Getting Away With It: The Art of Urban Infiltration and Exfiltration. Or the Tragedy of Luigi Mangione
Urban Guerilla Tactical Espionage Action
The United-Healthcare Assassin Has Been Caught (Allegedly)
Its always sad for me when one of these fugitives, dissidents, killers, or terrorists gets caught… No matter what they did or how smart, dumb, or depraved their cause, I’m a deep partisan of the Robbers side of the Cops and Robbers equation.
Sure I despise petty criminals, bums, bike thieves, shoplifters, home invaders, and anti-social freaks committing random violence as much, if not more, than the next Cat… the people cops don’t even bother to investigate. But whenever someone, for reasons righteous or depraved, manages to truly anger the Leviathan state, rack up all 5 stars in Grand Theft Auto and bring the eye of Sauron upon them… To become the running man, the Fox in the most lopsided hunt on the most merciless field… I don’t care if you’re D.B. Cooper or Bin Laden, I can’t help but cheer for you. Whether it’s a high-speed chase, or a clever cyber-scheme, or an endurance trek through the woods… I can’t help but cheer for someone gambling all their wits and all they have, against a seemingly unstoppable system comprised entirely of people thinking about their pensions.
And if you want a further deep dive into the ethics and politics of the killing
had a great write-up:But, Luigi Mangione, if he did it— There Some deeply suspicious items about his capture, allegedly they “found” all the relevant evidence on him? Also the Clothes do not match in the photos released to the public.— But if, we hand-wave all the Patsy/deep state conspiracy theories and assume he did it and this isn’t an attempt to cover-up a deep state hit… (which at this point looks deeply unlikely given how much info we have on him Vs. Ultra-Glowies like Thomas Matthew Crooks or Stephen Paddock) he made a fair number of interesting mistakes.
And No! It almost certainly wasn’t the “Alert McDonald’s employee” who reported him to the police. This is a painfully obvious case of parallel construction to hide the actual way he was caught, which is almost certainly some high tech, possibly illegal surveillance technique. (most likely McDonald and other Chain stores run facial Recognition on their internal security system for data mining, and that was used) The Idea an Altoona McDonald’s employee recognized him from one photo, alerted the police, and they actually got to him, either while he was there, or next time he showed up is laughable.
Either he’s a patsy; major computing and surveillance resources were expended tracking him; or in-spite of the mask and seeming preparation, he wanted to be caught (possibly relating to life altering medical problems, and a desire to promote a manifesto, and/or ayahuasca and 6th dimensional demon induced oddities (possibly taken to fight chronic pain)).
However setting all that aside and assuming it was Luigi, he made getting away with it hard for himself.
He was committing his murder in New York City, not only New York City, MANHATTAN, this is maybe the hardest borough of any city in the world to commit a high profile crime in outside the the core of the District of Columbia, because of the insane amount of Surveillance in that city, as much or more than anywhere else on earth: comparable to any city in China or any Euro-Surveillance hellscape like London.
This is an amazing video… checkout the first 10 minutes.
Tens of thousands of Police run and networked CCTV cameras, in addition to close to 100k private un-networked and privately networked Cameras in places like convenience stores, police phone pinging, license plate tracking, and entire facial recognition UNITS, people who just watch and use digital systems to track all that video, EVERYTHING.
Yet, In spite of this the NYPD is actually kinda crap at doing their job. The problem with gathering EVERYTHING is you’re looking for a needle in a haystack.
The NYPD were actually one of the best police departments in the country for clearing homicides until recently… but that changed dramatically with the Covid crime wave and the mass of illegal immigrants entering the country and NYC specifically since Biden’s Victory.
For reference, Homicide clearance rates across America have been collapsing for decades…
However the homicide clearance rate of white victims and by extension white criminals has been pretty consistently high, and rising. Which is probably a result of high trust, higher rates of technology use, more witness cooperation, and lack of gang culture (it’s easier to solve crimes when the motive is spousal drama than when it’s elaborate criminal enterprises)… And yes, cultural pressure to solve the crimes. Both positive and negative with white people demanding safety, and a culture that sees white criminals as dangerous super-villains to be hunted to the ends of the earth (when in reality letting white criminals dominate organized crime would probably save thousands of lives from dumb hood rat status violence).
So unfortunately for Luigi, unlike all the rapes and murders committed by hoodrats against decent ordinary citizens that largely go unsolved, He was targeting a white CEO of a Fortune 500 Company, so there is going to be insane political pressure to do something and all those surveillance resources are going to be used…. Fortunately however he had no personal ties to his target, so if he could simply get away efficiently there’d be no suspicion.
But how does one do that?
The 10 Types of Evidence
Note I’m going to use the Term “Crime scene” and “crime” as a generic catchall for any scene where forensic evidence is being gathered. It is not meant to necessarily imply guilt, criminality or immorality… Counter-forensics is used by legitimate dissidents, noble partisans, freedom fighters, intel-agents, Special Forces, corporate secret holders, government officials, and private individuals who need to avoid malicious observation.
For the modern dissident, criminal, insurgent, spy… there are a wide range of threats that can expose you, these are:
Visual
(sight and video recording; witnesses, cops, and cameras)Interpersonal/auditory
(sound, messages, accomplices turning rat, statements overheard, wiretaps, shotspotter systems, etc.)Physical
(touch (fingerprints), objects left at the crime scene, objects taken from the crime scene, objects altered or seen at the crime scene)DNA
(taste/sexual/pain(blood)… Semen, saliva, boogers and blood…(skin and hair DNA are very hard to get, only really useful for sexual contact, clothing contact, or indoor contact)Olfactory
(smell, K9s can track you 10s of kilometers in wild space and can be used to justify a search if they smell drugs, or if the cops smells drugs, or if the cop simply claims to have smelt drugs or have seen the dog do… anything (don’t do drugs))Electronic emission
(cell-signals, radio signals, bluetooth signals, wifi signals, RFID… Everything electronic on your person or vehicle that gives a signal and betrays your location to various sensor, or record your location via GPS and transmits it (when you put your phone in airplane mode it still records your gps location and sends it to Google/Apple when you turn airplane mode off)Digital
(search history, communications on online platforms, app-usage platforms, location data)Financial/Registry
(Credit Card, Hotel stays, vehicle registration, passport stamps and digital tracking, corporate registries, public transit passes, etc.)Vehicle
(Car plates, make, model, color vin#, gps, bluetooth, onstar (or other) SIM/sattelite comms systems, public transit cameras and ticket registry, cabby cameras… etc.)Psychological
(obvious motives, public statements about beliefs, claimed responsibility, criminal profiles (Don’t murder your wife))
All of these are conquerable. I started writing individual sections about each but this got too long, so I’m including this as an appendix to the piece as a separate article.
How Was Luigi Caught?
As we’ve established the “alert McDonald’s employee” is almost certainly a lie… not least because now they’re talking about not issuing the reward. But also Luigi is the most generic looking swarthy man to ever exist… 5+ million men in the Americas and Mediterranean look exactly like him, minus the fitness and eyebrows.
But then how was Luigi caught? (assuming he did it)
On the face of it Luigi used a lot of impressive advanced OPSEC techniques to conceal his identity: there was the 3d printed firearm and suppressor. Luigi not only wore a mask, he coyly changed clothes and backpacks in central park after the hit, he left no known fingerprints, the only physical evidence were the common 9mm casings left at the scene (basically worthless given the untraceable firearm, assuming that he didn’t buy from an obscure ammunition manufacturer)… And beyond this police kept hinting that he was employing advanced digital OPSEC techniques, including Faraday bags, burner phones, burner laptops, and other electronic emission concealment techniques.
Notably, despite appearing to have used a cell phone in the vicinity of the assassination his name and identity were NOT revealed prior to his capture, even as photos were progressively leaked… Which is weak evidence they didn’t have that info. There are reasons they might not release his name... But in most manhunt cases, especially of murderers, they release that info fairly quickly, especially in this case such as this where he could have been hiding with friends, distant family, or acquaintances who might have turned him in had they known he was the killer instead of becoming accomplices… It’s just normal procedure to release that info, both as a public safety and an investigative concern. Indeed if they had had his name, didn’t release it, then he killed another healthcare Executive before capture, that would have been many lawsuits and destroyed careers… wealthy families sue for stuff like that.
Unless said info was gained illegally or in a manner otherwise scandalous.
Now Wait, you might ask, he was caught on a cellphone?
The shooter was seen on a cellphone at 6:30 not 15 minutes before the actual shooting… Which combined with the quick turnover of him arriving at the hotel and him killing Brian Thompson (usually hitmen have to wait HOURS staking out a target) really suggests an accomplice.
Now we might not expect THAT much of a delay…given the time of the shareholders meeting across the street was known… But did he know Thompson was staying across the street from the hotel at the Marriott? How did he know he wasn’t getting a cab in to the other side of the building? How did the shooter know he could go to Starbucks BEFORE the hit at 6:17am, that he wouldn’t miss Thompson?
It’s possible the shooter just got lucky. According to the above timeline (released before his identity was revealed) he left his hotel at 5:30am arriving via subway outside the hotel at 5:41. This is a good time to show up for a stakeout if he had no other info… and maybe slightly late (some A-Type people do wake up at 5am)… But you can imagine if you’re plotting a stakeout killing with no other info, you know the shareholder meeting starts around 9am, you show up at 5:30, try to catch the CEO as he enters the meeting, and then if you miss him you can still enter the shareholders meetings (wearing the mask) to shoot him, or try to catch him coming out, OR try to follow him from the meeting… If he gets a Manhattan cab you might be able to shoot him when he gets gridlocked at a stop (again assuming Luigi doesn’t know Thompson is staying across the street).
But his cavalier attitude leaving the stakeout during his opening hour to get starbucks, then returning on a cellphone… That might be complete ill-discipline, but the fact he both felt confident enough to walk away from the stakeout for 15 minutes potentially missing his shot, and then returned on a cellphone ( a major OPSEC breach), only to get completely lucky and get his target out in the open unguarded with no crowd around him within AN HOUR AND HALF of the suspect (Luigi presumably) first leaving his own hotel on the Upper West-side!? That implies someone was feeding him information on that cell call. someone let him know Thompson wasn’t up yet, and that’s why he felt he could leave the stakeout for coffee, then someone let him know Thompson was on the move.
Note however this sequence of events contradicts the wikipedia sequence of events:
According to this sequence of events The suspect didn’t arrive on the scene and leave the F-Train Subway stop til 6:15 am, he then went immediately to Starbucks at 6:17, then is seen talking on his phone at 6:30 , then shoots Thompson at 6:44. This sequence of events implies a greater likelihood of chance… He arrived there maybe for 8 hours worth of staking out and stalking, and boredly walking around the New York Hilton Midtown… this is going to be thirsty work so he grabbed breakfast before setting to standing around, then just got lucky that Thompson walked by within 20 minutes…
This is plausible, Everyone KNEW Thompson would be speaking at the Midtown Hotel, Everyone KNEW the meeting started at 9 and that' he’d be arriving 1-3 hours beforehand, he basically HAS to walk there (or get out of a cab and walk the last 20-30 meters) unless he was actually staying at the Hilton Midtown, and wouldn’t leave it ( a minor risk, and you just enter the meeting if that’s the case)… and he was staking out the Hilton Midtown where the shareholders meeting was to be, not the Marriott where Thompson was staying… so presumably he didn’t know where Thompson was sleeping.
But then who was the suspect talking to on a phone at the stakeout point? Was that just a stupid OPSEC breach? Or did he have an accomplice? We don’t know, this remains a mystery.
One might imagine, if one wanted an innocent explanation, that he thought he was early and expected the stakeout to last way longer (thus stopping at Starbucks) and therefore decided to make one final phone call before going dark… If this was the case it was stupid to do all this in the vicinity of the crime scene instead of doing all this BEFORE traveling to the crime-scene.
This is a far more understandable mistake.
But you kids at home… One must “Go Dark” for all except emergencies and operational neccessities at the extreme edge before they begin infiltrating.
But I’m going to tell you right now: Of the 10 types of Evidence, the 4 that actually matter for how “The Suspect” was tracked down to Luigi and caught were 1. Electronic Emissions, 2. Financial/Registry, 3. Visual, and 4. Vehicle evidence.
Not DNA (taste/fluids), not Fingerprints, contact DNA, or physical evidence, not anything audible, not a smell, not anything psychological, not even his digital footprint. The other 6 types of evidence, what classic CSI type stuff might have trained you to think of AS evidence, seem to have been actually largely irrelevant.
These 4:
Electronic Emissions in the form of phone and laptop activity.
Visual leak in the form of the wider Camera web that stretches across cities, and Manhattan in particular.
financial and registry records.
Vehicle evidence
These are the 4 (along with digital records) that really compose the core of the modern sci-fi surveillance state and the core challenges of modern Urban Infiltration and Exfiltration. and In combating these Luigi’s (alleged) methods varied from the inspired, to the stupid.
And I’m also going to unpack the question of digital footprints later on.
Urban Infiltration and Exfiltration: What Not To Do
Look at this sequence of events again… notice something odd? Notice how far back it goes in time? How the hell did the police go from just the initial shooting of Dec 4th to knowing where the suspect was and what the suspect was doing way back on the 24th of November?
Do they have like advanced facial recognition that they can tell anytime a person comes into NYC and crosses one of their Cameras? Do they have a database of the bio-metrics of everyone who enters NYC constantly tracking where everyone is at all times!?
NO. just look again: the Sequence of events tells you how they knew!
The Suspect (Luigi) checked into the Hi New York City Hostel every time he visited NYC as part of this operation. The second they traced him back to the hostel they just had to look at the tapes backwards and forwards, check the guestbooks, and talk to the clerk, to get every day he was in NYC and video of every single time he left the hostel or came back to it. Sure he checked out of the hostel and checked back in… he might have even used a different fake ID when he checked in again if he got a different clerk… but MERELY LOOKING at the tapes 24 hours in the past, which you can do in seconds (default surveillance software cuts to movement and you can cross reference with check-ins and checkouts very quickly and easily) would have shown that he had been in the exact same hostel not 24 hours earlier checking out before he checked in on the 30th.
The second they get him back to this one hotel, they have him his entire schedule the entire time he was in NYC.
Now you can kinda understand why the suspect would want to stick to the Hi NYC Hostel… they accepted his fake ID and let him pay for his stay in cash or via his burner credit card… that’s not nothing, that’s relatively hard to come by in any city, and if it’s nice and comfortable it gives a feeling of safety… Many people who have committed worse crimes, and gotten away with it, have stayed in hotels on their own credit cards under their own names.
But anyone who’s seen the 1973 masterpiece Day of the Jackal can tell you that EVEN IN THE 60s, Hotels and lodgings were choke points and police tracked their books tightly even 60 years ago the second they had any suspicion.
That being said, New York is the Hotel capital of the world with 705 hotels, not counting thousands of Airbnbs and other accommodations…. Presumably thousands of criminals, murderers, and other criminals stay in New York hotels every year, the vast majority of them without being tracked back to them.
There is almost always going to be information leak with regards to accomodations… Even if you seduce you accomodations out of a friendly stranger at a bar, stay at a cash campsite well out of the city, or indeed sleep hobo… there are cameras, witnesses, etc.
But controlling that leak and being aware of it is vitally important… Don’t let your enemies know where you sleep.
it was at the hostel, not the starbucks, that these photos were taken of the suspect unmasked.
.
Staying on the subject of financial and registry information, the Suspect bought Starbucks within 300 meters of where he performed his hit. This is a stupid unnecessary risk. Now YOU NEED to eat and drink… especially when you’re entering a physical trial like a long late-fall/winter stakeout or a long insertion or exfiltration, being lightheaded or dehydrated at the point of contact will unacceptably lower your performance, and an injury during an escape due to exhaustion is probably the most disastrous way to get caught (remember Luigi (probably?) didn’t know the CEO would walk by in 20 minutes he might have been out there 6-8 hours)… but this has to be calculated, even if you’re paying cash and have a mask (which always looks suspicious)… almost every store has cameras and with better lighting and lower mounting will probably get vastly better video than exterior police cameras. Ideally you’d just bring the snacks with you, but otherwise you want to grab refreshments and take bathroom breaks, etc. a considerable distance from the scene and ideally in a mom & pop store where the cameras are more likely to be old, low res, not working, and the data not stored in a centrally searchable corporate office… If a cop actually has to walk in and ask for footage… they probably won’t bother.
However in spite of the risk, this doesn’t appear to have screwed The Suspect…
The use of an E-Bike rental however probably did.
E-Bike rentals not only require credit card info… which is a massive information leak, even if you use a pre-loaded “gift” credit card or stolen credit card they still know where it was bought, how it was activated, and/or who it was stolen from)… they also track all rental ebike GPS location at all time as an anti theft measure. So even if the financial transaction was untraceable, they still know which ebike was at the assassination, which e-bike went north through central park, and where it was dropped off, and can track that in conjunction with surface cameras to get a very reliable track of how he traveled.
MUCH better would have been to have purchased (or stolen) a regular cheap pedal bike which is basically untraceable… even brand-new a good enough bike can be had for a few hundred and you can just spray paint it or scrape off any identifying markings to make it truly anonymous. And to dispose of it you need only leave it unattended and unlocked somewhere public and some young scholar will handle the rest free of charge.
Likewise the subway and the taxi he got that morning both have cameras and external markings and numbers… even if he pays cash, If he is seen or tracked to the point of getting on or off those then it’s trivial for a cop to track down the cab or train from it's markings and they have him on Camera for the duration of his ride and wherever he gets off.
This does not mean public transit and taxis cannot be used as part of an infiltration or exfiltration… but it DOES mean that you do NOT want to board them or exit them directly at your final destination, and you want to understand that if you think your profile is trackable and hot, that it will be just as hot when you get out of the vehicle, and that those camera recording almost certainly WILL be called up.
While such public modes of transit can be used for a getaway, they do absolutely nothing to break the chain of surveillance and post getaway tracking
This is vaguely the route The Suspect took that day. from the Hostel, down the F Train, to the Starbucks, to the Hilton Midtown, shoot Thompson, through central park, onto 85th west, to Amsterdam Ave… And then in the Taxi to the George Washington Bridge Bus Station. 2 hours total from leaving his hotel to arriving at the bus station.
Do you notice anything interesting about this route from an OPSEC perspective?
EVERYTHING IS THE FASTEST MOST DIRECT ROUTE! no detours, no misdirection.
Of course they got back to his hotel, They just had to rewind the cameras that are everywhere from the nearest available subway stop to get the exact train he was on, then it’s just a few hundred meter walk up a straight street.
Of course they found him leaving central park and got him boarding the taxi… he left the park only 16 minutes after he entered it, then hopped in the Taxi within 2 blocks.
Even if his technical OPSEC was perfect and his credit card was a perfect burner pre-loaded credit card bought with cash, that couldn’t be traced back to him even if cops managed to find the store where he bought it and pulled up the security footage only to see him wearing a mask, and track down the device he activated it on only to find out it too was perfect burner device bought with cash whilst wearing a mask, and even if his cellphone was a perfect burner phone and he stored it in a Faraday bag the second he put it away… And even if they didn’t track him via the E-Bike he rented… just dedicating enough people to go through all the street and metro-subway cameras (which again NYPD has entire departments that can do that without getting up from their desk, and they probably have really quality of life software to make that as easy as you going on google street view and looking back and forward up a street)…
Note: Many criminals will insist you should allow burner devices to “Age” that you should purchase them months in advance with cash, so that by the time you use them for a crime the harddrives of the security cameras at the stores will have exceeded their capacity and looped back and overwritten the footage of you purchasing them. (remember all evidence degrades with time)
Even if every burner device was PERFECT. Just tracking him forward and backwards an hour and half gets them back to his hostel, and forward to him boarding the Cab, and from the cab number (which every taxi has) to the bus terminal… And then from the bus terminal cameras to wherever he bought a ticket to.
BUT WAIT! You might say. How did they track him across central park? Cameras are sparse in there, and he changed and ditched his outfit. They must have had high-tech facial recognition or gait analysis, or some way to ping his phone once he returned the E-Bike.
No. If he had hidden in the park for say 6 hours and then emerged at some dutch angle we might think that… ~5000 people pass through central park every hour. Which probably peaks at 10-15k an hour around lunch. He’d have quickly exceeded the limits of Camera quality and the differentiable population size if he’d stayed in central park til that afternoon.
But after less than 20 minutes? At 7am? Again for the centralized NYPD “““facial recognition””” unit (they wouldn’t even need anything in the way of software facial analysis for this) , It’d be trivial to just manually go through the 500-1000 people who emerged from the park in that time discount the women, discount the children, discount the elderly, discount the ones that don’t match racially or are obese… and what do you know…. a grand total of 1 guy of the same body type wearing a mask emerged from central park within the first half-hour after the suspect entered… follow him… Oh he got in a taxi, record that number we’ll see where he went.
Remember masks are double edged swords and must be used strategically… sure they conceal your face, but they also draw attention. Especially since the vast majority of video footage is simply too far away and not high enough resolution to perform individuating facial recognition once the sample size gets large enough… It can track an individual, but I’ve heard numbers ranging from 70k to a few 100k as the maximum facial recognition can differentiate with the actual information security footage gathers… (think of how error prone and finicky computers and apps are when they want to do biometrics with your face or ID right in front of the Camera).
Notice that they couldn’t, nor could anyone else out of the entire internet, simply pull Luigi from a general internet search against the photos they released… Even though Luigi’s photos were all over his social media accounts, and the photo they got of him without a mask was from a low well lit hotel security Camera pointed right at his face, not a highup police Camera. For 5 days this man’s face was in every news story, memed everywhere on the internet… and No memers, police department, hacker, or tech eccentric with all the AI and search tools available was able to say who it was.
NOTE: Camera Facial recognition is bound by hard physical limits. Namely the quality of the Camera, the Distance to the Camera, and any lighting or weather. While “Biometric” facial recognition can theoretically become terrifyingly accurate and Iris scans can act almost as a finger print… When you aren’t staring directly into a 4k+ camera at 1-2 feet, this degrades massively. Whilst on a clear day, close up, looking into the canera, with no obstructing clothing, and an expensive camera, an AI might be able to differentiate millions… Once we get down to lower quality mass purchased cameras, at night, in the rain, at a distance of a suspect wearing a hood, mask or other obstruction… This degrades massively. And this is a hard physical limit… the Camera itself isn’t capturing enough information for improvements in AI software to manage (of these night lighting is perhaps the largest… The difference between day lighting and night remains a nightmare for camerawork, even for hollywood filmmakers with individual Camera’s valued in the 10s of thousands of dollars). So your natural instincts about visibility, identifiability, etc. Remain fundamentally correct. Commit crime at night in the rain.
.
Also I want to note: A lot of people have been scandalized by the difference in appearance between the footage of the assassination and the photos of Luigi released by the police… Claiming that the Shooter looks so pale as to be Slavic, whereas Luigi is tan and Clearly Italian… I was taken at this too, until people in the know pointed out that the NYPD (and most police departments) have their cameras set to maximize brightness and contrast… Otherwise it’s impossible to get any information on black suspects faces at night (whom they spend most of their time chasing).
This almost certainly also makes true facial recognition and identification more difficult as this concession to being able to identify blacks at all destroys visual information on whites and other races… And thus actually facially recognizing an unknown suspect, as opposed to identifying an already obvious suspect (a jealous ex-husband breaking into his wife’s house) or merely tracking the movements of an unidentified suspect becomes even more difficult.
(also wearing blackface or otherwise darkening your face not only throws off the police, but destroys lots of visual information.
And finally we have to talk about it: His cellphone.
I saw people saying that in Manhattan it wouldn’t matter the suspect used his cellphone because there are 10s of thousands of people walking around between cell towers at any given time… Each of those hotels might have had 1000 people in them.
If you reflexively think that, you are not someone who should commit crimes.
Sure cops are lazy and traitorous and don’t usually pull all the stops, certainly not for normal “migrant rapes white girl” crimes, but they absolutely can if they want to… And if you actually challenge the treasonous regime they certainly will. (if a migrant rapes a white girl they’ll do nothing, if you track down and attack the migrant or the cop who buried the case, that threatens “racial harmony” and “the rule of law” and they’ll break all limits and any law to get you)
Let’s assume there were 30,000 people in the immediate vicinity of the shooting you can’t tell from the moment of the shot who did it… Ok how many of them immediately pinged north in central park in the minutes afterwards? Of those that did how many of them slept in the immediate vicinity of those hotels and can also be ruled out? How many of those were on a phone-call at 6:30?
This is why even if one has an opsec breach it is vitally important to stop the information leak as opposed to becoming fatalistic. An individual information leak might or might not put cops on the trail, a further leak might make one a person of interest, another a suspect… An unbroken chain of such leaks will convict you. Like good hygiene, one must clean more when they get dirty, not give up the endeavor.
We know the NYPD and other police departments specifically have in house transmitters (Stingray phone trackers) to ping cellphones and spoof cell-towers that they can gather all this information in house, without even the headache of calling up a cell provider.
If that cellphone was a normal phone with a plan and credit card attached to it… That’s it. They have your name and address, you’re a known suspect now. And the longer that’s ongoing the more of your movements they have and the quicker they can confirm you are not just a random Starbucks patron or investor who was in the area.
But even if you have a pre-loaded burner phone… The second they identify it from it’s pings they call the phone company and back-match it the store you bought the preloaded sim card from, pull up your face on video there, and pull up the device and ip address you activated the sim card from. They can call through their own databases and the phone company’s databases and get everywhere that cellphone pinged or called from, who it called, etc.
Burner phones are useful in that at least hypothetically the cops can’t simply look up your name and put a tracker or wiretap on the phone the way they can with a phone-plan… However once they’ve identified the phone via proximity to a crime, its very easy to track it, apply those wiretaps, and then with luck determine your ID from its activity and location.
Sure this is a pain in the ass and they won’t do it for just any little white girl who’s been murdered by a foreigner… but if you challenge the system and get on the news, you can bet they will.
So how does one commit high level crime then?
The flight to Analog
Are you a fan of the John Wick franchise? I found it really broke my suspension of disbelief after the first film and a half, it’s now something of a self-parody like Fast and the Furious… However it has one of the cleverest bits of world building I’ve seen.
Throughout the film, and especially the second film, set in the modern day, we see the ultra-wealthy criminal characters employing incredibly archaic cellphones, flip-phones from the early 2000s, pagers… Things that you’d probably need a skilled tech-expert to hack them into working on the modern cell-grid, stuff you’d struggle to sell for a dollar, and almost certainly couldn’t buy. Then we eventually see one of the administrative centers of this vast criminal networks… And they’re using Commodore 64 computers, and typewriters, and Pneumatic tubes to send messages to each other… analog audio headsets, rotary phones…
Most of the audience I think dismissed this as a bizarre and confusing hipster style choice…. a sudden transportation to a film by Terry Gilliam-esque dystopia “somewhere in the 20th century”.
But No, this is actually genius.
To avoid tracking, information leak, intel agencies, the NSA, their various criminal rivals own hackers and intel people… they flee into archaic and analog technology. You can’t hack an internal analog phone system, and you can’t intercept a pneumatic tube.
This is the soul of modern opsec getting from natively leaking, spying and compromised systems to inherently secure, obscure, archaic, and unrecorded analog alternatives.
Russia at this moment has teams setting up wired telephone networks with no electronic emmisions at the front line, and are using unjamable wires to guide their drones as opposed to wireless radio (yes this is as goofy as it sounds)
And while we aren’t going to dig too much into advanced side of this, this philosophy is at the heart of how urban infiltration and exfiltration works… Blending high tech, retro-tech, low-life, and high concept.
Creating a electronic emission free, registry free, transaction free, visual nullity… In addition to all the normal counter-forensic concerns (fingerprints, shell casings, etc.) at the point of contact, and then Using infiltration and exfiltration technique to break the chain of tracability from the point of contact to when you reintegrate into normal life hours, days, or weeks later.
Urban Infiltration and Exfiltration, The Right Way: Truly Becoming No One
‘What so sore distress is thine, Polyphemus, that thou criest out thus through the immortal night, and makest us sleepless? Can it be that some mortal man is driving off thy flocks against thy will, or slaying thee thyself by guile or by might?’ “‘Then from out the cave the mighty Polyphemus answered them: ‘My friends, it is Noman that is slaying me by guile and not by force.’
And they made answer and addressed him with winged words: ‘If, then, no man does violence to thee in thy loneliness, sickness which comes from great Zeus thou mayest in no wise escape. Nay, do thou pray to our father, the lord Poseidon.’
The key to Urban Infiltration and Exfiltration is breaking the Chain of evidence that can track a person.
Remember the 10 Types of Evidence:
visual
Auditory
DNA (saliva, blood, semen)
Touch/Physical (fingerprints, etc.)
Olfactory
Electronic Emissions
Digital
Financial/registry
Vehicle
Psychological
All of these degrade with distance, time, and weather… Even things you think would not degrade with distance, like a licence plate, become harder to track the further from their origin they are (even the FBI would have a remarkable headache trying to track a Myanmar license plate that appeared on a camera in New York, and witnesses probably wouldn’t recognize the alphabet, let alone remember the number), even an in-state licence plate would be hard to track to an owner 80 years after the fact, and of course in deep snow it becomes harder to read… Although good opsec suggests stealing or removing a lisense plate.
The question is of course how much distance? how much time? How much weather? The half-life of evidence varies wildly. Some lasts much longer than a human lifespan. Every so often you even get historians who think they’ve cracked murder mysteries from hundreds or thousands of years ago with some modern technique (though the perpetrator still got away with it… They died free).
Combine that with the fact “Privacy is Dead” and even you dear reader at this exact second are leaking digital information that you are actively currently researching how to commit crimes at a high level… And it can seem quite daunting.
But it’s actually shockingly simple.
What you are doing with urban infiltration and exfiltration is you are creating a brief window, a moment: maybe mere seconds or minutes, maybe a day, maybe a year long guerilla campaign “underground”, in which the actual action, the “crime” (moral or immoral) will occur and all the potential evidence leak will be pre-planned and pre-minimized… And then the infiltration and exfiltration are breaking the chains of that information back to your normal life where you are unmasked and not actively trying to conceal all evidence leak.
There are 5 stages to the urban infiltration operation, at any of which failure and inattention results in information leak… these are:
Preparation
The researching of the target (potentially buying and using a burner laptop to avoid incriminating search history tied to you), scouting of the location (which can be its own miniature, but less effortful infiltration operation, or it can leave a digital fingerprint via maps and streetview), planning the operation, counter-forensics planning, purchasing and acquisition of necessary materials, planning and beginning electronic emission control, and staging for the start of the infiltration…Note: even at the earliest parts of this stage you can screw yourself on your digital footprint, lots of dumb killer have had “How to dispose of a body” show up in their search history at trial)
However all of these also degrade quickly… One of the surest way to get away with the planning is to simply do it months in advance and then let time degrade the information leak of the planning… If you keep a good stockpile of pottential plans and contingencies this need not even slow your tempo of operations.
Infiltration
The initial masking (not literal at this point), killing of electronic and financial leak, distant approach to the target, secondary masking, escalation of discipline, switch to Anonymous modes of transport, initial circuitous travel and chain breaking, (additional masking stages and misdirection travel as need be), final masking, assumption of total information discipline, any advanced technical insertion (breakin’, scuba, ropework, use of specialized vehicle, entrance into controlled area,) final approach to target
Action
The actual operational activity, crime or “Crimes” to be carried out. This is where any violence, theft, statement, or activity actually occurs… Importantly the entire operation will be a failure if your methods here fail, so have redundancies and plans for if tools or techniques fail at this point.
Exfiltration
Circuitous stages of escape from the target, misdirection travel, staged unmasking/changes in appearance to reintegrate into the surrounding environment, purposeful hours of time killing in hidden or obscure locations to widen the space of time between the action and your final reintegration into your normal identity, initial disposal of evidence (change of clothes possibly), initial caching of loot or tools, and return to a vehicle or mode of transportation that can be identified with you.
Note: if you’re committing a truly high level crime (like killing a fortune top 10 CEO) even the infiltration, but the exfiltration especially, can last weeks of hiding out, misdirection travel, various amounts of financial and digital OPSEC, etc. Generally (if it’s serious enough) you want to lie low, if possible, until enough time has passed you’re sure they don’t have your name to release or until they actually do release your details and you know you have to go on the lamb.
Purgation
More total disposal of evidence, caching of loot and tools where they cannot be found or tied to you, re-initiation of normal electronic and financial information leak far away from action and initial misdirection travel, and then endless series of checks and fussing to eliminate sources of evidence risk, at this stage you also Note potential information leak which may have happened that can’t be cured (so you are not surprized). then you use time and judgement to tell when you think the investigation has gone cold, don’t talk to the police, and eventually recover the loot and tools, and process them to get what you want (fencing stolen goods, laundering money, deep cleaning/selling of tools). This stage doesn’t so much end as fade into the background (unless you get a pardon, know the statute of limitations, or are recognized as a hero of your new nations liberation struggle… Consult a lawyer for all 3).
.
But those are the 5 stages: Preparation, Infiltration, Action Exfiltration, Purgation.
Now obviously, even most successful murders and high level bank robberies do not get as advanced as ALL the secondary minor stages I’ve listed, indeed many well planned and successful crimes consciously skip stages you might naively think are necessary (many bank robbers and getaway drivers don’t switch between trackable and anonymous vehicles, they merely switch plates or have a planned means to disguise their vehicle)… but every offensive crime of choice has the main 5 stages (or should… Criminals that don’t prepare or purgate evidence don’t last long).
So let’s go through the CEO assassination again imagining what it would have looked like had Luigi carried out a proper infiltration and exfiltration employing proper OPSEC.
The Hudson River, 2 Months Ago
Infiltrating a city entirely undetected can be achieved by a relatively fit individual with a modicum of effort.
Starting from a car or truck on the outskirts of basically all cities there are campgrounds, which unlike hotels almost all accept cash (and many even let you register late by filling out a form and depositing an envelope (even for multiple days)), within 20-40km of a city (13-25miles) (4—10 hour’s walk), or about a 1-2 hour bicycle ride… which is not to far for a fit person. Once in the City you can switch to taxi or or public transit. (locking up the bike at an anonymous public bike rack).
Likewise one could employ a light motorcycle/moped (with fake plates), personal ebike, escooter, skateboard, snowmobile, or cross-country skis as their secondary vehicle.
However careful attention must be paid that any larger secondary vehicle’s markings, electronic emissions, and registries (if any) will not compromise you… Ideally you should be able and willing to abandon such a vehicle to whoever loots it if you feel the heat pressing in and can’t recover it… If you can’t do that because its too valuable, or registered to you, or insured, or once belonged to your uncle who might have insured it against theft… then it is a poor secondary vehicle, no matter its other virtues.
This is where bicycle racks for your car or a e-bike designed to be easily disassembled and stored in a car or SUV is extremely useful. Both for operations, and for ordinary travelling within urban areas.
Indeed you could just park at a parking lot or garage outside the city… however campgrounds add a lot of value in that you can prepay for multiple days in advance, they have shower facilities, and lots of other comforts, they offer solid security for your vehicle (random people won’t break-in to a car at a crowded campground), you won’t get towed, and yet they often have LESS of a camera presence than a parking garage)… Though a truly dedicated ghost might seek out a truly zero-evidence parking option, and then sleep hobo.
In New York because of the extreme amount of surveillance and tracking of vehicles a truly perfect insertion point would ideally be in New Jersey, Connecticut, or upstate New York, that you could do the last 50-100 mile drive to the campsite/parking location via back-roads and not have your vehicle appear on any networked traffic cameras with 100 miles of the target. (the entire east coast is covered with camera tracking pay roads that maintain a constant register and tracking of vehicles).
Likewise to be truly perfect your vehicle would ideally be a older model with no inbuilt GPS, ONStar, SIMCard system, or other Satellite communication capabilities (no XM radio) Or have had those systems physically disabled by a mechanic…and ideally no bluetooth whereby the car might try to use an attached phone to send out data to the manufacturer (there are cheap devices you can buy that replicate Bluetooth audio connectivity without actually connecting to your car, this way you can permanently disable the bluetooth yet still listen to your phone the rest of your life when not operating… likewise junky old-school zero signal USB mp3 players are useful to stave boredom without breaking OPSEC)…
You’d also want your phone and other devices in farraday bags, except for dedicated operational devices that you’ve had a phone repair guy disable the Wifi, bluetooth, and SIM recievers for. Such that it can only use the preloaded apps you need, can’t send any signal whatsoever, and then you destroy it post operation, so that all the gps data it constantly tracks dies on the device.
Likewise oldschool Garmin style GPS devices only receive gps signals they don’t send them… (there are exceptions double check your device)… thus they can be used operationally, however be VERY careful to keep this securely on your person in a buttoned pocket or in your vehicle. If this gets left behind at a crime-scene or lost in a backpack you have to ditch, it has all your movements on it.
Likewise a truly cautious operator could switch to fake plates, stollen plates, etc. 100 miles out (and tape over their vin number (visible under your windshield, driver side)) so there is no way their vehicle registry info can appear in any search of surveillance metadata within 100 miles of the target metro-area.
Then you stay dark, using only cash for transactions and only at rundown mom and pop shops with unnetworked cameras, sleeping only at your campsite or hobo within the city, scouting and approaching the target, then extracting via a circuitous route being sure to pass through extensive sections of unsurveilled back streets, leafy residential neighborhoods, ect. Taking hard non-linear routes…
You might not think papermaps and compasses are needed for urban navigation, but done correctly an infiltration and extraction should be obtuse enough and via such an unpredictable and circuitous means even the operative themselves will need a compass and map to track his own position and avoid getting lost. Remember On a rainy night, losing track of which way is north is surprisingly easy, especially on non-linear residential backstreets.
Once you’ve broken the chain of surveillance cameras, Remember The harder it is for you yourself to track your position, the harder it will be for the police to guess or recreate your movements.
Of course this is for the truly perfect operation. The amount of security and unpredictability you’d want if your ambition was to assassinate a head of state and get away with it, or some equally world historic political statement for which the greatest investigators on earth will be summoned and placed on your trail.
Indeed for something truly great you might multiply these ranges by 2 3 or even 10… Or perform a series of outer infiltrations and exfiltrations, staging gasoline caches such that you can’t even be tracked via gas station cameras, to such that even if they compromise all of that and get your movements within the city back to a campground or wherever… they still have nothing.
It is likely no such assassin has ever existed, and even the geniuses who got away did it more from corruption than any such extreme level of skill.
So what if one is willing to take more risk in exchange for not living like a hobo for days on end?
What is one to do if they are not fit enough, tough enough, or obsessive enough to begin staging and physically infiltrating dozens of miles from the final target? What if you don’t have DAYS to dedicate to a criminal or political activity? What if you live in the city where you’ll be operating and don’t have the option to stage an infiltration of the entire urban area because you are already there? What if you have neither the budget nor inclination to hack apart your vehicles receivers?
What if one doesn’t aspire to be the single greatest criminal who ever lived?
What if you’re like Luigi and you’ve had a catastrophically failed back surgery and you actually NEED to have a good bed for the night before an operation, or else there won’t be an operation?
Most of us aren’t assassinating a head of state or stealing George Floyd’s body, or liberating Hilary Clinton’s gimps, and aren’t risking literally UNLIMITED resources being poured into finding and killing us by any means necessary on the slightest hint we might be the guilty party… most of us can count on something less than perfection and some legal limit to the violations our investigators will commit.
So if you’re willing to risk being slightly less than perfect in exchange for saving yourself 10s of hours and discomfort and physical ardure… and 100 hours of paranoid planning and unusual expenses…
You fake the infiltration.
.
Let us imagine Luigi did everything the exact same… let us imagine he stayed at the HI New York City Hostel the exact same days, entered the city via the same choke-point bus terminal, and left via the same checkpoint bus terminal… Let us assume he did almost everything the same… Hell lets imagine he was MORE careless… Lets imagine he used a credit card tied to his name to check in to his hostel, and buy his bus tickets… Lets imagine he used a credit card for all his transactions except for the ones immediately tied to his crime. Lets imagine instead of a burner cellphone and laptop like I expected he used, that he used a cell with a phone plan tied to him and a laptop immediately tie-able to him (one which has interacted with a [true name]@[university/gmail].com email address or that he uses for online banking… or that within 24 hours he was using his personal social media accounts…
BUT we’ll change two things
we’ll imagine he maintained far tighter ELINT discipline, imagine he didn’t use his cellphone or laptop on the day of the assassination, leaving them at the hotel, or keeping both in Faraday bags that block electronic emissions and internal device GPS system recording (the device can’t pick up satellite signals and thus can’t record GPS location, which your cellphone does when you put it in airplane mode… It just sends all your location data in the interim period to google and apple when you turn airplane mode off)).
We’ll imagine he exercised truly disciplined EMCON (Electronic Emission Control)
And we’ll imagine He had done a proper infiltration and exfiltration.
We’ll imagine instead of merely going from his hotel to the stakeout scene, he had given himself an extra hour or two… Gotten out of Manhattan, gone deep into Jersey, The Bronx, Brooklyn, etc. via subway, Traveled incognito a significant ways unobserved, down backstreets and unsurvielled distant neighborhoods (Even NYPD’s camera net doesn’t follow residential streets miles out of Manhattan) and then Gotten a Cab, bike or secondary vehicle) or walked to another subway station in that far flung burrow (maybe repeating this process a few times) and only THEN traveled to the actual target site.
If he had done this going to assassinate Thompson it would have been 100x more difficult for NYPD to track him back to his hostel… They would have to visually follow back through those cameras out to the far flung burrow, and then guess or intuit that this was a red herring, and somehow pick up the trail via guesswork and luck… hypothetically they could (Maybe?) find him again getting off the subway way out in that far flung burrow when he originally left his hostel and then follow him via the camera net to his hostel… but for misdirection he could bounce around in the outer-burrows where the surveillance net is thin switching between foot, cab, bus, bike, and subway in a pattern that’d be a nightmare to track… Small 5-15 minute misdirections out beyond the Camera net would create hours or days worth of work to penetrate, if it could be penetrated at all…
And this is in spite of the fact his hostel was on Manhattan and within the Camera net, such that if they find him on the Camera net going to his hotel they have him… If he had merely picked a hostel or Airbnb outside Manhattan, in some obscure leafy corner of Brooklyn where the camera network is thin… that would have also multiplied the complexity by miles…
Note Also:
Per Hypozamata in the recent episode of the Anarchonomicon podcast, many brands of private porch Cameras and household security cameras send video feeds to remote servers, they are “Security cameras as a service” and as such many of these companies and providers provide Warrant Free access to them to the police (and the NSA can access them) remotely, and even live. For the purposes of urban infiltration and exfiltration this makes them weaker, less common, slighly harder to employ, and lower resolution versions of the Police CCTV Camera network. Again distance, time, weather, and darkness quickly degrades their capability for tracking… Though be aware of this if going through very lightly trafficked, or wealthy neighborhoods where it’d be easier to pick out a lone traveller, and where these cameras are more common. This doesn’t really change the tactic, just increases the amount of the distance and misdirection one wants to cover… however the REAL concern is if you, or the place you stay has these. Then it is easy for the police to legally or illegally see your comings and going via this backdoor Police camera… In which case this could be signifigant information leak… Remember, if the data isn’t stored on your harddrive it’s not your hardware.
Then of course there is the Exfiltration… Again even if Luigi’s goal was to wind up at the George Washington Bridge bus station and go through that surveillance choke-point, leaving fleeing the assassination, and then going to the outer burrows fists, bouncing around beyond the camera net, catching a cab from one side of the Long Island metro area to the other simply to break the surveillance chain, maybe settling into a mom and pop cafe in an obscure surveilled corner of Brooklyn to read a book for a few hours and widen the raw amount of time the NYPD Facial Recognition unit would have to randomly search through people on the street across New York, generating hundreds if not thousands of false positives or persons of interest they subsequently lose track of… All of that adds up and radically reduces the chance of being tracked.
Remember Facial recognition from police cameras is riddled with a false positive rate of 95% and has a limit around 70-100k people it can differentiate between… Even within Small Manhattan (Pop 1.6 million) within an hour or so any Facial Recognition system will already be beyond it’s limit that it won’t be able to digitally match Luigi, beyond the fact that he wore a face-mask during the operation and it can probably only pick out his eyebrows from a population of 1-5 thousand.
While the Structure of how Luigi lived in NYC for those few days made him uniquely vulnerable to visual and camera tracking, with the twin choke points of His Hostel on the Upper West Side and the George Washington Bus Terminal both being major high surveillance choke points for him uniquely vulnerable to the NYPDs CCTV camera net… Merely faking an infiltration and exfiltration and forcing the investigators to try and track his movement out of the city, into the city, out of the city, into the city, and back out of the city would have radically multiplied the amount of surveillance and investigative power need to get back to either of those. With any additional red herrings, on foot maneuvers, misdirections, etc. greatly increasing the odds that they lose him and never get more information via that incredibly expensive and powerful surveillance net.
Of course a false infiltration and exfiltration will always be imperfect, because ultimately you are leaving information within the surveillance system which can hypothetically lead to you… If you stay at a hostel in the core of the surveillance net on the upper east side, or pass through a choke point Airport, Bus Terminal, Train Station, etc. it will always be hypothetically possible Even if you bounce around the outside of the high surveillance city for hours or days with tons of misdirection, the facial recognition unit could hypothetically have a clever hunch and start scanning those choke points, or those streets and find you if you are faking an insertion as opposed to truly being a ghost… There is inherently something there to be found, whereas when staying farther out, or indeed doing a full infiltration from outside the city there is nothing to be found… However the farther one travels, the more means of travel one switched between, and the longer one spends creating dead time (sitting on a hidden bench in a park, or reading a book at a hidden mom and pop coffee shop)… The EXPONENTIALLY more people and footage you force any facial recognition team to search through and rack their brains over.
For something that might cost years or decades of your freedom if done wrong, a mere 4-12 hours of walking around, killing time, and a few tens to hundreds of dollars on travel fare between cabs, buses, ebikes, burner bikes, etc. is a no brainier.
Sure one could Sleep hobo style on the street and there might not be any evidence to found even if they track down the exact spot where you slept… But even if you use a credit card in your name at a nice hotel, doing a proper infiltration and exfiltration complete with evasive maneuvers, misdirection and dead time means that they’d be searching the entire set of everyone staying at (or not staying at) a hotel within a 2-4 hours drive of the crime.
You can take an almost 99% chance the police could track you, and reduce it to something less than 0.01% if done well.
Staying at a hotel under your real name is of course a massive vulnerability… If you were to come under suspicion for other reasons a mere check of your financial activity would reveal you had been in the target city on the relevant days… But they would already have had to narrowed it down to you specifically as a person of interest… The complex infiltration and exfiltration exists to BREAK the chain of evidence and any possible tracking or location evidence from narrowing that down. Or mere suspicion from coming onto you. You activity outside the crime would have to attract their attention for that.
Final Thoughts: Counter-Forensics as Good Hygiene
Of course, moral or immoral, noble dissident or villainous criminality; even if one FAILS to prevent suspicion from falling on themselves… That is not the end of the story.
By way of Analogy For an catastrophic infection to occur a chain of events has to happen. Not only must a germ, a parasite, bacteria, virus, etc. be admitted to the body, it must survive there for some time, it must not be killed off by the body’s own immune system or other factors, it must take root in some viable exposed tissue, and it must successfully replicate… If any of these steps do not occur then an infection does not take hold.
Thus during a surgery or other medical procedure in which infection is an extreme risk, doctors (atleast good doctors) will practice many redundant hygiene and disinfectant practices… They will wash their hands, but they will also use polyeurothane gloves, they will operate in a sterile enviroment, and wear surgical masks and hair covers, and restrict themselves only to proveably disinfected tools but they will also aggressively apply various disinfectants, anti-microbial agents, rubs, sprays, wipes, ect. and other means of killing any stray germs or vectors of infection which may accidentally be exposed to the patient by chance… and even as they take all these overlapping sometimes quite complex and extreme meassures, they will often administer various anti-biotics, immunoboosters and other profilactic medications to give the body’s immune system a maximum chance of killing any infection before it can take root.
These are still high risk procedures with extreme infection risk, but by layering multiple redundant counter-infection measures the risk is lowered to a tolerable level whereby the surgery can go ahead to deal with the core problem.
Likewise with counter-forensics and OPSEC: evidence must not only be left, but observed, understood, untangled, and then finally traced to a person of interest, and that person of interest identified… And then from mere interest additional pieces of evidence must be brought to play, leads followed, means motive, and opportunity determined, probable cause gained, interrogations performed, physical evidence gained, witnesses brought to bear, a trial or secret meeting held… And then punishment enacted…
There is a massive spectrum between truly perfect unachievable anonymity on the one hand and final conviction and execution (judicial or extra-judicial)… Just as there is a massive spectrum between truly perfect unachievable sterility, and an infection finally winning out and killing the patient.
And whilst as long as the Anonymity or Sterility is imperfect there is always the off-risk that some stray particle or piece of evidence will on its own administer the fatal necrotizing fasciitis or conviction… 99.999% of the time the depth and redundancy of hygienic practices is what will determine whether the infection takes hold or not, or the trail of evidence starts unraveling.
Whilst parables about the ONE stray piece of evidence, or ONE chance violation of hygiene dooming a person are always interesting parables… They can set the wrong expectation in that unachievable perfection becomes the expected only means to avoid calamity… when in reality multiple redundant practices, techniques, habits, methods, and efforts are what provide true security… Perfect sterility of a surgical environment has never been achieved despite the best efforts… but repeated cleaning and re-sterilization of the wound site has saved tens if not hundreds of thousands across the history of modern surgery. Likewise with counter-forensic techniques.
.
Luigi’s is a very interesting case study, because in spite of some very modern and high-tech counter forensic techniques: Fake IDs, burner cell-phone, anonymous pre-loaded credit cards, and a genuinely extraordinary discipline with masking, such that despite the NYPD getting his entire movements in NYC for a week+ on end… They only ever got one grainy photo of his face, when he flirted with a clerk at his hostel… A mix of high tech and very basic forensics undid him.
By staying within the high security core of Manhattan so close to his target he made it very easy to trace him back to his hotel via the camera net… In spite of what seems to have been a burner phone and possibly even a Faraday cage which would have stopped him being tracked via his phone. This however wouldn’t have mattered however except for
By not performing a proper infiltration of crime scene: getting out Manhattan, walking around on unobserved leaf streets and then reentering Manhattan via a circuitous route… He made it very easy to trace him back to the subway stop he had boarded within 2 blocks of his hostel. However because of his Id and credit card discipline this alone did not give them any identifying info except for a grainy photo. But this was devastating because
By not performing a proper exfiltration… Just riding a trackable bikeshare through central park (hired with what seems to have been a pre-loaded burner credit card), he made it trivial to trace him to the cab he boarded 2 blocks from central park, and then from that cab to the George Washington bridge bus terminal… From which it was trivial to trace him to Altoona Pennsylvania
Having not done any evasive maneuvers prior to this to break the chain of evidence and observation… and KNOWING from media reports that they had his face and were able to trace him back to his hostel…. he did not attempt to leave Altoona, a metro area of a mere 122 thousand… Nor attempt to lay low and avoid outside exposure (if he had stocked up on groceries and holed up for a month in a rental unit or storage locker and avoided going outside except for the exact bare minimum of air, its likely the police would have assumed they lost the trail and he had disapeared back to a foreign country or he was many states away).
He went to chain resturaunts who’s security camera systems can and do collect facial recognition data for data mining… the “Alert McDonald’s Employee” worked in their tech office. And which the police can and will turn to if they think they have a suspect narrowed down to a small enough population (remember facial recognition is riddled with false positives and can only differentiate a population of about 70k-ish)
Now before we continue… Appreciate: At this point the police STILL do not have probable cause. They have NOTHING. When that cop walked into McDonalds to confront Luigi… Technically Luigi DID NOT EVEN HAVE TO PRESENT ID to the Officer in the state of Pennsylvania. There was no probable cause or suspicion, McDonald’s AI facial recognition is not admissible as evidence. There are trade offs to presenting or not… but Luigi could have held his ground and made it awkward, Indeed this was being recorded so his lawyers would have certainly liked if he had made it awkward at which point the cop might either instigate an illegal search (Which his lawyers could spin gold out of) or the cop might have backed off… At which point Luigi would have to get out of town fast because he’d certainly be followed and observed after that)
Luigi presented a FAKE ID to the police officer. Which of course was immediately seen through because police officers have radios and computers in their cars… This immediately gave them probable cause to pull everything on him and search him entirely…
Again digressing, basically the only ID that will ever pass a cop is a REAL ID, that belongs to someone else who looks like you (and I mean you have to actually check the features, eye color, hair, height, earlobes, etc. match.) basically the only way you can get this is by finding your dopple-ganger, and then paying them several thousand dollars to “Lose” their ID and go through the process of filling out forms to get another… This might cost tens of thousands for someone who doesn’t have a criminal record and is otherwise of upstanding moral character (remeber they’re risking you’ll fuck their credit score, junkies are cheaper, but then you’re risking that THEY will pick up a warrant in the meantime). The “cheaper” alternative is stollen Real IDs… which again will cost thousands and are more likely to be imperfect (height off, earlobes not matching, misplaced scars)… once you get down to even expertly produced fake IDs that can’t be visually told appart, you basically can’t use them for anything major in their home country (mexican and Eastern European IDs are useful because they can’t be readily checked, but you also need to be able to justify your Texan accent then)… Fake IDs, even crappy ones, are vastly more useful where they won’t be challenged, like checking into a hotel or registering a rental unit… private actors, especially those who don’t sell controlled goods and aren’t risking a liscense, largely don’t care, they just want to check a box.
And even after all of that! Even after failing to infiltrate or exfiltrate, even after getting caught at one McDonald’s out of the entire United States, even after fucking up and giving the police probable cause (and possibly confirming he was the killer if the name on that fake ID matched the one he used to check-in to HI NYC hostel)
They probably still STILL didn’t have him on the murder charge! He kinda looks like the guy who checked into HI NYC Hostel, and MAYBE? The fake ID matched the registry on the hotel… But that’s simply not enough for a murder conviction.
He probably would have gone down for the fake ID but not the murder, except he (allegedly) had the 3d printed pistol, 3d printed suppressor, the Fake ID of “Mark Rosario” used to check into the Hi NYC Hostel (unclear if this is the ID he showed the cop or if that is a second fake ID), and a handwritten “manifesto”.
‘Cyclops, if any one of mortal men shall ask thee about the shameful blinding of thine eye, say that Odysseus, the sacker of cities, blinded it, even the son of Laertes, whose home is in Ithaca.’
…
So I spoke, and he then prayed to the lord Poseidon, stretching out both his hands to the starry heaven: ‘Hear me, Poseidon, earth-enfolder, thou dark-haired god, if indeed I am thy son and thou declarest thyself my father; grant that Odysseus, the sacker of cities, may never reach his home, even the son of Laertes, whose home is in Ithaca; but if it is his fate to see his friends and to reach his well-built house and his native land, late may he come and in evil case, after losing all his comrades, in a ship that is another's; and may he find woes in his house.’
.
Now holding onto the Pistol and Suppressor sort of makes sense, in a way… If you squint? A pistol is a useful item and a suppressor makes it more useful… You can imagine in a survival situation where he might have further plans, you MIGHT want to hold onto it? Maybe???
However Luigi has no prior convictions we know of… He could have just bought a backup pistol which wouldn’t be ballistically tie-able to the assassination… Hell, he could have just 3d printed a backup ghost gun when he printed the primary pistol. There is no legitimate reason for him to be holding onto the hottest murder weapon in America (Allegedly)… This isn’t Northern Ireland in the 80s, you don’t have to hold onto hot assassin’s pistols out of fear that you’ll never get another.
Likewise there’s not even an excuse to still have the “Mark Rosario” fake ID… A photo was released publicly of Luigi checking into the Hi NYC Hostel where he used that ID. Even if he was careless, broke, and holding onto every little asset that might be slightly useful to him… HE KNOWS THAT THAT ID HAS BEEN COMPROMISED!
The only thing left to do is burn it so that it can’t be found. If they catch him, they just have a guy who looks like the guy in the security footage. If they get him WITH THE ID, then they have proof.
I’m very sympathetic to people who think this evidence might be manufactured or planted… if the evidence was destroyed (by the real killer or luigi himself), then it’d be impossible to prove if the police had faked a fake ID and 3d printed another pistol and silencer… (his lawyers are almost certainly looking very intently at the footage of the arrest and search in that McDonald’s).
And of course the handwritten Manifesto is ridiculous, the motive for the assassination was obvious via the very nature of the deed. This wasn’t a random un-targeted attack that needs explanation… The political importance and motive is clear or atleast speculable from merely the headline “United Healthcare CEO assassinated”, beyond that there’s no point to a manifesto if you plan to get away with it, or aren’t going to write anything in depth or theoretically complex… Ted Kazinsky can justify a Manifesto “Industrial Society and its Future” is one of the most important books of the past 50 years. A single handwritten page cannot justify it.
.
Assuming however the conspiracy theories are wrong and Luigi WAS simply caught like this, then it speaks to a despair and a resignation to being caught. You can imagine seeing your face on TV and an increasingly detailed accounting of your movements, it can feel like inevitability is pressing in… But if they hadn’t caught these easily disposed of incriminating items on him or hadn’t found him to interrogate, then within a few months the heat would have died down. Even if one has to spend years on the run or disappear to Mexico… A few years drinking Tequila is vastly better than a lifetime behind bars… Likewise the absence of a few pieces of evidence make prosecution and obtaining probable cause a complete nightmare… Its likely that had he disposed of these items along with the clothing he’d worn during the crime, that he’d have gotten away Scott free for lack of evidence…
like the surgeon who’s just had contaminants spray over the wound, a breach of hygiene is not the time to wring your hands and give up but redouble your efforts. Bacteria admitted to a wound can be killed if responded to and aggressively sterilized, just as information leak can be severed and cauterized off and the chain of evidence broken anew. Such a moment of crisis, when the patient is still alive and you are still free, is absolutely not the moment to despond but think and act hardest and most aggressively…
But then, that wouldn’t have been Luigi.
In Conclusion
This is a Shakespearean case study in Counter-Forensics and urban operational planning and Execution… It has everything.
I could easily write 3 times as much on the case.
The Tragedy of Luigi Mangione (allegedly) is a story on a par with any Hamlet or Macbeth, but one must dig into the forensic and counter-forensic cat and mouse game to see it.
And like any great tragedy it is driven by the beautiful contradictions, virtues, flaws, triumphs, melancholies, and hesitations of it’s central protagonist.
For 5 days Luigi was the most wanted man on earth, having committed one of the most high profile crimes in the history of one of the most surveilled cities on the planet, in the heart of its high security core… His smile graced national television within 24 hours… AND YET! In an age of social media, facial recognition, and mass surveillance… No one, not the government, not some OSINT sleuth, not 4chan knew who he was.
His flirtatious grin mocked the world, just as his 3 shell casings and backpack of monopoly money shouted his rage.
This was achieved, I hope I have shown, through one of the most technologically literate and proficient examples of counter-forensic planning and preparation we’ve seen… Neither his pre-loaded burner credit cards, fake IDs, Burner phone, or burner laptop generated a name or betrayed him. Nor any non-burner devices he might have had squirrelled away in faraday cages…
His 3d printed pistol and suprressor, despite a 2 malfuntions resulting from a failure to test them… Did their jobs, and should have been untracable.
From the high tech perspective he is one of the most impressive high profile criminals we’ve ever seen… Even his extraordinary masking discipline, something you’d never see prior to 2020, left us all wondering.
However this incredible Ivy League technical knowledge was paired with a awkwardness and unfamiliarity with a lot of them less tangible and morre intuitive aspects of crime and high level urban infiltration… the things that many career criminals and espionage types wouldn’t think to say or might grasp at the intuitive level but have never expressed…
I’ve explained, in maybe too much detail, why an carefully thought out infiltration and exfiltration is so important, why breaking the chain of surveillance and having a clean separation between a vulnerable investigated action at a crime scene, and a the rest of your life is so important… and how much effort, yet how comparatively simple an effort, can achieve this.
Likewise his instinct for what “lying low” constitutes, and the safety he felt going to a seemingly anonymous chain restaurant with the evidence on his person, and the lack of an instinct to destroy these immediately… speaks to a naivety or deep psychological melancholy… Maybe he felt guilty? Maybe he was attached to them as famous historical artifacts and trophies? Maybe he feared he’d never be able to prove it was him if the world accepted he was right?
We’ll probably never know.
But this drama, this tension… between Luigi the ivy educated cyberpunk genius, and Luigi the amateurish fool who didn’t even type his manifesto… Conspiracy theorists may find it improbable, but it’s beautifully human. (whether it is true or a carefully constructed fiction by those who’d frame him)
Anyone who’s hessitated nervously out in the rain at 2 am hours from home cannot but finds that complex blends of paranoid planning and unpreparedness, hessitation and resolve, caution and recklessness, triumph and despondency anything but eminently relatable.
Like all great Tragedies be it that of Romeo and Juliet, Brunhilde and Siegfried, or Guts, Griffith, and Casca… We are mocked with how many ways it might have played out differently… But for this, if only that, had he but chanced this way, the littlest things and moments seem they could so trivially have gone otherwise… And yet the central character of the tragic protagonist… His peculiar blend of virtues and flaws make the outcome seemingly inevitable.
This story shall the sneaky operator tell his son.
And our cyberpunk age shall not produce a new assassination or high tech political statement… but he in it shall be remembered.
Both as an avatar of what’s possible, and cautionary tale of hubris.
.
But amidst the great counter-forensic lessons of this tale, the importance of the infiltration and exfiltration, the effort, complexity, yet paradoxical simplicity of breaking the surveillance chain…
I hope you will take it to heart, contemplate the challenges, and start to think: What might possible in that moment of action… That narrow window between infiltration and exfiltration… What might you achieve in that brief period when you truly are No One.
Follow me on Twitter: @FromKulak
Tip:
BITCOIN: bc1qdhj7637sgcssxgxygjaa3ddljwy8tzg5mzw325
MONERO: 8AhA3g9hbtDcAJE5MPmeQsFwwGsf3H9fq9tC6giQ4a6vKnTXv4J4MivKXrPKDpXyEeNc9mfFejbq84kSWkC8pjuj18rAEij
> even if you’re paying cash and have a mask (which always looks suspicious)
Not sure that's true these days, particularly in NYC.
Back during Mask Mania I was just wearing a bandanna, basically, and it made me laugh every time I'd go to the bank, and the signs insisted that I *must* wear the mask. So I'm walking into my bank, in the desert southwest, in a cowboy hat and with a bandanna over the lower half of my face... it looked like very stagecoach robbery you've ever seen in any western movie. :D
But even these days, if you were to just wear a boring N95 mask anywhere in NYC, I doubt anyone would look twice at you.
Great article.
Just one small niggle: Once he knew they had a photograph of him it would've been a terrible idea to go into hiding. That would've drawn more suspicion, not less. All his colleagues, friends and family would then have known he had something to hide. Some of them might have reported his disappearance to the police, either out of concern for his safety or suspicion of his involvement. It would have shot him up the list from "a suspect we want to check up on" to "suspect number 1."
Only someone living a truly solitary life like Ted Kaczinsky could afford to drop off the radar when under suspicion and become less obvious as a suspect. Simply because disappearance is their norm.