Operational safety for dummies

[This is a short text written for the Delta Green RPG mailing list; DG is one of the best roleplaying game setting’s I’ve ever played in and I highly recommend it]

If you come from FBI or CIA, you know this all already, but there are many valuable Delta Green operatives who come from different backgrounds and don’t have extensive tradecraft training. This primer is intended form them.

Remember again, cell phones are your enemy. If you don’t have your Delta Green issued phone, you may use burner phones for emergency, but isolated burner phone networks stand out in traffic analysis, and they can be used to locate you. And remember, if you use a burner phone, use a separate phone, when you change a SIM into your normal phone, it will read your IMEI number and voila, your burner phone is now associated with you and your normal phone from the point of view of an intelligence agency. Also, it’s better to talk than to send text messages, because if you’re not under surveillance yet, but a government agency will later on decide to look at your activities, they will have the list of phone conversations you’ve made and the list of all text messages with their contents.

Remember to remove the battery from the phone when not using it. When travelling to a sensitive area, turn off your phone and take out the battery 3-5 km before reaching it in an urban area, and 20-30 km before your destination in a rural area.

No computer connected to a network is safe. You should encrypt your computer with TrueCrypt whole disk encryption with a dummy operating system, which provides you with plausible deniability. Anything less is a waste of time against a government agency. When your computer is connected to a network, use the decoy system. When working on DG-related information, disconnect your computer from any networks, boot into the hidden operating system and work. If you need to send something from a network, boot into a disposable secure system from a pendrive. E-mail should be encrypted with PGP and instant messages should use OTR messaging encryption for less sensitive information.

Important information can have only one form of encryption – one time pads. Distributing OTP key material requires a physical meeting (for verification – never leave an OTP key unguarded in a dead drop, a third party could surreptitiously copy it), but you can have a few dozen gigabytes of true randomness stored on a pendrive and thus a truly secure information channel. PGP/OTR and other asymmetric ciphers should be secure against mundane attacks, but Majestic 12 or PISCES may have arcane means of discovering your encryption keys, so one time pads are the only way to go.

Enlist the help of your friends from the FBI and CIA and learn basic covert anti-surveillance drills. Don’t have a routine schedule of the day and change your routes on a regular basis. Get a bicycle, and sweep it regularly for bugs and GPS locators, or start roller skating. Use public transportation whenever possible. For cover, you may talk with your friends and co-workers about the hazards of greenhouse effect and CO2 emissions, even though you know doom is much closer at hand. This will provide a plausible reason for eschewing cars, which are much more difficult to sweep for bugs and locators and much easier to follow.

When at home, observe its vicinity from upper story windows, looking for trigger positions (cars with one or more persons inside or vans parked for a long period of time, with tinted windows or curtains). Scan possible trigger positions further away from your home with binoculars.

When returning home, walk around the block (with a cover story, e.g. going to a kiosk to buy a newspaper or cigarettes or chewing gum or whatever) and observe if someone is setting up a trigger position near your home.

Leave a garage in a vehicle driven by someone else, while you hide at the rear under a blanket.

Talk with friendly neighbours and security. Don’t challenge any suspect persons, but you may call the police (preferably from a burner cell) and observe the encounter through binoculars (the trigger may identify itself to the police, if they’re LEOs themselves)

When driving, pretend to be lost (in an unfamiliar area of the town – pretending to be lost near your home is not covert), do a U turn and observe passing vehicles. Drive around a roundabout a few times (if you’re riding a motorcycle, you can do it just for fun).

Alter your speed frequently. Speeding may not be a good idea, because it may attract the attention of legitimate law enforcement, but it helps to ferret out the follow team.

Stop immediately after turning right (left in UK) and note the vehicles that pass you.

When in traffic, note drivers of vehicles near you and check out their behaviour (although in this age of hands-free sets and cellphone yakkers it’s not a very reliable indicator).

Enter a cul-de-sac (you can pretend to be lost).

Check who’s stopping with you when stopping at a gas station.

Indicate turning one way and go another, at the same time observing for watchers who do the same – just don’t cause an accident and don’t kill a biker.

To lose the follow team, drive onto a car park with multiple exits and leave through one of them, or park somewhere and exit on foot, observing for trigger vehicles setting up near the car park exit. You may also jump a red light, but make sure it’s safe and there are no red light cameras.

When on foot, enter a phone box and pretend to talk, then observe whether a surveillance operator enters into the booth and checks it for dead letter boxes.

Use large shopping centres with multiple exits and with escalators that switch back (excellent surveillance traps), although when surveilled by LEOs they may decide to use the CCTV system to track you, so be aware of the CCTV cameras and wear a hat or a hoodie.

When running a surveillance detection route, you should use street furniture (bus stops, large panes of glass) to look back, as well as frequently cross the street (this gives you a pretext to look back). Walk both through quiet areas with little pedestrian activity and through bustling areas, where you can observe the route behind you for people who seem to be nervous and look around a lot (it’s hard to locate someone in a crowd). You can try to lose the watchers there by changing elements of clothing (hat, jacket) before heading to one of the exits.

Drop a piece of paper near a trash can, then covertly observe if someone picks it up.

Get a public transport pass and use buses, underground and trams, whenever available; hang around at the platform and try to be the last person who enters, or don’t get onto a bus, or get onto a bus and leave at the last moment (this last action is rather overt, though).

In an unfamiliar territory, you can pretend to be lost and change directions a lot. If you identify a member of the surveillance team, you can look directly at him/her, and approach them and ask for directions, this will reinforce your cover of being lost while at the same time burning them, decreasing the size of the surveillance team.

You may also confront them directly (“why are you following me?!”, take a photo of the suspected operator), but only in public places and preferably close to police or security; or, in case of a small, amateurish surveillance team, in a deserted place with backup provided by rest of the Cell with heavy armament.

A rather overt anti-surveillance move is “squaring the box”, that is, instead of going straight, going right, then left, and then right back onto the same street you began on (this works both on foot and in a car or motorcycle). Normally, people take shortest route, so anyone following you during squaring of the box is highly suspect. However, for the same reason you become suspect, unless you successfully pretend you’re lost.

If you notice the same person or car three times during your SDR, you should assume you are being followed. The mnemonic is TEDD: if you see someone repeatedly over Time, in different Environments and over Distance, or one who displays poor Demeanor you can assume you’re under surveillance. It’s easy to spot bad surveillance, if you are looking. Civilians are easy to follow, which is why terrorist groups were able to get away with bad tradecraft. Unaware targets walk blindly through life. Most cultists will not have intelligence even private investigator level training and resources, but might try to follow you anyway. They will be easy to spot.

However, if you suspect you might be under Majestic-12 or PISCES surveillance, you should operate under “Moscow rules”, that is, assume you’re under surveillance all the time. In Russia, MI6 assumes their officers require about 6 months to get competent enough to spot the local watchers, and MI6 officers have far more training in surveillance than you can get from your tradecraft-trained friends from the cell. Under Moscow rules, you should perform SDRs for at least an hour or two before meeting, and all meetings with fellow conspirators should be done using the “dry cleaning” procedure. This means that you shouldn’t agree on a specific meeting place, just a general public location, and have a covert signal for recognizing each other – moving a newspaper from left hand to right hand, checking the hour on a wristwatch, something that can be done naturally and does not attract suspicion. When you have noticed the person you are meeting, go on a surveillance detection route, but do not perform active anti-surveillance to lose any surveillance team. The person you are meeting will also follow you and will perform counter-surveillance, trying to see if anyone is following you. Then, after some time, if they don’t find any surveillance, they will use a predetermined signal again, and you switch roles – the other party walks away and you follow them, checking them for a tail. Only when you are satisfied that the other party is also clean signal them and go to final meeting place. If at any time surveillance is detected, abort the meeting and go to a backup location and time, this time performing more anti-surveillance before arriving at the first meeting place.

When the meeting does occur, the first thing you should establish is the next meeting point and two fallback plans. Emergency plans and signals should always be established and memorized, don’t write anything down.