Using countersurveillance techniques, security managers can anticipate terrorist attacks.
When terrorists set off the bomb that killed 20 people and injured 372 at a U.S. military housing complex in Khobar, Saudi Arabia, in June 1996, it was not the first, second, or even third time the attackers had visited the site. Instead, authorities believe terrorists cased the site no less than 40 times during the 18 months leading up to the attack.
That type of repeated surveillance of a future target is standard operating procedure for terrorists. In its own training manual, al Qaeda instructs members to carefully photograph and diagram potential targets before selecting one.
Security experts have figured out how to turn this standard operating procedure to their own benefit: They use it to detect and thwart an attack before it gets beyond the planning stages. The key is good countersurveillance.
Fred Burton, a former counterterrorism agent with the U.S. State Department and now vice president for counterterrorism and corporate security at Stratfor in Austin, Texas, says countersurveillance works, and “it works very well.”
“In fact, I would say that countersurveillance is the only proactive security measure where you can actually identify hostile surveillance prior to a plot going into the attack cycle,” Burton says.
Private sector surveillance detection and countersurveillance, however, remains “in the infancy stage,” says Patrick Murphy, director of loss prevention at Marriott International, Inc. “The knowledge is out there, it just hasn’t gotten to everyone yet.”
Countersurveillance is about collecting data and analyzing it for patterns. The first step is to make sure that employees are trained in what types of suspicious activities to look for. The next two steps—data input and analysis—can be facilitated with software. One private firm, Abraxas Corp. of McLean, Virginia, has developed software designed for this type of application, which it sells as part of a package. The U.S. Department of Homeland Security has taken notice.
The service-software package, called TrapWire, is built around a simple, Web-based interface, which is used for entry of information about suspicious individuals and vehicles. The software analyzes this information, looking for patterns of suspected surveillance.
As a part of the package, an Abraxas team assesses the client’s physical vulnerabilities and identifies surrounding areas that lend themselves to site surveillance. This helps companies know what areas to monitor.
Once software is installed on the client’s network, and in-house security staff complete a day’s training—half of it on the system, half in the basics of surveillance detection—they can operate TrapWire on their own. When an officer spots a suspicious person or vehicle, he or she accesses the program via a password-protected page in a typical Web browser.
Using pull-down menus, the officer enters a set of characteristics—up to ten for people, ranging from physical appearance to behavior; and seven for vehicles, including, make, model, and license plate number. An image can also be included.
The profile, which Abraxas calls a “PeoplePrint” or “VehiclePrint,” is stored in the system database. The analytical software is programmed to spot patterns associated with surveillance operations, such as the repeated appearance of the same individuals and vehicles near the site.
Based on the data analysis, the program sets a threat level for the site on a scale of 1 to 100. It can also be set to alert security staff and supervisors about patterns or specific incidents.
Kirian Fitzgibbons, director of special services at the Steele Foundation, says such a system sounds promising, but as with much of security, it can only perform as well as the human element, which he says is “always the weakest link and always the most important part.”
Installation of TrapWire costs between $50,000 and $200,000, with an average setup cost of $75,000, and annual maintenance and upgrades projected at $50,000.
Whether or not a company goes with this type of system, it is critical to train staff in countersurveillance activity. As terrorist expert John Didden noted when he spoke at an ASIS event in Nice, France, last year, attacks are not inevitable.
Didden gave two examples of how alert staff at hotels in the Saudi Arabia observed and reported persons repeatedly, filming the entrance and asking the receptionist questions. A subsequent government investigation led authorities to the terrorists’ hideout; arrests were made, preventing the attacks.