Vulnerabilities in the Terrorist Attack Cycle

5 MINS READSep 29, 2005 | 23:24 GMT
Mario Tama/Getty Images
Attacks designed to instill terror, not only among the surviving victims and those in the immediate vicinity of the violence, but among society in general, always appear to occur suddenly — to come "out of the blue." The actual event, however, is the culmination of the six-stage attack cycle: target selection, planning, deployment, the attack, escape and exploitation. During the target selection and planning stages, terrorists conduct pre-operational surveillance. In this stage, terrorists are no different from other criminals in preparing for an operation. The complexity and extent of the surveillance, however, vary with the scale of the operation and the end goal. A purse snatcher, for example, might size up the target for only a few seconds, while pre-operational surveillance for a terrorist attack could take several weeks. The purpose of surveillance is to determine the target's patterns of behavior if it is an individual, or possible weaknesses and attack methods if the target is a building or facility. When the target is a person, perhaps targeted for assassination or kidnapping, terrorists will look for things such as the time the target leaves for work or what route is taken on certain days. They also will take note of what type of security, if any, the target uses. For fixed targets, the surveillance will be used to determine patterns and levels of security. For example, the plotters will look for times when fewer guards are present or when the guards are about to come on or off their shifts. In both cases, this information will be used to select the best time and location for the attack, and to determine what resources are needed to execute the attack. Because part of pre-operational surveillance involves establishing patterns, terrorists will conduct their surveillance multiple times. The more they conduct surveillance, the greater the chances of being observed themselves. If they are observed, their entire plan can be compromised by alerting security personnel to the fact that something is being planned. Conversely, the terrorists could end up being surveilled themselves and can unwittingly lead intelligence and law enforcement agencies to other members of their cell. Despite some impressions that al Qaeda is capable of conducting stealthy, clandestine surveillance, evidence recovered in Afghanistan during the U.S.-led invasion in October 2001 and other places suggest that most of the terrorist network's surveillance is sloppy and even amateurish. Al Qaeda training manuals, including the infamous "Military Studies in the Jihad against the Tyrants," and their online training magazines instruct operatives to perform surveillance, and even go so far as to discuss what type of information to gather. The texts, however, do not teach how to gather the information. This is the stage at which al Qaeda's operations often have found to be lacking. The skills necessary to be a good surveillance operative are difficult to acquire, and take extensive training to develop. It is extremely difficult, for instance, to act naturally while performing an illegal act. Quite often, surveillance operatives will get the so-called "burn syndrome," the feeling that they have been detected even though they have not. This feeling can cause them to act abnormally, causing them to blow their cover. As a result, it is very easy for amateurs to make mistakes while conducting surveillance, such as being an obvious lurker, taking photos of objects or facilities that would not normally be photographed, and not having a realistic cover story when confronted or questioned. In some cases, however, al Qaeda operatives have conducted extensive, detailed surveillance of their potential targets. In July 2004, the arrest in Pakistan of an individual identified by U.S. officials as Mohammad Naeem Noor Khan revealed a personal computer that contained detailed information about potential economic targets in the United States. The targets included the New York Stock Exchange and Citigroup headquarters in New York, the International Monetary Fund and World Bank buildings in Washington, D.C., and Prudential Financial headquarters in Newark, N.J. From the information on the computer, it appeared that the targets were under surveillance for an extended period. Countersurveillance — the process of detecting and mitigating hostile surveillance — is an important aspect of counterterrorism and security operations. Good countersurveillance is proactive; it provides a means to prevent an attack from happening. Countersurveillance can be an individual or group effort, involving a dedicated countersurveillance team. Individuals can and should conduct their own countersurveillance by being aware of their surroundings and watching for individuals or vehicles that are out of place. Countersurveillance is the proactive means of spotting terrorist and criminal surveillance during the target selection and planning stage — the time the operation is most vulnerable to interdiction. Law enforcement and intelligence agencies, corporations and individuals must understand the importance of countersurveillance — and be capable of recognizing hostile surveillance before the next phase of the attack cycle begins. Once the actual attack has begun, it cannot be undone. The genie cannot be put back into the bottle.

Connected Content


Article Search

Copyright © Stratfor Enterprises, LLC. All rights reserved.

Stratfor Worldview


To empower members to confidently understand and navigate a continuously changing and complex global environment.