Kidnapping Avoidance & Prevention

Kidnapping_Avoidance_Cover_for_Kindle (2)

Protective Concepts is pleased to announce the release of  the new book Kidnapping Avoidance & Prevention.  Originally planned for first or second quarter 2013 it got a bit delayed but is now available as a Kindle E-book.  A paperback version of the book is in production and should be available in January 2014.  Please see a brief description below:

A confused tourist gets into the wrong taxi and is expressed kidnapped. A businessman is lured to a bogus meeting and held for ransom. An expatriate consultant is kidnapped after being stopped at an impromptu roadblock. A journalist goes for an interview that turns horribly wrong. A bank manager’s family is held hostage to force him to access bank funds.Kidnapping is a pervasive crime that takes many forms around the world. Kidnapping Avoidance & Prevention will help you understand the different types of kidnappings, how they occur and how to identify ways you can better protect yourself, your family and your personnel.

In this book you will learn:

• About different types of kidnappings
• How kidnappers select their victims and the process and methods they use
• How to assess your vulnerability
• How to recognize potential ruses and traps
• How to limit information about yourself and your movements
• How to recognize surveillance and other pre-incident activity
• How to use OPSEC principles to protect yourself
• How to use force multipliers to mitigate risk
• Where to find additional resources

Kidnapping Avoidance & Prevention doesn’t discuss hostage survival or how to handle a kidnapping event; rather it concentrates on proactive measures that can be used to reduce the risk of becoming a victim of a kidnapping.

Some additional administrative notes:  The Kindle E-Book version sells for $4.99 USD.   The paperback version when it becomes available will sell for around $14.00 USD.  The original formatting was done for the paperback version so there may be some awkward sections in the E-Book version depending on the particular reader you are using.  Regardless any version should be completely readable.
Questions and comments are welcome and should be emailed to

Dangerous Business

Hole - Peter Shaw


If you do business in an international environment then chances are you deal with a wide range of people with different ideas about acceptable business practices, business ethics, conflict resolution and competition.  While some of these people may hold views very similar to yours many others may have a different perspective.   Generally speaking the further you go off the beaten path the more pronounced these differences may be.

Whether you are aware of it or not you may run afoul of one of these people.  Either by posing competition to their business, refusing to pay bribes or engage in corruption, by choosing or failing to choose a certain vendor or business partner.  In many places members of the police, military and security forces also have private sector business interest and can present a formidable threat if you find yourself in a business dispute with them.

Consider the story of Peter Shaw, a Welsh banker working for the European Commission in Tbilisi, Georgia.  Shaw was in Georgia providing consulting to the Georgian banking sector.  In June 2002, just days before he was supposed to complete his assignment and leave Georgia, Shaw was kidnapped off a Tbilisi street by heavily armed attackers in paramilitary uniforms.  He was then held captive for five months, four of them in a subterranean cell in the Pankisi Gorge under deplorable conditions, the details of which he recounts in his book Hole: Kidnapped in Georgia.  While it was never conclusively proven that his kidnapping was related to his work in banking there were strong indications that it was.  It’s possible that Shaw’s work to improve the Georgian banking sector put him at odds with powerful people who were using the financial system for their own enrichment.

While Shaw’s case is an extreme example, it’s important to be aware of potential pitfalls that may exist in the country or countries where you are conducting business.   How do you counteract this risk?  It’s difficult but due diligence on potential partners and associates and a thorough assessment of the business sector in that country is one initial step you can take.  Knowing who the key players are and what businesses they are in is a good beginning.  Another is a simple awareness of the threat and practicing good personal security measures and operational security.


Lessons Learned vs. Armchair Quarterbacking

One of the best ways to develop new countermeasures and enhance your personal or your organization’s security is by studying security incidents that have occurred to learn both from the mistakes of others and also from what they did well.  Rightly or wrongly there is often a tendency to focus on the mistakes and things that went wrong as these sometimes provide the most cogent lessons learned.  When doing this we need to do it dispassionately and we need to avoid the appearance of blaming the victim.  All hindsight is 20/20 and it is easy to look at all the details of an event after it has transpired and pontificate about what someone did wrong and why we would have done it differently.  It is much different when the event is unfolding and you are wrapped in uncertainty and trying to make decisions under pressure.  It is also different when you don’t have the ability to see a threat clearly due to other events or distractions that may be going on.

The horrific school shooting in Newtown, Connecticut brings this principle to the forefront.  While information and details are still coming in as of this writing it demonstrates the need to study these events to look for areas of improvement and consider how things can be done in the future to mitigate the risk.   This is not intended to be a discussion of the Sandy Hook massacre as this is being covered extensively in other venues and discussed by people much more knowledgeable about school security and active shooter situations than I am.   Those of us who are parents though are searching for information and perhaps answers and solutions to make our children safer.   Interestingly it appears from current information that the Sandy Hook Elementary School did a whole lot right in terms of their security program and perhaps exceeded what is in place at many schools.  Still we need to do a close examination to see what might be implemented to reduce the risk at other schools in the future.

One of the most valuable things we can do is to look at case studies concerning criminal and terrorist incidents and look at why the victim was vulnerable and what they might have done to reduce or even eliminate that vulnerability.  If we are looking at confrontational crimes targeting individuals we might look at a robbery incident where the victims was distracted and fumbling with her car keys when she was approached and victimized.   Looking at a kidnapping we may find the victim habitually departed for work each day at the same time and used the same route.  We should also look at our own experiences where we had near misses or close calls and look at areas where we could have done something differently.  In these cases we need to be frank with ourselves if we were lazy, complacent, overconfident, disregarded our own intuition, or whatever.

What separates armchair or Monday morning quarterbacking from thoughtful lessons learned?  As much as anything it’s the spirit in which it’s done and the mindset.  Armchair quarterbacking is pontificating, sometimes accusatory and not done with a constructive goal in mind.  Analyzing lessons learned on the other hand is thoughtful, constructive and done with the intent of not repeating past mistakes or missteps – others or our own – but rather learning from them to develop new procedures tactics and approaches that will reduce the risk and make us more effective.




Loose Lips — Recognizing and Avoiding Elicitation

In discussing social engineering and threats to your personal security we mentioned elicitation.  Elicitation is a technique that is used by an adversary to get a person to unintentionally divulge more information about a particular subject than they normally would.  Its used to gather confidential or proprietary information and in the realm of personal security it can be used by an adversary to gather information for use in targeting you or to build rapport with you or someone close to you.

While we are not going to attempt to teach elicitation or counter-elicitation here we are going top briefly outline some of the common techniques that are used so that you can recognize them being used against you.  Remember these can be employed in person, over the phone or through electronic communication of various types such as email, online chat, etc.

This is by no means an exhaustive list but these are some of the key elicitation techniques you may encounter:

Flattery: The adversary will complement you on personal and or professional aspects of your life to build rapport and increase your likelihood to talk openly.  This may include requests for advice based on your “expertise”, etc.

False Statements:  The adversary may make statements he or she knows are incorrect in order to prompt you to correct them by providing the correct information.

Provocative Statements: Similar to the false statement the adversary may make a statement that he or she knows will initiate an emotional response on your part an a desire to either strongly agree or disagree with them.

Disbelief:  The adversary will feign disbelief at a statement you make to prompt you to elaborate more fully.

Naivete: Similar to disbelief the adversary will feign ignorance to get you to “educate” him or her.

Quid pro Quo: The adversary may volunteer some innocuous or more likely false information about themselves so that by social convention you feel compelled to reveal something to them.

These are just some techniques that may be used to get information about your schedule, your security profile, your business dealings, you personal wealth, your employer and so on.  By recognizing  when you might be encountering them you can make a conscious decision to reduce the amount of information you provide or break off the conversation.

While some of these are relatively sophisticated methods they have been and may be employed by foreign intelligence agencies and internal security units, organized crime groups, terrorists and others.  Keep in mind as well that they may be aimed not only at you directly but also at your employees, associates, domestic staff, etc.  Its important to train these people — even if its just at a very rudimentary level — to be cautious about people asking questions or try to get them to divulge information about you or your activities.

Personal Risk Assessment

Considering that personal and travel security rely heavily on context its important to consider how the threat relates to you
whether at home or abroad.  Understanding this contextual relationship let’s you realistically determine how much effort, energy and possibly money you should invest in your security.

The best way to do this is to conduct a personal risk assessment.  This can be done yourself or you can hire a consultant to do
it for you and it can be as detailed as you want to make it.  If you do it yourself its important to be as brutally honest with yourself as you can for the assessment to be accurate and have value.  This assessment can be done from a lifestyle perspective for an at-risk person or a person living in a high-risk area or it can be done for a particular event like an overseas business trip.  It can also be done using qualitative or quantitative methods or a combination of the two.  Most people will be more likely to use qualitative

The standard formula for a risk assessment is that Risk = Threat x Vulnerability.  For our purposes this means you need to begin by identifying a threat or threats that exist and then look at vulnerabilities in their schedule, routine or lifestyle where their exposure to this threat is increased.

As an example a businessman traveling to a two-day meeting in Johannesburg might identify threats such as carjacking and armed robbery.  In particular he may look at the practice of criminals following people from the airport and robbing them en route or at their destination.  He might also consider the high level of gratuitous violence often involved in these crimes.
On a review of his itinerary he notes that the meetings will all be held at a 5-star hotel adjacent to the airport terminal and that he will be staying at the same hotel.  In this case the threat level is high but his vulnerability is low so the risk is relatively low.

Another aspect to consider is the probability vs. criticality or impact.  Some events are more likely but the consequences are not too severe.  Others are less likely but the consequences may be devastating.  Two examples to look at:

A photographer is going on an assignment in Barcelona that will involve a lot of work in public venues.  The threat of ickpocketing and petty crime may be high but the criticality of these types of incidents is relatively low — unless of course his cameras are

Taksim Square – Istanbul. This is a frequent location for protests and occasionally civil unrest.

stolen and he can’t complete the job.

On the other hand an engineer has a 2-week assignment in Islamabad, Pakistan.  He will be staying at a western brand hotel that has been previously attacked with a massive vehicle bomb.  Hotels of this type are targeted for spectacular attacks by militant groups. In this case the relative probability that the hotel will be attacked while he is there is relatively low.  However based on past incidents if the hotel is attacked the impact is likely to be severe.

Using this information you can determine the level of risk you face – either daily or for a specific activity or event as well as the likelihood and potential impact of an event occurring.  Using this information you can determine what countermeasures if any you should implement to mitigate the risk.

Using Threat Information in the Context of Business Operations


When evaluating threat information, especially information received from subscription security intelligence services which are produced for a broad audience, it is essential to view them in the context of your company’s operations.  Many, if not most providers, use a color and/or numerical rating to designate the risk level of a particular city or country.  Different firms use different methods to determine their risk ratings.  Regardless of the method used it is important to realize that while these risk ratings have their uses, especially as a starting point when evaluating risk, they can be very misleading depending on the nature of your organization’s operations.  There are simply too many variables to use this as a cut and dried definitive resource.  Not only do different neighborhoods and areas of a city or country frequently present greatly different levels of risk, so do different types of activities.  An executive flying into the capital city of a developing country for a meeting, being picked-up at the airport by a company representative and staying at a five star hotel for two days for a meeting typically faces a very different risk level than an engineer traveling to the interior of the country for two weeks to review a new hydroelectric dam project.


The same is true of the travel advisories posted by the US Department of State, UK Foreign & Commonwealth Office, Australian Department of Foreign Affairs and Trade, etc.  It is useful to be aware of these as part of the framework of your risk assessment but these are directed at far too general an audience to be useful in and of themselves in the decision-making process.  It is also worth mentioning that these do warrant attention because the company’s employees have access to them and may have questions and concerns that need to be addressed by the company’s security department.  As an example, the US State Department has a Travel Warning posted for thePhilippines.  The warning correctly states that terrorist groups such as Abu Sayyaf and Jemmah Islamiya are active in planning and carrying out attacks and warns against all but essential travel throughout the country.  Under most circumstances a business traveler could visit much of thePhilippines– particularly popular destinations likeManilaorCebuCity- and providing that they use care in selecting hotels and transportation options and practice basic personal security measures do it relatively safely.  What is not mentioned in the Travel Warning is the high level of crime in many areas and the innumerable scams that exist to separate the traveler from his or her money, although these are mentioned in the State Department’s Consular Information Sheet for thePhilippines.  Given the wide audience that these government bulletins address there is sometimes an “err on the side of caution” approach that may not realistically match your organization’s operations.


Regardless of the source, all security intelligence should be viewed through the prism of how it relates to your organization, its operations and its employees.  To be effective, security measures should be tied to the threat situation in the locations where you have operations and travelers.  It is very likely there will be some generic aspects that may apply across the board such as basic access control measures or policies relating to displaying ID on company premises, etc.  Whether or not to utilize close protection teams or simply trusted transportation, as an example, should be based on the threat information received from security intelligence resources and perhaps in some cases augmented or validated by an on-the-ground assessment.  Building effective and applicable security measures for facilities and for employee protection, developing policies governing employee travel and planning contingencies for likely events all require an in depth knowledge of the threat situation.  This knowledge cannot be gained by solely from mass media like CNN or the New York Times because these media outlets tailor their coverage to aUSand/or European mainstream audience and do not cover all corners of the world or provide coverage and insight in all regions where an organization may have interests or travelers.  How much coverage did we see on television or in the major newspapers devoted to civil unrest in Bangladesh throughout much of 2006 and early 2007?  It is also problematic to get all information from one retained provider – even if that provider is capable and competent.  A more effective approach is to engage several providers with strengths in different areas, participate in private-public partnership organizations, solicit information and opinion from sources on the ground and after gathering all this information view it in the context of your organization’s operations and business activities to develop the most accurate picture of how events effect you and your people and what steps need to be taken to provide a reasonable level of protection to your organization’s employees and assets.




Tactical vs. Strategic Intelligence

Intelligence needs related to security will largely be determined by the type of operation a company has in a particular location, the size of the footprint, number of personnel, amount of infrastructure and assets, etc.  As an example, a company involved in oil, gas or mining operations with extensive and costly infrastructure will typically need to take a longer view of the situation in a given country than a wholesaler that sends buyers to the country for short periods of time.


Therefore it is critical that the company’s security management understand the difference between tactical and strategic intelligence, how this applies to business operations and how to best gather each type.  Strategic intelligence covers the Macro and generally more long range view of events in a particular location.  What affect will upcoming elections have on the business environment?  Is a coup d’etat imminent and will that require an evacuation of company employees?  Tactical intelligence is more micro in its scope.  What routes are safest to use between the company’s residential compound and the office or between the hotel and the airport?  What intersections are likely to be affected by an upcoming political protest?  What neighborhoods have the highest levels of street crime?


Clearly both strategic and tactical intelligence are important when assessing risk.  Generally, the more nimble an organization is and the smaller its footprint is the less reliant it is on strategic intelligence.  On the other hand, a company with more physical assets and infrastructure that is less able to disengage itself quickly without risking the loss of its assets must be more mindful of long-term events in the country that could affect its business and employees.  Any organization with employees in a particular country or traveling to a particular country needs to be attentive to tactical intelligence on that location.  Unfortunately of the two, tactical intelligence is often more difficult to get in an accurate and timely manner.


One area that is perhaps best described as a subset of tactical intelligence is the understanding of tactics, techniques and procedures (TTPs) used by criminals and terrorists in the locations where your company does business.  This is also sometimes referred to as modus operandi and is often highly specific to the location you are operating in.  Two examples are the methodologies used by express kidnappers inCaracas,Venezuelaand carjackers inNairobi,Kenya.  During the summer of 2005, OSAC released a report describing a number of incidents where travelers were met at Maquetia airport inCaracasand directed to taxis or private car services where they were subsequently express kidnapped and robbed.  The report detailed several specific incidents, mentioned ruses that were used, etc.  A previous report on express kidnappings at Maquetia airport also included a physical description of one team involved in the incidents.  Similarly, when looking at carjacking techniques in use in Nairobi, Kenya it would be important to look at trends from past incidents in terms of frequent locations of occurrence, size of carjacking teams, presence of weapons, use of violence, use of blocking vehicles or ruses to halt target vehicles, etc.

Another good example of a tactic is the popular use of incapacitating drugs in certain countries to facilitate other crimes such as robbery, kidnapping and sexual assault (this will be discussed in greater depth in a future post).  In the Philippines, the drug Ativan is frequently introduced by criminals into a victim’s food or drink to incapacitate them.  In Colombia, the drug Scopolamine, locally referred to as Burundanga is used in a similar way.


This type of detailed information on the methods used by different threat groups in various locales provides the company’s security management with important information to use when implementing effective countermeasures and is also valuable in educating travelers and expatriates about the nature of the threat in a particular place.