Guile & Deception as Kidnapping Tools

Lome, Togo

Lome, Togo

 

Most people when they think of a kidnapping think of a violent, dramatic event. The victim is ambushed, dragged from his car, threatened with weapons and restrained before being moved to a location where he is isolated. Many kidnappings do follow this model or something very similar. Speed, violence, “shock and awe” are effective tools for the kidnappers – allowing them to gain control of the victim quickly and effectively, dramatically reducing the likelihood of resistance of escape.
There are however kidnappings that don’t follow this model. Circumstances where victims are lured into their captivity induced to put themselves in a vulnerable position and sometimes even controlled through duplicity as much as physical restraint. It’s important to understand and recognize this methodology to be able to protect yourself against it.
A number of these events evolve out of sophisticated scams. The victim is lured to a specified location with the promise of a lucrative business opportunity and then abducted. Many but certainly not all of these incidents have occurred have occurred in West and Central Africa. In March 2014 KR Magazine (www.krmagazine.com) outlined the case of an Australian businessman who was lured to Togo in West Africa, in December 2012 by an opportunity to purchase gold bars. He entered Togo by land from neighboring Ghana, did not get an entry stamp in his passport and was told by his “hosts” that he faced immigration and money laundering charges. He was then held captive “for his own protection” and forced to call his business partner and estranged wife for ransom payments. This incident was also controversial in the sense that after the victim purportedly escaped or was allowed to escape there were allegations that the entire incident was a fraud. Regardless – the case provides numerous examples of a modus operandi that has apparently become increasingly common. There was also a notable case in May 2012 off a US commercial airline pilot who was also lured to Lome, Togo by an opportunity to buy gold bars. The pilot was subsequently held captive in a village in neighboring Benin until a ransom was paid. Similar cases have been reported in Uganda, South Africa and numerous other countries.
The Colombian Facebook Gang – which we have previously discussed (https://protectiveconcepts.wordpress.com/2012/08/03/social-networks-and-the-threat-to-personal-security/) used social media to identify and target wealthy men. Using fake profiles depicting beautiful women the kidnappers enticed the men to “meet in person”. The victims were then abducted when they arrived for the meeting.
Even the well-publicized and tragic case of journalist Daniel Pearl in Pakistan contains elements of the use of deception to lure the victim into captivity. Pearl went to what he believed was an interview with a Pakistani militant – Sheikh Gilani in Karachi. After being taken willingly to the safe house where the interview was to occur, Pearl surrendered all his personal items and allowed himself to be restrained “for security reasons”.
Kidnapping through the use of deception and guile, rather than a gun offers a lot of advantages to the criminal:
• They can get the victim to do the work for them by getting them to isolate themselves and in some cases willingly put themselves into captivity.
• It gives them deniability. If it goes bad and they are caught they can argue it was all a misunderstanding on the part of the victim. If no violence was used and the victim was not physically restrained they may very well prevail with this argument.
• It reduces the physical risk to they face. The victim is unlikely to fight back or physically resist and they are less likely to draw the attention of law enforcement.
• It creates an opaque environment they can manipulate to their advantage. Is the victim free to go? Does the victim know that?

 

Common Elements and Mitigation:
There are some common elements that occur in cases where guile and deception are used and ways to mitigate your risk:

• Many of these situations have the hallmarks of a scam. If it seems to go to be true then it probably is. That said it is worth noting that many of the perpetrators of these crimes can be very sophisticated and can work on developing the mark or victim over time – this is true for both kidnappings and straight out scams. It’s important to do your due diligence in these situations and know who you are dealing with as well as watching for some of the other indicators below.
• Many have an illegal or at least unethical component where the victim knows he or she is getting involved in something that is not legitimate. This allows the perpetrators to require a level of secrecy that would not be typical in most business dealings. It also provides the kidnapper with the leverage of reporting the victim to the authorities. You can mitigate this by not engaging in business deals or other activities that are questionable.
• Be wary of unsolicited approaches from people you don’t know or unsolicited calls or emails requesting a meeting or offering a prospective business opportunity.
• There may be a requirement to go to an isolated location or to accompany the perpetrators to an unknown location. Additionally there may be a change in plans or meeting places at the last minute that isolates the victim. To avoid this it’s important to insist on holding meetings in public locations – preferably that you are either familiar with or have time to assess in advance. You should not agree to last minute changes in meeting venues and if pressed its best to cancel the meeting. Criminals will try to create a sense of urgency to get you to go along with their plan.
• The perpetrators may say certain measures are “for your own protection” or are “security measures” to control you. Do not allow yourself to be willingly confined or restrained under these circumstances.
• There may be an attempt to isolate you and make you dependent. This may include surrendering your passport, mobile phone, etc. We strongly advise travelers – particularly in the developing world – to create multiple layers of contacts or parallel contacts. Do not allow one person or one group of people to control your agenda and activities. Have alternate means of transport, communication, etc. to eliminate this dependency. Also have check in procedures and let others know where you are going and who you will be meeting. We have discussed this in our article on dealing with local contacts (https://protectiveconcepts.wordpress.com/?s=dealing+with+local+contacts ) and in the book Safe Travel Abroad (http://www.amazon.com/Safe-Travel-Abroad-Individual-Expatriates/dp/1484871987/ref=tmm_pap_title_0?ie=UTF8&qid=1402518982&sr=8-1).
Being aware of this type of crime is the best way to reduce your risk of being a victim. Recognizing the criminal modus operandi and identifying the signs will allow you to avoid these situations in most cases.

Advertisements

Safe Travel Abroad is now available in Paperback

SafeTravelAbroadBookCoverPreview

We are pleased to announce that Safe Travel Abroad – previously available as a Kindle E-book is now also available in a paperback version.  You can find it on amazon.com or by clicking here: http://www.amazon.com/Safe-Travel-Abroad-Individual-Expatriates/dp/1484871987/ref=tmm_pap_title_0?ie=UTF8&qid=1370690870&sr=1-1.

The cover has a slightly different look but the content is the same.  The decision to come out with a hard copy version was based on several requests to use it as a training text, an on-the-shelf reference and by several people who just prefer a paper book or who don’t use e-readers.

The paperback version has a list price of $14.00 but is currently selling for $12.56 on Amazon.  In comparison the Kindle version is only $2.99 and is available for free loan to Amazon Prime members.

Below is a brief description:

Do you travel or live abroad? Do you know how to protect yourself from criminal and terrorist threats? How do you decide which hotel to use? What are the risks of taking taxis in some cities? What do you need to know about dealing with the police and your local contacts in foreign countries? How can seemingly innocent items you pack in your suitcase get you into trouble with local authorities? Safe Travel Abroad goes beyond what is usually found in travel security books and government issued travel information and includes new information on protecting yourself overseas. Learn about assessing the risks associated with your travel, applying surveillance detection techniques and route selection. Learn how to choose hotels and residences overseas. Discover the common myths and pitfalls associated with travel security and learn how to avoid them. Understand ways to reduce your risk through proper planning and preparation. Integrated Protective Concepts applies over 20 years of experience working and traveling in more than 50 countries on 5 continents to bring you usable information that you can apply immediately to protect yourself overseas.

When 419 Fraud Gets Dangerous

Advanced fee fraud – commonly known as 419 fraud has been going on for years.  Most commonly manifested in the emails – and in the past faxes and letters – that the potential victims receive offering them an opportunity to get a large sum of money to facilitate the transfer of funds or provide some other assistance.  The facilitation always requires the victim to provide some money up front – with the expectation of a big payday at the end.  It’s worth mentioning that while the overwhelming majority of these 419 scams play on the victim’s greed there are at least two other types that are becoming very common now – one which takes advantage of the victim’s desire for romance and one that plays on the victim’s good intention to help a friend or acquaintance in need.  In the first case the victim will be approached online by someone purporting to desire a romantic relationship.  This will be accompanied by the requisite photos of an attractive person.  Once contact is established and maintained for a set period of time there will be a request for money – either to make a visit to the victim, for a sick relative or some other urgent situation.  The second type involves receiving an email from a friend or acquaintance that is traveling overseas and has been robbed or has had some other misfortune and needs money.  In some sophisticated cases they me even hijack or spoof the friend/acquaintance’s real email address to add credibility.

While most people consider themselves too smart to fall for such transparent scams, the fact is many do or the fraud would have died out long ago.  Additionally, there are new strains that are more sophisticated where there may be in-person approaches to potential victims who travel or work abroad and in many cases these fraudsters are backstopped with elaborate props such as fake offices, seemingly official documents and other things that give them credibility.  This has been particularly prevalent in gold fraud scams occurring in Ghana.  They are also imbued with patience and increasingly the fraudsters are willing to take their time and develop a relationship over many months, sometimes even a year or more before bilking their victim.

While advanced fee fraud can be all over the work it is perhaps most common in West Africa, specifically Nigeria.  In fact the term “419” comes from the code for fraud in the Nigerian Penal Code.

So when does 419 fraud go from beyond just being a white collar financial fraud and become dangerous?  Generally it’s when the victim gets into a situation where they come into personal contact with the fraudsters.  In some cases the victim may be invited to visit the country where the fraudsters are located and subsequently kidnapped and held for ransom.  This has happened on several occasions in South Africa in particular.  While some of the victims have been released after payment of a ransom some like Greek businessman George Makronalli aren’t so lucky and are murdered.  In May 2012 a US citizen was kidnapped for ransom in the West African nation of Benin.  He reportedly traveled to Benin to meet contacts regarding a “business deal”.  He was later released unharmed in neighboring Ghana.

The important thing to take away from this is that you should be very skeptical and careful about any unsolicited approaches or offers of business deals even those that may have the trappings of legitimacy.  Also – understand that any person-to-person contact or visits you may be invited to make to conduct meetings can move into the realm of physical danger and that what was before a financial fraud can become a kidnapping or extortion with violent consequences.

 

 

Unsolicited Approaches

Consider possible ulterior motives when approached by a stranger

In keeping with the themes of social engineering and elicitation its a good point to discuss the need to be wary of unsolicited approaches.  We also need to be mindful that these approaches are not necessarily made in person although they can be. In today’s technological world they are frequently also made via email or through social media.

These types of unsolicited approaches are made by criminals and other dangerous people for a variety of reasons.  Their objective is often fraud or theft of proprietary or classified information or other sensitive data.  Sometimes – as we saw in the case of the Colombian Facebook kidnapping gang it can be to facilitate more violent crimes such as kidnapping, armed robbery or rape.  Anytime people you don’t know seek you out – whether in person or online – you should look at the situation with a critical eye and question their motivation.

I once attended a counterintelligence presentation that addressed this issue.  The instructor – a short, overweight middle-aged man with a beard and glasses wearing suspenders and a bowtie – stepped to the podium.  He began by saying how when he was at home in the US he couldn’t get an attractive women to give him the time or to even spit on his shoes.  But when he goes overseas its another story.  He turns into Brad Pitt and beautiful women at the bar flock around him.  He gets phone calls from women and has them knocking on his hotel room door at all hours of the night.

The point is well made.  If these types of things don’t happen to you regularly at home why are they suddenly happening when you arrive in country X?  His presentation was focused on counterintelligence but the motivation may be different and probably related to separating you from your money in some way.  The broader concept is that you should be cautious of someone’s potential ulterior motives if you are approached unexpectedly.

Sometimes these are “cold approaches” that come largely out of the blue and some are “warm approaches” where the person may have gathered some basic information on you (often through social media or other Internet resources) and has – or purports to have – something either professional or personal in common with you.  This is one of the risks of posting too much on social media sites, especially concerning hobbies, interests and other things that can be used as a vehicle to get in contact with you, establish rapport and so forth.

These warm approaches can take places over time and may be very effective in getting you to gradually lower you guard.  It appears that was the case in the Colombia Facebook case.  The kidnap gang was apparently successful in convincing their wealthy male victims via Facebook that they were attractive women and by cultivating an online discussion and ultimately enticing them to come to a physical meeting where they were subsequently drugged and kidnapped.

There can also be “cold approaches” where you are approached by a stranger who initiates conversation without any prior connection of any sort.

Be wary – but not paranoid – if you are approached by a stranger.  Always look at the situation with a critical mind and ask yourself what ulterior motives or hidden agendas might exist.  You do not need to be rude but be cautious, especially if the situation seems unusual or outside your usual frame of reference.

Loose Lips — Recognizing and Avoiding Elicitation

In discussing social engineering and threats to your personal security we mentioned elicitation.  Elicitation is a technique that is used by an adversary to get a person to unintentionally divulge more information about a particular subject than they normally would.  Its used to gather confidential or proprietary information and in the realm of personal security it can be used by an adversary to gather information for use in targeting you or to build rapport with you or someone close to you.

While we are not going to attempt to teach elicitation or counter-elicitation here we are going top briefly outline some of the common techniques that are used so that you can recognize them being used against you.  Remember these can be employed in person, over the phone or through electronic communication of various types such as email, online chat, etc.

This is by no means an exhaustive list but these are some of the key elicitation techniques you may encounter:

Flattery: The adversary will complement you on personal and or professional aspects of your life to build rapport and increase your likelihood to talk openly.  This may include requests for advice based on your “expertise”, etc.

False Statements:  The adversary may make statements he or she knows are incorrect in order to prompt you to correct them by providing the correct information.

Provocative Statements: Similar to the false statement the adversary may make a statement that he or she knows will initiate an emotional response on your part an a desire to either strongly agree or disagree with them.

Disbelief:  The adversary will feign disbelief at a statement you make to prompt you to elaborate more fully.

Naivete: Similar to disbelief the adversary will feign ignorance to get you to “educate” him or her.

Quid pro Quo: The adversary may volunteer some innocuous or more likely false information about themselves so that by social convention you feel compelled to reveal something to them.

These are just some techniques that may be used to get information about your schedule, your security profile, your business dealings, you personal wealth, your employer and so on.  By recognizing  when you might be encountering them you can make a conscious decision to reduce the amount of information you provide or break off the conversation.

While some of these are relatively sophisticated methods they have been and may be employed by foreign intelligence agencies and internal security units, organized crime groups, terrorists and others.  Keep in mind as well that they may be aimed not only at you directly but also at your employees, associates, domestic staff, etc.  Its important to train these people — even if its just at a very rudimentary level — to be cautious about people asking questions or try to get them to divulge information about you or your activities.

Social Engineering: Implications for Your Security

Social engineering – the calculated manipulation and exploitation of people has historically been associated with cyber security issues.  Computer hackers found they could best get access to secure networks by targeting the weakest link – the human factor.

The same techniques used to get an employee to give up their password or provide other information to facilitate entry into a network can be used to gather information to compromise a person’s personal security as well.

Social engineering can use any one of a combination of several vectors to approach the target – telephone, email and in person being the three primary ones.

The example of the Colombian kidnapping gang that use Facebook to target their victims that we discussed in the last post is applicable here.  While there is limited information currently available on that incident it appears the the victims were cultivated over a period of weeks or months via the use of social engineering techniques on Facebook. The information available on Facebook gave the kidnap gang a foundation with which to build their approach.  Knowing something about their victim – his lifestyle, interests and hobbies would help them develop an online relationship and build rapport that would put him at ease.

Understanding and recognizing the techniques employed in social engineering is the best defense against them.  Here are some of the primary ones you may encounter:

Elicitation: Elicitation is a method of extracting information from an unwitting person by framing questions and statements in such a way that the person gives more information than they normally would or would intend to.

Pretexting:  The social engineer presents himself as someone other than who he really is in order to get information or drive a certain course of action.  In some cases this may mean the social engineer portrays himself as an authority figure.  In the case of the Facebook Kidnap Gang the kidnappers presented themselves as beautiful, available young women.  The anonymity of the Internet facilitates this immensely.

Influence and Persuasion Techniques:  By artfully exploiting human desires to be liked, reciprocity and obligation and the introduction of fear social engineers can compel people to reveal sensitive information or perform a certain action on their behalf.

This is a broad overview of social engineering – in particular how it relates to personal security.  Using clever techniques criminals can not only commit fraud and information theft, they can also facilitate violent crimes like kidnapping.  These tactics may be directed at the victim himself/ herself or at unwitting third parties like coworkers and domestic staff.  The first step to countering these techniques is being able to recognize them.