Trapwire Stratfor Email 49

Aug 13th, 2012
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. A joint Stick/Fred production.
  3. We know what we are talking about, and this makes sense to us - but
  4. please make sure that we have explained this in terms that can be
  5. understood by someone other than Fred and me.
  9. The Who
  13. The How
  16. Counterterrorism: Shifting from the Who to the How
  18. In the eleventh edition of the online magazine [link
  19. ] Sada
  20. al-Malahim (The Echo of Battle) which was released to jihadist Web sites
  21. last week, the leader of al Qaeda in the Arabian Peninsula (AQAP) [ link
  23. ] Nasir al-Wuhayshi, wrote an article in which he called for jihadists
  24. to conduct simple attacks against a variety of targets. The targets he
  25. mentioned included *any tyrant, intelligence den, prince,* or *minister*
  26. (referring to the governments in the Muslim world like Egypt, Saudi
  27. Arabia and Yemen), and *any crusaders whenever you find one of them,
  28. like at the airports of the crusader western countries that participate
  29. in the wars against Muslim, or their living compounds, trains etc.*
  30. (obviously referring to the U.S. and Europe.)
  32. Al-Wuhayshi, an ethnic Yemeni who spent time in Afghanistan serving as a
  33. lieutenant under Osama Bin Laden, noted these simple attacks could be
  34. conducted using readily available weapons, such as knives, clubs or
  35. small improvised explosive devices (IEDs). According to al-Wuhayshi,
  36. jihadists *don*t need to conduct a big effort or spend a lot of money to
  37. manufacture 10 grams of explosive material more or less* and that they
  38. should not *waste a long time finding the materials, because you can
  39. find all these in your mother*s kitchen, or at your hand or in any city
  40. you are in.*
  42. The fact that these instructions were given by al-Wuhayshi in an
  43. internet magazine distributed via jihadist chat rooms and not some
  44. secret meeting with his operational staff demonstrates that they are
  45. clearly intended to reach [link
  46. ]
  47. grassroots jihadists * and are not intended just as internal guidance
  48. for AQAP members. Al- Wuhayshi was encouraging grassroots jihadists to
  49. *do what Abu al-Khair did* referring to [link
  51. ] AQAP member Abdullah Hassan Taleh al-Asiri, the Saudi suicide bomber
  52. who attempted to kill Saudi Deputy Interior Minister Prince Mohammed bin
  53. Nayef with a small IED on August 28, 2009.
  55. The most concerning aspect of al-Wuhayshi*s statement is that it is
  56. largely true. Improvised explosive mixtures are relatively easy to make
  57. from readily available chemicals -- if a person has the proper training
  58. -- and attacks using small IEDs or other readily attainable weapons such
  59. as knives or clubs [link
  60. ] (or firearms
  61. in the U.S.) are indeed quite simple to conduct.
  63. As STRATFOR has [link
  64. ] noted for
  65. several years now, with al Qaeda's structure under continual attack and
  66. no regional al Qaeda franchise groups in the Western Hemisphere, the
  67. most pressing jihadist threat to the U.S. homeland at present stems from
  68. grassroots jihadists and not the al Qaeda core. This trend has been
  69. borne out by the large number of plots and arrests over the past several
  70. years, to include several so far in 2009. The grassroots have likewise
  71. proven to pose a critical threat to Europe.
  73. From a counterterrorism perspective, the problem posed by grassroots
  74. operatives is that unless they somehow self-identify [link
  76. ] by contacting a government informant or other person who reports them
  77. to authorities, or they [link
  78. ]
  79. conduct electronic correspondence with a person or organization under
  80. government scrutiny, they are very difficult to detect.
  82. The threat posed by grassroots operatives, and the difficulty
  83. identifying them, highlight the need for counterterrorism programs to
  84. adopt a proactive, protective intelligence approach to the problem -- an
  85. approach that focuses on *the how* of militant attacks instead of just
  86. *the who*.
  88. The How
  90. In the traditional, reactive, approach to counterterrorism, where
  91. authorities respond to a crime scene after a terrorist attack in order
  92. to find and arrest the militants responsible for the attack, it is
  93. customary to focus on *the who* behind the attack. Indeed, in this
  94. traditional approach, the only time much emphasis is placed on *the how*
  95. is either in an effort to identify a suspect when the attack was
  96. conducted by an unknown actor, or to prove that a particular suspect was
  97. responsible for the attack during a trial. Beyond these limited
  98. purposes, not much attention is paid to *the how.*
  100. Now, catching and prosecuting those who commit terrorist attacks is a
  101. good thing, but from our perspective what is even more important is
  102. preventing the attack in the first place, and prevention requires a
  103. proactive approach. In order to pursue such a proactive approach to
  104. counterterrorism, *the how* becomes the critical question. By studying
  105. and understanding how attacks are conducted, authorities can then
  106. establish systems to proactively identify early indicators that attack
  107. planning is occurring. People involved in that attack planning can then
  108. be focused on, identified, and action can be taken prevent them from
  109. conducting the attack(s) they are plotting. This means that focusing on
  110. *the how* can lead to previously unidentified suspects * those who do
  111. not self-identify.
  113. How is the primary question addressed by [link
  115. ] protective intelligence, which is, at its core, a process for
  116. proactively identifying and assessing potential threats. Focusing on
  117. *the how* then, requires protective intelligence practitioners to
  118. carefully study the tactics, tradecraft and behavior associated with
  119. militant actors involved in terrorist attacks in order to search for and
  120. identify those behaviors before an attack takes place. Many of these
  121. behaviors are not by themselves criminal in nature, visiting a public
  122. building and observing the security measures or standing on the street
  123. to watch the arrival of a VIP at her office are not illegal, but they
  124. can be indicators that an attack is being plotted, and in the grand
  125. scheme of things those legal activities could turn out to be overt
  126. actions in furtherance of an illegal conspiracy to conduct the attack *
  127. but even in a case where a conspiracy cannot be proves, steps can be
  128. still taken to prevent a potential attack and to mitigate the risk posed
  129. by the people involved.
  131. Protective intelligence is based on the fact that attacks don*t just
  132. happen out of the blue. Rather, every terrorist attack follows a [link
  133. ] discernable
  134. attack cycle, and there are critical points in that cycle where a plot
  135. is most likely to be detected by an outside observer and the critical
  136. activity that happens at these points can then be looked for. Among the
  137. most vulnerable times of in the attack cycle are while surveillance is
  138. being conducted and weapons are being acquired, but there are other,
  139. less obvious points where such activity can be spotted by someone who is
  140. looking for it.
  142. In order to really understand *the how*, protective intelligence
  143. practitioners cannot just simply acknowledge that something like
  144. surveillance occurs. Rather they must turn a powerful lens on topics
  145. like pre-operational surveillance in order to study them at a granular
  146. level so that it can be studied and fully understood. Dissecting an
  147. activity like [link
  148. ]
  149. preoperational surveillance requires not only examining subjects such as
  150. the demeanor demonstrated by those conducting surveillance prior to an
  151. attack and the specific methods [link
  152. ] and cover
  153. for action and cover for status utilized, but identifying certain times
  154. where surveillance is most likely to happen and certain optimal vantage
  155. points (called perches in surveillance jargon) where a surveillant is
  156. most likely to operate from, if he is seeking to surveil a specific
  157. facility or event. This type of complex understanding of the topic of
  158. surveillance can then be used to help focus human or technological
  159. countersurveillance efforts to where they can be most effective.
  161. Unfortunately, many counterterrorism investigators are so focused on
  162. *the who* that they do not focus on collecting this type of granular
  163. *how* information. We have talked to law enforcement officers
  164. responsible for investigating some recent grassroots plots, and when
  165. asked to describe specifically how the suspects had conducted
  166. surveillance on the intended targets, we were met with blank stares.
  167. They simply had not paid attention to this type of detail. But this is
  168. not really the fault of these investigators. Nobody had ever explained
  169. to them why paying attention to and recording this type of detail was
  170. important. Additionally, it takes specific training and a practiced eye
  171. to pick out these details without glossing over them. For example, one
  172. must first conduct a lot of surveillance in order to become a first-rate
  173. countersurveillance officer. The experience of conducting surveillance
  174. allows you to understand what a surveillant must do and where he must be
  175. in order to conduct surveillance of a specific person or place.
  177. Similarly, in order to truly understand the tradecraft required to build
  178. an IED and the specific steps that a militant needs to complete in order
  179. to do so, it helps to go to an IED school where the investigator learns
  180. the tradecraft firsthand. Militant actors can and do change over time.
  181. New groups, causes and ideologies emerge, and specific militants can be
  182. killed, captured or retire. But the tactical steps that a militant must
  183. complete in order to conduct an attack are constant. It doesn*t matter
  184. if the person planning an attack is a radical environmentalist, a
  185. grassroots jihadist or a member of the al Qaeda core, while these
  186. diverse actors will exhibit different levels of professionalism in
  187. regard to terrorist tradecraft, they still must follow essentially the
  188. same steps, accomplish the same tasks and operate in the same areas.
  189. Knowing this allows protective intelligence to guard against different
  190. levels of threats.
  192. Of course tactics can be change and be perfected and new tactics can be
  193. developed -- and technology can emerge (like cell phones and Google
  194. earth) -- which can alter the way in which some of these activities are
  195. conducted, or the time it takes to do so. However possessing a profound
  196. knowledge of the tradecraft and behaviors needed to execute the tactics
  197. allows protective intelligence practitioners to respond to such changes
  198. and even alter how they operate. Technology can also help the protective
  199. intelligence forces in their mission. There are tools such as Trapwire
  200. (what is trapwire? a quick phrase would help a reader who's not in the
  201. know) that can be focused on critical areas and that can help law
  202. enforcement and security forces cut through the fog of noise and
  203. activity to help identify things like hostile surveillance occurring in
  204. those critical areas identified by protective intelligence. These
  205. technological tools can help turn the tables on the unknown *who* by
  206. focusing on *the how*. They will likely never replace human observation
  207. and experience, but they are valuable aids to human perception.
  209. Of course protective intelligence does not have to be the sole
  210. providence of the authorities. Corporate security managers and private
  211. security contractors can also apply the principles to protecting the
  212. people and facilities in their charge.
  214. Keeping it Simple?
  216. Al-Wuhayshi is right that it is not difficult to construct improvised
  217. explosives from a wide range of household chemicals such as peroxide and
  218. acetone or chlorine and brake fluid. He is also correct that some of
  219. those explosive mixtures can be concealed in objects ranging from
  220. electronic items to picture frames or can be employed in forms ranging
  221. from hand grenades to suicide vests. Likewise, low-level attacks can
  222. also be conducted using knives, clubs and guns.
  224. However -- and this is an important however -- if a militant is going to
  225. conduct such an attack against some of the targets al-Wuhayshi suggests,
  226. such as an airports, a train, or a specific leader or media personality,
  227. complexity creeps into the picture, and the attack planning cycle must
  228. be followed. The prospective attacker must observe and quantify the
  229. target, construct a plan to attack it and then execute that plan. It is
  230. the demands of conducting this process that will cause even an attacker
  231. previously unknown to the authorities to place himself in a position
  232. where he is vulnerable to being identified. If the attacker does this
  233. while there are people watching for him, he will likely be seen. If he
  234. does this while there are no watchers, there is little chance that he
  235. will become a *who* until after the attack has been completed.
  243. Scott Stewart
  245. Office: 814 967 4046
  246. Cell: 814 573 8297
  251. Mike Jeffers
  253. Austin, Texas
  254. Tel: 1-512-744-4077
  255. Mobile: 1-512-934-0636
RAW Paste Data