theunpromisedone3

Trapwire Stratfor Email 34

Aug 10th, 2012
133
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. RE: Counterterrorism: Shifting from 'Who' to 'How'
  2.  
  3. Released on 2012-08-09 18:00 GMT
  4. Email-ID 376889
  5. Date 2009-11-05 01:46:25
  6. From musgrovesteve@hotmail.com
  7. To burton@stratfor.com
  8. Appreciate the update Fred. Thanks and all the best. Hope the new book is
  9. working out
  10. for you. Steve
  11.  
  12. Very respectfully,
  13.  
  14. Steve Musgrove
  15.  
  16.  
  17. > From: burton@stratfor.com
  18. > To: burton@stratfor.com
  19. > Subject: Counterterrorism: Shifting from 'Who' to 'How'
  20. > Date: Wed, 4 Nov 2009 16:57:03 -0600
  21. >
  22. >
  23. >
  24. > COUNTERTERRORISM: SHIFTING FROM 'WHO' TO 'HOW'
  25. >
  26. > By Scott Stewart and Fred Burton
  27. >
  28. > In the 11th edition of the online magazine Sada al-Malahim (The Echo of
  29. > Battle), which was released to jihadist Web sites last week, al Qaeda in
  30. the
  31. > Arabian Peninsula (AQAP) leader Nasir al-Wahayshi wrote an article that
  32. > called for jihadists to conduct simple attacks against a variety of
  33. targets.
  34. > The targets included "any tyrant, intelligence den, prince" or
  35. "minister"
  36. > (referring to the governments in the Muslim world like Egypt, Saudi
  37. Arabia
  38. > and Yemen), and "any crusaders whenever you find one of them, like at
  39. the
  40. > airports of the crusader Western countries that participate in the wars
  41. > against Islam, or their living compounds, trains etc.," (an obvious
  42. > reference to the United States and Europe and Westerners living in
  43. Muslim
  44. > countries).
  45. >
  46. >
  47. > Al-Wahayshi, an ethnic Yemeni who spent time in Afghanistan serving as a
  48. > lieutenant under Osama bin Laden, noted these simple attacks could be
  49. > conducted with readily available weapons such as knives, clubs or small
  50. > improvised explosive devices (IEDs). According to al-Wahayshi, jihadists
  51. > "don't need to conduct a big effort or spend a lot of money to
  52. manufacture
  53. > 10 grams of explosive material" and that they should not "waste a long
  54. time
  55. > finding the materials, because you can find all these in your mother's
  56. > kitchen, or readily at hand or in any city you are in."
  57. >
  58. > That al-Wahayshi gave these instructions in an Internet magazine
  59. distributed
  60. > via jihadist chat rooms, not in some secret meeting with his operational
  61. > staff, demonstrates that they are clearly intended to reach grassroots
  62. > jihadists -- and are not intended as some sort of internal guidance for
  63. AQAP
  64. > members. In fact, al-Wahayshi was encouraging grassroots jihadists to
  65. "do
  66. > what Abu al-Khair did" referring to AQAP member Abdullah Hassan Taleh
  67. > al-Asiri, the Saudi suicide bomber who attempted to kill Saudi Deputy
  68. > Interior Minister Prince Mohammed bin Nayef with a small IED on Aug. 28.
  69. >
  70. > The most concerning aspect of al-Wahayshi's statement is that it is
  71. largely
  72. > true. Improvised explosive mixtures are in fact relatively easy to make
  73. from
  74. > readily available chemicals -- if a person has the proper training --
  75. and
  76. > attacks using small IEDs or other readily attainable weapons such as
  77. knives
  78. > or clubs (or firearms in the United States) are indeed quite simple to
  79. > conduct.
  80. >
  81. > As STRATFOR has noted for several years now, with al Qaeda's structure
  82. under
  83. > continual attack and no regional al Qaeda franchise groups in the
  84. Western
  85. > Hemisphere, the most pressing jihadist threat to the U.S. homeland at
  86. > present stems from grassroots jihadists, not the al Qaeda core. This
  87. trend
  88. > has been borne out by the large number of plots and arrests over the
  89. past
  90. > several years, to include several so far in 2009. The grassroots have
  91. > likewise proven to pose a critical threat to Europe (although it is
  92. > important to note that the threat posed by grassroots operatives is more
  93. > widespread, but normally involves smaller, less strategic attacks than
  94. those
  95. > conducted by the al Qaeda core).
  96. >
  97. > From a counterterrorism perspective, the problem posed by grassroots
  98. > operatives is that unless they somehow self-identify by contacting a
  99. > government informant or another person who reports them to authorities,
  100. > attend a militant training camp, or conduct electronic correspondence
  101. with a
  102. > person or organization under government scrutiny, they are very
  103. difficult to
  104. > detect.
  105. >
  106. > The threat posed by grassroots operatives, and the difficulty
  107. identifying
  108. > them, highlight the need for counterterrorism programs to adopt a
  109. proactive,
  110. > protective intelligence approach to the problem -- an approach that
  111. focuses
  112. > on "the how" of militant attacks instead of just "the who."
  113. >
  114. > The How
  115. >
  116. > In the traditional, reactive approach to counterterrorism, where
  117. authorities
  118. > respond to a crime scene after a terrorist attack to find and arrest the
  119. > militants responsible for the attack, it is customary to focus on the
  120. who,
  121. > or on the individual or group behind the attack. Indeed, in this
  122. approach,
  123. > the only time much emphasis is placed on the how is either in an effort
  124. to
  125. > identify a suspect when an unknown actor carried out the attack, or to
  126. prove
  127. > that a particular suspect was responsible for the attack during a trial.
  128. > Beyond these limited purposes, not much attention is paid to the how.
  129. >
  130. > In large part, this focus on the who is a legacy of the fact that for
  131. many
  132. > years, the primary philosophy of the U.S. government was to treat
  133. > counterterrorism as a law-enforcement program, with a focus on
  134. prosecution
  135. > rather than on disrupting plots.
  136. >
  137. > Certainly, catching and prosecuting those who commit terrorist attacks
  138. is
  139. > necessary, but from our perspective, preventing attacks is more
  140. important,
  141. > and prevention requires a proactive approach. To pursue such a proactive
  142. > approach to counterterrorism, the how becomes a critical question. By
  143. > studying and understanding how attacks are conducted -- i.e., the exact
  144. > steps and actions required for a successful attack -- authorities can
  145. > establish systems to proactively identify early indicators that planning
  146. for
  147. > an attack is under way. People involved in planning the attack can then
  148. be
  149. > focused on, identified, and action can be taken prevent them from
  150. conducting
  151. > the attack or attacks they are plotting. This means that focusing on the
  152. how
  153. > can lead to previously unidentified suspects, e.g., those who do not
  154. > self-identify.
  155. >
  156. > "How was the attack conducted?" is the primary question addressed by
  157. > protective intelligence, which is, at its core, a process for
  158. proactively
  159. > identifying and assessing potential threats. Focusing on the how, then,
  160. > requires protective intelligence practitioners to carefully study the
  161. > tactics, tradecraft and behavior associated with militant actors
  162. involved in
  163. > terrorist attacks. This allows them to search for and identify those
  164. > behaviors before an attack takes place. Many of these behaviors are not
  165. by
  166. > themselves criminal in nature; visiting a public building and observing
  167. > security measures or standing on the street to watch the arrival of a
  168. VIP at
  169. > their office are not illegal, but they can be indicators that an attack
  170. is
  171. > being plotted. Such legal activities ultimately could be overt actions
  172. in
  173. > furtherance of an illegal conspiracy to conduct the attack, but even
  174. where
  175. > conspiracy cannot be proved, steps can still be taken to identify
  176. possible
  177. > assailants and prevent a potential attack -- or at the very least, to
  178. > mitigate the risk posed by the people involved.
  179. >
  180. > Protective intelligence is based on the fact that successful attacks
  181. don't
  182. > just happen out of the blue. Rather, terrorist attacks follow a
  183. discernable
  184. > attack cycle. There are critical points during that cycle where a plot
  185. is
  186. > most likely to be detected by an outside observer. Some of the points
  187. during
  188. > the attack cycle when potential attackers are most vulnerable to
  189. detection
  190. > are while surveillance is being conducted and weapons are being
  191. acquired.
  192. > However, there are other, less obvious points where people on the
  193. lookout
  194. > can spot preparations for an attack.
  195. >
  196. > It is true that sometimes individuals do conduct ill-conceived, poorly
  197. > executed attacks that involve shortcuts in the planning process. But
  198. this
  199. > type of spur-of-the-moment attack is usually associated with mentally
  200. > disturbed individuals and it is extremely rare for a militant actor to
  201. > conduct a spontaneous terrorist attack without first following the steps
  202. of
  203. > the attack cycle.
  204. >
  205. > To really understand the how, protective intelligence practitioners
  206. cannot
  207. > simply acknowledge that something like surveillance occurs. Rather, they
  208. > must turn a powerful lens on steps like preoperational surveillance to
  209. gain
  210. > an in-depth understanding of them. Dissecting an activity like
  211. > preoperational surveillance requires not only examining subjects such as
  212. the
  213. > demeanor demonstrated by those conducting surveillance prior to an
  214. attack
  215. > and the specific methods and cover for action and status used. It also
  216. > requires identifying particular times where surveillance is most likely
  217. and
  218. > certain optimal vantage points (called perches in surveillance jargon)
  219. from
  220. > where a surveillant is most likely to operate when seeking to surveil a
  221. > specific facility or event. This type of complex understanding of
  222. > surveillance can then be used to help focus human or technological
  223. > countersurveillance efforts where they can be most effective.
  224. >
  225. > Unfortunately, many counterterrorism investigators are so focused on the
  226. who
  227. > that they do not focus on collecting this type of granular how
  228. information.
  229. > When we have spoken with law enforcement officers responsible for
  230. > investigating recent grassroots plots, they gave us blank stares in
  231. response
  232. > to questions about how the suspects had conducted surveillance on the
  233. > intended targets. They simply had not paid attention to this type of
  234. detail
  235. > -- but this oversight is not really the investigators' fault. No one had
  236. > ever explained to them why paying attention to, and recording, this type
  237. of
  238. > detail was important. Moreover, it takes specific training and a
  239. practiced
  240. > eye to observe and record these details without glossing over them. For
  241. > example, it is quite useful if a protective intelligence officer has
  242. first
  243. > conducted a lot of surveillance, because conducting surveillance allows
  244. one
  245. > to understand what a surveillant must do and where he must be in order
  246. to
  247. > effectively observe surveillance of a specific person or place.
  248. >
  249. > Similarly, to truly understand the tradecraft required to build an IED
  250. and
  251. > the specific steps a militant needs to complete to do so, it helps to go
  252. to
  253. > an IED school where the investigator learns the tradecraft firsthand.
  254. > Militant actors can and do change over time. New groups, causes and
  255. > ideologies emerge, and specific militants can be killed, captured or
  256. retire.
  257. > But the tactical steps a militant must complete to conduct a successful
  258. > attack are constant. It doesn't matter if the person planning an attack
  259. is a
  260. > radical environmentalist, a grassroots jihadist or a member of the al
  261. Qaeda
  262. > core, for while these diverse actors will exhibit different levels of
  263. > professionalism in regard to terrorist tradecraft, they still must
  264. follow
  265. > essentially the same steps, accomplish the same tasks and operate in the
  266. > same areas. Knowing this allows protective intelligence to guard against
  267. > different levels of threats.
  268. >
  269. > Of course, tactics can be changed and perfected and new tactics can be
  270. > developed (often in response to changes in security and law enforcement
  271. > operations). Additionally, new technologies can emerge (like cell phones
  272. and
  273. > Google Earth) -- which can alter the way some of these activities are
  274. > conducted, or reduce the time it takes to complete them. Studying the
  275. > tradecraft and behaviors needed to execute evolving tactics, however,
  276. allows
  277. > protective intelligence practitioners to respond to such changes and
  278. even
  279. > alter how they operate in order to more effectively search for potential
  280. > hostile activity.
  281. >
  282. > Technology does not only aid those seeking to conduct attacks. There are
  283. a
  284. > variety of new tools, such as Trapwire, a software system designed to
  285. work
  286. > with camera systems to help detect patterns of preoperational
  287. surveillance,
  288. > that can be focused on critical areas to help cut through the fog of
  289. noise
  290. > and activity and draw attention to potential threats. These
  291. technological
  292. > tools can help turn the tables on unknown plotters because they are
  293. designed
  294. > to focus on the how. They will likely never replace human observation
  295. and
  296. > experience, but they can serve as valuable aids to human perception.
  297. >
  298. > Of course, protective intelligence does not have to be the sole
  299. > responsibility of federal authorities specifically charged with
  300. > counterterrorism. Corporate security managers and private security
  301. > contractors should also apply these principles to protecting the people
  302. and
  303. > facilities in their charge, as should local and state police agencies.
  304. In a
  305. > world full of soft targets -- and limited resources to protect those
  306. targets
  307. > from attack -- the more eyes looking for such activity the better. Even
  308. the
  309. > general public has an important role to play in practicing situational
  310. > awareness and spotting potential terrorist activity.
  311. >
  312. > Keeping it Simple?
  313. > Al-Wahayshi is right that it is not difficult to construct improvised
  314. > explosives from a wide range of household chemicals like peroxide and
  315. > acetone or chlorine and brake fluid. He is also correct that some of
  316. those
  317. > explosive mixtures can be concealed in objects ranging from electronic
  318. items
  319. > to picture frames, or can be employed in forms ranging from hand
  320. grenades to
  321. > suicide vests. Likewise, low-level attacks can also be conducted using
  322. > knives, clubs and guns.
  323. >
  324. > Furthermore, when grassroots jihadists plan and carry out attacks acting
  325. as
  326. > lone wolves or in small compartmentalized cells without inadvertently
  327. > betraying their mission by conspiring with people known to the
  328. authorities,
  329. > they are not able to be detected by the who-focused systems, and it
  330. becomes
  331. > far more difficult to discover and thwart these plots. This focus on the
  332. how
  333. > absolutely does not mean that who-centered programs must be abandoned.
  334. > Surveillance on known militants, their associates and communications
  335. should
  336. > continue, efforts to identify people attending militant training camps
  337. or
  338. > fighting in places like Afghanistan or Somalia must be increased, and
  339. people
  340. > who conduct terrorist attacks should be identified and prosecuted.
  341. >
  342. > However -- and this is an important however -- if an unknown militant is
  343. > going to conduct even a simple attack against some of the targets
  344. > al-Wahayshi suggests, such as an airport, train, or specific leader or
  345. media
  346. > personality, complexity creeps into the picture, and the planning cycle
  347. must
  348. > be followed if an attack is going to be successful. The prospective
  349. attacker
  350. > must observe and quantify the target, construct a plan for the attack
  351. and
  352. > then execute that plan. The demands of this process will force even an
  353. > attacker previously unknown to the authorities into a position where he
  354. is
  355. > vulnerable to discovery. If the attacker does this while there are
  356. people
  357. > watching for such activity, he will likely be seen. But if he does this
  358. > while there are no watchers, there is little chance that he will become
  359. a
  360. > who until after the attack has been completed.
  361. >
  362. >
  363. > This report may be forwarded or republished on your website with
  364. attribution
  365. > to www.stratfor.com.
  366. >
  367. > Copyright 2009 Stratfor.
  368. >
  369. >
  370. >
RAW Paste Data