Clicky

TrapWire Interview Series Part 1 – Attack Planning: Left of Boom

March 24, 2023

Background

Today we are speaking with Mike Chang, Director of Operations for TrapWire, Inc. Prior to working at TrapWire, Mike served at the Central Intelligence Agency for 14 years as a counterterrorism operations officer, security officer, and senior instructor. He conducted counterterrorism operations and implemented crime prevention training programs focused on high-threat operations, surveillance detection, and weapons and tactics. Mike also served as a special agent on the personal security detail of the Director of Central Intelligence.  

At TrapWire, Mike manages teams that help clients understand the potential threats posed to them by pre-attack and pre-criminal activity. Put simply, Mike’s team conducts surveillance and other Red Teaming activity against client sites to help them better understand their threat vulnerabilities. These exercises enable organizations to understand precisely how and why terrorists, active shooters, criminals, hostile intelligence services, and other bad actors would collect intelligence against them in preparation for a hostile act. This is a unique approach to security, and we hope to get a much better understanding of such operations today from Mike.  

Attack Planning: Left of Boom

Interviewer

Thank you, Mike, for joining us today. We’re excited to learn more from you. TrapWire describes its mission as keeping clients “left of boom” – Can you tell us what that means?

Mike Chang 

Simply put, keeping clients left of boom means preventing an attack, criminal act, or other negative event from happening.  Let’s start by talking about the threats. Threats come in many different categories, ranging from hardcore terrorist organizations like Al-Qaeda or Hamas or Hezbollah, to criminals, assassins, kidnappers, abductors, insider threats, armed attackers, anarchists, and the list goes on.  For government agencies, there is significant concern regarding the activity of foreign intelligence services.  For businesses, there is significant concern about the theft of intellectual property.  All of those different threats have a timeline associated with their activity. Now if you imagine a timeline– over on the left is all of their preparatory activity, events that occur before their attack, or other hostile act.  And that preparatory activity is what we call left of boom. If you want to prevent these bad things from happening, this is where you have to focus.

The left of boom portion of the timeline is when they’re conducting all of their planning operations, whether that planning operation includes some type of logistical activity, such as acquiring uniforms or badges to blend into the environment of a location, or ground surveillance against the target location or the personnel at the location. Whether that is probing gates, or entrances, or actual criminal activity against a facility. And then after weeks, months, years of planning, then comes, in the middle of the timeline, the attack, and that’s what we call the boom. And then over on the right of that timeline, is a response by first responders, followed by law enforcement investigators who attempt to figure out who did this bad thing over in the middle of this timeline, who are the perpetrators, and those law enforcement organizations conduct this investigation to bring the perpetrators to justice. 

So that’s your timeline. And if you imagine the middle of that timeline as the big boom, over on the left is the left of boom. And that’s our goal. Our goal is to keep our clients, all the sites they protect, all the people that they protect, left of boom, we always want to keep them safe, so that they never experience any type of attack, meaning the perpetrators never reach the middle of that timeline. Again, whether that attack is a large-scale terrorist attack, or any type of criminal attack or even a burglary or robbery, we take the same approach. So that’s what we mean by left of boom.

Our goal is to keep our clients, all the sites they protect, all the people that they protect, left of boom, we always want to keep them safe, so that they never experience any type of attack, meaning the perpetrators never reach the middle of that timeline.

Interviewer

Interesting, so quite literally, to the left of the attack is everything that happens before an incident or something terrible unfolds. So, let’s go through this timeline. 

From the beginning, in the preparations that these attackers are making, what types of people and groups do you typically find engaged in these preparatory operations?

Mike Chang 

Every type of criminal. Even your bank robber. Your bank robber is going to “case” the bank or banks that they’re targeting, and that bank robber is looking for the weakest target. So they’re casing the banks, they’re testing the banks, and they’re stalking some of the bank employees. They may even try to co opt people at the bank while they’re conducting on-the-ground reconnaissance against those banks. And then amongst the banks that they’re casing, they select the weakest one. From their assessment and from their on-ground surveillance and all of the things that they’ve done in preparation for their attack, which is the bank robbery, they select that final target. And then they, of course, conduct their bank robbery. And, I wouldn’t say every bank robber is going to go through that process, because some people are just going to walk into a bank and hand the teller a note and say, give me money. But those people are going to get caught very easily. 

The ones who want to get away with it, I would say the more than average criminal will do these preparatory acts, and again, this is all types of criminals– all the way to your assassins, to your terrorists, to your child predators. We know that child predators will go through this same exact process. Instead of a left of boom mentality, they have a grooming mentality. So they go through this entire process, and they call it grooming. So all of these nefarious people, whatever their motives are, they go through the same processes, they conduct the same type of activities– left of boom, left of the moment they attack their target. 

Interviewer

So when you [TrapWire] are looking into the surveillance part of this, you are looking for the types of activities that are typically conducted during the left of boom phase – what type of information sticks out to you that the attackers are looking at or looking for?

Mike Chang  

They will begin by looking at any aspect of the defensive measures in place for the target they’re studying. Whether it’s a security presence, a law enforcement presence – on the military side, they call it force protection – military police. That’s often the first organization or group that the criminals or the threats will be assessing, because those defensive measures stand in their way. 

If they are targeting a bank, they will be looking at the bank guards. They will be looking at any aspect of physical security, or protection involving that bank – whether it’s door locks, alarm systems, or CCTV camera systems. On a typical military base, same thing. Do you have guards at the gate? What type of weapons do they have? What type of radios do they have? What type of uniforms do they wear? They’re collecting all of that intelligence, so that they can do an assessment of their targets. Out of the group of targets that they are looking at, they are going to eventually weed out stronger targets and focus their attention and resources on the weakest target.  That is the one they will go after.

After studying the target’s defensive measures or security features, they will begin to collect information on the specific target of their operation.  This could be a bank vault, a server room, an arsenal for weapons theft, an individual targeted for assassination, or the location of a crowd if it is a terrorist attack designed to maximize casualties. They will look for things like avenues of ingress and egress, pattern of life for a targeted individual, the identity of insiders who could be targeted for information or recruitment.  The list goes on and on.  They may then move on to the question of timing. When is their target most vulnerable or accessible?  What time of day and day of week is best to maximize casualties?  When is the security force most vulnerable or at its weakest?  Depending on the attack or criminal act they have in mind, the timing will have a specific logic.

What we do at TrapWire is turn this fact against the threat so that our clients can detect their activity and take action before people are killed.

TrapWire pre-attack stages

Interviewer

Can you discuss some of the tactics and techniques the threats will use while collecting this intelligence on the target?

Mike Chang  

The tactics and techniques will be determined by the on-the-ground realities of the target site.  For example, early on in the left of boom phase, they will focus on blending into the surroundings of the target.  This may involve dressing like a construction worker, a college student, a businessperson, a tourist, etc., depending on the environment of the target.  They will look for ways to take video of the site or a targeted individual without drawing attention to themselves.  Since everyone has a mobile device, this can usually be done without drawing attention to yourself.  They will look for people to target for querying, if they believe those people have valuable information.  This could involve surveilling them to see where they have lunch, or what bar they visit after work, and then targeting them there to strike up a conversation.  Again, the list goes on and on.  

Interviewer

This sounds like an extensive operation.  How long do these left of boom activities typically last, meaning from the start of the operation to the “boom.”

Mike Chang  

The time they dedicate to planning, on-ground surveillance, and logistics will vary depending on what type of threat they are and how sophisticated they are.  We know that certain threats like terrorists, school shooters, and mass attackers have planned their attacks for years. Your average burglar or thief is not likely going to spend years planning their attack, but a professional thief may spend years planning a large heist. These threats want to be successful with their attacks—be it if their goal is money, a high body count, or a high level of property damage. To be successful, they must carefully and meticulously plan their attack against you. What we do at TrapWire is turn this fact against the threat so that our clients can detect their activity and take action before people are killed.

Interviewer

This sounds like a good spot to wrap up this portion of the interview on Attack Planning: Left of Boom with Mike Chang. In the next interview, Mike will dive into Seeing the World through the Eyes of a Surveillant: TrapWire’s Red Team, in which Mike will talk in detail about what it’s like to actually conduct these operations against a variety of targets. 

Interested in learning how TrapWire Services can help you?

Check out a few of our solutions, or request a demo to learn more.

Request a Demo

Leave a Comment

Your email address will not be published. Required fields are marked *

Request Demo
Contact Us

CALL US

703-439-6750

[email protected]

Monday–Friday | 9-5 pm EST

WRITE US

Contact Us