home about kadyness writings pictures links scientology stuff rss
Scientology Central
Guardian's Office Roundup
Stipulation of Evidence in Snow White
Branch 1 - Burglary Hat
Life and Times of "Marty" Mark Rathbun
Council for Spiritual Integrity
Real life adventures: Los Angeles
Other links
 


------------------------------------------------------------
BRANCH I
DIR. HAT
E
[page 1]
BRANCH ONE HATTING LETTER          8601 Got(?) 7/8/77
For quite some time now, we in the C of S have had the problem of contending
with government and other agency infiltrations of our organizations.  Most of the
time this occurs it is due to the fact that these agencies have a desire to obtain
some of our files which they think will help them in looking for whatever it is that
they mistakenly think we are trying to hide from them.
Since one of our primary functions in the GO is that of security for our
organizations and individuals, I thought it necessary to describe to you how some
of these agencies and agents work.  With this data you may more easily identify
one of these infiltrators and predict the presence of one.  There are also included
some things to look for which will help you to identify the presence or work of
one of these professionals.
This data was taken from a number of books read on the subject, as well as
personal interviews with agents who have done this kind of work, and this data
reflects much personal experience.  Some is in actual excerpted form, but the
majority of it is a summary of data this far learned on the subject.
"There are some very basic principles and techniques to be employed for the
activity of obtaining files from a target area.  These should be well known by all
as files from a target area have proven to be the best and most reliable source of
data, and these techniques will invariably produce those files.
When considering how to obtain files the prime consideration should be that of
safety for the operatives, the mission assignment, the case officer, the network,
and the employing organization.  Exposure, having one's cover blown, shows that there was
weakness and outness in one's over, and that someone failed to predict and adequately
cover for the situation that "Blew" the agent.  It may also mean that the agent
was sloppy, careless, insufficiently trained or briefed, or didn't follow the
instructions or cover.
RULE:  A cover should always be good enough to withstand the failure of the
operation, and on top of that the Case Officer must insure that the operation
and the operative do not fail.
On light cover cycles, ie a suitable guised phone call, a blown cover is rarely
dangerous although it can be very embarrassing, and usually blows that approach,
but in a files type of operation it can prove disastrous to have one's cover blown.
Covers may not always be able to be air tight, but working towards that goal is the best
safety factor for all concerned.
Countering the safety factor is the time element and need for the desired data.
The need for the data and its importance to the employing organization will
sometimes place the agents in a riskier position than if they had the time to plan
an air tight cover.  Therefore, what must be known by every agent and case officer is
that if they are blown "they must take full responsibility for the actions, and
never let it be known that there is an employing organization.".  This can be done by
giving another cover story like "I wanted to do this thing myself so I could get
my name in the press" etc.
So, we see that the time element and need for the data must be weighed against
the safety of an air tight cover, but that whatever the case may be the employing
organization must be protected from exposure.  Keeping these basic intell
principles in mind,  we move to some methods involved with obtaining files.
[page 2]
In determining how to get these files, one always tries for the safest approach
to the target, checks it out for its workability, and from there proceeds to the riskier
approaches, after the safer ones have failed.
CASING:
In all types of files operations, a thorough casing of the target area should
be done.  Casing means going down to the place and finding out what type of
obstacles are in one's way, prior to the actual approach to obtain the files.
Classically, casing is looking at the building, office, home etc, finding
out if there are any guards, and if so where, and when, how do they handle people
they are not familiar with, security procedures they may use, their time schedules,
and their rounds if they make them.  It means to look for hidden cameras, observe all
entrance and exit points, look for burglar alarms, find out what kind of locks 
are on the doors one wants open, the locations of a central key box or ring, the
flow lines of the organization, and anything else needed to know peculiar to the
operation.  Casing is a good thorough observation and inspection of the target
area physically to learn of the obstacles so that one can successfully work
around them, or utilize them if the need arises.
One very easy method, used by professionals for finding out the full security
details of an office bldg. is to call the bldg. manager as a prospective tenant.
One can be calling for his boss to find out what kind of space is available for renting,
if the elevators run regularly or are they shut down at a particular time, what security
precautions are employed, guards? when? from what Guard agency?. can employees come
in after hours, what type of Cleaning service do they have, maintenance service,
alarm systems, identification cards, etc.  Any of these questions are valid questions
for a firm whose employees work late and sometimes have large amounts of cash on hand,
and building managers are always happy to give out this data to a prospective tenant.
It has been found that the case office will always go to the target area to 
physically inspect the area himself, not necessarily to conduct a thorough
casing job, but to get a good idea of the physical surroundings so that he has a
sufficient reality of the area which can be used when he is running the agent.  The
case officer, generally being more experienced, can often pick up some clues that
the agent may have missed, and be able to recommend other approaches that an agent may
not have thought about.
Since office type bldgs. are of most interest to us, I will mention a few things
peculiar to them.
Office bldgs where more than one office or company reside invariably have a
night guard, and/or an alarm system as security.  Any bldg. where you cannot see a guard
station at the main entranceway, nor can you locate a guard by knocking etc, and
where there is not a night bell on the outside will inevitably have an alarm
system wired up.  ( NOTE: A night bell is a bell located on the outside of the bldg.,
and used by people who want to get into the bldg. but do not have a key to the
main entrance way.  The bell rings throughout the bldg.  The guard will hear this bell
and come to the entranceway to open the door.  This system is generally used in
conjunction with a sign in register where the person's name, time of entry, destination
and time of departure are recorded, and sometimes the person's pass if the bldg. issues
passes to the people who work there.)  You can check your bldg. at night sometime to see
if any of the above is used by the bldg.
[page 4]
Most professional agents are familiar with but are not experts in the field of security systems. 
This presents a bit of a problem for them in that they don't always know what to look for 
when looking for an alarm, and on top of that there are so many different types, styles and 
functions of today's security systems that it is virtually impossible to know all the things 
to look for about each one.
This does not stop a professional, however, as he knows one very basic truth. All security 
systems can be worked around.  These are employed to thwart the intruder, but if one 
belong [sic] there, ie are an employee of the bldg. or the office, or are thought to belong 
there by one who controls the security system, then the system presents little problem for 
that person.
                                               
Even if this is not possible, many times by entering the protected area before the alarm is 
activated, and either leaving when another authorized person leaves or directly behind them, 
or by staying until the next day, well hidden, when the system is deactivated, the 
professional can have access to his target area.
Another method of bypassing an alarm system known and used by professionals is to get someone 
inside who can turn the system off to do so in order to let one inside. This is accomplished 
by telling the guard or an office employee that one left his keys in the office, or forgot to 
lock his office door, or his office file.  This gives one the time then to open the back door, 
and tape the bolt if necessary to gain access later, after having left in the expected manner, 
or to accomplish his task.
There are some obvious things and standard ones which will always be looked for by the 
professional.  The first and most obvious of these is a sign which tells all potential 
intruders that the area is protected by an alarm or security system. This sign is generally 
in plain view, and is used as a deterrent, but can also serve as a clue to the determined 
professional. It will state that an alarm system is hooked up and that the bldg. is 
protected by XYZ security agency.
When one sees this sign, he can find out the details of how the security system works by 
making that simple call to the bldg. mngr. who in most cases will give the full details 
to show the prospective tenant how secure his bldg. is.
The professional also looks for wires around the doorways, an unusual or out of place 
looking box on the side or over the door, a trip switch over the door, and tape 
lining eindows[sic]. If one can get a glance at the door when it is open, he can look at 
the inside edge where the door is hinged, and inside one looks for any buttons or switches 
that could push in and out or go on and off if the door were opened and closed.      
Many times the agent will not have the opportunity to examine the inside edge of the door 
until he is surreptitiously inside the bldg. of[sic] or office.  In this case the 
professional will always check the inside edge of the door, and will also check around the 
entire edges of the door looking for a trip switch. He will also look underneath the entry 
door rug to check for wires or a sheet of plastic of any size which would be a pressure alarm.
If the pro found any of these things after opening the door, he would immediately close the 
door, wipe off any prints, and immediately exit the bldg; trying not to be recognized. He 
would realize that he had probably set off a silent alarm, and this would be a point of 
interest to us in trying to catch one of these people in the act.
As mentioned previously, the best way to beat the alarm systems is to have a good reason, 
permission or the authority to be inside the protected area.  The alarm systems partially 
described can be used on interior office doors as well as entrance and exit doors.
[page 5]
Good agents are the key to any successful data gathering or other type of
operation.  A fair amount of time is spent recruiting and grooming agents, and
building up a reserve of agents.  That is the only way good intell networks operate
as more than one agent can be used to infiltrate a place at one time, and there
are always a diversity of qualified people appropriate for the network needs.
Bad and troublesome agents will only serve to destroy the network and damage the employer
agency in the long run.
A note here is that many of the most successful actions in data gathering by
agencies have been accomplished when repeated attempts by more than one agent
going in on a number of different angles is attempted.  This persistence and the
covering of all approach angles has broken down the security boundaries of some
of the tightest agencies in town.
AGENT PLACEMENT AND UTILIAZTION [sic]
Agents are of no use to anyone unless they are sent into a target area to produce
some type of effect. Here we are mainly interested in the types of agents used for
data gathering and files collecting. These are primarily the ones used against Scn.,
and are the one's [sic] whose techniques we should be most familiar with in order to
stop, catch and expose them.
The easiest and safest manner of gathering files and data is to place an agent
directly inside the target area. This affords the agent a direct line into the area
where the data is coming from. He or she can find out where files are, who is
interested in them, where keys are kept to file cabinets. and where financial and
personal data about the enemy people of interest is located. Being directly inside
gives one a reason for being there (ie working late etc), the ability to by-pass
guards and security systems, and generally a set of keys to the place, which can
be copied and used later, as well as possibly giving the agent direct authorized
access to the data of interest.
Using this technique means that the exact target area is known about beforehand
and that there is a job or opening of some kind near the person of interest who has
the files or data needed.  Although this technique is the safest and most workable,
in many cases it is not feasable due to no hiring or no position open in the right
area, or a greater need for personnel elsewhere.  In this case, the next best alternative
is actually inside the firm or organization itself, anywhere.
This, generally, affords the agent the same type of accessibility to the info
and to peripheral areas as the agent above.  It puts a bit more of a strain on the agent
as they are sometimes in a position where if they are caught outside of their
area and inside the target area they would be suspected or at least attention would
be brought upon them. This can be by-passed by having a good reason for being 
in the target area (ie my boss wanted me to pick up these files, or these are mine
that were borrowed and I need them back, or have you seen my purse? etc). This should
be a fairly real reason but does not have to be extravagant as people will dub in
the most incredible things to make sense of a situation, it really has to be seen to
be believed.  People do not expect, nor in most cases can they confront the thought of
having Intelligence operations run against them, and therefore come up with the most
incredible reasons and dub in to explain intel activities.
Establishing a pattern or working late is another workable technique. The agent
works late, the bosses know this, thinks he or she is a good company employee,
the agent waits til no one is around and goes about his business.
The next best method used by these professionals, and one that has proven to be
be extremely effective is to get someone in the bldg. where the target area is
located. They uould apply for a job as a guard, a cleaner, a maintenance man or janitor
for the bldg. itself.
[page 6]
A Case Officer only needs to learn what guard services cleaning service etc
is employed by the bldg or how these people are employed, and by whom in order to get
someone working there. This data can be gotten from the telephone call to the bldg.
manager as a prospective tenant.
This technique has proven workable for a number of reasons. One is that there
is generally a high turnover of personnel in these guard and cleaning services
which makes jobs fairly accessible. Two is that in most cases the guards and/or
cleaners and janitors have keys to some or all of the offices in the building, and
at the least know where the keys for the bldg. offices are located.  In almost all cases
these people will have the keys to the bldg, mngrs. office, and in this office one
can inevitably find the master or duplicate keys to every office in the bldg.  These
positions will also give one the data about how the bldg security is run, who stays
late, where, and alarm systems etc.
If a cleaner or janitor cleans the exact office on the exact floor the target
area is located in, and we thereby have a verified, permissable excuse to be inside the
target area, some kind of cover story will be invented to cover the possibility of
the agent getting caught with his hands in the till.
The cleaner/janitor has a few minor drawbacks. One is that there is sometimes a
boss they must report to periodically on the job, or who checks up on them periodically.
This can cause some problems, but can always be worked around. The next is that there
can only be a certain amount of time spent in the room generally, as other offices
need to be cleaned by them and if they do not do this they will get fired. So, here
they have agents who work quickly and efficiently if in the target area, and 
at a medium pace in all others.
                   
Cleaners/janitors positions have advantages that far outweigh their
disadvantages because they can get easily inside and work, have permission to do so,
have access to keys which can and will be copied, and can also let someone else inside
to work while they stand some kind of watch. Even if by some chance the agents could not
get inside they can always find out where all the master keys are kept, and then
another method can then be devised to get them. Very often, this method will be for
someone dressed as if they belong in the bldg., to go to the bldg. on a Saturday,
Sunday, or Holiday, walk up to where the keys are stored, take the key off a hook,
go to the office, open the door and have a field day perusing the files. This actually
happened. The agent never caught.
The guard position is equally good for the Pro. The guard will most definitely
be able to give you the security precautions of the bldg. He will have, at least,
keys to the entranceway and exit doors, and any alarm systems, which he can turn on
and off at will. He works after the normal operating hours of the other offices in the
bldg., and at a time when most of the other bldg. employees have gone home thereby
having free access to the whole bldg.  In most cases the guard will have access to the
master keys to the bldg, or in the least he will be able to find out where these are
located. (NOTE: Most states have fire laws which dictate that a set of master
keys or duplicate keys for every lock in every room of the bldg. must be kept in
a central location. This is so that a bldg mngr or someone can open the doors in
case of fire if the tenants are not around.  This means that most bldgs. have duplicate
door keys somewhere on the premises. How about your offices?)
In the case where the guard does not have all the keys, but knows where they
are a method needs to be found whereby these keys can be gotten.  This should not
be difficult for professionals and usually isn't, as the guard/agent can let a
whole crew of experts in the bldg. after hours to do whatever work they need to do
and they have all night to do it in. This will most generally include locksmiths who are
adept at not only "picking locks" but who can also cut keys to fit the particular
locks in question.         
[page 7]
The guard has the added benefit over the cleaner of having a good excuse for
being inside an office bldg. He would most of the time say that he heard some strange
noises and decided to investigate. He might have a hard time explaining why he's
going through a particular file though, and this would generally be worked out before
he did so.  He could also stand guard while a cohort of his was inside doing the
dirty work, and even if his cohort was caught, the guard would do his job and take
the intruder from the person who caught him, under close guard of course
for the purpose of taking him in to the police and the person could and would
escape.
Maintenance men in an area generally have the same advantages and disadvantages
as the guard and cleaner.  They do, however, have one thing over each.  In
many cases a maintenance man can go into an area in broad daylight to fix a desk,
put down a door, repair a file cabinet, paint an office etc., and can authorizedally
move the locations of people who work in the space.  He also generally carries large tool
boxes or supply carts and a file can just happen into one of these, be copied, and
returned before anyone is the wiser.  There are certain self evident disadvantages to
this approach as well,
The next approach down from the above methods is to place an agent inside the
bldg., anywhere. This gives the agent the bare minimum of having a good reason to
be in the bldg. and in most cases the wherewithal to by-pass guards and security systems. 
It has a primary disadvantage in that there is just about no good reason whv he should
be in another office perusing files, nor should he be in the possession of another
firm's files is checked by the guard on the way out of the bldg.  A clever agent with a
good cover story can pull off this type of operation.
This approach gives the agent the opportunity to observe first hand the security measures
of the bldg., to become friendly with the cleaners and guards, to know and
possibly have copies of the make of keys used and locks, and to obtain an impression
in either clay or wax of a master key to the bldg. from a friendly guard or cleaner.
        
COMM LINES
Very often it is not necessary for a professional to get inside the office
surreptitiously in order to get the files or data needed.  Finding out what business
communication lines are used by the target area may produce the desired product.
Businesses cooperate and communicate with any number of outside areas, and often
times an agent in the right outside agency who has a line into the target area can obtain
the desired files with as little as a phone call or a letter.  At the least, in these
cases, the agent can go to the target area and review their files on the subject.
There is absolutely nothing illegal in this approach, even if caught but some
resulting bad PR, and the loss of a job are consequences for the agent whose cover
is not well prepared, and the possiblility of the employing organization being
exposed could well result.
Another approach, riskier, but one that still has some merit is to use the above
tactics without actually being employed bv the neighbor agency.  It vorks like this.
Mr. Jones from the neighbor agency calls the target area and speaks preferably to a
secretary or an underling.  He says that he has sent Mr. Smith down to pick up
their files on XYZ firm, and would they be kind enough to see to it that he gets the
files quickly and returns to the office, or that he copies the files and returns
quickly and returns etc.  Then, Mr. Smith who is only minutes awav from the target area
walks in, speaks to the same person just spoken to on the phone, tells the person that
he is from the neighbor agency, and was sent by Mr. Jones to pick up the files they
have [on] XYZ.  The secretary will say something to the effect that Mr. Jones just called
and relays the message of the phone call, and will generally produce the desired data.
[page 8]
This approach also bears the obvious risk that a wrong person is spoken to in
the target area, or that a call would be placed back to the neighbor agency to verify the
story.  In this case the whole scene would be blown wide open.  That is the reason
for having Mr. Smith in or nearby the target area.  This risk would especially apply
if it is odd for the neighbor agency to be calling for this file, and so in all of the
above cases where this approach is used, heavy investigation work is a prerequisite
to the action.
B and E's
B and E stands for Breaking and Entering.  This is a term given to a criminal act
of physically breaking some object, ie window, door, lock, door jamb etc., for the
purpose of gaining entrance to a particular area.  It is a crime, a felony, and is
almost _never_ used in intelligence gathering for the obvious reason that someone will
find out that the area has been vandalized and call in the police and an investigation
will ensue.  This is stupid and is extremely bad intelligence as evidenced by the Daniel
Ellsberg's psychiatrist's office break-in commonly refferred to in the press
as a related Watergate incident.  Not much time needs to be spent on this.  If one sees
his door knob on the floor, or sawdust in the doorway, or broken glass in his window
pane, and further inspects to find a man with a pair of gloves on, and a crow bar
and chisel in his hand, he calls the police and the game is over.
On the other hand, a B and E is often times confused with an also illegal act
called illegal entry.  This is illegal, and a felony, and extremely risky, but at times
presents itself as a good intelligence gathering technique.  Illegal entry
differs from B and E's in that there is no damage done to gain entry, and no tell
tale signs are left behind to be discovered, so that entry can be made, the data
gotten, and copied in some fashion (Xerox, camera, written down ) and then it is
returned in its exact order to its place so that it is not noticed.
If one suspected that his area had been illegally entered he could inspect closer
and see some of the physical indications of such.
In most office bldgs., an intruder has a guard to get around.  This is done by either
locating a back or basement entranceway. and either taking stairs or elevators up past
where the guard is stationed.  These entranceways can be checked for signs of entry, by
checking to see if the door is open, looking for footsteps (in an otherwise untraveled
dusty basement area), looking for tape on the edge of the door or residue from left
over tape, or checking for jimmying marks on the door or around the wood where the door
bolt is located.
One can also check the sign in register to see if the intruder got around the guard
in this manner.  He would look to see if a person who signed the register did so in an
unknowing manner, not using standard sign in-sign out procedure, or if there is a name
on the register which doesn't necessarily belong there.  This last though is rather
difficult to determine as any reputable looking business man type can usually say to
the guard he either works in the bldg., or that he's there to see Mr. John Doe
who is in room 1408 etc.  The guard lets him in, he wanders around and no one is the
wiser. A check with the people in the office named by this stranger as his destination
will occasionaIly produce an answer indicating that they know of nor expected no one
of that name at their office. This still is not concrete evidence, since an unannounced
businessman could have stopped by to see if anyone was in after normal working
hours or on the weekend, but it does give an investigator an idea that he might
take a closer look.
Also from the guard a possible description of anyone entering the bldg. after hours or
asking strange questions or not filling out the forms correctly might be obtained.
[page 9]
                                             
Guards will generally remember someone who comes in and either does not look like
he belongs there, or does not act according to what the norm is, but they will also
not pay too much attention to someone who knows the routine, and acts like he belongs
there.  Professional thieves and intelligence agents know this and study the normal
routine first so as not to be conspicuous. So, if you're being hit by professional
the guards be none the wiser.
What does one look for if he suspects an illegal entry yet there are no outside
entranceway clues, nor any from the guard and register. He looks at the doorway of the
office. He looks at the lock and keyhole of the lock. He is looking for new surface
scratches.  These are sometimes produced by a careless lockpicking job, and are produced
inevitably by one who will be cutting a key from a blank. Light scratches can often
be covered up by moistening a fingertip and rubbing it over the scratched area, or
by putting some soot, like from a cigarette lighter, on a fingertip, moistening it,
and then rubbing it over the surface.
The inside of the keyhole will also have small metallic scrapings left in it if
the lock was picked using a "rake method"  -back and forth motion of a lock pick
inside a keyhole rapidly, or if the lock was a difficult one to pick.  These scrapings
are also unavoidable but unless one is looking specifically for them they will go
unnoticed. Even when noticed the investigator has no clue as to when these were left
there, and still needs more evidence.
One could also check for fingerprints around the door knob area, on the door casing,
and jambs, and on the nearby walls. But in these cases a professional will always wear
gloves you say.  True, but in many cases leather gloves are used, and these will
produce dye stains and smudges if there has been any heavy friction between the
gloves and another surface in the area.  So, the pros will generally use surgical or
rubber gloves which will generally leave no smudges.
Credit cards are a handy tool for the pro if he has a door bolt to get to
to open the office door. Credit cards are not illegal to carry (as is a set of lock
picks), and in some cases the credit cards work as effectively as a lock pick.
The credit card is wedged between the door and the doorjamb and slid either down or up
to meet the door lock bolt.  The bolt is usually shaped in a wedge shape and the
credit card edge is slid up and down against the angled edge of the
door bolt.  This forces the bolt back into the door, and the door opens.  This action,
though, wears down the edge of a credit card and leaves tell tale shavings of white
credit card material around the door bolt.  A careful professional will clean these up
but many are not that careful. (NOTE: This credit card routine will not work on a
totally round or totally square bolt, nor on a door which has a dead bolt locking
mechanism. If used on one of these bolts there is a good chance that plenty of white
credit card scrapings will be left over.)
Occasionally the door stop on the outside of the door will be removed with a
chisel, screwdriver, or hammer to get a good shot at the space between the door
and the door jamb.  This will be difficult to replace exactly as it was and often the
paint or shellac or varnish on the seams of the door stop will be ragged or broken
off after this action has been attempted.  This approach is generally not used as in
most cases it leaves telltale signs and constitutes Breaking and Entering, and is
bad intell procedure.                     
Another form of illegal entry which is risky but at times extremely effective is
this one.  It is used occasionally by professionals who know their business and are
pretty slick.  The agent has to get inside the office, he has no keys and he can't
quite get around the guard. He goes to the bldg. and stays inside the bldg. in a bathroom
or somewhere else not being detected. Waits until closing time for the
bldg offices or the end of the work day and leaves with the rest or the traffic.
[page 10]
During his exiting period, he will ask the guard for a match, wait around for
a ride and get into a conversation with the guard.  During this converation he will
establish himself as a new employee of the bldg., and particularly of the
target office, and he will ensure that the guard becomes familiar with his face.
(This of course does bear the obvious drawback of being able to be identified.)
This course of action will continue for a few days, until the conversation with
the guard is flowing easily, or until the guard does recognize the agent with ease.
Then, at the same time this is going on, telephone calls wili be placed into
target office, after working hours to determine if anyone is there to answer the phone.
This will be established by calling the telephone numbers of a number of different
people wbo work in the office if there is more than one person or telephone
in the area. This will give the agent and CO a rough idea of the time that the
office people quit working and give them a good idea of the best times to enter the
area and be undetected,
Now when the preliminaries are worked out as best they can, the agent pulls
his usual routine with the guard, and then suddenly remembers that he left his keys in
the office, and that he forgot about the thing he has to have done for tomorrow's
board meeting etc., and who has a key to let him in the office?  The guard may, or
a cleaner may, and this person lets the agent in the office. This agent has
now successfully by-passed the guard and any security precautions or measures taken
by the bldg. until he has to leave the bldg.
The first action the agent would take while inside the office using this approach
would be to make a thorough inspection of the office space to see if anyone was left
working there late, and if he found such a person he would ask this person an
innocuous question like, is Mr. Jones (an employee of the office) around still or
do you know where XYZ firm is located, I'm lost and can't find this office etc.
He would then leave with a thank you to the person who helped him with his problem
and then go to the guard with a thank you, and the fact that he'll be taking his
work home to work on. He can then try this same approach at a later date,
Of course, once inside and alone, he can gather whatever data he'd like, copy it
in whatever form, and return it to its place and leave, unscathed. He will of course
have a good cover to handle the possibility that some employee of the office walks
in on him during his handy work, and he will be just leaving as the person arrived.
          

INSIDE THE OFFICE:
Utilizing any of the above techniques will eventually get an agent into
90% of the areas they need to get into. So, now what does one do when inside and what
do we look for inside the office. The careful professional is not going to touch, move
or fiddle at all with anything he doesn't need to in order to get the desired data.
In most cases he will be going directly to the files or the area where the data
is located. He realizes that once inside, the least amount of time spent there is the
safest procedure he can take.  He is exposed to potential danger every second he is
unauthorizedly inside, So, he will know what he is looking for, go straight for it,
figure out the quickest method of obtaining it, the most expeditious and efficient
means of copying it and getting it back in its place and then will do this. On top
of this he will have as airtight a cover as possible to handle the possibility of
his being caught. So, what clues does one look for.
The professional will know that for every locked file cabinet there is inevitably
a set of keys in a nearby desk drawer that will open the chbinets. This is generally
a spare set of keys "just in case someonc else needs to get to the cabinets."
This will probably be true of combinatlon locks. The combs will be written down in
a nearby desk drawer, so someone else can open the lock if the original person gets
sick or is out of work. So, unless the professional can pick these locks, which are
[page 11]
generally quite easy to pick, he will go thru desks in a search for these or he
might go fooling around with papers on the desk, telephone and appointment books,
or somewhere else in the area where he might think that someone would conceal a set
of spare keys or a combination number. He also knows that locked desk drawers will
generally respond to the same rules as above, and will go fishing for the extra key.
             
In some cases if the intruder doesn't have a camera with him, or determines that
it would be best not to transport the files or data to another location to copy, he
will use the facilities provided on the premises, ie the office xerox machine. This
is plenty adequate for their purposes at the time, but in some cases a record is kept
of the copies made on the machine, and the machine will generally have a copy
counter on it.  Even knowing this though, some will continue and use it anyway
figuring that even if more copies were noticed on the machine, it would be figured that
some employee made a mistake.
If the file or data desired is not returned to its normal resting place in its
exact order many times this wiU be a telltale sign. 
If the search is being conducted at night, some pros forget about the lighting. 
Many will carry a narrow beamed flashlight with them to conduct their search, and
sometimes this will not be extremely workable.  Lights will be turned on, but
curtains will not be drawn, and spaces between entrance doors and the floor will not
be covered and telltale light wili escape from what should be an otherwise dark
office. On top of that many will forget to remove and or restore these security measures
to their original position after they have completed their work.  They will leave
blinds drawn, doors closed or opened that shouldn't be etc.  RULE: When conducting
these operations a careful professional agent will leave everything he has touched in
the same position he found it in. They do, however, occasionally slip, and this is
their mistake.
EXITING:

Exiting from the target area is as dangerous as the entering or it and is
generally given as much attention.  Unfortunately, most bldgs. are concerned with the
illegal entry to the premises and pay little attention to people exiting, thereby making
the exit a less worrisome detail to the professional. Places with good security though
will have a sign out system employed utilizing a guard and one exit point, and
some will even have a package inspection. In conjunction some places will have it so
that anyone leaving the premises has to be let out by the guard who opens an
otherwise locked door, and they will have silent alarms hooked up to their other
doors not used for exiting.
Professionals are aware of this and will always make a dry run to check out the
security system procedures used, will have themselves well covered with an appropriate
story, and will notice any unforseen obstacles.  They will then devise a method to
circumvent these security procedures and then make another dry run to insure that the
newly devised circumventing methods will work for them.  They will then conduct
their operation.
SUMMARY:

To summarize all the data included above into a fairly concise sequential outline
of what would happen to an area if there were a covert data collection operation
planned against us to gain some data from one of our organization or one of our files
I will write up this summary of how things might happen.   
[page 12]
First it is decided that data is desired from a particular area. Some basic
investigation work goes into finding out where in the the general area the data
is located. At the same time some basic background data is searched for to find out
what the area is all about.
Then generally the Case Officer wiii go down to take a quick general looking
over of the physical premises to become familiar with the physical obstacles which
might have to be gotten around.  If it appears that there are many security procedures
which the agent does not think he can get around the C/O will often go and conduct a
more thorough case of the place himself, as he is generally more experienced.
The case officer will then peruse his resources to see if he has someone who will
meet the qualifications to fit into the target area, and he will design his plan of
action so that the agent being used can uork or for some reason be directly in that
area.
If this is not possible due to the fact that the agents on hand do not meet any of
the needed qualifications for the exact target area, or the fact that the area is
not accepting any new people for any reason, then the C/O tries to see if he '
can get an agent into the overall general area. (IE in this last case an agent
wuld be sent in on lines as a student or an expediter rather than having one placed
in Treasury).
In either or the above cases the agent once inside would try to locate the data
needed from the target area while he is authorizedly inside the area either during
normal hours or after normal hours when no one is around and he has already
established a pattern of working late.
If either of the above approaches cannot be accomplished by the C/O and agent
then a call would be placed to the bldg. mngr to find out what the security precautions 
of the bldg. are.  A careful case of the physical location would then ensue.
An agent would then try to be placed anywhere else in the bldg. where the org
is located.  This would include any positions such as a guard, cleaner, maintenance
man, or in another office nearby as a last resort.
The guard cleaner maintenance person would in most cases be able to by-pass
whatever security precautions are extant, and the person inside another office would
at least be able to stay late and give data about what procedures are used, and
allow another into the bldg. after normal hours. 
In any of the cases last mentioned the agent must have *will have a good cover
to explain why he is in the target area.  This cover will seem logical to most people
concerned, and will be thought little of. Each of the above will also have an
alternative cover to logically explain why they were caught with their fingers in the
till.  This is done to show that it is an individual action and not one that is
directed by either another or a group. 
                                      
Depending on the type of area, and the data needed, as well as the security
measures used to defend the area the next approach would either be used before or after
the last one mentioned.  This approach is that of utilizing another comm line into the
area.  It is the other firm, or person who has normal dealings with the target
area who would request some of the data needed. This would also
include the approach of the person who calls and says he is from one firm and is
sending another down to pick up the data.
The last approach used mainly due to its inherent dangers is that of illegal
entry, This would be where the agent would know what the security precautions of the
bldg. are, what procedures are used by the guards, what kind of Iocks are used, and
[page 13]
would by-pass the guard bv sneaking around him, by walking past him as if he
belonged there or by staying in the building in a safe and undetectable place until
after the closing hours, and until he was sure no one  was left in the target
area, and he would then get into the target area, by using a credit card, a lock pick,
a key previously made from a wax or key impression or be let in by a friendly
guard or cleaner after he has stated that he has left his keys inside the office.
This is the approach that was a last resort approach, and whereby the agent
would get in and  out in as short a time as possible and have a method whereby he could
copy the data in as short a time as possible and return it to its exact place
in its exact orders quickly as possible.
        
After one has read the data in the above Hatting letter, one should go back and study
all of the data in here as closely as possible.  Each approach should be thoroughly
understood in the above write up, and the details of each. Many of these approaches
or safeguards, or methods and techniques will be used in combination with some of
the other approaches, and the only way to start to recognize some of the signs that you
or your area is being infiltrated is to have a thorough knowledge and understanding
of the principles of each approach.  Also, remember that one of the most effective methods
used by these professionals is to get a number of these approaches started at one
time in an area. This serves 2 functions.  It helps to confuse someone only looking
for one person trying to infiltrate the area, and it gives the C/O a number of
alternatives to work on so that he does not have to put all his eggs in one
basket. So, keep your eyes open and get busy.
                                                                   LOVE
                                                                   
                                                                    DON
email me site by tikk@tikk.net