an operative gain employment in the vicinity, to establishing a cover business or residence in the area where the surveillance will occur. Elaborate covers are difficult to establish and expensive to maintain, making their use for initial surveillance efforts practical only if the hostile organization has already limited its list due to mission parameters.

Technical surveillance is accomplished through the use of equipment to enhance a surveillance operation. From video recording systems and intrusion detection alarm systems to aid in establishing the patterns of a target coming and going from a set place, to radio-frequency transmitters as vehicle-tracking devices; from electronic eavesdropping devices built into cell phones, to programs like key-loggers installed into computers, technical surveillance can be extremely difficult to detect, and almost always requires similarly technical countermeasures to locate and defeat.

Photographic surveillance is conducted using video or still photographic recording cameras, and is used to record and document the results of the physical surveillance methods. While any surveillance method can be used in conjunction with others, the last two types are, by definition, limited to use along with mobile or static physical surveillance.

Surveillance techniques are most simply categorized into rotating surveillance and progressive surveillance. Rotating surveillance is conducted using a relatively limited manpower pool. It utilizes multiple people to follow the target while in transit, and operatives rotate their position relative to the target, hoping to provide the target with too many new faces to successfully recognize potential threats. This is the surveillance technique most commonly seen in cinematic and literary representation, because it’s the simplest of the two to counter. An individual with a good memory for faces, awareness of his surroundings, and a solid grasp of the dynamics of the local demographics, aided with even a modicum of basic counter-surveillance training, will “make” his tails with relative ease (not the same thing as saying it will be “easy.”). Countering rotating-type surveillance is where the training in trade-craft and counter-surveillance really comes into play, as you find yourself trying to remember the circumstances under which you last saw the familiar-looking face that just appeared at the newsstand in front of you, or that Buick with the scraped fender that is sitting at the intersection to your left.

Progressive surveillance is the phased coverage of a target. This technique uses multiple surveillance teams, each providing coverage of the target from Point A (“origin,” when the target enters their area of responsibility) to Point B (“termination,” when the target leaves their area of responsibility). The next phase of surveillance will be begin as the follow-on team, already in place, picks up coverage from Point B (their Point A) to Point C (their Point B). Subsequent follow-on teams will follow the same process. This process repeats until the surveillance operation has acquired the target’s entire route of travel. The use of multiple teams consisting of multiple operatives makes this the more difficult surveillance technique to detect and counter, at least in theory.

In reality, limited manpower and budgetary restraints, whether the hostile organization is a criminal cartel, terrorist organization, or government agency, means that most surveillance efforts will be a combination of rotating and progressive surveillance, with teams rotating along the progressive surveillance route.



Surveillance Indicators and Detection

Unlike an embassy employee overseas, with the full resources of the US government (well, at least usually, and in theory….*cough*Benghazi*cough*ahem*), supporting their security efforts, most of us do not have the resources available to have armored vehicles for our daily transit, let alone a full convoy of armed security, as well as intelligence and operations specialists to conduct our route analysis and to conduct our surveillance detection. Rather, we are forced to function more in line with the behavior patterns and training of an intelligence agent operating under Non-Official Cover (NOC), or a SF soldier operating as an advisory capacity in FID (Foreign Internal Defense) in a nation with an active, hostile, and successful resistance movement, without a large base of external support. Thus, if you believe you may, at some point, be the subject of hostile surveillance targeting, it is imperative to develop the correct mindset and (more importantly) frame-of-reference, to recognize what constitutes a surveillance indicator, as well as how to detect and recognize those indicators.

When performing counter-surveillance or surveillance detection operations, you are looking for specific indicators that will alert you to the presence of hostile surveillance against you. If you do not have the knowledge and training to recognize surveillance techniques, you are not going to recognize those indicators. That means either, a) you will end up a blustering, blubbering, psychologically damaged, paranoid fucking mess, as you decide EVERYONE is out to get you, or b) you will overlook indicators that could have clued you in to a forthcoming attack that might have allowed you yo escape without harm.

Additionally important, discovery of surveillance indicators, combined with the identification of surveillance against yourself or someone under your responsibility, can allow you to determine the level of capability of the hostile organization, based on the degree of sophistication indicated by their operational techniques.

Active surveillance operations will always present indicators. It is simply unavoidable. Your ability to detect and recognize those indicators is largely dependent on your understanding of what constitutes a surveillance indicator, and your continual level of awareness of your surroundings (I don’t give a shit how many cool-guy shooting classes you’ve taken, or how many times you’ve received a block-of-instruction on the “Cooper Color Codes,” none of us are 100% aware of our surroundings, 100% of the time. If that were even possible, there would never have been a successful criminal or terrorist attack in the history of mankind). Indicators are actions or behavioral characteristics that arouse our suspicions.

In order to understand surveillance indicators, we have to recognize that the conduct of surveillance operations has vulnerabilities by its very nature. Once these vulnerabilities are understood, it becomes much easier for the surveillance detection effort to key in on specific indicators.

Visual surveillance can only be conducted from a position, or positions, which offer a direct line-of-sight view of the target. This requirement to be in a certain location (one from which the target’s location is visible), makes it possible for counter-surveillance efforts to identify the possible positions from which surveillance can be accomplished, before a surveillance effort is even begun against a future potential target. If you suspect that your residence in suburbia is a potential surveillance target, figure out now, where it can be observed from. If you think that your favorite Starbucks stop in the morning (I know, that one blonde barrista is HOT! Isn’t she?) is a likely place for a surveillance effort to place you under static surveillance, figure out what positions it can be observed from.

The second weakness of surveillance is that, in order for the surveillance to see the target, they have to be in the area of the target. If the target is moving, the surveillance team or operative will have to be present in an area at the same time the target is moving through the area. Over time, surveillance will create a “pattern of presence” within the locations that offer a view of the target, if using rotating type surveillance, or if using doctrinal progressive surveillance, there will be a sudden influx of new, unknown personnel in the same area.

If the target is in a fixed location, the surveillance effort will need to over-watch the location from positions that offer a view of the location, including specific vulnerabilities in the security preparations. Patterns of presence, potentially including the sudden influx of new faces, are also indicative of static surveillance.

Discovering the correlation, or presence in the same locations as the target, is the key “trick” to detecting surveillance.

This does not mean that you need to assume that every new neighbor on your block is a surveillance operation in the works. It does mean, you need to conduct site surveys and route analysis, if your personal security threat matrix makes you objectively decide that you might just be a potential target for someone to surveill and attack. Knowing who is who in your daily operational area, as well as what positions afford positive surveillance over-watch of your daily activities, and developing a plan to maintain security of those positions, is the key to surveillance detection and avoidance of potential attacks.

Mistakes are a serious problem in trade-craft for surveillance operations. Poor use of cameras or other recording devices, or the ease with which an observant individual can notice someone taking notes as they pass, or the simple human error factor of operatives getting lazy and complacent, can provide a “short-cut” for surveillance detection. It is critically important, even as we look at common surveillance operations mistakes that can be surveillance indicators, that you recognize that detecting surveillance must be more than just looking for mistakes. Despite the prevalence in cinema and literature of focusing on these mistakes as surveillance detectors, establishing the positions from which surveillance can work, and then looking for correlation in those areas will reveal more surveillance indicators more often, than simply looking for a professional to fuck up (besides, if you’re getting TTPs from Hollywood or fiction writers, you’re a fucking idiot).

Common surveillance mistakes (and you’re going to recognize a lot of these, because every unimaginative espionage writer in the world uses them…) may include, vehicles parked in no parking areas that allow for a fast exit if needed, or vehicles parked in the same spot for extended times, with people inside that could be surveillance operatives, vehicle behind or in front of you in traffic that stop or start as you move, vehicles that pass you and then park, vehicles behaving dangerously or irrationally in traffic, such as weaving in and out of traffic, driving too fast or too slow, vehicles that blow through a red light behind you, or stop unnaturally on yellow, or vehicles that signal a turn and fail to turn, or fail to signal a turn and then turn abruptly in pursuit, vehicles that appear to be hiding from view, for instance, by pulling out as if to pass and then dropping back, or vehicles closing in tight in heavy traffic appearing to be in a hurry, only to drop back in lighter traffic (I told you that you’d recognize them all. They’re stupid mistakes that people make as a result of inadequate training or complacency in believing the target is unobservant. Of course, all of the listed could also be a result of typical, piss-poor, modern American driving, so don’t start getting paranoid yet…).

Foot-borne surveillance could be indicated by mistakes such as person turning away sharply when they realize you’ve looked at them specifically, or people hesitating or looking around when entering a building that the target has just entered, people leaving or entering a building that the target has just entered, people standing on the street or in lobbies, reading newspapers or magazines (or their fucking smart phones….a surveillance detection operators worst damned nightmare…a society of people who have their faces constantly tucked into a device that has a video camera device built-in…), improper dress or actions for the area (a dude in a Savile Row suit in South-Central Los Angeles, as an obviously extreme example…or anyone in a suit in most of rural Montana…).

None of these mistakes can be assumed, based solely on one action, to be indicative of surveillance. The point is, recognizing that these are common mistakes surveillance operatives make, and taking note, through observation, of the individuals or vehicles involved. If you see them again, in your proximity, you may have correlation that can be indicative of surveillance.



Using correlation to recognize patterns of presence, or the presence of unexplained strangers in an otherwise familiar environment, we can also look at other surveillance vulnerabilities to help us in our surveillance detection efforts. For someone participating in “risky” or illicit activities, it is human nature to exhibit behaviors that may appear to indicate fear or nervousness. Although training and/or experience can eliminate some of this, even slight exhibitions of this can be noticeable to the practiced eye and can be used to help identify possible surveillance. Most of the above mentioned mistakes, for example, are behavioral errors that result from discomfort or inexperience in conducting illicit activities.

The single most prevalent operational blunder that poses a problem for surveillance operations typically however, is the failure to become a part of the operational environment. This can result from cultural bias and religious or cultural ethnocentrism, to discomfort with eating the local diet or conforming to social norms in appearance or behavior (as an example, the discomfort American men have, in Middle Eastern cultures, with men cheek-kissing or holding hands, or the inability of many Americans to choke down foods that other cultures consider delicacies…fire-roasted African termites, anyone?). On a more familiar level, residents of the East Coast are, to most westerners, readily identifiable as soon as they step off the airplane (as one friend from Wyoming recently mentioned, only half in jest…”Of course I can tell a local from an easterner. The easterner is in boots and a hat, to look like a cowboy, while the local, who IS a cowboy, is wearing sneakers and a baseball cap!”I would have laughed, but it’s kind of an old joke…). It can be difficult to be in an area for one reason, but to convincingly appear to be there for another reason that is innocent. The reality is however, that since “perception is reality,” if someone in the local area sees you as being out of place, and they are concerned about hostile actions, they will perceive you as being hostile, even if you’re not. For that reason, it becomes incumbent upon us, in the counter-surveillance role, to get to know, well, as many of the locals in our area as possible, make sure they know we’re on their side, through behavior proof, thus providing them justification to have the desire to inform us if someone is acting “hinky.”

At the same time, the sooner you establish yourself as an “insider” in your local culture, the sooner you will begin to be able to recognize who belongs and who is behaving or dressing strangely for the local environment.



Observation Skills for Counter-Surveillance and Detection

Ultimately, the key factor in successful surveillance detection is you. Your ability to observe your surroundings and maintain awareness of your environment is what will allow you to notice out-of-place behaviors and mannerisms, as well as patterns of presence. Inadequate observation skills, or failure to utilize those skills will result in your walking around with your head up your ass until the day a bunch of dudes in black balaclavas either kick in your door, and grab you out of your bed, or snatch you off the street, as you’re sipping your Grande Mocha Lotta Fuckup Coffee.

Observation training for counter-surveillance as for surveillance boils down to three key elements: the ability to see both the forest and the trees that make up the forest, the ability to remember what you’ve seen, in detail, and the ability to describe those details later, both to yourself and to other members of your team/group/community.

The reality is that the level of observation required for successful surveillance detection cannot be achieved by either the stupid or the lazy. It requires a great deal of mental effort, requiring you to remain security conscious and alert, in order to make detailed observations of your surroundings, rather than simple glances, as well as the ability to describe what you’ve seen using detailed, accurate descriptions about people, vehicles, and facilities.

When describing a vehicle, for example, “Oh, it was a yellow mid-80s sedan” is not adequate. While there are probably relatively few yellow, mid-80s sedans running around the streets, you still need more detail, both for your own memory, and for the use of the information of other members of your group or team who may be aiding in your counter-surveillance efforts, or who may themselves be subject to surveillance by the same organization in the same time frame.

To describe vehicles, you need as much information as you can get, in the time you have available before either you or the vehicle leaves the area.

• color. Be specific. Not simply “green” but the specific manufacturer’s name for the shade of color, if you know it, or what you believe the shade is, “lime green,” fuscia green” (is fuscia a shade of green?), or whatever….
• Year, Make, Model. At a bare minimum, a description of “mid-90s Toyota SUV” is better than “Uhm, older SUV?” Ideally, something as specific as “1997-1998 Ford F-250 Powerstroke” is perfect.
• Body Style. “The F-250 was the crew-cab version!” The Yellow Subaru was the hatchback version, not the station wagon type.”
• License plate numbers, including the state of issue, or at least a description of the appearance.
• Physical description, presence of oddities or unique marks. “Dude had one of those rainbow stickers on the back bumper.” Scars and scrapes on the body, different wheel designs (one was chrome, the rest were rusted steel), different tires, broken or cracked windshields, broken or missing mirrors or signal lights, rust spots, etc….Be as detailed as you can be.

When you are trying to develop a description of a person, whether to report to others on your team, or simply to remember yourself, be just as specific as you are in describing suspicious vehicles.

• gender
• race or ethnicity, if it can be readily determined.
• hair and eye color, if possible.
• approximate height and weight.
• age estimate (at least to the half-decade)
• physical build (skinny/slender, medium, large/fat, large/muscular, athletic, etc…)
• physical characteristics and oddities (beard or mustaches, long hair, bald, close-cropped hair, visible tattoos with descriptions if possible, shape of the face, mannerisms including gait or hand and arm movement patterns–i.e. he shrugged alot, or waved his hands when talking, etc)
• Easily changed features. clothing, glasses, headwear, footwear, etc…

When describing a person, or developing a description of a person, follow a set pattern, to ensure you don’t overlook or forget to mention any specific characteristics. Start at the top, and work your way down.

Pay attention to the details. As most people who’ve taken a class with me will attest, I am extremely fond of the classic proverb, “God is in the details.” When looking at a person that you don’t recognize, or that you recognize but aren’t sure why you recognize them in that particular venue, take note of the details:

• Do they fit in to the area and the activities (a construction worker, without a tan, in Texas, would stand out. Hell, in parts of Texas, a construction worker who spoke English as his native language would stand out…)
• What are they doing, and do they have the right accessories or tools to be doing what they appear to be doing? (For instance, a dude working on a power line, but has no tool belt on, or in today’s world, isn’t wearing a reflective safety vest…)
• Are they paying attention to the job, or are they too busy looking around?
• Are they locals?
• Are they meeting someone, or do they appear to have another valid reason for being present in the area?
• What did they do after you, or the potential target, left the area? Did they take note of the exit? Did they follow? Did they stay? Did they go somewhere else?

Understanding what we’ve observed is critical to determining if a suspicious-appearing individual who is new in our operational envelope is actually a threat, or just another putz trying to make it through a day. Understanding is achieved through education, training, practice, and experience. I’m offering you education and training. Once you’ve taken advantage of that, you have to continue to practice it, using the practice to develop the experience that tells you if what you are seeing is real (or is it Memorex?). As with all aspects of security preparedness, simply reading this article isn’t going to provide you the skill to recognize, detect, and identify hostile surveillance. Watching a bunch of old spy movies from the Cold War, or reading John Le Carre novels will not prepare you for counter-surveillance operations. You need to actually learn the physical hard skills, and then put them into practice.

One readily available tool for surveillance detection training (this is actually one of the best training tools I ever learned in the military, and I recommend it for lots of training tasks, including speeding the observation phase of the OODA cycle….wait…observation in the OODA Cycle…observation in surveillance detection….damn! It’s like I planned this shit or something!)are KIM’s games. Once again (because I always seem to have to correct motherfuckers on this fact), this does NOT stand for “Keep In Memory” games. I don’t give two fucks what your old buddy from high school who was a sniper in the Foreign Legion told you. It is named after the title character in Rudyard Kipling’s novel Kim, who is taught espionage in colonial India. This is one of the training tools used.



Training Tool: KIM Games

A basic version of KIM games involves placing 10 items on a table, covered with a blanket, poncho liner, or anything suitable. Students observe the objects when the instructor uncovers the table, but are not allowed to touch the items, or to talk during the exercise. After a prescribed period of observation, the table is recovered, and the students are allowed to make notes of their observations. They write out descriptions of the objects, including a description of size, shape, color, condition, and what the object appears to be. Following the recording of their observations, one variation of KIM games involves the instructor(s) asking the students questions about the items, in varying levels of detail, depending on experience in the exercise, times restraints, and the complexity of the items on the table. For instance, “What was the item in the bottom, left corner of the table?” (A Kalashnikov) “What caliber was it?” (Shit! Was it a 47 or a 74?) “What country manufactured it?” (Uhm….Russian? Romanian? Chinese?)

“What was the serial number on the rifle?” (!@#$#@! WTF?) The purpose of KIM Games is to enhance the students’ observation skills, as well as his ability to recall the detail he noticed.

Variations on the basic KIM Game can range from automatic weapons fire during the observation phase, to PT exercises between the observation and recording phases, to waiting a given period of time before the interrogation phase.

(Another variant on the KIM Game that I play with HH6, since ATL is too young to play yet, is particularly useful for surveillance detection. I’ll inform her that we’re going to play an observation game from this stoplight to the next. Her job is to look at as much detail as she can take in, as we drive. Once we get to the next stop light, I start asking questions. “What color pick-up was parked at the pumps of the Conoco station?” “How may kids were in the back of that Mexican minivan we passed mid-block?” “There was a dude standing in the door of the yellow house on the left. What did he have in his hand?” If you’ve got kids who are old enough, play it with them, and offer rewards for good observation and memory skills displays. “If you can answer five difficult questions correctly, I’ll buy you an ice cream/do your chores for you/buy you a new XBox game/etc….) This not only benefits the “student” but the “instructor” who begins to have to look more in-depth at the details, in order to try a fluster the students.)

 

Ha!