At work, there are four types of colleague, irrespective of ‘rank’ or ‘hierarchy’. I know it’s a simplification, but bear with me because there is a simple test to identify what type of colleague they are.
Ask yourself a simple question. Would you have two drinks with them after work, and do you want to be on a project with them?
Why two drinks you ask? – Well, everyone can have the obligatory coffee, or drink after work as part of a work social. But would you want to stick around and have a second with them? It’s not a ‘mates’ thing. It’s work colleagues. But perhaps you get on well, and have mutual respect for each other. With them you don’t have to find an excuse to leave early.
So, would you have two drinks with them? Yes or no?
And then a project. Would you want to work with them, and actually seek out projects that they’re part of? Do they lead well? Do they do their fair share of work when tasked? Do they listen, allow space, and value all opinions equally? Or, is it someone, whom if they are on a project means that you want to avoid that one like the plague? They dominate, or keep getting side tracked, or perhaps they don’t even turn up at all. So again, Yes, or no?
Two drinks and a project?
The yes, yes’s. – Logically these are work relationships to foster. They work both ways, and just generally make the work environment a better place to be. You can work hard, and play sensibly. There’s great empathy, understanding and mutual respect.
The no, yes’s. They are brilliant on a project and great to work with, but perhaps just not in the same social space as you as an individual. That’s OK. Afterall, it’s work. You don’t have to socialise afterwards, and can still enjoy working with them and be productive.
The yes, no’s. – Oh trickier. They might be good for a couple of drinks, but the tension starts to come in if they don’t pull their weight when that deadline looms. Or perhaps they have some of those other traits. You know taking credit for work that you did, asking you to take on their task last minute because somehow they just couldn’t get it done. In my mind that nudges them into a space where perhaps you don’t want to have two drinks with them either.
The no no’s. – Says it all really. You don’t want to work with them because, there’s no emotional connection, and there is perhaps even growing resentment at an inability to pull their own weight. But, hang on a second. What’s the root cause behind them being a no, no? Have they always been a no, no? Or has something changed. In a good organisation, someone who is turning into a no, no will get identified, and hopefully get the support and a steer to getting back on track. However, if the person has always been a no, no, has had fair and reasonable support offered, and still not been able to turn it around, then just, no.
In my latest novel, I’ve taken on the persona of a criminal, and a fairly nasty one at that. In this article you will discover how criminals hunt for you online.
Reepaman, the new book I’m writing is written in the first person, and so ‘I’ am getting up to some really quite ugly things.
What is fascinating though is that I’ve approached my imaginary crimes in as professional way as I can, using all the tools at my disposal. For those that know what I do in real life, that won’t surprise you.
My protagonist has just had to research their intended victim, but I won’t say what for, as that would give away the plot of my next book!
However, what I will say, is that my protagonist is skilled in the use of cyber tools and AI.
He has come up with a ‘hunt plan’.
I was busy writing my story, building my plot and pace, when I suddenly realised, that all the things I was doing in fiction, could just as easily be done to me in real life.
So, I started to research myself and my jaw dropped. I consider myself to reasonable at this stuff, and fairly careful about my private life online. Oh how I was wrong.
I choose to actively share this, and you can use it to decide how well you are doing in this space too.
🕵️♂️ Hunt Plan: Researching A Victim as Though I Was A Criminal.
Start with Full Name + Basic Info
Google “Victim Full Name” + “City” OR “Workplace” to narrow results.
Quickly check Google Images — see if a photo matches.
Use a reverse image search tool like TinEye to see how many different social media accounts use the same image.
Pull up the top Facebook/LinkedIn/Instagram/X/Snap hits.
Cross-reference: Same profile picture? Same username used across platforms? (E.g., @SarahD83 on Instagram and TikTok ) Check the profile on fitness apps like Strava and look for common routes and routines.
Note any discrepancies — if the victim has an old maiden name, nickname, or alternate spelling.
Check Facebook or other sites in depth
Friends list (if public) — family, significant others, employers, hobbies.
Photos — look for frequent locations (bars, gyms, restaurants).
Posts and tags — what events they go to, who tags them where.
Check-ins — huge giveaway for routines (e.g., “At Joe’s Coffee every Tuesday”).
Deep Dive on Instagram
Look at: Story highlights (“#Paris 2025” = upcoming trip!) Photos for geotags or visible clues (house number, street signs). Comments from friends (nicknames, emotional ties).
LinkedIn = Professional Background
Workplace
Current city
Skills and certifications (Consider – “Oh, they are a CPA. Busy season will make them busy, they won’t be on holiday then.”)
Company websites often list emails, schedules, and bios too.
Public Record Search
Property records (ownership, addresses, valuations — often freely available through county websites).
Public company records for directorships come with addresses. Use #GoogleMaps or #Streetview to look at the property.
Court records (lawsuits, divorces, arrests).
Marriage licenses, birth certificates, business licenses (if applicable).
Voter registration databases (available in some jurisdictions).
Reverse image search their photos using Googles Google Lens — see if they’re using dating profiles or secondary accounts under a different name.
I hope you find this useful. Do please share this newsletter, if you think your network needs to see this too. – But I suggest you don’t share what you found out about yourself!
And finally, If this kind of note was useful for you, do subscribe and like if you haven’t already and look out for #Reepaman. www.reepaman.com It will be released next year.
Disclaimer:This article is intended for informational purposes only. The author does not endorse or condone any unlawful, unethical, or harmful use of the content herein. Any actions taken based on this material are the sole responsibility of the reader. Use responsibly.
Rob uses AI to conduct research and to sometimes create relevant images to accompany his articles. The text is always all his. His AI tool of choice is ChatGPT #ChatGPT
Let me start with a statement. I am a huge advocate of the opportunities that Artificial Intelligence will bring.
I am also deeply conscious of the negative impacts that AI could have if it’s used improperly or by malicious actors.
In order to clarify my thinking, and to get opinions from you, this article looks at some of the threats, and risks of AI with a security lens. I offer a number of credible scenarios where the malign use of AI could impact an individual, a company, or even a country.
What is GrAI?
We are all aware of a quite binary argument for and against AI. On one hand, it will bring ‘vast technological advantages’ and ‘save the world.’ On the other, it will ‘take lots of peoples jobs’, ‘create autonomous killer robots’ and ‘destroy the world.’ OK, I am being a little flippant, but I do think there is quite an expanse between those two outlooks. Call it the grey space if you will.
Pronounced ‘Gray-i’ I see this as AI tools that are being developed and manipulated by either an individual or group, to gain an unfair advantage or benefit over another individual or group.
It’s not the global destruction scenario, but it is everything from malign influence to actual physical harm as you will see below.
The Threat of GrAI
Before we talk about the risk of such technologies, let’s explore the threat of GrAI. In security speak we break that down into capability and Intent. Simply put, you assess if someone wants to do something nasty and whether they have the ability to actually do it.
With bleeding edge technologies, the capability part of the equation is currently a problem for most people. That’s especially true with the throttles and controls that the major AI companies put on their technology for the mass consumer. However, as we are seeing, more and more of those tools are becoming available, the costs are reducing, and the difficulty levels are considerably lower. Powerful tools are well within reach of governments, many companies, and some oligarchs.
So let’s look at the intent part of the equation. Who is the threat actor and what are they trying to do? Is it an individual criminal, looking to use AI to generate wealth, or cause harm? Is it a company looking to gain competitive advantage? Or is it a nation state, looking to use AI to analyse massive data sets. With that knowledge they can do everything from controlling their populations, to influencing election outcomes. They could even damage an unfriendly country’s energy infrastructure.
If someone has good capability, and is really intent on attacking a particular target, we say that it is ‘likely’ to happen. That takes us to risk.
What’s The Risk of GrAI
Simply put, risk is how likely someone is going to attack a target and the impact or damage if they do. That impact could be injury or death. It could be reputational, environmental or political.
Any one risk might only impact one of those, or it could be designed to impact all of them at the same time.
This is best explored with some scenarios.
GrAI uses against an individual.
Extortion
A small criminal gang uses AI to create deepfake videos of a celebrity. Their intent is extorting money in return for not releasing the videos and damaging the celebrities reputation.
Currently this is technically very easy and is already happening.
Identity Theft
An AI algorithm is set to automatically scan social media and the internet looking for sufficient data on an individual to steal their identity. That data is then used to create fake bank accounts, for criminal use, or for the application and receipt of loans in the fake identities name.
Currently this is technically very easy and is already happening.
Assassination
AI is used to help a malicious actor conduct a cyber attack against an electric car brand. This particular car happens to be driven by the targeted victim. Whilst the victim is driving, the AI assumes control of the car. It accelerates massively out of control and causes a fatal accident.
Currently this is technically possible.
GrAI uses against a company.
Phishing / Cyber
AI is used to develop and run a mass cyber campaign using phishing emails. That creates a pathway into a company’s IT servers. The actual impact is theft of intellectual property for competitive advantage. However, it’s hidden behind a ransomware disguise and a demand for cryptocurrency.
Currently this is technically easy.
Automated Disinformation Campaign.
AI is used to create misinformation about a company’s products at scale. Media articles, product reviews, and social media accounts are generated persistently with consistent negative messaging. Brand damage is enormous resulting in a long term impact and loss of sales.
Currently this is technically possible.
GrAI uses against a country.
Energy Infrastructure
A hostile foreign state uses AI as part of a large-scale cyber-attack against a country’s energy infrastructure. By manipulating something as simple as causing every electric car charger to turn on, or off at the same time frequently, the electricity grid could be massively overloaded causing extensive hardware damage.
Currently this is technically possible.
Botnets
AI is used to manage a social media botnet army to influence an election outcome. Not only does the system create vast amounts of content, pushing for a particular candidate, but it also runs disinformation campaigns against other candidates. The system self-propagates, supporting, liking, and commenting on posts from other members of the botnet. All that activity plays the social media algorithms at its own game. It’s achieved faster than the social media firms are able to close down the content. Assuming of course that they have the will to do so. The impact is direct interference in a political outcome. Depending on scale, or the level of surprise, civil unrest and loss of the rule of law could result in fatalities and property damage.
Currently this is technically possible and has been detected several times.
Mass Surveillance and Social Control
A government uses a system on its own population. AI is combined with country wide video monitoring systems, with facial recognition. Then social media monitoring, banking and other data sources to monitor its citizens are added. The country uses the data to exercise absolute control. The impact is loss of freedom of speech, mass arrests and the detention of dissenters.
Currently this is technically possible and is likely already in place in some countries.
And Finally.
Let’s come back to that assassination scenario. Imagine that scenario, applied all at once, to every car under a specific brand, in all countries deemed unfriendly to the threat actor. Aside from the individual impacts in their hundreds of thousands, the car brand is destroyed, the country dealing with the aftermath will be inundated with hospitalised victims, paralysed logistically temporarily, and politically branded a failure for not protecting its citizens. That is an opening move for war.
This evolved scenario is probably not technically possible at the moment, but it is perhaps only a matter of time.
Let’s bring things back down a notch though. Remember the very first thing we discussed was capability and intent. Just because a country might have the capability to do something, does not mean they intend to do it.
So where is the grey line, and how easily is it crossed? – Well, that is the debate isn’t it. What might be unacceptable to some people in times of peace, might be acceptable in times of conflict. But once the genie is unleashed, how does it get put back in the bottle?
What are the credible AI scenarios that you worry about? Contribute to the debate on the LinkedIn article here.
What can I read next?
If you want to take this concept a little further, then subscribe to the Reepaman Newsletter on LinkedIn. It’s a combination of thought provoking articles and fictional short stories that explore the misuse of AI and drone technologies. It’s published monthly. Alternatively, the Reepaman website is here.
Note:
AI has not been used to create the text of this article. However, AI has been used to create the images. Credit ChatGPT.
A new podcast episode hosted by Encylopedia Geopolitica and featuring Rob Phayre
How to get on a watchlist Season 3
How to get on a watchlist – Season 3 – Episode 5 – How To Deliver A Ransom
In December 2025 the team from Encyclopedia Geopolitica and Rob Phayre collaborated on a new podcast titled How to deliver a ransom. The how to get on a watchlist podcast series aims to sit with leading experts and discuss dangerous activities. Previous speakers include a wide range of experts. These include directors and senior leaders of government security agencies, professors and well known academics.
Throughout the podcasts the speakers discuss fascinating subjects. They take a red team / blue team approach which brings surprising insights. Obviously, the speakers are always speak carefully so that the red team never benefit from the knowledge shared. That said, the conversations are detailed with many of the thoughts behind the whys and how’s of what they do. Some of the anecdotes are breath taking!
While dramatic titles like ‘How to shoot down an airliner’, or ‘How to highjack a ship’ might raise some eyebrows, they are actually detailed looks at how the security services, or security experts approach those topics in order to prevent them from happening.
A popular episode in How to get on a watchlist – Season 3 is the episode titled, How to fake your identity. It’s written by a former CIA agent. She used to lead a whole team in the agency that focussed on supporting agents do the daring deeds that they had to do.
Episode 5 with Rob Phayre focusses on how to deliver a ransom. It’s based on his experience in Africa where over a twenty year period he and his team released more than eight hundred hostages. In order to achieve that they delivered more than a hundred million dollars in ransoms! Some of those ransoms broke world records that still stand today.
How to get on a watchlist – Listen now for free.
You can either listen through Youtube above, or you can listen through your favourite podcast service.
If you enjoyed the podcast, and would like to learn more, you might enjoy Rob’s book How To Deliver A Ransom, which is available here to pre-order. It will be released in February 2025.
To the outside world, I look successful. But am I authentic?
It’s a persona I have carefully crafted in this image based, internet driven, 6th dimension of public opinion. A million articles have been written on ‘how to be authentic,’ and I am not going to repeat them here.
I feel at times that I have a one-way mirror separating the real me from the outside world. On the shiny public side of the mirror, I reflect my achievements, broadcasting them proudly. A new book here, an award there, a great new job, a picture of my family and I exploring the world.
I carefully craft that imagery. Not I believe in a narcissistic fashion, though there is a bit of that in all of us, I am sure. Somehow, we have become a race of people that needs to show that we are successful to generate self-worth.
What I for one don’t publicise or share, are the inverse events. The things that I live with, in the darkened room on the other side of the mirror from which I watch the world. The failures. The struggles.
A terminally ill child.
Suicidal family members.
Failed promotion attempts.
A rejection letter from yet another large publisher.
Depression.
In many ways, my journey as an author has helped me to flick on the light switch in the darkened room on the other side of the mirror. We have all seen the movies. When you turn on the light, all of a sudden, the outside world can see through the reflective surface to what is really going on.
On the other hand, what is ‘the outside world’ and why should I care for ‘public opinion’? If there is one thing the last few years has taught me, it’s self-reliance. It is family. It is the right relationships. And, it is not seeking validation from the outside world!
Of course, there is self-affirmation that comes from receiving a positive review, or a compliment at work. It is both morale boosting and uplifting. As an author you have to endlessly self-promote and create a buzz around you work if you are going to be sold successfully.
Whilst I didn’t used to be, I am pretty good now at separating constructive criticism from abusive criticism. – You would be amazed what you can receive as soon as you put your work out in public!
In some ways though, all of that ‘stuff’ stays in the room on the reflective side of the mirror. The mirror almost becomes a shield, a defence mechanism. It blocks most of that fluff from the deeper parts of your persona. The odd thrust makes it through and can either be immensely healing, or wounding. It would be far too emotional a roller coaster ride for me to let it all in though.
And so that brings me back to being authentic. I believe I am open, honest, transparent and genuine. Then I remember the one-way mirror, and the light switch on my side which I rarely flick.
It makes me think. I definitely have a one-way mirror, and not a window.
I look at others, non-judgmentally I hope, and realise that they feel they need to have a one-way mirror too. Everyone for their own reasons.
And that makes me think again.
This article was first published on LinkedIn on the 5th April 2022. About the author. Rob Phayre is a security and crisis manager for a global energy company. He is also the international bestselling, award winning author of The Response Files.
So, when does prudent planning and preparation instead become panic buying?
Panic buying is happening more and more frequently, but what is the reason behind it? The answer to that perhaps is in the timing of the purchase, the practical reason for the purchase and the emotional reasoning behind it. Whether its petrol, toilet roll, medications, microchips or essential food items, there are some items that are vital, and you could argue there are some that you could do without, though let’s hope that there is no shortage of soap at the same time.
The masses of humanity, of which we are all of course part, is being fuelled by panic. This isn’t just a UK problem at the moment. From truck drivers to vaccines to microchips there has consistently been a shortage for the last couple of years. Pictures of empty shelves, limits on purchases, queues outside shops and petrol stations continue to build on the fear.
The most recent high-profile incident in the UK, where for reasons of pure panic, the country is suffering a fuel crisis is a case in point. The media headlines take a simple sound bite of ‘we are running a bit short in a couple of locations’ and spin it up into a whirlwind in order to sell their advertising. Social media too, shared in moment is spread or retweeted to double down on the impact. As Franklin D Roosevelt said: “The only thing we have to fear is fear itself.” With a self-fulfilling prophecy like this it’s remarkable how true that is.
So why is the world being overtaken by the psychology of scarcity?
With a little bit of fuel, pardon the pun, perfectly normal, sensible people, battered by years of the pandemic begin to act irrationally. However, its too easy to add the dreaded P word and make assumptions. The truth is, that the human race is more of a collective herd. Shortages are nothing new. They happen all the time. The constant yo yo of the commodities markets, too much oil, too little. Vast stockpiles of cocoa, to damn! The weather failed and where did it all go?
Market forces mean prices changes up and down based on availability. Perhaps the fault is with our modern way of thinking. Have we all become too used to the instant gratification of having everything we want and having it delivered in thirty minutes time? Do we all now have an assumption that everything should always be available? What happened to seasonal fruit and vegetables? Things run out, though with new growing methods you really can get pretty much whatever you want whenever. But has that changed the essence of who we are now? At the first glimpse of running out of something a million people descend on a shop to buy loo roll or pasta and fill up with more than they could consume in months.
Fuelling the problem
The recent issues of fuel shortages, or loo roll, or whatever, have nothing to do with actual shortages. Its all about perceptions. The companies that produce and deliver our goods operate finely managed logistics systems, just enough, just in time. Now I don’t work for BP, but I do work for Shell, and I have to say I feel sorry for BP that they have caught the flak on this one. There is bucket loads of fuel in the UK. There is no shortage! The issue is that when a million people overnight change their habits, because they have read inflammatory headlines, the fuel shortage, at the point of delivery becomes self-fulfilling.
We don’t need to mobilise the army each time someone worries about running out and they start panic buying!
Do travel risk management Apps give you a false comfort as a risk manager? – I believe they can do.
Outside Influences
What good is your travel risk management App if the Government pulls the plug on the telecoms infrastructure?
Over the past year in Africa we have seen governments consistently shutting down mobile comms, mobile internet and even landline internet and international telecoms in the event of a major incident. This often happens with no notice. There are several reasons why they might do this, but recently a lot of them have centred around limiting social media spreading of both information and mis-information. Media outlets are throttled and insurgents or opposition parties lose the ability to communicate. Whatever the reason, it’s the other individuals in the area that lose the ability to communicate, get cut off and as a result can become more exposed to any danger.
Look at Cabo Delgado in Northern Mozambique right now. How about Uganda and Tanzania during the last elections. Look at targeted disruptions in Ethiopia during the Tigray crisis, and finally, the recent tragedy in Afghanistan. In all of these incidents not only are the at risk individuals desperately trying to get a message out, but support teams are trying to get messages and help in.
A travel risk management app, has its place during the planning phase perhaps, advising travellers on the potential risks. But, corporations and individuals are kidding themselves if they think that an App is really going to help in the event of a major crisis. Sure, it can be one of the response mechanisms, but organisations that rely solely on that as an option, feeling that they have fulfilled their duty of care as a result would in my mind simply be negligent.
Emergency Response
Are you really going to depend on an app or a mobile phone for a medevac? Can you get through to the ‘global response centre’ from a mobile phone? How are you getting your alerts and updates if the internet is shut down? That emergency response vehicle from a third party contractor that’s based in the Capital city 1000 KM from the scene really is not going to hit any meaningful response times. That very fancy real time active tracking system in your pocket fails along with your ‘mobile panic button’. – Unless of course it’s satellite based.
Travel Risk Management needs a much deeper approach, especially when you work in new frontiers, in countries where you may not have any other support mechanisms and when you are really remote.
What do effective travel risk management mitigations look like?
Consider;
Satellite Phones, with data (where legally permitted.)
Satellite trackers.
In country security consultancy support.
Vetted transportation providers.
Trusted local contacts / project partners.
Local security risk management analysis both pre-trip and providing alerts during the visit through reliable comms platforms.
Pre-deployment risk assessments – Do you really need to go? And do you really need a team of 5 to go?
Pre-deployment travel risk advice specific to the environment and the type of visit or project.
Pre-deployment face to face training including multi-day High Risk Environment Awareness Training for those with extensive exposure to the environment.
Accurate Journey Management Processes including active check in’s.
24 Hour emergency response telephone numbers, with redundancies.
A response methodology, whether medevac or security which has appropriate secondary communications systems.
Employee considerations in Travel Risk Management
But without doubt, given the long list above, training staff before they deploy has to be one of the priorities. I am not talking about a one hour online module as a tick box exercise. Depending on the exposure for the individuals and the risk, there must be a mechanism for practical face to face training. That training needs to be theatre specific. Why train for kidnap for ransom, if you as a traveller are going to face a civil unrest risk.
Most importantly, employees must feel confident traveling. Those that are savvy enough to not be conducting ‘business tourism’ will understand that the travel should only be done when absolutely required. Line managers need to be firm and also challenge the need for the additional exposure. If the travel simply has to happen, then the traveller has to feel that they are sufficiently prepared to be able to solve any problems on their own! Its the travellers life, so empower them to solve the problem, or at least not make any major mistakes in the event that no immediate support can come from elsewhere if all comms go down.
An individual needs to know when to stand fast in place, or when to run. The traveller must also have sufficient confidence to able to turn around and say ‘No! This isn’t safe,’ and the organisation that they work for needs to support them in that decision.
Challenge the status quo.
If your organisation thinks that the above is too much in terms of time and resources, then you have to challenge whether the organisation should be considering operating in that environment in the first place.
Luckily for me, I work for one of the best organisations in the world now when it comes to safety. How do you feel about yours?
The availability of commercial drones, for drone attacks, with new off the shelf ‘package’ release technology should give us pause for thought.
This equipment has been far to easy to weaponize and needs to be regulated with effective controls immediately.
A lot of this new drone technology is truly awesome in the right hands, and has many practical uses.
A a risk manager I am deeply concerned about the lack of controls that are needed to reduce the risks from this technology.
Firstly, take a look at this video by ‘Newsy’. Its four years old and shows what ISIS are already doing with simple commercial drones.
NowImagine:
Lets create a hypothetical, but realistic example. During one of these drone attacks, a swarm of thirty or forty drones, each with 10 one kilogram explosive devices and a high resolution live feed camera. They hover in a swarm high above a city, a large industrial complex or a piece of national critical infrastructure. The devices cause huge loss of life and damage to property, impacting far beyond their simple costs of a few thousand pounds each.
Take it one step further:
As the swarm pilot, I control the drones via a laptop from a long way away. I pass individual drones off to the ‘pilots,’ also based in another country. They control the final attacks via the web whilst I get the drones into the approximate location.
Its all highly efficient. As a simple technician, I unload the drones and make them ready out on a country road or disused location about five kilometres away from the incident site. I am long gone by the time the incident is underway.
And another step:
Once the incident starts, the response teams arrive, to find some of those devices are still loitering and dropping their deadly ordinance. How far out do you set a cordon when the drones can travel at up to 50 miles per hour?
Or perhaps, I make a ransom demand at the start of the attack, with a 1 hour time limit. Payment demanded in cryptocurrency immediately? Devices will continue to be dropped causing further damage as the minutes tick by? More drones are launched over time from different locations, increasing the duration of the attack.
Now does this all sound too far fetched? – or does it chill your bones?
Some might say that I am enabling ‘the enemy’ or giving them ideas. But have no doubt, this concept is already in the public domain and the technology is already in use.
Are any other risk or security managers losing sleep over this tech, the lack of import controls and even regulation?
In my opinion, the tech companies are creating awesome equipment, with many excellent legitimate uses.
However, this tech is open to being easily abused and risk managers defensive capabilities are limited. What do you think?
This Article was first published in 2021 – prior to the Russian invasion of Ukraine.
