Imminent High Profile Terror Attack ! ...... How Do We Know ?

Al Qaeda Communications in days leading up to an attack

Narrative of a genuine 3 months counter-terror operations

The threat of an attack by multiple gunmen on a location packed with civilians remains the second biggest fears of counter terrorism chiefs. The ambition of violent Islamists to stage a Mumbai-style atrocity is undiminished.

Primitive militia holed up in the wilderness or jungle

Terror attacks are often portrayed as an incident with little preparations or coordination, the image of the Islamist group as a primitive militia, disenfranchised, marginalized, and estranged from society, holed up in the wilderness,  jungle or backstreets of the cosmopolitan cities. Dreaming about the mission and vision but lacking the capabilities and skills to plan attacks that fulfil the demands of a strategy and military doctrine.

Or professionals executing international plot

Only when more attackers seem to be able to cause carnage that claims the attention of international media for days in a row and murder people in plain sight. Only then one starts to wonder about the level and coordinated planning those attacks have, and if such scale of preparation  can be detected and/or prevented.

Al Qaeda "The Base",  detected but never eradicated

Al Qaeda "The Base", as in connections that go back to the 90’s and developed into the past decade. Informal relationships and human networks, one of the most important of which was formed around bin Laden in the 1980s and 1990s.

Counter terrorism operations launched after 9/11 show that detection takes an immense investment in Techint and deep cycle undercover operations. Traditional mechanics of terror groups proved no longer effective due to the advanced monitoring possibilities of the intelligence services (NSA, Echelon) and widely infiltrated Mosques. The operations were quite successful but did not go unnoticed, forcing “The Base” to change methods, minimize their use of infrastructure and move their leadership from Europe to less technologically advanced countries, thus staying under the radar of government agencies.

Al Qaeda "The Base" is “seen as” currently led by Ayman al Zawahiri and was never eradicated because the WOT actually was the WOTF "War On Terror Figureheads" with a focus on thought leaders like Usama bin Laden and the AfPak region. Allowing unhindered growth of the international funding and support network.

Complexity of cross continent high profile attacks by Al Qaeda Affiliates

Anti money laundering investigations (Ultrascan-AGI, 2007-2013) links, the initial funding to the support for more complex cross continent attacks by Al Qaeda's  affiliates. The new (re-) acquired organisations like LeT, Al Shabab , Al Nusra, Boko Haram, ISIS and groups that have not yet (re-) captured the eye of the global media today. For example the Mumbai attacks ending at the Taj Mahal hotel, the UN building in Abuja, the US embassy in Benghazi and the Westgate shopping mall in Nairobi.

The complexity is then defined by (preparatory and coordinating) acts abroad, participation by foreigners and professional knowledge of security measures at the target.

What does that look like .... let’s have a view to a kill and map the international communications in the days leading up to such a high profile terror attack.

Narrative of a genuine 3 months counter-terror operation

The information listed is declassified (for now). Merely an anonymized example of transnational criminal  cooperation and coordination for a high profile terror attack. Every year there are hundreds of similar cases where threats are disrupted by the Intelligence Services and Counter Terrorism efforts, but no one will ever know.

Month one

Day 20 - The National Security Agency (NSA) has intercepted encrypted messages between members of the Al Qaida network mentioning the premises of an NGO in North Africa as well as its affiliates and personnel as a possible target.

Month two

Day 1 – We tasked an AML and risk assessment operation in Egypt and other parts of the Middle East. Discovering an imminent threat to a meeting in a hotel resort in Africa, as a prime target for the Al Qaeda network, reason for a 60-days terror alert.

Day 19 - Ongoing humint and analysis, regarding the above mentioned Terror Alert, yielded that the target is hosting an international event in month three, catering to thousands of guests mainly government officials and suspicion about possible Mumbai style operations scenario’s in West Africa.

Day 20 - Ongoing Humint, whispers of a terror cell from Al Qaeda launched and on the move in Algeria.

Day 25 - 5 suspects in vehicle arrived in border town with Mali and Humint reveals that two of the suspects meet with local criminal elements. Reason to launch a tactical team from Mali to intercept if/when suspects cross the border, identify and disrupt.

Day 26 - The armed group was arrested after crossing in to Mali.

Day 27 - No evidence was found to establish a link with a planned terror attack nor our 60-days terror alert. It’s not unusual for Al Qaeda to launch diversions.

Back to square one

Map Al Qaeda International Communications

Month three

Day 1 in Egypt

Day 1 -  We identified mobile numbers, linked to the messages between members of the Al Qaida network as intercepted by the NSA on day 20 of month one, using Mobile phone transmission towers in Mansoura and Saeed, Cairo, Egypt.

The user of one phone/number revealed tradecraft, sufficient reason to initiate a low level of monitoring, collecting phone numbers, IMEI’s, IMSI’s, locations, time and duration of the call.

That phone A is in Egypt and makes calls to:

Day 1 -   8:57 |  67s   The Netherlands Eindhoven

Day 1 -   9:18 |  202s The Netherlands Eindhoven

Day 1 - 15:26 |  13s   Nigeria Port Harcourt

Day 1   15:35 |  517s Nigeria Port Harcourt

Day 2 the phone A is in Libya and calls with:

Day 2 -  11:07 | 426s  Nigeria Abuja

Day 2 -  14:24 | 84s    Senegal Dakar (Ouest Foire)

Day 2 -  15:44 | 156s  Senegal Dakar (Ouest Foire)

Day 2 -  22:25 | 0s       Receives SMS from Luxembourg Orange Internet SMS Service

Day 3 the phone A is still in Libya and calls with:

Day 3 -  9:27 | 347s  Nigeria Port Harcourt

Day 3 -  9:34 | 322s  Nigeria Abuja

Day 3  21:51 |  268s  Senegal Dakar Grande Mosquée (Nord Foire)

Day 4 the phone A is in Algeria and calls with:

Day 4 -  17:32 | 11s  Senegal Dakar Marche Artisanal de Soumbedioune

Day 5 the phone A still is in Algeria and calls with:

Day 5 -   9:58 | 124s   Monaco

Day 5 - 11:08 | 19s     Serbia Kosovo Pristina

Day 5 - 12:23 | 150s   Senegal Dakar (Ouest Foire)

Day 5 - 12:27 | 45s     Received a call from Senegal Dakar (Mauritanian subscription)

Day 5 - 14:57 | 83s    Senegal Dakar Marche Artisanal de Soumbedioune

Day 5 - The combination of calls to subscribers in Monaco and Kosovo signals a possible connection to our terror alert and is reason to switch to real-time monitoring and launch a special operations team to identify and disrupt. The first and only incoming call from a Mauritanian subscriber in Senegal reveals a connection to a “Hotel resort in Africa” mentioned in the 60-day terror alert on day one of month two.

Day 6 the phone A is in Mali  and calls with:

Day 6 -   3:27 | 38s   Australia Brisbane

Day 6 -   9:20 | 169s Australia Brisbane

Day 6 - 12:35 | 38s   voicemail Senegal Dakar Marche Artisanal de Soumbedioune

Day 6 - 12:35 | 24s   Senegal Dakar Marche Artisanal de Soumbedioune

Day 6 - 14:37 | 216s Senegal Dakar

Day 6  - The heavily armed terror cell composed of four nationalities was disrupted in a remote desert area of Mali which is a haven for all kinds of traffickers of Tuareg rebels and Islamist militants.

Strike one and target confirmed

Day 6 - Evidence immediately established intent and preparation for an imminent terror attack. The first analysis of the collected pocket litter traced one of the terrorist to the beachside at a Hotel resort as mentioned in our 60-days terror alert. It’s not unusual for Al Qaeda to launch more cells. Reason to upgrade the security measures at the target and surrounding areas.

Day 6 – Further analysis identified another phone B possible from an insider and calls with:

Day 6 - 22:10 | 104s Nigeria Lagos

Day 7 – This threat by Al Qaeda was alive, with the scope of the organisation, scale, timetable and targets identified. Reason to launch one of the largest secret security operations ever on the African continent.

Map of the locations of the phone A and its connections: on Google map.