Advanced Criminal Investigations and Intelligence Operations
Page 3
The firm offers services in a full range of legal and litigation support
activities, including computer forensics and security, forensic accounting (auditing) and fraud examination, accident investigation and reconstruction (automobile and interstate transportation, rail road, aviation, and marine, OSHA, industrial and construction, etc.), and auto theft and arson and
explosives investigations. The firm also conducts asset protection, loss prevention, internal theft, and risk management investigations and a wide range of litigation support services, such as illustrations, graphics, charts, graphs, diagrams, and analytical and presentation media.
xxi
xxii
About Robert J. Girod Consulting, LLC
You may visit the firm’s web page at RGirodLLC.com for more informa-
tion or services.
Come, Watson, come! The game is afoot. Not a word! Into your clothes and
come!
Chance has put in our way a most singular and whimsical problem, and its
solution is its own reward.
I listen to their story, they listen to my comments, and then I pocket my fee.
~ Sherlock Holmes ~
Sir Arthur Conan Doyle
Black Bag Operational
Planning
1
Black bag operations, are covert or surreptitious entries for the purposes of intelligence gathering. This may be national security intelligence, military intelligence, law enforcement investigations, or business and industrial intelligence. Domestic spying (as opposed to foreign spying) is only legal when conducted pursuant to a valid, legal search warrant, wiretap order,
or similar legal requirement (subject to probable cause) and after meet-
ing any other strict statutory requirements. Such operations are subject to very strict laws when conducted domestically.
This point cannot be emphasized enough: Statutes and case laws change
constantly. Do not rely upon any source of law as being current without
conducting legal research or consulting competent legal counsel. Statutes and case law included here are current at the time of research but should be researched for current and up-to-date law before relying upon them. Always seek competent legal counsel on any legal questions.
Operational Planning
Operational planning involves research, that is, researching the target and target area. The success of the operation depends upon the extent of planning and research. Impromptu operations will produce impromptu results
(which are usually bad). Do not skimp on the planning phase. Plan for all possible contingencies; anything that can go wrong probably will. Plan such operations in much the same way as you would plan a surveillance (which
you should also plan and may be a part of the black bag job). Spend time to determine all that there is to know about the target location. Remember the six P s—Proper Planning and Practice Prevents Poor Performance.
The target location may be an obscure, rural, low-tech location or a con-
gested, urban, high-tech, high-rise facility. Floor plans and measurements are essential. These can be obtained from the local agency that approves
the building permits. Zoning and building inspection offices may also be a viable source. Maps of the area, especially bounding streets and roads, and aerial photographs are also essential. You should know the type of structure, number of floors (stories), the height, adjacent building information, types of occupants and zoning, etc. You may want to rent the office, apartment, house, or building next to the target.
1
2
Advanced Criminal Investigations and Intelligence Operations
Internal and external lighting systems (including street lights and motion-activated security lights), barriers (fences, windows, doors, access control, etc.), and alarm and other security systems must be determined. The presence of
security personnel, dogs, and residents or workers and their schedules is also critical. Even if the entry and operation are legal (and we will assume that it is for our purposes), raising the alarm and summoning the police are not conducive to efficient operations. Do not assume that other law enforcement wil know that you are supposed to be doing what you are doing. They probably wil not, and such operations are almost always on a Need to Know basis, that is, not sharing the information outside of the operation.
Reconnaissance should be conducted, and surveillance photographs and
videos should be obtained ahead of time and used in the planning phase.
A good cover should also be prepared to conceal your purpose, avoid attention, or explain your presence if detected. Enlisting the unknowing aid of janitors, guards, neighbors, or other tenants may be helpful, but should be done so discreetly and with extreme caution to avoid suspicion and wanton gossiping which will reveal that something is amiss.
Preparation before and debriefing following operations may both
involve the use of Periodic Intelligence Reports (PERINTREP). This includes information on the situation, activities (target), order of battle (OB), counterintelligence, weather, terrain, and analysis (see Figure 1.1, FM 30-5
Combat Intelligence, Appendix D-1, Format for Periodic Intelligence Report
[PERINTREP], pages 1–3).
Identification and New Identity: Cover Story
A cover story is essential to undercover or black bag operations (clandestine operations or investigations). Chapter 4 discusses undercover operations, cover stories, and identity changing in greater detail.
MI9, the British Directorate of Military Intel igence Section 9 and a sister agency of MI5 and MI6, was formed in 1939 and operated throughout World
War II to aid resistance fighters and infiltrate POWs who had escaped. MI9
used the advice of the stage magician Jasper Maskelyne to design the hiding places for escape aids: tools disguised in a cricket bat, a saw blade inside a comb, maps in the backs of books and on playing cards and inside gramo-phone records, boardgame sets that concealed money. Forged German identity cards, ration coupons, and travel warrants were smuggled into POW camps.
The 2012 film Argo—adapted from the book The Master of Disguise by CIA officer Antonio J. Mendez, in which Mendez led the rescue of six U.S. diplomats from Tehran, Iran, during the 1979 Iran hostage crisis, and from Joshuah Berman’s 2007 article The Great Escape in Wired magazine— provides a dra-matic and entertaining view of extraction and exfiltration (Exfil) operations.
Black Bag Operational Planning
3
Tony Mendez, an artist, illustrator, and tool designer, was an expert in forgery and disguise. The Canadian Caper was the popular name given to the joint covert rescue by the CIA with the cooperation of the Canadian government
of six American diplomats who had evaded capture during the seizure of the U.S. embassy in Iran on November 4, 1979. The caper involved CIA agents Tony Mendez and a man known as Julio directing the six diplomats to form a fake film crew made up of six Canadians, one Irishman, and one Latin
American used the cover story of “scouting a location to shoot a scene for a Figure 1.1 FM 30-5 Combat Intelligence, Appendix D-1. Format for Periodic Intelligence Report (PERINTREP), pages 1–3.
( continued)
4
Advanced Criminal Investigations and Intelligence Operations
Figure 1.1 (continued) FM 30-5 Combat Intelligence, Appendix D-1. Format for Periodic Intelligence Report (PERINTREP), pages 1–3.
Black Bag Operational Planning
5
Figure 1.1 (continued) FM 30-5 Combat Intelligence, Appendix D-1. Format for Periodic Intelligence Report (PERINTREP), pages 1–3.
science-fiction film Argo.” The ruse culminated on the morning of January 28, 1980, at Mehrabad Airport Tehran. The eight Americans successfully boarded a Swissair flight, escaping to Zurich, Switzerland.
There are three basic forms of new identification (ID) documents: (1) false ID, (2) counterfeit ID
, and (3) genuine government-issued ID for a false identity.
State-certified birth certificates, driver’s licenses, and social security cards with valid correlating numbers are core documents from which all other documents come. Identification can be purchased from a variety of mail order companies or manufactured with a good computer and program-providing templates.
6
Advanced Criminal Investigations and Intelligence Operations
Times have changed, and problems develop in the preparation of a
cover identity. Older methods for identity changing no longer prove accu-
rate and valid. New legal loopholes may be opened or (more likely) closed, procedures change, and technology evolves.
Somewhere between the official under cover (UC) and the no official cover (NOC), there are other methods for creating an identity. The usual starting place for a cover or new identity is to obtain a birth certificate for a deceased person of the correct gender and approximate age. This is usual y a prerequisite to obtaining a social security number (SSN) identification card, a driver’s operator license number (OLN), a passport, etc. Birth certificate can be obtained from the county health department (where the clerk may have known the deceased person) or, better yet, from the state bureau of vital statistics (usual y the department of health). The county or state health departments or the county clerk’s office is usual y where birth, marriage, and death records are filed. Usual y, an identity of the deceased is obtained from the death records, obituaries, or tombstones in a cemetery.
First, find out what is required to obtain a copy of a birth certificate from the county, state, or country where your subject was born. The date of birth (DOB), place of birth (POB), and both parents’ names are generally required.
A form and fee are usually required. In some states, such as California, birth and death records are filed together, so this could arouse suspicion. Small towns should be avoided where a clerk may have known the deceased.
Chapter 4 discusses undercover operations, cover stories, and identity
changing in greater detail. This should be a part of all operational planning.
Planning is critical, yet it is important to remember problems will indeed arise from unexpected sources regardless of how meticulous the plan is. Plan for the worst and hope for the best is a good rule of thumb.
Point of Entry and Exit; Ingress and Egress
Once the planning phase has been completed, rehearsal is always a good idea.
Once the plan is ready to be implemented, the entry and exit (ingress and egress or insertion and extraction) are obviously the most important step in the job.
Entry may require obtaining keys or copies of keys. If they are not available, copies may be made using a key impression pad. If access to copies is not possible, lock picks and bump keys may be necessary. This will be discussed in detail later. Security pass cards, access codes, and other devices may be necessary, depending upon the security measures adopted in the planning phase.
Entry and exit should be made in complete silence. Although commu-
nications may be necessary, it should be as silent as possible and limited to necessary communications. Command, communications, and control
(C3) are essential. Everyone must be in the communications network, and
Black Bag Operational Planning
7
it is best to have one designated communications controller. That person
should be responsible for monitoring other communications resources.
Law enforcement can disregard the dispatches of other officers who are sent to investigate suspicious person, prowlers, or burglary in progress calls by patrol officers. Someone outside should monitor what the rest of the team cannot and be aware of what is happening outside. Monitoring security,
maintenance, and other facility communications is also extremely useful.
Once egress (exit) or extraction is completed, all personnel should get out of the area of operation (AO) as soon as possible by leaving the surrounding area quickly and undetected or unnoticed. Changing clothing and appearance should be accomplished as soon as away from the immediate vicinity.
Discrete vehicle changes may be necessary or simply changing the appearance of the vehicle(s) to avoid detection or notice. (You can be detected, that is, seen or observed, without being noticed, that is, drawing noticeable attention.) Equipment
All equipment should be light and compact, and only the equipment that is necessary should be carried, without forgetting what may be necessary. This begins with clothing and personal equipment. Clothing that is conducive to concealment (camouflage or low visibility), blends or fits in the environment (looking like everyone else in the area and not standing out), and is part of a cover story or disguise (maintenance, employee, or utility uniforms) should be selected. Do not try to look like a cop or James Bond in a tuxedo at a biker ral y.
Fit in and be plain and boring; don’t try to have any character that makes you noticeable. Dull black or charcoal gray colors show up less than dark black does.
Maroon has a lower visibility spectrum than most colors. Broken up patterns are less detectable than solid patterns. Don’t forget your face when concealing your identity or avoiding detection or notice. Remember that detection is being seen and notice is taking note of what is seen. Biker clothes at a biker ral y are not noticed. Employee uniforms at a business may blend in with the environment.
If keys are not available, key impression pads may be useful in obtain-
ing a copy of keys. Lock picks and pick guns, bump keys, and other access devices are probably a must to gain access to buildings, rooms, safes, drawers, cabinets, vehicles, and other areas that must be accessed.
Communications equipment should be reliable, redundant, compact, and
stealthy (as silent as possible). As mentioned earlier, everyone must be in the communications network, and it is best to have one designated communications control er. That person should have access (from a different location) to other communications, such as monitoring police and security. (Law enforcement officers should monitor their own patrol frequencies for possible dispatches of officers to investigate suspicious activity or burglary in progress cal s.)
8
Advanced Criminal Investigations and Intelligence Operations
Illumination equipment, such as flashlights, tactical lights, LED key rings, night vision, heat sensors (infrared or IR), and other optical devices are useful.
Lineman’s or cable technician equipment may be useful and a good part
of a cover story. Wire ties, electrical and duct tape, and blackout curtains may also be a useful part of concealment, containment, and interruption (emergency detention) kits.
A flaps and seals kit is used to open documents and document containers
without detection. Equipment such as cameras, flash drives, keystroke readers, and computer forensics equipment may be necessary to document what you
are there for. Bugs, taps, and emissions equipment may be the primary purpose for the operation—to install detection and interception devices for listening or receiving communications or emissions.
Cash is useful. Do not use credit or debit cards on a job. They can be
traced, and your identity and purpose will be revealed.
Biometric Security Devices
Carl Sagan once said,
We live in a society exquisitely dependent on science and technology, in which hardly anyone knows anything about science and technology.
He also said,
We have also arranged things so that almost no one understands science and technology. This is a prescription for disaster. We might get away with it for a while, but sooner or later this combustible mixture of ignorance and power is going to blow up in our faces.
Finally, Dr. Sagan said,
Skeptical scrutiny is the means, in both science and religion, by which deep thoughts can be winnowed from deep nonsense.
(R
etrieved from http://www.brainyquote.com/quotes/authors/c/carl_sagan.
html on June 5, 2013)
Biometrics is the emerging technology that automatically identifies an individual based on his or her characteristics. It is the science and technology of measuring and analyzing biological data. In information tech-
nology, biometrics refers to technologies that measure and analyze human
body characteristics, such as fingerprints, eye retinas and irises, voice patterns, facial patterns, and hand measurements, for identification and
authentication purposes. Such systems digitally fingerprint people, read
the patterns of their irises, measure the unique dimensions of their faces, or verify their voices.
Black Bag Operational Planning
9
Biometric information can be used for access control and remote identi-
fication. Access control is a system that enables an authority to control access to areas and resources in a given physical facility or information systems.
There are two classifications of biometric information: physiological and behavioral characteristics. Physiological characteristics include fingerprint, hand geometry, DNA, facial features, and eye (iris) pattern.
Iris recognition uses pattern-recognition techniques based upon resolu-
tion images of the irises of an individual’s eye (the contractile, circular diaphragm forming the colored portion of the eye and containing an opening,
the pupil, in its center). This process is not the same as retina scanning (the biometric use of this scan is used to examine the pattern of blood vessels at the back of the eye). Iris recognition uses camera technology to create images of detailed, intricate iris structures. This information is converted into digital templates that create a mathematical interpretation for positive identification.
Behavioral characteristics that are unique to people include gait, signa-
ture, and voice. Anything that is unique to a person can be converted to a digital format that can be used to differentiate him or her from others. Gait is used to authenticate people by the way they walk. The attractiveness of this technique relies in its unobtrusive properties, since individuals are authenticated at certain distances without any need for cooperation. To create a gait signature, some models are based on temporal and spatial metrics of the human motion.