Techniques are what an adversary does to prevent you from achieving your goals.
- Matrix
- List
- Alarm systems
- Biased interpretation of evidence
- Covert house visit
- Covert surveillance devices
- Detection dogs
- Door knocks
- Doxing
- Evidence fabrication
- Forensics
- Guards
- House raid
- ID checks
- Increased police presence
- Infiltrators
- Informants
- International cooperation
- Interrogation techniques
- Mass surveillance
- Network mapping
- Open-source intelligence
- Parallel construction
- Physical surveillance
- Physical violence
- Police patrols
- Service provider collaboration
- Targeted digital surveillance
Matrix
List
Name | Description | |
---|---|---|
Alarm systems | Alarm systems are mechanisms that protect physical or digital infrastructure by sending an alert signal when unauthorized access to the infrastructure is detected. The alert signal can lead to the rapid intervention of security guards or law enforcement in order to investigate the situation. | |
Biased interpretation of evidence | Biased interpretation of evidence is the practice of interpreting evidence in favor of a particular point of view. | |
Covert house visit | A covert house visit is a discreet visit of a residence conducted by an adversary when the occupants are not present. | |
Covert surveillance devices | Covert surveillance devices are electronic devices hidden by an adversary to collect data: audio, video, and location data. | |
Audio | Covert audio surveillance devices are electronic devices, typically microphones, hidden by an adversary to collect audio data. | |
Location | Covert location surveillance devices are electronic devices hidden by an adversary to collect location data. | |
Video | Covert video surveillance devices are electronic devices, typically cameras, hidden by an adversary to collect video data. | |
Detection dogs | Detection dogs are dogs that have been trained by an adversary to detect certain substances, primarily through their sense of smell. | |
Door knocks | Door knocks are when an adversary comes knocking where you live to intimidate you or get information. Door knocks aim to intimidate or create paranoia, to see who is willing to talk and possibly be recruited as an informant, and to gather information from the people who do talk. | |
Doxing | Doxing is the practice of publishing a target's personal information without their consent in order to harm them or encourage others to harm them. It is most often used by non-State adversaries. | |
Evidence fabrication | Evidence fabrication is the creation of fake evidence, or the falsification of real evidence, to incriminate a target. | |
Forensics | Forensics is the application of science to investigations for the collection, preservation, and analysis of evidence. It has a broad focus: DNA analysis, fingerprint analysis, bloodstain pattern analysis, firearms examination and ballistics, toolmark analysis, serology, toxicology, hair and fiber analysis, footwear and tire tread analysis, drug chemistry, paint and glass analysis, linguistics, digital audio, video, and photographic analysis, etc. | |
Arson | Arson forensics (also known as fire investigation) is the application of science to the investigation of arson. Arson forensics has two distinct phases: fire scene investigation, which focuses on evidence at the scene of the fire, and fire debris analysis, which focuses on evidence removed from the scene and analyzed in a laboratory. | |
Ballistics | Ballistic forensics (also known as firearm examination) is the application of science to the investigation of firearms and bullets. When a bullet is fired from a gun, the gun leaves microscopic marks on the bullet and cartridge case. These marks are like ballistic fingerprints. | |
Digital | Digital forensics is the retrieval, storage, and analysis of electronic data that can be useful in investigations. This includes information from computers, phones, hard drives, and other data storage devices. | |
DNA | DNA forensics (also known as DNA analysis) is the collection, storage, and analysis of DNA traces for the purpose of matching DNA traces to individuals. | |
Facial recognition | Facial recognition is the analysis of the features of human faces for the purpose of matching one face to another. | |
Fingerprints | Fingerprint forensics is the collection, storage and analysis of the impressions left by the ridges of human fingers. | |
Gait recognition | Gait recognition is the analysis of the walking style and pace of individuals, for the purpose of matching one walking style and pace to another. | |
Handwriting analysis | Handwriting analysis is the analysis of handwriting samples, typically for the purpose of matching one sample to another. | |
Linguistics | Forensic linguistics is the application of linguistic knowledge to identify the author of a text or the person behind a voice. Author identification (also called stylometry) is based on the analysis of certain patterns of language use: vocabulary, collocations, spelling, grammar, etc. Voice identification is based on speech sounds (phonetics) and the acoustic qualities of the voice. | |
Trace evidence | Trace evidence is the tiny fragments of physical evidence that can be transferred between objects, or between objects and the environment. This transfer can occur when two objects touch, or when small particles are dispersed by an action or movement. Trace evidence can be analyzed to establish links between people, objects, and places. | |
Guards | Guards (also known as security guards) are people employed by an adversary to protect buildings or other physical infrastructure. | |
House raid | A house raid is a surprise visit of a residence conducted by an adversary to seize items, arrest occupants of the residence, or install cover surveillance devices. | |
ID checks | An ID check (short for identity check) is the process by which the State verifies a person's identity by asking them for their personal information, requiring them to produce a government-issued ID document, or taking their biometric information (face photograph, fingerprints, DNA) and comparing it against a database. An ID check can be a pretext for questioning and pressuring, and can be followed by a search of the person's belongings. | |
Increased police presence | Increased police presence is the process by which the police increase their presence in a particular place and time for two reasons: to intimidate, and to improve their options for intervention and their responsiveness. | |
Infiltrators | An infiltrator is someone who infiltrates a group or network by posing as someone they are not in order to gain information or destabilize the group or network. They may come from police, intelligence or military forces, from a private company or contractor, or they may act for ideological reasons or under duress (e.g., they are told they will be imprisoned if they don't work as an infiltrator). | |
Informants | An informant (or snitch) is someone from inside a group or network recruited by an adversary to provide information on the group or network. | |
International cooperation | International cooperation is the exchange of information between law enforcement and intelligence agencies of different countries. | |
Interrogation techniques | Interrogation techniques are the methods used by an adversary to obtain information from people during interrogations. | |
Mass surveillance | Mass surveillance is the large-scale surveillance of an entire or substantial portion of a population. It is the surveillance baseline of our society. | |
Civilian snitches | Civilian snitches are people who are not part of an adversary's security force, but who would inform the adversary if they saw something suspicious. | |
Mass digital surveillance | Mass digital surveillance is the large-scale collection, storage, and analysis of the digital communications of an entire or substantial portion of a population. | |
Police files | Police files are physical or digital records maintained by law enforcement agencies. Police files contain vast amounts of data about many things, are kept indefinitely or for long periods of time, and can be efficiently analyzed and cross-referenced using digital tools. | |
Video surveillance | Mass video surveillance (also known as close-circuit television, or CCTV) is the large-scale collection, storage and analysis of video and audio data from video surveillance cameras. Mass video surveillance aims to capture the identity of people who pass through a space and to extend its coverage to as much space as possible. Some countries now have more surveillance cameras than citizens. | |
Network mapping | Network mapping is the process by which an adversary gains insight into the organization and social relationships of a given network. By gaining this insight, an adversary can select individuals for additional scrutiny, arrest, or recruitment as informants. | |
Open-source intelligence | Open-source intelligence (OSINT) is the collection and analysis of data from open sources (social medias, news media, blogs, forums, public records…). | |
Parallel construction | Parallel construction is the unlawful law enforcement process of building a parallel, or separate, evidentiary basis for an investigation in order to conceal how an investigation was actually conducted. | |
Physical surveillance | Physical surveillance is the direct observation of people or activities for the purpose of gathering information. A physical surveillance operation is typically conducted by one or more surveillance teams, which consist of specially trained personnel called surveillance operators. | |
Aerial | Aerial physical surveillance is the direct observation of people or activities from the air for the purpose of gathering information. In many countries, helicopters have traditionally been the predominant tool for this purpose. As drones become less expensive, their use is becoming more common. Surveillance planes are also occasionally used and are much more covert than helicopters. | |
Covert | Covert physical surveillance is the direct observation of people or activities when the surveillance operators do not want to be detected by their targets. | |
Overt | Overt physical surveillance is the direct observation of people or activities when the surveillance operators intend to be, or do not mind being, detected by their targets. This is common practice at demonstrations and gatherings to identify participants, whether to facilitate network mapping or to incriminate individuals for actions carried out during the demonstration. | |
Physical violence | Physical violence is the use of physical force by an adversary to intimidate a target or its network, incapacitate a target, or coerce a target into revealing information. | |
Police patrols | Police patrols are the law enforcement practice of traversing a particular area to monitor and secure it. Police may conduct patrols either as a routine operation or in response to a perceived threat in an area. | |
Service provider collaboration | Service provider collaboration is the process by which an entity that has information about you because it provides a service to you provides that information to an adversary. Service provider collaboration can provide both current and historical information. | |
Mobile network operators | Mobile network operators can provide information about you to an adversary. | |
Other | Service providers other than mobile network operators can provide information about you to an adversary. | |
Targeted digital surveillance | Targeted digital surveillance is the targeted collection and analysis of digital data and communications. | |
Authentication bypass | Authentication bypass is the process by which an adversary bypasses the Full Disk Encryption that protects access to a digital device. An adversary can achieve authentication bypass through human error, weak passwords, or technical exploits. | |
IMSI-catcher | An IMSI-catcher (also known as a Stingray) is a device used to collect information about all mobile phones that are turned on in a limited area (from a few meters to several hundred meters) around it. A passive IMSI-catcher simply listens to the traffic, while an active IMSI-catcher acts as a “fake” cell tower between the phones and the legitimate cell towers. | |
Malware | Malware is malicious software installed on a digital device such as a computer, server, or mobile phone, to compromise the device. Malware can do many different things, but against anarchists and other rebels, it typically aims to gain visibility into the compromised device through remote screen capture and remote keylogging (recording the keys pressed on a keyboard), and to track the location of the device (in the case of phones). | |
Network forensics | Network forensics is the monitoring and analysis of network traffic. | |
Physical access | Physical access is the process by which an adversary physically accesses an electronic device in order to access its data or compromise it. |