28 October, 2011

Jihadist Threat and Grassroots Defence

By Fred Burton and Scott Stewart

It has been a rough couple of weeks for the Egyptian al Qaeda contingent in Pakistan. On Aug. 12, Pakistani security sources confirmed that an Aug. 8 operation in Bajaur resulted in the death of al Qaeda leader Mustafa Abu al-Yazid, aka Sheikh Said al-Masri. Some posters on jihadist message boards have denied the reports, but al Qaeda itself has yet to release a statement on the issue. Al-Yazid was reportedly al Qaeda’s operational commander for Afghanistan, and some reports also claim he was responsible for planning attacks within Pakistan, such as the June 2 attack on the Danish Embassy.

If confirmed, al-Yazid’s death came just 11 days after the July 28 missile strike in South Waziristan that resulted in the death of al Qaeda’s lead chemical and biological weapons expert, Midhat Mursi al-Sayid Umar, also known as Abu Khabab al-Masri. The strike against al-Sayid also killed three other Egyptian al Qaeda commanders. In an ironic twist, the official al Qaeda eulogy for al-Sayid and his companions was given by al-Yazid.

Unconfirmed rumors also have swirled since the July 28 attack that al Qaeda No. 2 Ayman al-Zawahiri was either killed or seriously wounded in the same operation. An audiotape in which al-Zawahiri speaks out against Pakistani President Pervez Musharraf was recently released in an odd manner, in that it was given directly to a Pakistani news channel rather than via al Qaeda’s usual release pattern of having As-Sahab Media upload it directly to the Internet. The tape, in which al-Zawahiri speaks in English for the first time in a public pronouncement, is not convincing proof that al-Zawahiri was not wounded or killed. Obviously, al-Zawahiri’s loss would be another serious blow to the organization.

Al Qaeda’s current problems are nothing new. In fact, the United States and its allies have been attacking al Qaeda’s operational infrastructure consistently since 9/11. While the United States has not yet located and killed the al Qaeda apex leadership, it has done a very good job of eliminating senior operational commanders — the men in the al Qaeda hierarchy who actually plan and direct the militant Islamist group’s operations. The nature of their position means the operational commanders must have more contact with the outside world, and therefore become more vulnerable to being located and killed or captured.

Because of this campaign against al Qaeda’s operational infrastructure, STRATFOR has been saying for some time now that we do not believe the core al Qaeda group poses a strategic threat to the U.S. homeland. However, that does not mean that the United States is completely free of danger when it comes to the jihadist threat. While the core al Qaeda group has been damaged, it still poses a tactical threat — and still can kill people. Furthermore, as the jihadist threat has devolved from one based primarily on al Qaeda the organization to one based on al Qaeda the movement, al Qaeda’s regional franchises and a nebulous array of grassroots jihadists must also be accounted for.

With al Qaeda’s operational structure under continued attack and the fact that there are no regional franchises in the Western Hemisphere, perhaps the most pressing jihadist threat to the U.S. homeland at the present time stems from grassroots jihadists.

Beyond the Cliches

There are many cliches used to describe grassroots jihadists. As we have long discussed, grassroots operatives tend to think globally and act locally — meaning they tend to be inspired by events abroad and yet strike close to home. Additionally, these operatives tend to be a mile wide but an inch deep — meaning that while there are many of them, they are often quite inept at terrorist tradecraft. These cliches are not just cute; they have a sound basis in reality, as a study of grassroots jihadists demonstrates.

There are two basic operational models that involve grassroots jihadists. The first operational model is one where an experienced operational commander is sent from the core al Qaeda group to assist the local grassroots cell. This is what we refer to as the “al Qaeda 1.0 operational model” since it literally is the first one we became familiar with. We saw this model used in many early jihadist operations, such as the 1993 World Trade Center bombing and the 1998 U.S. Embassy bombings in East Africa. It has also been employed in a number of thwarted plots, such as Operation Bojinka in 1995 and the millennium plots in 2000. This model also was used in the thwarted 2006 Heathrow airliner plot.

The second grassroots operational model involves operatives who launch attacks themselves without external funding or direct operational guidance. This is what we refer to as the “al Qaeda 3.0 operational model.” Examples of attacks committed using this model include the November 1990 assassination of Rabbi Meir Kahane in New York, the July 21, 2005, London bombings, the July 2002 armed assault of the El Al Airlines ticket counter at Los Angeles International Airport and the botched June 2007 bombing attacks in London and Glasgow.

Something of a gray area exists around the borders of these two operational models, and at times it can be difficult to distinguish one from the other. For example, Mohammed Siddique Khan, the leader of the cell that carried out the July 7, 2005, London suicide bombings, had attended training camps in Pakistan with another member of the cell. While there, he had at least some contact with al Qaeda, since al Qaeda released a copy of the martyrdom videos the two made during their time in Pakistan.

Notably, these attacks show that most of these grassroots jihadists, whether as part of a 1.0 or a 3.0 structured cell, selected targets in close proximity to their place of residence. Even when such cells have established safe houses to store chemicals, to manufacture improvised explosive mixtures or to construct improvised explosive devices, those safe houses quite often have been close to the target and the attacker’s residence. Grassroots jihadists really do think globally and act locally.

A second notable aspect of several of these attacks is that these operatives lack terrorist tradecraft such as operational security and surveillance techniques. Blunders in these areas have frequently led to the groups being identified and nabbed before they could launch their attacks. Plain old police traffic stops have exposed jihadist cells such as the Virginia Jihad Network and have helped to thwart several other terror plots.

Even when a grassroots group is able to execute its attack without detection, it often has been hampered by a lack of bomb-making skill. The failed July 21, 2005, London bombings and the June 2007 London and Glasgow attacks exemplify this flaw. Grassroots groups simply do not have the same level of training and operational experience as the professional operatives comprising the core al Qaeda group. Operationally, they are a mile wide and tend to be an inch deep.

Another consideration that comes to light while contemplating past grassroots cases is that lacking funding from al Qaeda core, grassroots operatives are likely to indulge in petty crimes such as credit card theft, cargo theft or armed robbery to fund their activities. For example, in July 2005, a grassroots cell in Torrance, Calif., was uncovered during an investigation into a string of armed robberies. After arresting one suspect, Levar Haney Washington, police who searched his apartment uncovered material indicating that Washington was part of a militant jihadist group planning to attack a number of targets in the Los Angeles area.

Truthfully, most grassroots operatives are far more likely to commit a criminal act such as document fraud or receiving stolen property than they are to have telephone conversations with Osama bin Laden. When they do commit such relatively minor crimes, it is local cops rather than some federal agency that will have the first interaction with them. This means that local police are an important piece of the counterterrorism defenses — they are, in essence, grassroots defenders.

Beyond Grassroots Jihadists

A recent study led by Brent Smith of the Terrorism Research Center at the University of Arkansas’ Fulbright College suggests that these trends extend beyond the grassroots jihadist threat. In a July article in the National Institute of Justice Journal, Smith noted that his research team studied 60 terrorist incidents in the United States over the past 25 years. The terrorist actors were from a cross-section of different ideological backgrounds, including domestic left-wing, domestic right-wing, domestic single-issue and international terrorists.

In the study, Smith and his colleagues identified the residences of 431 terrorist suspects and found that, overall, 44 percent of the attacks were conducted within 30 miles of the perpetrator’s place of residence and 51 percent were conducted within 90 miles of the residence. When broken down by type, the numbers were actually highest for international terrorists, with 59 percent of the suspects living within 30 miles of their target and 76 percent of the suspects residing within 90 miles.

Smith’s study also noted that many of the preparatory actions for the attacks occurred close to the attack site, with 65 percent of the environmental terrorists and 59 percent of the international terrorists studied conducting preparations for their attacks within 30 miles of their target sites. Of course, some preparatory actions, such as preoperational surveillance, by their very nature must be conducted within close proximity to the attack site. But still, the percentage of activity conducted near attack sites is noteworthy.

One other interesting result of Smith’s study was the timeline within which preparation for an attack was completed. For international groups, the preparation could take a year or more. But environmentalist and left-wing groups proved to be far more spontaneous, with a large portion of their preparation (88 and 91 percent, respectively) completed within two weeks of the attack. This means that prior to an attack, international terrorists are generally vulnerable to detection for far longer than are members of a domestic left-wing or environmentalist group.


While there are always exceptions to the percentages, with people like Timothy McVeigh and Mohammed Atta traveling long distances to conduct preparatory acts and execute attacks, most people conducting terrorist attacks tend to operate in areas they are familiar with and environments they are comfortable in.

When we examine the spectrum of potential terrorist actors — from domestic people such as McVeigh and Eric Rudolph to international figures such as Mohammed Atta and Ahmed Ajaj — it is clear that a large number of them have had no prior interaction with federal law enforcement or intelligence officials and therefore no prior record identifying them as potential terrorism suspects. That means that even if they were stopped by a local police officer (as Atta was for driving without a license), any national-level checks would turn up negative. Because of this, it is extremely important for police officers and investigators to trust their instincts and follow up on hunches if a subject just doesn’t feel right. The Oklahoma state trooper who arrested McVeigh, the New Jersey state trooper who nabbed Yu Kikumura, or the rookie Murphy, N.C., officer who apprehended Eric Rudolph are all examples of cops who did this.

Of course, following your instincts is difficult to do when management is pressuring police officers and agents investigating cases such as document and financial fraud to close cases and not to drag them out by pursuing additional leads. Indeed, when Ahmed Ajaj was arrested in September 1992 for committing passport fraud, the case was quickly closed and authorities pretty much ignored that he had been transporting a large quantity of jihadist material, including bomb-making manuals and videos. Instead, he was sentenced to six months in jail for committing passport fraud and was then scheduled for deportation.

Had authorities taken the time to carefully review the materials in Ajaj’s briefcase, they would have found two boarding passes and two passports with exit stamps from Pakistan. Because of that oversight, no one noticed that Ajaj was traveling with a companion — a companion named Abdel Basit who entered the United States on a fraudulent Iraqi passport in the name Ramzi Yousef and who built the large truck-borne explosive device used in the 1993 World Trade Center bombing.

While many state and local departments have specialized intelligence or counterterrorism divisions, training on how to spot potential terrorist preparatory activity often does not go much further than those officers specifically assigned to the counterterrorism portfolio. In some jurisdictions, however, law enforcement managers not only give investigators the leeway to investigate potential terrorist activity, they also encourage their street officers to do so — and even provide training on how to identify such behavior.

In many jurisdictions, serious problems in information sharing persist. Much has been written about “the wall” that separated the FBI’s intelligence investigations from its criminal investigations and how that separation was detrimental to the U.S. government’s counterterrorism efforts prior to 9/11. The FBI is not the only place such a wall exists, however. In many state and local law enforcement departments, there is still a wide gulf separating the intelligence or counterterrorism division officers and the rest of the department. This means that information regarding cases that general crimes investigators are looking into — cases that very well could have a terrorism angle — does not make it to the officers working terrorism cases.
As the shift toward grassroots operatives continues, information pertaining to preparatory crimes will become even more critical. Identifying this activity and flagging it for follow-on investigation could mean the difference between a thwarted and a successful attack. As the grassroots threat emerges, the need for grassroots defense has never been greater.

Read more: The Jihadist Threat and Grassroots Defense | STRATFOR 

This is republished with the permission of STRATFOR

Decoding the Manchester Plot

By Fred Burton and Scott Stewart

On April 8, British authorities mounted a series of raids in Merseyside, Manchester and Lancashire that resulted in the arrest of 12 men suspected of being involved in a plot to conduct attacks over the Easter holiday weekend. In a press conference the following day, Prime Minister Gordon Brown noted that the men arrested were allegedly involved in “a very big terrorist plot.” British authorities have alleged that those arrested sought to conduct suicide bombing attacks against a list of soft targets that included shopping centers, a train station and a nightclub.

The searches and arrests targeting the suspects purportedly involved in the plot, which was dubbed Operation Pathway, had to be accelerated after Bob Quick, the assistant commissioner of the Metropolitan Police in charge of terrorism investigations, inadvertently allowed reporters to see a classified document pertaining to the operation as he was entering 10 Downing Street to brief Brown and Home Secretary Jacqui Smith on April 8. An embarrassed Quick resigned April 9 over the gaffe.

In spite of the leak, the British authorities were successful in detaining all of the targeted suspects, though the authorities have reportedly not been able to recover explosive material or other bomb-making evidence they were seeking. British authorities arrested 12 suspects, 11 of whom were Pakistani citizens. Smith told British Parliament on April 20 that all 11 of the Pakistani nationals entered the United Kingdom on student visas. The youngest of the Pakistani suspects, who is reportedly still a teenager, was remanded to the custody of British immigration authorities to face deportation proceedings April 9. The rest of the 11 suspects were released by British authorities April 21, though ten reportedly were placed in the custody of immigration officials.

Many of the specific details of the plot have not yet come out, and due to the sensitive nature of the intelligence sources and methods involved in these types of investigations, more details may never be fully divulged now that there will be no criminal trial. However, when viewed in the historical and tactical context of other terror plots and attacks (in the United Kingdom and elsewhere), there are some very interesting conclusions that can be drawn from this series of events and the few facts that have been released to the public so far.

This case also highlights the tension that exists within the counterterrorism community between advocates of strategies to disrupt terrorist attacks and those who want to ensure that terror suspects can be convicted in a court of law.


Among of the most significant things that have come to light so far regarding the thwarted plot are the alleged targets. According to press reports, the British MI5 surveillance teams assigned to monitor the activities of the purported plotters observed some of them videotaping themselves outside of the Arndale and Trafford shopping centers in Manchester, as well as at St. Ann’s Square, which lies in the center of Manchester’s main shopping district. Other reports suggest that the plotters had also conducted surveillance of Manchester’s Piccadilly train station, an intercity train station that is one of the busiest in the United Kingdom outside London, and Manchester’s Birdcage nightclub.

These targets are significant for several reasons. First, they are all soft targets — that is, targets with very little security. As STRATFOR has pointed out for several years now, since counterterrorism efforts have been stepped up in the wake of the 9/11 attacks, and as the tactical capability of groups like al Qaeda has been degraded, jihadist operatives have had less success targeting hardened targets and have turned instead to striking soft targets.
While authorities have moved to protect high-value targets, there simply are far too many potential targets to protect them all. Governments are stretched thin just trying to protect important government buildings, bridges, dams, nuclear power plants, airports and mass-transit systems in their jurisdiction. The reality on the ground is that there are not nearly enough resources to protect them all, much less every potential location where people concentrate in large groups — like shopping centers and nightclubs. This means that some targets are unprotected and are therefore, by definition, soft.

The selection of soft targets in this case indicates that the alleged Manchester plotters did not possess the operational capability to strike more strategic, high-value targets. While attacks against soft targets can be tragic and quite bloody, they will not have the same effect as a successful attack on high-value targets such as Parliament, the London Stock Exchange or a nuclear power station.

It is also very interesting that the plotters were purportedly looking to hit soft targets in Manchester and not soft targets in London. London, as the capital and a city that has been the center of several plots and attacks, is generally on a higher alert than the rest of the country and therefore would likely be seen as more difficult to target. Additionally, many of the suspects lived in the Manchester area, and as we have previously discussed, grassroots operatives, who are not as well-trained as their transnational brethren, tend to “think globally and act locally,” meaning that they tend to plan their attacks in familiar places where they are comfortable operating, rather than in strange and potentially more hostile environment.

In addition to targeting locations like shopping centers and the train station, where there were expected to be large crowds over the holiday weekend, the alleged plotters also apparently looked at the Birdcage nightclub, an establishment that is famous for its “flamboyant and spectacular” shows featuring female impersonators. This is a location the alleged plotters likely considered a symbol of Western decadence (like establishments that serve alcohol in Muslim countries).

Flawed Tradecraft

As noted above, the alleged plotters had been under surveillance by MI5. This indicates that their operational security had been compromised, either via human or technical means. Furthermore, the suspects did not appear to possess any surveillance detection capability — or even much situational awareness — as they went out into Manchester to conduct pre-operational surveillance of potential targets while under government surveillance themselves. Furthermore, the suspects’ surveillance techniques appear to have been very rudimentary in that they lacked both cover for action and cover for status while conducting their surveillance operations.

This aspect of the investigation reinforces two very important points that STRATFOR has been making for some time now. First, most militant groups do not provide very good surveillance training and as a result, poor surveillance tradecraft has long proven to be an Achilles’ heel for militants. Second, because of this weakness, countersurveillance operations can be very effective at catching militant operatives when they are most vulnerable — during the surveillance phase of the terrorist attack cycle.

Media reports indicated that during Operation Pathway, British authorities intercepted a series of Internet exchanges between the suspects suggesting a terror strike was imminent. Furthermore, among the locations raided April 8 was the Cyber Net Cafe in Cheetham Hill, an establishment where British authorities observed the suspects using computers to communicate. Not only is this electronic surveillance significant in that it allowed the authorities to surmise the approximate timing of the attack, but perhaps just as important, this ability to monitor the suspects’ communications will allow the authorities to identify other militants in the United Kingdom and beyond.

Indeed, in several previous cases related to the United Kingdom, such as the investigations involving the U.S. arrest of Mohammed Junaid Babar and the U.K. arrest of Younis Tsouli, authorities were able to use communications from militant suspects to identify and roll up militant cells in other countries. Therefore, we will not be at all surprised to hear at some point in the future that British authorities were able use the communications of the recently arrested suspects to tip off authorities in the United States, Canada, other European countries or elsewhere about the militant activities of people the suspects were in contact with.

Links to Pakistan

And speaking of elsewhere, as noted above, 11 of the arrested suspects were Pakistani nationals who entered the U.K. on student visas. At this point it is not exactly clear if the British believe the 11 suspects were radical militants specifically sent to the United Kingdom to conduct attacks or if they arrived without malicious intent and were then radicalized in the Petri dish of Islamist extremism that so rapidly replicates inside the British Muslim community — what we have come to refer to as Londonistan.

Many British lawmakers and media reports have made a huge issue out of the fact that 11 of the alleged plotters entered the United Kingdom on student visas, but even if the suspects were radicals who used student visas as a way to enter the United Kingdom, this is by no means a new tactic as some are reporting. STRATFOR has long discussed the use of student visasbogus political asylum claims and other forms of immigration fraud that have commonly been used by militants. In fact, there have been numerous prior examples of jihadist operatives using student visas, such as the following:
  • While Sept. 11 hijackers Mohamed Atta and Marwan al-Shehhi initially entered the United States on tourist visas, they were approved for M-1 student visas shortly before carrying out their attacks.
  • Youssef Samir Megahed, who was arrested in possession of an improvised explosive device (IED) in August 2007 and later sentenced to a 15-year prison sentence, was a Kuwaiti engineering student who entered the United States on a student visa.
  • Mohammed Aatique, a convicted member of the “Virginia Jihad Network” who was sentenced to 10 years in prison for conspiracy and weapons violations, also entered the United States from Pakistan as an engineering student.
In some ways, connections between the alleged plotters and militant groups in Pakistan such as al Qaeda or the Tehrik-i-Taliban Pakistan (TTP) would be more analytically significant than if they turn out to be grassroots operatives. The operational security, skills and terrorist tradecraft exhibited by the plotters are about what one would expect to see in a grassroots militant organization. This level of sophistication is, however, far less than one would expect from a transnational organization. Therefore, if this was an al Qaeda operation, it shows how far the group has fallen in the past eight years. If it was the TTP, it means that our previous estimate of their operational ability outside of Pakistan was fairly accurate.

Lack of Evidence

To date, the British authorities have not been able to find the explosive material and IED components they were expecting to find. This might mean that the materials may still be hidden somewhere and could be used in a future attack. It is also quite possible, and perhaps more likely, that this lack of evidence is an indication that the plot was not quite as far along as the British authorities believed. Perhaps the references the suspects allegedly made to launching the attack on a bank holiday pertained to a holiday later in the year.

While the plot as described by the British authorities would not have been a significant, strategic threat to the United Kingdom, it could have been quite deadly and could very well have surpassed the July 7, 2005, attacks in terms of final body count. Because of this potential destruction, it is quite possible that the British government decided to err on the side of disruption rather than on the side of prosecution. This is something we have seen in the investigation of several other plots in recent years in the United Kingdom and elsewhere, perhaps most notably in the August 2006 Heathrow plot, in which a cell of operatives was preparing to bomb a series of trans-Atlantic airline flights using liquid explosives.
It is much more difficult to obtain a conviction for a conspiracy to commit an act of terrorism than it is to obtain a conviction for an attack that was successfully conducted. Once the attack is executed, there is no longer much room to wrangle in court over things such as intent or capability. Governments also frequently know things via intelligence they cannot prove to the standards required for a conviction in a court of law.

This was seen in the Heathrow case, where only three of the eight suspects were convicted of the main charges during that trial, which ended in September 2008. (The other five suspects had pled guilty to lesser charges.) During that case there was reportedly some tension between the U.S. and British authorities over when to wrap up the Heathrow plotters — some of the British apparently wanted to wait a while longer to secure more damning evidence, while the Americans were reportedly more interested in ensuring that the plot was disrupted than they were in obtaining convictions. It is likely the same dynamic was at play during the investigation of the Manchester case.

Although Quick’s disclosure did hasten the launch of Operation Pathway by a few hours, it did not significantly alter the timing of the investigation — the British authorities were preparing to execute an array of searches and arrests. From an ethical standpoint (and, not insignificantly in this day and age, a political aspect) it is deemed better by many to disrupt a plot early and risk the terror suspects being acquitted than it is to accidentally allow them to conduct an attack while waiting to gather the evidence required for an ironclad court case. Disruption can have an impact on the success of prosecutions, but in the eyes of a growing number of policymakers, that impact is offset by the lives it saves.

Read more: Disruption vs. Prosecution and the Manchester Plot | STRATFOR 

This is republished with the permission of STRATFOR

New York Police and its CT methods

By Scott Stewart

In response to the 9/11 attacks, the New York Police Department (NYPD) established its own Counter-Terrorism Bureau and revamped its Intelligence Division. Since that time, its methods have gone largely unchallenged and have been generally popular with New Yorkers, who expect the department to take measures to prevent future attacks.

Preventing terrorist attacks requires a very different operational model than arresting individuals responsible for such attacks, and the NYPD has served as a leader in developing new, proactive approaches to police counterterrorism. However, it has been more than 10 years since the 9/11 attacks, and the NYPD is now facing growing concern over its counterterrorism activities. There is always an uneasy equilibrium between security and civil rights, and while the balance tilted toward security in the immediate aftermath of 9/11, it now appears to be shifting back.

This shift provides an opportunity to examine the NYPD’s activities, the pressure being brought against the department and the type of official oversight that might be imposed.

Under Pressure

Reports that the NYPD’s Intelligence Division and Counter-Terrorism Bureau engage in aggressive, proactive operations are nothing new. STRATFOR has written about them since 2004, and several books have been published on the topic. Indeed, police agencies from all over the world travel to New York to study the NYPD’s approach, which seems to have been quite effective.

Criticism of the department’s activities is nothing new, either. Civil liberties groups have expressed concern over security methods instituted after 9/11, and Leonard Levitt, who writes a column on New York police activities for the website NYPD Confidential, has long been critical of the NYPD and its commissioner, Ray Kelly. Associated Press reporters Adam Goldman and Matt Apuzzo have written a series of investigative reports that began on Aug. 24 detailing “covert” NYPD activities, such as mapping the Muslim areas of New York. This was followed by the Aug. 31 publication of what appears to be a leaked NYPD PowerPoint presentation detailing the activities of the Intelligence Division’s Demographics Unit.

In the wake of these reports, criticism of the NYPD’s program has reached a new level. Members of the New York City Council expressed concern that their constituents were being unjustly monitored. Six New York state senators asked the state attorney general to investigate the possibility of “unlawful covert surveillance operations of the Muslim community.” A group of civil rights lawyers also asked a U.S. district judge in Manhattan to force the NYPD to publicize any records of such a program and to issue a court order to prevent their destruction. In response to the AP investigation, two members of Congress, Reps. Yvette Clarke, D-N.Y., and Rush Holt, D-N.J., asked the Justice Department to investigate. The heat is on.
After an Oct. 7 hearing regarding NYPD intelligence and counterterrorism operations, New York City Council Public Safety Committee Chairman Peter Vallone said, “That portion of the police department’s work should probably be looked at by a federal monitor.”

Following Vallone’s statement, media reports cited Congressional and Obama administration officials saying they have no authority to monitor the NYPD. While Vallone claims the City Council does not have the expertise to oversee the department’s operations, and the federal government says that it lacks the jurisdiction, it is almost certain that the NYPD will eventually face some sort of new oversight mechanisms and judicial review of its counterterrorism activities.

New York City and the Terrorist Threat

While 9/11 had a profound effect on the world and on U.S. foreign policy, it had an overwhelming effect on New York City itself. New Yorkers were willing to do whatever it took to make sure such an attack did not happen again, and when Kelly was appointed police commissioner in 2002, he proclaimed this as his primary duty (his critics attributed the focus to ego and hubris). This meant revamping counterterrorism and moving to an intelligence-based model of prevention rather than one based on prosecution.

The NYPD’s Intelligence Division, which existed prior to 9/11, was known mainly for driving VIPs around New York, one of the most popular destinations for foreign dignitaries and one that becomes very busy during the U.N. General Assembly. Before 9/11, the NYPD also faced certain restrictions contained in a 1985 court order known as the Handschu guidelines, which required the department to submit “specific information” on criminal activity to a panel for approval to monitor any kind of political activity. The Intelligence Division had a very limited mandate. When David Cohen, a former CIA analyst, was brought in to run the division, he went to U.S. District Court in Manhattan to get the guidelines modified. Judge Charles Haight modified them twice in 2002 and 2003, and he could very well review them again. His previous modifications allowed the NYPD Intelligence Division to proactively monitor public activity and look for indications of terrorist or criminal activity without waiting for approval from a review panel.

The Counter-Terrorism Bureau was founded in 2002 with analytical and collection responsibilities similar to those of the Intelligence Division but involving the training, coordination and response of police units. Differences between the two units are mainly bureaucratic and they work closely together.

As the capabilities of the NYPD’s Intelligence Division and Counter-Terrorism Bureau developed, both faced the challenges of any new or revamped intelligence organization. Their officers learned the trade by taking on new monitoring responsibilities, investigating plots and analyzing intelligence from plots in other parts of the United States and abroad. One of their biggest challenges was the lack of access to information from the federal government and other police departments around the United States. The NYPD also believed that the federal government could not protect New York. The most high-profile city in the world for finance, tourism and now terrorism, among other things, decided that it had to protect itself.

The NYPD set about trying to detect plots within New York as they developed, getting information on terrorist tactics and understanding and even deterring plots developing outside the city. In addition to the challenges it also had some key advantages, including a wealth of ethnic backgrounds and language skills to draw on, the budget and drive to develop liaison channels and the agility that comes with being relatively small, which allowed it to adapt to changing threat environments. The department was creating new organizational structures with specific missions and targeted at specific threats. Unlike federal agencies, it had no local competitors, and its large municipal budget was augmented by federal funding that has yet to face cyclical security budget challenges.

Looking for Plots

STRATFOR first wrote about the NYPD’s new proactive approach to counterterrorism in 2004. The NYPD’s focus moved from waiting for an attack to happen and then allowing police and prosecutors to “make the big case” to preventing and disrupting plots long before an attack could occur. This approach often means that operatives plotting attacks are charged with much lower charges than terrorism or homicide, such as document fraud or conspiracy to acquire explosives.

The process of looking for signs of a terrorist plot is not difficult to explain conceptually, but actually preventing an attack is extremely difficult, especially when the investigative agency is trying to balance security and civil liberties. It helps when plotters expose themselves prior to their attack and ordinary citizens are mindful of suspicious behavior. Grassroots defenders, as we call them, can look for signs of pre-operational surveillance, weapons purchasing and bombmaking, and even the expressed intent to conduct an attack. Such activities are seemingly innocuous and often legal — taking photos at a tourist site, purchasing nail-polish remover, exercising the right of free speech — but sometimes these activities are carried out with the purpose of doing harm. The NYPD must figure out how to separate the innocent act from the threatening act, and this requires actionable intelligence.

It is for this reason that the NYPD’s Demographics Unit, which is now apparently called the Zone Assessment Unit, has been carrying out open observation in neighborhoods throughout New York. Understanding local dynamics, down to the block-by-block level, provides the context for any threat reporting and intelligence that the NYPD receives. Also shaping perceptions are the thousands of calls to 911 and 1-888-NYC-SAFE that come in every day, partly due to the city’s “If you see something, say something” campaign. This input, along with observations by so-called rakers (undercover police officers) allows NYPD analysts to “connect the dots” and detect plots before an attack occurs. According to the AP reports, these rakers, who go to different neighborhoods, observe and interact with residents and look for signs of criminal or terrorist activity, have been primarily targeting Muslim neighborhoods.

These undercover officers make the same observations that any citizen can make in places where there is no reasonable expectation of privacy. Indeed, law enforcement officers from the local to the federal level across the country have been doing this for a long time, looking for indicators of criminal activity in business, religious and public settings without presuming guilt.
Long before the NYPD began looking for jihadists, local police have used the same methods to look for mafia activity in Italian neighborhoods, neo-Nazis at gun shows and music concerts, Crips in black neighborhoods and MS-13 members in Latino neighborhoods. Law enforcement infiltration into white hate groups has disrupted much of this movement in the United States. Location is a factor in any counterterrorism effort because certain targeted groups tend to congregate in certain places, but placing too much emphasis on classifications of people can lead to dangerous generalizations, which is why STRATFOR often writes about looking for the “how” rather than the “who.

Understanding New Threats and Tactics

As the NYPD saw it, the department needed tactical information as soon as possible so it could change the threat posture. The department’s greatest fear was that a coordinated attack would occur on cities throughout the world and police in New York would not be ramped up in time to prevent or mitigate it. For example, an attack on transit networks in Europe at rush hour could be followed by an attack a few hours later in New York, when New Yorkers were on their way to work. This fear was almost realized with the 2004 train attacks in Madrid. Within hours of the attacks, NYPD officers were in Madrid reporting back to New York, but the NYPD claims the report they received from the FBI came 18 months later. There was likely some intelligence sharing prior to this report, but the perceived lack of federal responsiveness explains why the NYPD has embarked on its independent, proactive mission.

NYPD officers reportedly are located in 11 cities around the world, and in addition to facilitating a more rapid exchange of intelligence and insight, these overseas operatives are also charged with developing liaison relationships with other police forces. And instead of being based in the U.S. Embassy like the FBI’s legal attache, they work on the ground and in the offices of the local police. The NYPD believes this helps the department better protect New York City, and it is willing to risk the ire of and turf wars with other U.S. agencies such as the FBI, which has a broader mandate to operate abroad.

Managing Oversight and Other Challenges

The New York City Council does not have the same authority to conduct classified hearings that the U.S. Congress does when it oversees national intelligence activity. And the federal government has limited legal authority at the local level. What Public Safety Committee Chairman Vallone and federal government sources are implying is that they are not willing to take on oversight responsibilities in New York. In other words, while there are concerns about the NYPD’s activities, they are happy with the way the department is working and want to let it continue, albeit with more accountability. As oversight exists now, Kelly briefs Vallone on various NYPD operations, and even with more scrutiny from the City Council, any operations are likely be approved.

The NYPD still has to keep civil rights concerns in mind, not only because of a legal or moral responsibility but also to function successfully. As soon as the NYPD is seen as a dangerous presence in a neighborhood rather than a protective asset, it will lose access to the intelligence that is so important in preventing terrorist attacks. The department has plenty of incentive to keep its officers in line.

Threats and Dimwits

One worry is that the NYPD is overly focused on jihadists, rather than other potential threats like white supremacists, anarchists, foreign government agents or less predictable “lone wolves.”

The attack by Anders Breivik in Oslo, Norway, reminded police departments and security services worldwide that tunnel vision focused on jihadists is dangerous. If the NYPD is indeed focusing only on Muslim neighborhoods (which it probably is not), the biggest problem is that it will fail in its security mission, not that it will face prosecution for racial profiling. The department has ample incentive to think about what the next threat could be and look for new and less familiar signs of a pending attack. Simple racial profiling will not achieve that goal.
The modern history of terrorism in New York City goes back to a 1916 attack by German saboteurs on a New Jersey arms depot that damaged buildings in Manhattan. However unlikely, these are the kinds of threats that the NYPD will also need to think about as it tries to keep its citizens safe. Thealleged Iranian plot to carry out an assassination in the Washington area underscores the possibility of state-organized sabotage or terrorism.

That there have been no successful terrorist attacks in New York City since 9/11 cannot simply be attributed to the NYPD. In the Faisal Shahzad case, the fact that his improvised explosive device did not work was just as important as the quick response of police officers in Times Square. Shahzad’s failure was not a result of preventive intelligence and counterterrorism work. U.S. operations in Afghanistan and other countries that have largely disrupted the al Qaeda network have also severely limited its ability to attack New York again.

The NYPD’s counterterrorism and intelligence efforts are still new and developing. As such, they are unconstrained compared to those of the larger legacy organizations at the federal level. At the same time, the department’s activities are unprecedented at the local level. As its efforts mature, the pendulum of domestic security and civil liberties will remain in motion, and the NYPD will face new scrutiny in the coming year, including judicial oversight, which is an important standard in American law enforcement. The challenge for New York is finding the correct balance between guarding the lives and protecting the rights of its people.

Read more: Growing Concern Over the NYPD's Counterterrorism Methods | STRATFOR 

This is republished with the permission of STRATFOR

13 October, 2011

Talks Vs Targets

a slightly edited version has been published in the Centre for Land Warfare Studies, New Delhi


Searching the option in India’s anti-Maoist operations

Analyst Daniel Byman asserts that “talking with insurgents is often a necessary first step toward defeating them or reaching an acceptable compromise.” Nevertheless, Byman concludes on a far less optimistic note as he says: “Talks with insurgents are politically costly, usually fail, and can often backfire.” However, he still believes that talks are “often necessary to end conflicts and transform an insurgent group into a legitimate political actor or wean them away from violence”. [1]

At the other end of the ideational spectrum, theorists Stahl and Owen; while substantiating the policy adopted by the state of Israel in its counterinsurgency-counterterrorism (CI-CT) operations, stresses on the elimination of the insurgent leaders as an effective instrument of state policy to counter the growth of rebellion. They vouch for targeted killings (TK) of charismatic leaders of the ultras. The authors counter-argue the prevalent belief that killing one leader will simply result in ten more ready to supplant the leadership. They seem to further the view that persistent application of TK continues to deplete the insurgent groups in terms of their brain and consequently their morale.

Augmenting the TK strategy, the researchers also posit: “The more time leaders spend underground (in fear of TK), the less time they have for conducting armed activity against the state.” [2]

In this regard, they put forward the example of Hamas’ leader Abdel Aziz al-Rantissi, who was forced to hide underground for four weeks; the very period for which he was the chief of the militant organisation.

In this theoretical backdrop, it may be germane to analyse the post-2004 Maoist insurrection in India and the broad strategy-cum-tactics adopted by the authorities to tackle the quagmire. It has undoubtedly become a matter of serious debate in terms of choosing the CI-strategy against the left-wing ultras. Whether it shall be long-term population-centric CI-operations with the purpose of ‘winning hearts and minds’ (WHAM) or it shall be the deployment of the army with the intent of completely annihilating the rebels; are issues which need to be resolved sooner. While some activists would psychologically ‘coerce’ the authorities for talking with the insurgents, conservative elements on the other hand, would surely ‘pressurize’ the government to refrain from adopting such ‘soft’ approach.

However, if history is invoked, then one may confront the empirical flow of events post-1967, when the ‘Naxal’ insurgency first erupted. Then government adopted a two-pronged approach to ‘wipe out’ the rebellion.

First, through ‘Operation Steeplechase’, the triumvirate of the army, para-military and the police; forming three concentric circles (army forming the outer and police the inner to perform the combing operations) demolished the very nervous system of the insurgency. At a concomitant level, the police penetrated deep into the organizational structure of the Naxals by planting their ‘moles’. With the aid of ground intelligence, TK and targeted incarceration (TI) of the Naxal leaders grew in considerable numbers.

Eventually, this dual approach worked. After Charu Mazumdar’s death in prison and the imprisonment of Kanu Sanyal and other top notch leaders, the Naxals splintered into innumerable and hence inconsequential factions.

What deters the present state governments to adopt such a two-pronged strategy as mentioned above to counter a much bigger (in magnitude and territorial extent) Maoist revolution in not beyond understanding. After all, anti-establishment political brouhaha and civil society-cum-media backlash are much more pronounced today than was in the early 1970s. In this connection, it must be mentioned that between 1997 and 2007, there were about 1,800 TK (encounter deaths as per police parlance) conducted by the Andhra police. [3] And it is now a bare fact that the insurgency in Andhra reached its nadir due to the ‘Greyhound-facilitated’ CI operations plus the effective usage of TK-TI strategy.

Bringing in the army to counter the Maoists is always fraught with politico-legal implications; let alone ethical considerations of the army ‘fighting against its own people’, keeping in mind that the ultras are mostly active in tribal-backward regions. The army has done a commendable job in north-east and Kashmir. But it has the Armed Forces Special Powers Act (AFSPA) for smoothening its functioning in those areas. However, unleashing the army in large swathes of the country in the so-called Red Corridor means imposition of the AFSPA in about 100 to 150 districts. This is an unfathomable and undesirable political situation.

However, the idea could be well tested in ‘pockets’. The recent deployment of the army at Dantewada, albeit for training purposes, must have had its psychological impact on the rebels. Shanthie Mariet D’Souza in fact, recommends introduction of the army to deal with Maoism.[4] She argues that militant activities could best be resolved through police-military operations. In this regard, she cites the examples of the Khalistani insurgency and the terrorism in Tripura, both of which were quelled through brute force.

But Dror tends to generically disagree with such a theorization by saying that: “negotiations, compromise and conciliation rest at the heart of democratic political processes.” [5] In this context, it is noteworthy to refer to Byman again who advocates that by opening the avenue of talks, there is always a possibility of creating fissures in the group by fomenting pro-talk and anti-talk factions.

Moreover, Byman cautions that if policymakers abjure the path of ‘talks’ altogether, then they might face the dead alley in terms of breaking the political stalemate.

Interestingly, Stahl and Owens are optimistic that with enough TK – “there will come a point” in time when the insurgent group is forced to compromise; as was the case with Hamas in 2004. Furthermore, it must be mentioned that ideologically strong movements like the Maoist rebellion might not ‘bend’ easily. For instance, the four-decade old Filipino Maoist movement is yet to see a politically negotiated settlement though the government has been ‘talking’ to the ultras since 1985. The latest round of talks commenced in Oslo. But it is yet to taste the actual fruits as reportedly, the Filipino Maoists are continuing with their ‘warlord-ism’ in the rural heartlands.

Recommendations for the Indian case
    A carefully orchestrated dual strategy of TK-TI compounded with population-centric, WHAM-based CI operations needs to be implemented.
2.   The direct deployment of the army may be kept in abeyance. However, future prospects of the army being put into effect should not be ruled out altogether.
3.   Tribal militias need to be upheld. However, they must be provided legitimacy through the process of official recruitment. Tribal militias are extremely significant for acquiring knowledge of the local terrain and for useful ground intelligence.
    The path of ‘talks’ needs to be kept open as a viable option, but only when the government would be sure that the Maoist guerillas are in an awkward position to continue their present phase of ‘strategic defense’.
    Mere proclamations of ‘ceasefires’ by the Maoists should not be taken as pre-conditions for opening talks as these temporary cessation of hostilities are used by the rebels to regroup, rearm, revitalize and recruit. In this regard, the Andhra talks are a pertinent case in point.
    Talks can only be initiated if the government is in a ‘position of strength’. And this could be achieved through sustained implementation of a strategic framework which houses TK-TI plus WHAM-based CI operations. 


Rajesh Rajagopalan is confident
that the “Maoist rebellion has the potential to be a serious headache but not a fundamental threat to the Indian state”, possibly because historically, “guerrilla fighters have had far less notable results when fighting against their own government” than they have had against foreign occupants.

He further says the obvious that “a more responsive and representative political and economic order would prevent the conditions that gives rise to rebellions”.  [6]

Martha Crenshaw observes that insurgency may decline because of three features; [7] viz.

a. physical defeat
b. decision of the group to abandon terrorist strategy
c. organizational disintegration

In the Indian context, it may be hypothesized that some or all the above features may be achieved through talks. However, if talks do not provide the way out, then targeted killings/incarcerations along with WHAM-based CI operations must be employed. After all, the demise of the Maoist insurgency should be an acceptable endgame for the Adivasis, the government, the police and the paramilitary; apart from a handful of the core Maoist leadership. 

If talks work, then it’s fine. Otherwise, to quote Luttwak, there would probably be no harm if “war is given a chance”. [8] It is true that development and governance are the keys to long-term tranquility, but the 'small war' must be won as a prerequisite. 


1. Daniel Byman, “Talking with Insurgents: A Guide for the Perplexed”, The Washington Quarterly, April 2009, pp. 125 – 137

2. Stahl, A.E. and Owen, William F. “Targeted Killings Work”, Infinity Journal, Issue No 1, Winter 2010, pages 10-13

3. Jairus Banaji, “The Irones of Indian Maoism”, International Socialism, 14 October 2010

4. Shanthie Mariet D’Souza, “Countering the Naxaites: Is there a need to ‘bring in’ the Army?”, Journal of Defence Studies, Vol. 3, No. 3, July 2009, pp. 125-132

5. Dror, Yehezkel, “Terrorism as a Democratic Capacity Challenge to the to Govern”, 1983, pp. 69-90 in Martha Crenshaw, ed., Terrorism, Legitimacy and Power: The Consequences of Political Violence. Middletown, CT: Wesleyan University Press.

6. Rajesh Rajagopalan, “Insurgency and counterinsurgency”, India Seminar, 2009,

7. Crenshaw, Martha, 1991, “How Terrorism Declines”, Terrorism and Political Violence, Vol. 3, no. 1, pp. 69-87

8. Edward N. Luttwak, “Give War a Chance”, Foreign Affairs, July/August 1999