I’ve been an instructor for the Executive Protection Institute, teaching Information Technology to protection specialists since before there was technology; okay, I’m not that old, but it was before PowerPoint. I think I was using something called Word Perfect, and I printed the foils (clear plastic printouts) and, with an overhead projector, displayed them on a screen… Magic!
The title of the first class was Technology and the Information Superhighway for the EP Specialist. Now, not many even remember the term Information Superhighway.
Read more: Think Like a Bad Guy: A Look Back at GPS Tracking ConcernsI had approached Dr. Kobetz about teaching a class where the purpose was to show the basics and where the students could learn more about topics they were interested in or needed for their specific role.
The important thing was that we wanted them to be safe with technology and not to make themselves, their teammates, or their families a target by not knowing what was out there.
I approached this with one thing in mind. Given the time, what can I show them and teach them that they will be able to remember, and then use and research themselves? The first couple of classes over the years covered the basics: email, search engines, and web browsers, and as time went on, we added Blackberry devices, firewalls (hardware and software), proxies, VPN, and even an old favorite of mine, mailinator.
In those days, threats like phishing, viruses, and others were not as common, mainly because most systems that people had were not constantly online, but still, we worked to prepare them for what was there and to think as far into the future as we could.
We added the basics of OSINT, “Open Source Intelligence,” to the course a few years later. It was simply stated to me that the executive protection specialist needed to have access to information. This information could be about potential threats, where the nearest hospital with directions, and sometimes something fun like “What foods won’t make me sick when I travel to…” Back then, there was not as much information, and it was not as easy to find. Today, we have too much information, and it is harder to find what is real versus some hallucination made by AI.
At EPI, we have instructors who are not only executive protection specialists, but we bring in subject matter experts from around the world so the graduates of EPI will have a basic understanding of the different topics and also where to find more information or training in different disciplines, as one of those self-taught experts who sold his first computer program when he was sixteen, not for millions of dollars, but… I got paid, and in this article, I wanted to give you a little bit of the history of my class.
In October of 2011, I started talking about GPS in terms of not only mapping where you wanted to go but in the ability it had as it relates to tracking.
I only added to this warning through the years, and with each advancement in technology still covered this. A few years ago, I referenced a video that was done by a news agency that showed how much information your phone was sending back about you even if you had it on airplane mode. Basically, as soon as you went online, it said, “Guess where David has been.”
I do not know if other programs that try to emulate the Executive Protection Institute cover now or have covered, but based on the news article that I found on Slashdot.org I highly doubt they do. The article title of the article by Rachel Hagan for the Independent (https://www.independent.co.uk/world/strava-security-trump-putin-macron-secret-service-b2637282.html) says it all. “Location of world leaders including Putin, Trump and Macron ‘revealed by security teams’ Strava.’”
I cannot express how disappointed I am in members of our industry allowing their fitness app to be used in this way. Another quote says, “Some of the world’s most prominent leaders’ movements were tracked online through a fitness app used by their bodyguards, an investigation has suggested”
This is just not acceptable to me, someone with a foot in executive protection and another in technology, and yet another; as a new horror author, I can’t understand the lack of training for these individuals, and did anyone ever tell them to “Think Like the Bad Guy?”
If you are in executive protection, do not make yourself, your team, or your family a target by your lack of understanding of the technology you are carrying.
For a quick scenario, if you are in executive protection traveling with a client, even if you are not on duty at that moment, is your specific location something that should be guarded? If I were planning an attack, the first thing I would consider would be taking out or hindering the backup or the next shift’s team’s arrival. It could be something as simple as giving one of the bike riders’ SUVs a flat tire where they parked. How do I as the mastermind in this, know where they left it? Their fitness app told me, and it apparently is not that hard to figure out.
Now, in the article the US Secret Service told the newspaper that it did not believe the protection it provides was in any way compromised. I’m sorry, but if you check out what I put above. If you let a “bad actor” know where your team parks their vehicles before going for a bike ride or run, then guess what? That is a compromise, yes, not one that someone had taken advantage of that we know of or that has been reported, thankfully.
The article then says they are not allowed to use personal devices while on duty… Well, thank goodness for small victories for the people they are protecting. If they had stopped there, I may not have felt the need to comment, but the article then reports that they said “We do not prohibit an employee’s personal use of social media off-duty.”
Thinking about it, I believe I know the answer. We teach these basic concepts at EPI; our people understand they need to “Think like the Bad Guy.” They know that while they are traveling with their client, they are never really off-duty.
I have no way of knowing if the article is reporting the quotes wholly or correctly, so let me leave you with this.
Why take the chance? Why take the chance that the data in an app, the cell phone records, and or your geolocation data on a picture could be used against your client, your team, or your family? Yes, I mention family several times in this because, depending on the threat level of your client, they may be at risk.
We like to think they are not, that we leave them at home and they will be safe, but the truth is, and if you will allow me to add to it… Use common sense and think Like a Bad Guy.
David Musser, PPS