Russia, Reflexive Control, and the Subtle Art of Red Teaming | Red Team Journal

By definition, reflexive control is “a means of conveying to a partner or an opponent specially prepared information to incline him to voluntarily make the predetermined decision desired by the initiator of the action.”1 In other words, when employing the theory of reflexive control, you paint a picture of the world, that, if successful, your opponent accepts. This false picture compels your opponent to act in your favor.

Quote of the day

"In the future, we should anticipate seeing more hybrid wars where conventional warfare, irregular warfare, asymmetric warfare, and information warfare all blend together, creating a very complex and challenging situation to the combatants; therefore it will require military forces to posses hybrid capabilities, which might help deal with hybrid threats."

-- Agus Harimurti Yudhoyono, via Small Wars Journal

Note: I wrote something similar on a paper back in 2012. The idea was to bring to light the use of Red Teams to augment Special Operations and Law Enforcement.

Hospital Recon and Security Readiness

I was recently in a hospital and the security director and I had a chat about potential threats, active shooter scenarios and how to make the overall perimeter of the hospital harder to penetrate and easier to monitor.

He and I walked everywhere, with me taking notes and pictures of everything. In some cases, I pointed directly to potential routes of entry and problematic spots (see attached pics). I walked the director on how I would penetrate the hospital covertly or overtly, what would I use and who I would potential targer for social engineering. We also brainstormed about the different attackers the hospital would see, and how each affected the security.
Finally we focused on the active shooter scenario. They do have trained staff, but as I was describing how I would do it on a mini-tabletop exercise, they realized the holes on their plans and policies, and more importantly, they realized the weakest points in their perimeter.
This simple tabletop, coupled with the walking of the building and specific pinpointing of areas of concern, provided the hospital security staff with a better way to understand the threats, prepare better security countermeasures and put in place better security cotrols.

This whole assessment took 4 hours. The stuff cooperated completely.

Note: Be aware that the issues found have been closed. The hospital implemented every single suggestion to improve security.

The Cyber Moscow Rules | OODALoop

Lessons learned from US agents who operate in enemy territory have been captured for years and transformed into a code of conduct popularly known as “Moscow Rules.” Those old rules existed for a reason. Real-world experience proved their effectiveness when agents had to operate in the presence of adversaries.

Since modern cyber defenders are also frequently required to operate in the presence of adversaries there are lessons from these old Moscow Rules relevant to cyber defense.

With that as an introduction, the following is a modified list of the old Moscow Rules designed to help the cyber defender under fire.

Consider these as “Moscow Rules for Cyber Operations”

I like this one:

Understand the human tendency to forget about the threat as soon as the current attack has been mitigated. Do not fall victim to this cyber threat amnesia. When not under visible attack, study, prepare, and test your own defenses.

Red Teaming the Taliban | Small Wars Journal

By Vince Tumminello.

A very interesting paper with a good approach to Red Teaming and the mindset.

The following is a red team exercise that posits requirements for an Afghan Taliban victory in Afghanistan over a 5-year timeline. It is presented in four parts (The Cause, Political Strategy, Military Strategy, External Support) as a cohesive document presented from the Taliban Military Commission to the current leader Mawlawi Haubatullah Akhundzada. This campaign plan was originally drafted to fulfill an academic requirement for Johns Hopkins University, School of Advanced International Studies, and adapted for Small Wars Journal.

The Dangerous ‘Illusion of Certainty’ | Red Team Journal

Seasoned red teamers understand that mismanaged red teaming can potentially introduce just as much uncertainty as it claims to reduce (if not more), leading to a very real and potentially dangerous false confidence.

A must read article from our friends at the Red Team Journal.

Quick post

note: quick post from the road, excuse the lack of formatting and the typos

Well, we are reaching the point where open source insurgency, open source terrorism is becoming a world-wide phenomenon. Mass shooting in the US, Germany, France and other places are probably going to become more frequent, along with some other forms of violent like the truck in Nice.

No, it doesn't help to "just have more guns in the hands of civilians" if those civilians don't know how to use them under stress and might hurt innocents, and can also become targets since the law enforcement might not be able to distinguish between good and bad guys. No, we are reaching a point where things like teaching trauma care in schools, having safe locations in each neighborhood and have parents prepare an emergency plan for the family are needed. On top of that we need better trained law enforcement, ready to deal with a shooter that might be trained in war (if it's an Isis terrorist that just returned "home") or someone that was trained for this.

We also need people in this country to understand what is going on in the world and get out of the dumbshit mindset of "I'm an American and I am safe at home". Sadly this is not the case. Learn what is going on.

In Israel, civilians are resilient. Years of having to deal with what the world is beginning to deal with now have taught many lessons. Everyone serves, everyone knows - to some extent - what to do. Everyone is aware of the threats. Even kids playgrounds have safe locations where kids can go hide, and they drill this! Is this a sad way to live, yes. But it is a necessity. And it's now a necessity here as well.

Red Team this.

Act, don't react!

Focusing on the goal

I've experienced plans going wrong many times during the several years I've been Red Teaming. Sometimes because of poor planning, some others because the real world always has the last word, especially when Mr. Murphy is along for the ride - and he always is.

Over the years both experience and mental resilience had taught me to assess the situation and adapt the original plan, go to a plan B or just work without a plan. While on the field, ideally you’d be looping through 4 steps constantly:

  1. Understand the problem (in this case what caused the plan to not work)
  2. See the solution (how do I solve this in a simple, fast and reliable way)
  3. Communicate the new plan (to your team or to you, mentally saying the plan helps red team the issues)
  4. Execute it

However, while doing this you have to keep in mind the goal of the mission, assessment or engagement. It is very easy to lose focus of the goal. An instructor at one of the schools I attended while on the military, always told us to focus on the end goal, no matter how bad it was. Mission came first and if the mission was to recon a target and gather intel then that should be the focus. All our planning was geared towards achieving that mission. Once we had that, then the rest (kit, transport, alternative exfil points, etc) would cascade from there. Remember: Rule 16: Target dictates the weapon and the weapon dictates the movement. The goal comes first. The what you are planning for.
It is very easy to lose focus of this when the conditions on the field are chaotic, or not as expected. We tend to focus on the things on front of you, and while these are often pressing and more important (sometimes life or death), once we solve the immediate problem, we need to go back to the original mission.

The best way I found to do this is adding the following to the steps described above: 0. What is the goal.

So, identify the goal, identify the problems preventing you from achieving the mission, find a solution (don’t forget: the solution is in the problem), communicate that solution and execute it. If it didn’t work, or a new problem arises, start again, but always keeping the question what is the goal as the first step. This will keep you focused on your mission.

Casing a Joint: Why You Should Sit Facing the Door | ITS Tactical

We all make choices in life and those choices always affect the outcome, whether for better or worse. While many of these choices you make are subconscious, there are small conscious choices you can start making that will give you an advantage in those situations you find yourself in that are beyond your control.

I’m specifically talking about the way you interact with locations you visit. While I’ll cover the broad topic, I’m specifically going to discuss choices as simple as where you sit.

This is simple, yet informative post by Bryan at ITS Tactical.

We've talked about casing a site many times in the blog. If you are going to do it, here are a few things to have in mind:

  1. ALWAYS HAVE A COVER STORY: Don't get caught! (Rule 5)
  2. Prepare a sketch of the site being cased. It doesn't have to be fancy, but it does have to include the important points: entrances, cameras, windows, where to sit and have a good view, exits, places to hide inside the site and outside, places where a tail can be lost, places where if you're tailing someone can pose potential risks, etc.
  3. Take pictures of those points and add them next to the sketch.
  4. Provide a description of the everyday activities, atmospherics: do people walk with cellphones on their ears, do they talk to each other, do they stand, do they cross the street when the light is right or at any time, do they park their cars in order or randomly, do they eat at the bar or they take food to go, etc...
  5. Provide a list possible places where hasty disguises can be achieved: cafes, bars, gas stations, etc. Take pictures and note the addresses.
  6. Provide a list of possible choke points: a choke point is a place on the AO (area of operations) that will make the people casing or tailing, very evident. If we are following someone this will be a crossroad when the target can easily spot us. Note those when casing the site.
  7. Avoid static lookouts. Move and act naturally. Blend in. DO NOT LOOK DIRECTLY AT THE PLACE OR PERSON.
  8. If a team is casing the site, divide and case the site in a circle, that way each team member can see the other's weak points and if someone is pulling counter-surveillance.
  9. If close to a possible hostile, ACT NATURALLY and if needed ask the target for directions or whatever. Be aware that after this you are burned with this target. DO NOT ACT LIKE A ROBOT, i.e. immediately reach for the phone or switch direction...
  10. 2, 3, 4 or more people on a location not really doing anything is bad. If a full team is casing the site, spread. Keep comms with TOC and with each other.
  11. If you think you were made, report and go away from the site.
  12. Keep an eye on faces: Once is an accident; twice is a coincidence; three times is an enemy action. Report (if possible take pics) people you think you saw before.

Practice and be safe.