Those who conduct surveillance — either for nefarious or protective security reasons — frequently have used available technology to aid them in their efforts. In earlier times, employing such technology might have meant simply using a telescope, but in more recent years, surveillants have used photographic and video gear, night vision aids and electronic equipment such as covert listening devices, beacons and programmable scanners. These efforts have been greatly enhanced by the advent of personal computers, which can be used to database and analyze information, and the Internet, which has revolutionized information gathering.
Doubtlessly, modern technology has radically altered the surveillance process. What it has not done, however, is render physical pre-operational surveillance obsolete. Despite innovative Internet tools, a person sitting in an Internet café in Quetta, Pakistan, cannot get everything he or she needs to plan and execute a terrorist attack in New York. There are still many things that can only be seen in person, making eyes-on surveillance vital to pre-operational planning. And, as long as actual physical surveillance is required, countersurveillance will remain a key tool for proactively preventing terrorist attacks.
The Internet as a Tool
The Internet has proven to be an important asset for those preparing a surveillance operation. If the target is a person, open-source Internet searches can provide vital biographical information, such as the target's full name, address, occupation, hobbies, membership in organizations, upcoming speaking engagements and participation in charity events. It also can provide the same information on the target's spouse and children, while image searches can be used to find photos of the target and related people.
In most instances, public records checks performed on the Internet also can provide a vast amount of personal information about a potential target, including property, vehicle and watercraft ownership, voter registration data, driver's license information, criminal history, professional license information and property tax data. The property tax data can be especially revealing because it not only tells the surveillant which property the target owns, but in some jurisdictions can even include photographs of the front of the home and even copies of the floor plan. In addition, many commercial services will, for a fee, provide an extremely detailed public records dossier on a desired subject — often with little regard for how the information will be used.
There also are a number of Internet sites that offer maps and aerial photographs of specific locations. In videos released by the al Qaeda Organization for the Countries of the Arab Maghreb, the group has shown how it has used Google Earth to obtain aerial photographs to help it plan its attacks in Algeria.
An additional aspect of the Internet is that posters — wittingly or unwittingly — often meet hostile surveillants halfway, so to speak. For example, several environmental, animal rights, anti-globalization and anti-abortion groups have even gone so far as to publish lists of potential targets on their Web sites, frequently including personal data and sometimes also photographs. Real estate agencies also use the Internet to post detailed photographs, and even video tours, of homes on the market, which can provide additional information to surveillants. Buildings that lease office space also frequently post a great deal of online information. And, of course, many people are quite obliging to would-be surveillants and post a great deal of information about themselves — including numerous photographs — on blogs, personal home pages or networking Web sites like MySpace and Facebook.
Importantly, not only can surveillants use the Internet to collect an abundance of information on a person or location, they can do so quickly — and anonymously. Before the Internet era, hostile surveillants were forced to expose themselves at a far earlier stage in the attack cycle, if only to request information from a public agency or collect photographs to initially identify a person or location. Now, much of this information can be obtained without the need for surreptitious behavior or for providing false information — and from the comfort and safety of one's own home.
Of course, the Internet also can be used for protective reasons. Security managers, for instance, can conduct "cyberstalker" operations to determine how much information is available on the Internet regarding a person or building they are responsible for protecting. Though it is hard to get some information removed from the Internet once it is out there, it is important to realize that such information is available, and to identify where information vulnerabilities exist.
The Limits of Technology
One of the major problems associated with relying solely on information found on the Internet is the possibility of error. Because there is a great deal of erroneous information on the Internet, one cannot take every post at face value. Additionally, public data sources tend to have a considerable lag time (sometimes of several months) between an event and its posting on the Internet. For example, it is possible to pay a company to run a detailed public records profile on someone and then find that the person actually sold the property listed as the "confirmed" address on that profile two months earlier.
When information gathered from a source such as the Internet is not confirmed, it can lead to the failure of an entire operation. A militant group is unlikely to win much sympathy among its intended audience if it shoots the wrong person or leaves a timed incendiary device at the wrong residence (as the Animal Liberation Front did in June 2006.) Furthermore, terrorist attacks require a large amount of time and effort, and in some cases utilize a large proportion of the resources available to a militant group. Such attacks also carry with them the possibility of death or long imprisonment for the person conducting them. They are, therefore, too costly to be conducted without adequate planning — and sophisticated planning requires information that can only be collected by conducting physical surveillance.
When information gathered from a source such as the Internet is not confirmed, it can lead to the failure of an entire operation.
Biography data and photos, maps to help find the target's house, aerial photos of the target's property and even street-level views of a target's apartment building or home are very useful to operational planners. In fact, an operational commander can use these tools to help plan the surveillance and to quickly orient the surveillance and attack teams to the target and the area around it. However, even at their best, these sources of information provide a potential attacker with a static (and usually quite limited) view of a person or building. It simply cannot provide the richness of perception that comes from actually watching the building or person over time.
Additionally, the targeted person or building does not exist in a vacuum, and potential attackers must also have an understanding of the environment around the target if they are going to determine the best time, location and method for the attack, how best to take advantage of the element of surprise and how to escape afterward, if escape is called for in the plan. It is hard to place a target into context based solely on the information available on the Internet.
Internet information also cannot provide what is perhaps the most important element of operational planning: an understanding of human behavior. If the target is a person, the surveillance team is looking not just for static facts, but for patterns of behavior that will predictably place the target in an ideal attack site at a specific time. Internet research can reveal that the target owns two cars and works for a particular company, but it will not reveal which vehicle he drives to work or whether he has a driver, the time he leaves the house, the Starbucks he visits every morning on his way to work, or the odd little shortcut he takes every morning to avoid traffic.
If the target is a building, the surveillance team will be looking to define the security in place at the site and for gaps in the security both in terms of physical security equipment and in guard coverage that can be exploited. They will make diagrams of the building, including any bollards, cameras and access control measures. They also will monitor the guards to see how they operate, and note their level of training and alertness. Militant groups have been known to test the adequacy and response time of building security by attempting to park a vehicle illegally in front of a building or by entering the building without the proper identification. In the past, al Qaeda has even entered potential target buildings and collected detailed engineering data such as the measurements and locations of building support pillars, elevator equipment and air handling systems. This is simply not the type of information that can be obtained by looking at overhead photos or even at 3D street-level views of the targeted building on the Internet.
Though the Internet can provide surveillance teams with information that allows them to become quickly oriented to their target, and to condense some of the initial surveillance they would otherwise need to conduct, it has not been able to replace physical surveillance altogether. In fact, the same video in which al Qaeda's Maghreb node uses Google Earth to demonstrate how to plan attacks also shows operatives conducting physical surveillance of the attack sites. It also shows videos of attacks, meaning a surveillance team was on hand to record the event.
Although the Internet has become a valuable tool in the surveillance process, it has not come close to eliminating the need for eyes-on monitoring of a target. As such, countersurveillance remains a powerful and proactive tool in the counterterrorism toolbox.
Last week, Belgian authorities reported that a laptop used by one of the bombers in the March 22 Brussels attacks contained images of Belgian Prime Minister Charles Michel's home and office. The computer, found near the apartment where the bombs used in the Brussels attack were constructed, reportedly contained an audio memo made by Brussels Airport bomber Brahim El Bakraoui. The laptop had also been used to research a number of targets, including Michel, on the Internet.
In light of the discovery, we are republishing this 2007 analysis, which examines how terrorists use the Internet to select and surveil their targets. Despite the significant technological advances since this column first ran, the limitations on the use of the Internet for terrorist tradecraft remain the same.