This case study is an examination of behaviors that resulted in a disrupted terrorist attack, revealing a cycle of planning and preparation that could provide indicators for preventing similar attempts. The terrorist attack planning cycle is not a static, linear process but rather could begin in any of the several stages with variances in details, sequence, and timing. An individual’s mobilization to violence often provides observable behavioral indicators such as, pre-attack surveillance, training, and rehearsal. The indicators potentially allow third-party observers and law enforcement to identify individuals moving to violence, circumstances that may allow for disruption of planned attacks. This product is intended to cultivate an awareness of the planning cycle among stakeholders for identification, mitigation, and disruption of attack planning.
Vehicle-ramming attacks are considered unsophisticated, in that a perpetrator could carry out such an attack with minimal planning and training. It is likely that terrorist groups will continue to encourage aspiring attackers to employ unsophisticated tactics such as vehicle-ramming, since these types of attacks minimize the potential for premature detection and could inflict mass fatalities if successful. Furthermore, events that draw large groups of people—and thus present an attractive vehicle ramming target—are usually scheduled and announced in advance, which greatly facilitates attack planning and training activities.
While in the United States, some of the September 11 hijackers were in contact with, and received support or assistance from, individuals who may be connected to the Saudi Government. There is information, primarily from FBI sources, that at least two of those individuals were alleged by some to be Saudi intelligence officers. The Joint Inquiry’s review confirmed that the Intelligence Community also has information, much of which has yet to be independently verified, indicating that individuals associated with Saudi Government in the United States may have other ties to al-Qa’ida and other terrorist groups. The FBI and CIA have informed the Joint Inquiry that, since the September 11 attacks, they are treating the Saudi issue seriously, but both still have only a limited understanding of the Saudi Government’s ties to terrorist elements. In their testimony, neither CIA nor FBI witnesses were able to identify definitively the extent of Saudi support for terrorist activity globally or within the United States and the extent to which such support, if it exists, is knowing or inadvertent in nature.
(U//FOUO) DHS-FBI-NCTC Bulletin: Tactics, Techniques, and Procedures Used in March 2016 Brussels Attacks
This Joint Intelligence Bulletin (JIB) is intended to provide a review of the tactics, techniques, and procedures demonstrated by the perpetrators of the 22 March 2016 attacks in Brussels, Belgium. The analysis in this JIB is based on statements by European government and law enforcement officials cited in media reporting and is subject to change with the release of official details from post-incident investigations. This JIB is provided by DHS, FBI, and NCTC to support their respective activities and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials, first responders and private sector partners in deterring, preventing, preempting, or disrupting terrorist attacks against the United States.
Several recent incidents underline the possibility that soft targets, including entertainment venues such as bars and restaurants, are increasingly chosen over hard targets that may hold more significance to the victims and the attacking person or group. Using analysis of recent events and data from the START Global Terrorism Database, the BRIC completed the following study to raise awareness regarding the targeting of entertainment venues by violent extremist groups.
Today we are witnessing the largest global convergence of jihadists in history, as individuals from more than 100 countries have migrated to the conflict zone in Syria and Iraq since 2011. Some initially flew to the region to join opposition groups seeking to oust Syrian dictator Bashar al-Assad, but most are now joining the Islamic State of Iraq and Syria (ISIS), inspired to become a part of the group’s “caliphate” and to expand its repressive society. Over 25,000 foreign fighters have traveled to the battlefield to enlist with Islamist terrorist groups, including at least 4,500 Westerners. More than 250 individuals from the United States have also joined or attempted to fight with extremists in the conflict zone.
(U//FOUO) Boston Regional Intelligence Center Suspicious Activity Behavior & Indicators For Public Sector Partners
This document is intended to highlight several suspicious activity behaviors and indicators that may be indicative of preoperational terrorist activity for business owners and private sector security personnel. This product focuses on behaviors and indicators that would be of interest prior to any major event. This proactive public safety strategy is an ongoing attempt to provide our private sector partners with some information on suspicious activity.
Despite official statistics showing a decrease in the number of arrests related to Salafist-jihadist activity, EU-based security services have thwarted numerous IED-centered plots since 2003. Many of the EU plots involve al Qaeda-networked terrorists in Afghanistan and Pakistan, and included plots in Spain, Germany, Italy, Belgium, and the United Kingdom (UK). Two recent plots are representative of the current IED threat in the EU: the Sauerland plot in Germany (2007) and the Barcelona plot in Spain (2008).
In September 2014, The Islamic State of Iraq and Syria (ISIS) released a propaganda video encouraging its followers to murder “intelligence officers, police officers, soldiers and civilians.” The video was re-released in January 2015 and specifically named the United States, France, Australia and Canada as targets. Now, first responders have an additional threat: Impersonation and misrepresentation by terrorists as first responders. The impersonators main goals are to further their attack plan and do harm to unsuspecting citizens as well as members of the emergency services community.
This document presents an overview of terrorism threats and terrorist methodologies to assist OPSEC managers in evaluating the threat and managing terrorist risks to organizations and personnel. As in other areas of security and intelligence concern, proper application of the OPSEC process in evaluating threat and risk1 helps an organization to make informed decisions on conducting its mission-critical activities without becoming unduly vulnerable.
An analysis of recent suicide bombings throughout the Middle East, Europe and Africa by the FBI Terrorism Explosive Device Analytical Center (TEDAC) that was released after the terrorist attacks in Paris, France last month states that “suicide vest and belt improvised explosive devices (IEDs) in the Middle Eastern, African, and European regions likely . . . have minimal correlation” and do not indicate tactical migration.
(U//FOUO) DHS-FBI-NCTC Bulletin: Tactics, Techniques, and Procedures Used in November 2015 Paris Attacks
This Joint Intelligence Bulletin (JIB) is intended to provide a review of the tactics, techniques, and procedures demonstrated by the perpetrators of the 13 November 2015 attacks in Paris, France. This JIB does not provide analysis of any follow-on operations or operations occurring in Europe in the wake of the attacks. It relies on a variety of open source and media reporting for the analysis, which could change as official details of the post-incident investigations come to light. This JIB is intended to support the activities of DHS, FBI and NCTC to assist federal, state, and local government counterterrorism and law enforcement officials, first responders, and private-sector security partners in effectively deterring, preventing, preempting, or responding to terrorist attacks against the United States.
After the September 11, 2001 terrorist attacks, the United States adopted a preventive approach to combating all forms of terrorist activity. Efforts to combat the financing of terrorism (CFT) are a central pillar of this approach. Cutting off financial support to terrorists and terrorist organizations is essential to disrupting their operations and preventing attacks. To that end, the U.S. government has sought to identify and disrupt ongoing terrorist financing (TF) and to prevent future TF. The law enforcement community, including various components of the U.S. Departments of Justice, Homeland Security, and the Treasury, along with the intelligence community and the federal functional regulators, applies robust authorities to identify, investigate, and combat specific TF threats, enforce compliance with applicable laws and regulations, and prosecute supporters in order to deter would-be terrorist financiers. The U.S. Department of the Treasury (Treasury), which leads financial and regulatory CFT efforts for the U.S. government, employs targeted financial sanctions, formulates systemic safeguards, and seeks to increase financial transparency to make accessing the U.S. financial system more difficult and risky for terrorists and their facilitators. All of these efforts involve extensive international engagement to try to prevent any form of TF, particularly financing that does not necessarily originate in the United States, from accessing the U.S. financial system.
Since 2013, the country has experienced several waves of Libyan returnees, which also formed the backbone of the newly established ISIL in Libya. In addition, the country continues to attract foreign terrorist fighters in significant numbers from North Africa. While currently concentrated in its stronghold in Sirte, ISIL could seek local alliances to expand its territorial control, also entailing the risk of motivating additional foreign terrorist fighters to join the group in Libya.
The DDIS Intelligence Risk Assessment gives an overview of our current intelligence-based assessments of developments in a number of countries and conflict areas and provides an outline of foreign policy issues that may impact on Denmark’s security. This year’s Risk Assessment emphasizes the terrorist threat posed by militant Islamist groups, Russia’s attempt at repositioning itself as a great power, cyber espionage against businesses and public authorities, and the conflict-ridden and unstable situation in the Middle East and North Africa. The analyses contained in this risk assessment are based on classified intelligence. The assessment is, however, unclassified and aimed at a wide audience, which limits the level of detail in analyses.
Radicalization is the process by which an individual, group, or mass of people undergo a transformation from participating in the political process via legal means to the use or support of violence for political purposes (radicalism). Radicalism includes specific forms, such as terrorism, which is violence against the innocent bystander, or insurgency, which is violence against the state. It does not include legal and/or nonviolent political protest, such as protest that is more properly called activism.
Terrorists in late December 2013 conducted three attacks targeting people using public transportation systems in Russia, emphasizing terrorists’ persistent interest in attacking locations where large congregations of people are confined to small, often enclosed spaces. Russian officials claim North Caucasus-based violent extremists associated with the Imirat Kavkaz (IK) probably conducted these attacks to embarrass the Russian government in the build-up to the 2014 Olympic Games in Sochi. The IK, a violent extremist group based in Russia, has no known capability in the Homeland and is unlikely to directly target Western interests overseas.
This report examines much of Tamerlan Tsarnaev’s personal history and his interaction with Federal agencies, including his radicalization, the 2011 threat assessment carried out by the FBI, and his travel to Russia in early 2012. Additionally, the Committee explores missed opportunities that potentially could have prevented this attack.
On Saturday, September 21, 2013, members of Al Shabaab, a Somali based Islamic terrorist organization affiliated with the international Al Qaeda network, executed a complex terrorist attack on an upscale shopping mall in Nairobi, Kenya. The attackers simultaneously entered the mall from two different entrances, shooting shoppers with assault rifles and throwing hand grenades. The terrorists remained in the mall, engaging government security forces for the next four days, resulting in a major fire and partial collapse of the mall. The Kenyan government has officially reported 72 deaths and more than 200 injured as a result of the attack. A significant number of those killed and injured were foreign citizens, including 6 U.S. citizens who were injured in the attack.