A Kidnapping in Milan is a book that I’ve meant to read for a long time. I finally got around to it a couple of months ago. Readers of this blog would doubtlessly enjoy this work. It touches on several major themes that I talk about here and on the podcast. Make no mistake – this isn’t a technical manual, nor is it written from the viewpoint of a privacy advocate. This is the story of how some very focused investigators unraveled a mystery using modern (2004+) technology. You don’t have to be a fortune teller to read between the lines of A Kidnapping In Milan and pick out techniques to use as part of your own operational security.
A Kidnapping In Milan
A Kidnapping In Milan: The CIA on Trial describes the extraordinary rendition of “Abu Omar” from Italian soil in 2004. Omar’s wife, having no idea what has happened but assuming something bad has befallen her husband, calls the police. The investigation stalls until one dogged investigator picks up the case. The book describes, in great detail, what has been pieced together about the operation. Mr. Hendricks also discusses the conditions of Mr. Omar’s detention in Egypt, and some of the aftermath of the case.
Operational Security TTPs
It is hard to describe the techniques that interest me most without giving away the whole story, but I will try. The first and most detailed of these was they way Italian investigators discovered who was involved in the operation to kidnap “Abu Omar.” They did this by look at cell phone data. Even though the phones used during this operation were used extremely sparingly (which may be it’s own red flag) they created enough metadata to tie themselves together and to the operation. Could this have been prevented by smart use of Faraday cages? Read it yourself and be the judge.
The second most important piece of this work for me was the tradecraft used by the individuals who conducted the kidnapping/rendition. Their tactics, techniques, and procedures described in great detail in A Kidnapping In Milan, including how they purchased cell phones, checked into hotels, etc. Some of it is quite good, and some of it is terrible. It seems as though much of their individual OPSEC was left to personal discretion; this is where thoughtful individual action could have made all the difference. But didn’t. Despite being members of an extremely sensitive operation, and (one assumes) members of an elite organization conducting such operations, Mr. Hendricks was able to locate several of them at their homes, in the US. Mr. Hendricks had no inside information, secret databases, or private investigators.
If you’re looking for a good read that examines some real-world operational security, check out A Kidnapping in Milan: The CIA on Trial by Steve Hendricks.