Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- A joint Stick/Fred production.
- We know what we are talking about, and this makes sense to us - but
- please make sure that we have explained this in terms that can be
- understood by someone other than Fred and me.
- The Who
- The How
- Counterterrorism: Shifting from the Who to the How
- In the eleventh edition of the online magazine [link
- http://www.stratfor.com/analysis/yemen_al_qaedas_resurgence ] Sada
- al-Malahim (The Echo of Battle) which was released to jihadist Web sites
- last week, the leader of al Qaeda in the Arabian Peninsula (AQAP) [ link
- http://www.stratfor.com/weekly/20090128_al_qaeda_arabian_peninsula_desperation_or_new_life
- ] Nasir al-Wuhayshi, wrote an article in which he called for jihadists
- to conduct simple attacks against a variety of targets. The targets he
- mentioned included *any tyrant, intelligence den, prince,* or *minister*
- (referring to the governments in the Muslim world like Egypt, Saudi
- Arabia and Yemen), and *any crusaders whenever you find one of them,
- like at the airports of the crusader western countries that participate
- in the wars against Muslim, or their living compounds, trains etc.*
- (obviously referring to the U.S. and Europe.)
- Al-Wuhayshi, an ethnic Yemeni who spent time in Afghanistan serving as a
- lieutenant under Osama Bin Laden, noted these simple attacks could be
- conducted using readily available weapons, such as knives, clubs or
- small improvised explosive devices (IEDs). According to al-Wuhayshi,
- jihadists *don*t need to conduct a big effort or spend a lot of money to
- manufacture 10 grams of explosive material more or less* and that they
- should not *waste a long time finding the materials, because you can
- find all these in your mother*s kitchen, or at your hand or in any city
- you are in.*
- The fact that these instructions were given by al-Wuhayshi in an
- internet magazine distributed via jihadist chat rooms and not some
- secret meeting with his operational staff demonstrates that they are
- clearly intended to reach [link
- http://www.stratfor.com/weekly/20090805_paying_attention_grassroots ]
- grassroots jihadists * and are not intended just as internal guidance
- for AQAP members. Al- Wuhayshi was encouraging grassroots jihadists to
- *do what Abu al-Khair did* referring to [link
- http://www.stratfor.com/weekly/20090902_aqap_paradigm_shifts_and_lessons_learned
- ] AQAP member Abdullah Hassan Taleh al-Asiri, the Saudi suicide bomber
- who attempted to kill Saudi Deputy Interior Minister Prince Mohammed bin
- Nayef with a small IED on August 28, 2009.
- The most concerning aspect of al-Wuhayshi*s statement is that it is
- largely true. Improvised explosive mixtures are relatively easy to make
- from readily available chemicals -- if a person has the proper training
- -- and attacks using small IEDs or other readily attainable weapons such
- as knives or clubs [link
- http://www.stratfor.com/weekly/20090603_lone_wolf_lessons ] (or firearms
- in the U.S.) are indeed quite simple to conduct.
- As STRATFOR has [link
- http://www.stratfor.com/al_qaeda_2007_continuing_devolution ] noted for
- several years now, with al Qaeda's structure under continual attack and
- no regional al Qaeda franchise groups in the Western Hemisphere, the
- most pressing jihadist threat to the U.S. homeland at present stems from
- grassroots jihadists and not the al Qaeda core. This trend has been
- borne out by the large number of plots and arrests over the past several
- years, to include several so far in 2009. The grassroots have likewise
- proven to pose a critical threat to Europe.
- From a counterterrorism perspective, the problem posed by grassroots
- operatives is that unless they somehow self-identify [link
- http://www.stratfor.com/analysis/20090521_u_s_foiled_plot_and_very_real_grassroots_risk
- ] by contacting a government informant or other person who reports them
- to authorities, or they [link
- http://www.stratfor.com/weekly/20091021_curious_case_adlene_hicheur ]
- conduct electronic correspondence with a person or organization under
- government scrutiny, they are very difficult to detect.
- The threat posed by grassroots operatives, and the difficulty
- identifying them, highlight the need for counterterrorism programs to
- adopt a proactive, protective intelligence approach to the problem -- an
- approach that focuses on *the how* of militant attacks instead of just
- *the who*.
- The How
- In the traditional, reactive, approach to counterterrorism, where
- authorities respond to a crime scene after a terrorist attack in order
- to find and arrest the militants responsible for the attack, it is
- customary to focus on *the who* behind the attack. Indeed, in this
- traditional approach, the only time much emphasis is placed on *the how*
- is either in an effort to identify a suspect when the attack was
- conducted by an unknown actor, or to prove that a particular suspect was
- responsible for the attack during a trial. Beyond these limited
- purposes, not much attention is paid to *the how.*
- Now, catching and prosecuting those who commit terrorist attacks is a
- good thing, but from our perspective what is even more important is
- preventing the attack in the first place, and prevention requires a
- proactive approach. In order to pursue such a proactive approach to
- counterterrorism, *the how* becomes the critical question. By studying
- and understanding how attacks are conducted, authorities can then
- establish systems to proactively identify early indicators that attack
- planning is occurring. People involved in that attack planning can then
- be focused on, identified, and action can be taken prevent them from
- conducting the attack(s) they are plotting. This means that focusing on
- *the how* can lead to previously unidentified suspects * those who do
- not self-identify.
- How is the primary question addressed by [link
- http://www.stratfor.com/weekly/proactive_tool_protective_intelligence
- ] protective intelligence, which is, at its core, a process for
- proactively identifying and assessing potential threats. Focusing on
- *the how* then, requires protective intelligence practitioners to
- carefully study the tactics, tradecraft and behavior associated with
- militant actors involved in terrorist attacks in order to search for and
- identify those behaviors before an attack takes place. Many of these
- behaviors are not by themselves criminal in nature, visiting a public
- building and observing the security measures or standing on the street
- to watch the arrival of a VIP at her office are not illegal, but they
- can be indicators that an attack is being plotted, and in the grand
- scheme of things those legal activities could turn out to be overt
- actions in furtherance of an illegal conspiracy to conduct the attack *
- but even in a case where a conspiracy cannot be proves, steps can be
- still taken to prevent a potential attack and to mitigate the risk posed
- by the people involved.
- Protective intelligence is based on the fact that attacks don*t just
- happen out of the blue. Rather, every terrorist attack follows a [link
- http://www.stratfor.com/themes/terrorist_attack_cycle ] discernable
- attack cycle, and there are critical points in that cycle where a plot
- is most likely to be detected by an outside observer and the critical
- activity that happens at these points can then be looked for. Among the
- most vulnerable times of in the attack cycle are while surveillance is
- being conducted and weapons are being acquired, but there are other,
- less obvious points where such activity can be spotted by someone who is
- looking for it.
- In order to really understand *the how*, protective intelligence
- practitioners cannot just simply acknowledge that something like
- surveillance occurs. Rather they must turn a powerful lens on topics
- like pre-operational surveillance in order to study them at a granular
- level so that it can be studied and fully understood. Dissecting an
- activity like [link
- http://www.stratfor.com/themes/surveillance_and_countersurveillance ]
- preoperational surveillance requires not only examining subjects such as
- the demeanor demonstrated by those conducting surveillance prior to an
- attack and the specific methods [link
- http://www.stratfor.com/physical_surveillance_art_blending ] and cover
- for action and cover for status utilized, but identifying certain times
- where surveillance is most likely to happen and certain optimal vantage
- points (called perches in surveillance jargon) where a surveillant is
- most likely to operate from, if he is seeking to surveil a specific
- facility or event. This type of complex understanding of the topic of
- surveillance can then be used to help focus human or technological
- countersurveillance efforts to where they can be most effective.
- Unfortunately, many counterterrorism investigators are so focused on
- *the who* that they do not focus on collecting this type of granular
- *how* information. We have talked to law enforcement officers
- responsible for investigating some recent grassroots plots, and when
- asked to describe specifically how the suspects had conducted
- surveillance on the intended targets, we were met with blank stares.
- They simply had not paid attention to this type of detail. But this is
- not really the fault of these investigators. Nobody had ever explained
- to them why paying attention to and recording this type of detail was
- important. Additionally, it takes specific training and a practiced eye
- to pick out these details without glossing over them. For example, one
- must first conduct a lot of surveillance in order to become a first-rate
- countersurveillance officer. The experience of conducting surveillance
- allows you to understand what a surveillant must do and where he must be
- in order to conduct surveillance of a specific person or place.
- Similarly, in order to truly understand the tradecraft required to build
- an IED and the specific steps that a militant needs to complete in order
- to do so, it helps to go to an IED school where the investigator learns
- the tradecraft firsthand. Militant actors can and do change over time.
- New groups, causes and ideologies emerge, and specific militants can be
- killed, captured or retire. But the tactical steps that a militant must
- complete in order to conduct an attack are constant. It doesn*t matter
- if the person planning an attack is a radical environmentalist, a
- grassroots jihadist or a member of the al Qaeda core, while these
- diverse actors will exhibit different levels of professionalism in
- regard to terrorist tradecraft, they still must follow essentially the
- same steps, accomplish the same tasks and operate in the same areas.
- Knowing this allows protective intelligence to guard against different
- levels of threats.
- Of course tactics can be change and be perfected and new tactics can be
- developed -- and technology can emerge (like cell phones and Google
- earth) -- which can alter the way in which some of these activities are
- conducted, or the time it takes to do so. However possessing a profound
- knowledge of the tradecraft and behaviors needed to execute the tactics
- allows protective intelligence practitioners to respond to such changes
- and even alter how they operate. Technology can also help the protective
- intelligence forces in their mission. There are tools such as Trapwire
- (what is trapwire? a quick phrase would help a reader who's not in the
- know) that can be focused on critical areas and that can help law
- enforcement and security forces cut through the fog of noise and
- activity to help identify things like hostile surveillance occurring in
- those critical areas identified by protective intelligence. These
- technological tools can help turn the tables on the unknown *who* by
- focusing on *the how*. They will likely never replace human observation
- and experience, but they are valuable aids to human perception.
- Of course protective intelligence does not have to be the sole
- providence of the authorities. Corporate security managers and private
- security contractors can also apply the principles to protecting the
- people and facilities in their charge.
- Keeping it Simple?
- Al-Wuhayshi is right that it is not difficult to construct improvised
- explosives from a wide range of household chemicals such as peroxide and
- acetone or chlorine and brake fluid. He is also correct that some of
- those explosive mixtures can be concealed in objects ranging from
- electronic items to picture frames or can be employed in forms ranging
- from hand grenades to suicide vests. Likewise, low-level attacks can
- also be conducted using knives, clubs and guns.
- However -- and this is an important however -- if a militant is going to
- conduct such an attack against some of the targets al-Wuhayshi suggests,
- such as an airports, a train, or a specific leader or media personality,
- complexity creeps into the picture, and the attack planning cycle must
- be followed. The prospective attacker must observe and quantify the
- target, construct a plan to attack it and then execute that plan. It is
- the demands of conducting this process that will cause even an attacker
- previously unknown to the authorities to place himself in a position
- where he is vulnerable to being identified. If the attacker does this
- while there are people watching for him, he will likely be seen. If he
- does this while there are no watchers, there is little chance that he
- will become a *who* until after the attack has been completed.
- Scott Stewart
- STRATFOR
- Office: 814 967 4046
- Cell: 814 573 8297
- scott.stewart@stratfor.com
- www.stratfor.com
- Mike Jeffers
- STRATFOR
- Austin, Texas
- Tel: 1-512-744-4077
- Mobile: 1-512-934-0636
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement