Simple Tactics, Strategic Lessons
By TorchStone VP, Scott Stewart
I recently read an assessment claiming the December 2024 murder of United Healthcare CEO Brian Thompson in New York was conducted using “advanced weaponry.” While the weapon used was a 3D printed 9mm “ghost Glock” with a 3D printed suppressor, it was anything but advanced. Glock’s polymer frame pistol designs date back to the 1980s, and millions of Glock pistols have been sold in the U.S. Plans for 3D printed lower Glock frames that can be combined with metal parts to manufacture a complete pistol have been available on the internet since at least 2021. This process produces a pistol without a serial number, but it is by no means some sort of “advanced weapon.”
Even adding a 3D printed suppressor did not make the pistol an “advanced weapon.” Indeed, as seen in the video of the assassination, the recoil spring in the pistol assembled by the killer was not even properly tuned to account for the loss of recoil due to the addition of the suppressor, which caused it to malfunction. I consider that gun more of a “janky weapon” than an advanced one.
Simple Tactics Still Deadly
Despite repeated malfunctions, the killer was still able to use it to assassinate a high-profile target. He accomplished this by utilizing the simple tactic of using a handgun to murder a targeted individual at close range, a tactic seen in many historic assassinations, including Presidents Lincoln, Garfield, and McKinley, as well as Presidential candidate and Senator Bobby Kennedy. The tactic was also used in the March 1981 attempted assassination of President Ronald Reagan.
While I believe the mischaracterization of the weapon used in the Thompson murder is a technical error, it serves as a reminder of a more significant problem. Many security programs and executive protection teams now focus on countering emerging threat vectors—this is prudent and needed—certainly, things like drones, robots, and the convergence of physical and cyber threats must be taken seriously. However, security professionals must not allow their concern over emerging threats to divert their attention away from addressing simple, time-tested techniques and tactics.
A Simple Attack in Utah
Like the Thompson murder, the September 10, 2025, murder of conservative commentator Charlie Kirk at Utah Valley University was accomplished using an age-old, simple attack method. Kirk was murdered by a former student who used a “sporterized” Mauser 98, a classic German military battle rifle designed in 1895. Following the end of World War II, large numbers of the rifles were exported from Germany to the U.S., where they were repurposed as inexpensive hunting rifles. The gun used in the Kirk assassination was one of these rifles. It had belonged to the killer’s grandfather and had been rechambered to shoot 30-06 ammunition.
The killer smuggled the antique hunting rifle into the university campus and up onto the roof of a building with a direct line of sight (and fire) to where Kirk was seated during his event. Although the killer’s position on the roof was some 140 yards away from Kirk, hitting a man-sized target at 140 yards is not difficult for most marksmen with a scoped hunting rifle.
Again, the simple tactic of using a rifle to assassinate a high-profile target has a long history, including the assassinations of President John F. Kennedy and Martin Luther King, Jr. More recently, it was also used in the July 13, 2024, assassination attempt against President Trump in Butler, Pennsylvania.
Even though the rifle used in the attempt against President Trump was a modern AR-15 variant, it was nothing special. It was chambered in .556mm and equipped with a simple red dot sight. It was not a sophisticated, long-range sniper rifle chambered in .338 Lapua Magnum or .50 BMG topped with a sniper scope. Like Kirk’s murderer, the man who nearly succeeded in killing President Trump had no formal military or law enforcement training. He was just a recreational shooter with a rifle.
Keeping it Simple in Paris
While the October 19, 2025, jewel heist from the Galerie d’Apollon in the Louvre Museum in Paris was brazen, the tactics the criminals used were also very simple. Unlike in many Hollywood heist movies, there were no hackers, lasers, or other high-tech gizmos used in the Louvre theft. Instead, the thieves used ordinary construction equipment, including a lift truck, a gas-powered masonry saw, and an angle grinder. They pulled off the heist while wearing construction clothing that even included high-visibility vests. Videos of the robbery show it resembled an episode of Bob the Builder more than a scene from Mission Impossible.
But the simple operation using a construction worker cover and tools worked, and the criminals escaped with several priceless and irreplaceable objects from France’s crown jewels.
This type of brazen and simple approach is also increasingly common in many residential burglaries and home invasion robberies conducted against upscale homes in Los Angeles and other cities. The thieves frequently gain access to the targeted residence by using a spring-loaded glass punch or even a heavy object like a brick to break through a sliding glass door. While some of the robbery crews reportedly use Wi-Fi jammers to attempt to counter wireless cameras and residential alarm sensors, most robbers simply smash and then grab what they can before the police can arrive if the alarm is tripped. But in many cases, the alarm does not go off because, sadly, the home lacks a working functional alarm system—or residents simply leave it off.
The Common Element
The common element in all these simple attacks was that simple security measures were not taken to prevent them, like setting the alarm system, pre-posting potential elevated shooting positions, or responding to an unexpected construction truck showing up outside the museum.
Additionally, in all these cases, the threat actors operate freely while planning their crimes. Shattering a sliding glass door with a brick to rob a residence may require less operational planning than the assassination of a high-profile figure; all these crimes still involve planning, which we refer to this process as the attack cycle. Each of these attack cycles requires some degree of preoperational surveillance, and the criminals are vulnerable to detection as they conduct this surveillance.
The bottom line is that if threat actors can conduct preoperational surveillance unhindered—even those planning a simple attack—and observe security systems and procedures at will, they will easily identify security gaps that allow them to plan a successful attack. Thus, since there are always some gaps in every security program, security teams must deny criminals the ability to conduct unhindered surveillance.
Disrupting the Attack Cycle
With very few exceptions, criminals conduct a cost/benefit analysis as they plan a crime. If they assess that the risk of being caught outweighs the chance of success plus the possible gain, they can normally be diverted to an easier target. One way to skew the threat actor’s calculation toward the risk side is to prevent them from being able to freely conduct surveillance—or to make them believe they were spotted while doing so. Something as simple as a field interview of a person who appears to be conducting preoperational surveillance will often be enough to redirect them to another target.
This principle applies to all types of security, whether a person, a museum, or a residence is being protected. It also applies to all types of threat actors, those using sophisticated tactics or a rudimentary approach. They all must conduct some degree of surveillance during their attack planning cycle, and they are vulnerable to detection or deflection during that time.
Keep Security Simple
Simple and effective attack tactics will persist even as more advanced methods evolve. They are here to stay, and security professionals must not allow their focus on countering new threats to prevent them from implementing simple and time-tested security tactics. Defenders also need to keep it simple.