The Terrorist Recognition Handbook
Malcolm Nance
It is truly a manual for predicting and identifying terrorist activities. Scheduled to be published by Taylor & Francis/CRC Press of Boca Raton, FL, in April, 2008, the book provides professionals and interested parties with an invaluable training tool on how to identify an attack; how to mitigate damage from successful attacks; and how to recognize the various stages of developing terrorist plots.
Nance writes from experience. He has spent 17 years deploying on anti-terrorism and counter-terrorism intelligence operations in the Balkans, Middle East and sub-Saharan Africa in direct support to the Special Operations Command as well as assignments at the principle agencies of the Intelligence Community.
GSN: Government Security News obtained an advanced copy of The Terrorist Recognition Handbook from Taylor & Francis, which generously granted permission to publish the following excerpt.
“A TERRORIST CELL”
Terrorist cells are secret, small teams of terrorists who operate as a group on orders of a commander or independently. The cell is the fundamental unit of a terrorist group. Cell operations and their members are the least identifiable part of terrorism. Their operations are always in secret and never seen, until they attack.
Cells are often referred to by other names in a terrorist organization’s communications and statements. Depending on the group and its national origin, cells may be referred to as “Fronts,” “Commandos,” “Groupos,” and “Wings.” The Irish Republican Army called cells “Active Service Units” and in Sri Lanka the Tamil Tigers call their cells “Cadres.” Many terrorist groups will name their cells after slain members; for example, Germany’s Red Army Faction.”Gudrun Essenlin Commando.”
TYPES OF TERRORIST CELLS
Command and Control Cell – Comprise external or internal supervisors who make final decisions and supervise execution of attack. They may be the leader of or participant in one of the below listed cells.
Tactical Operations Cell – The team or person that actually carries out the act of terrorism. Also known as combat cells, attack cell, action teams or operational cells.
Intelligence Cell – Collects data, makes recommendations, selects targets and provides information to hit the target.
Logistics Cell – People who are organized to provide supplies or support to the other cells. May include bomb-makers, black marketers, doctors, lawyers, bankers, couriers and others needed in an emergency. Also referred to as the auxiliary cell, support cell or assistance cell. (Note that terrorist groups don’t refer to themselves using the above listed terms. NATO military chain-of-command terms are used to standardize the levels of involvement by terrorists.)
OTHER TYPES OF CELLS
Combined Cell – A combined cell is a team of terrorists so small it must perform all the functions of the four cells named above. The Al Qaeda organization often uses combined cells to maximize its manpower.
Sleeper Cell – Any one of the above types of cells that infiltrates a geographical region and lays dormant until activated for a mission. Sleeper cells are distinguished by their ability to blend into their surroundings until given orders to carry out their mission. Once activated, of course, the cell is no longer a “sleeper.”
Cells may operate independently or in coordination with each other, depending upon their mission.
OPERATIVE MEMBERSHIP POOLS
Terrorist groups must draw operatives from a body of manpower known as a pool. Pools of manpower come in two forms: open and closed pools.
Closed Pools of operatives are professional or dedicated terrorists that are consistently used by the leadership. These members are active cadre and supporters chosen for skills and reliability. They are generally a known number of personnel and may be the heart of the terrorist group. Smaller groups have used this system successfully and were only degraded through arrest or death of the operatives. The German terrorist group Red Army Faction lost its last two closed pool operatives in 1999 with the arrest of Andreas Klumpf and death of Horst-Ludwig Meyer in a SWAT raid. The group is now considered defunct.
Open Pools of operatives rely on active cadre and field leadership to recruit lower level operatives and train them to support their missions. These core personnel do not have to risk themselves completely and can form new cells as necessary. Al Qaeda uses this system.
TERRORIST CELL SIZE
The number of cells, the number of operatives per cell and the group’s overall structure depend upon several factors:
• Group Skill – Better groups use small cells of three to five people. Unskilled groups use larger numbers of people. Al Qaeda, a professional group, prefers to use large cells of four to 10 men, but independent to create their own cells. Blood connected groups such as criminally-bent families also tend to use larger cells. The larger the group, the greater the chance of compromise.
• Mission Risk – If the mission is high-risk, smaller numbers of operatives may be more effective. The more permissive the environment -- that is, the easier it is for operatives to move around and carry out their tasks -- the more people may be involved without jeopardizing an operation.
• Manpower – Some groups make deliberate decisions to limit the cell size for reasons mentioned above; others simply don’t have enough manpower and are forced to work with the few people they have.
• Money – Limited resources may also limit the number of operatives carrying out a mission. Well-funded groups like Al Qaeda may be able to finance dozens of terrorists simultaneously.
HOW CELLS AND LEADERSHIP COMMUNICATE
Cells communicate with leadership and/or with each other in two methods: Direct and Indirect.
Direct communications offer surety that the message is received and mistakes are minimized. The liabilities are that it is the least secure and can be compromised through arrest or infiltration by agents. The methods of direct communications are:
• Face-to-Face Meeting with Known Persons – A dangerous but often necessary method of communication. Newer groups, who are just beginning to establish communications, or groups whose loyalties can be assured by members, use face-to-face meetings as a way of definitively confirming a person’s identity and the authenticity of the communication. If an illegitimate infiltrator is discovered, the group can hold, interrogate and even eliminate him or her. Groups without blood ties or extremely strong ideological ties are more susceptible to infiltration, defection and arrest of members, which could compromise the entire organization.
• Face-to-Face Meetings using Anonymous Names – This method of communication involves face-to-face meetings between strangers, identified to each other only by code names or noms de guerre. Some groups, including Al Qaeda and Abu Nidal Organization (ANO), use this system in training schools and during operations. Their members are identified only by code names such as Abu Jihad or Abu Saif, not their real names.
Indirect Communications offer maximum security and difficulty to intercept, but increased opportunity for errors. Messages can be lost, misinterpreted or broken if a member or system is destroyed or lost. The indirect method requires an elaborate “lost communications” procedure and follow-in security checks.
• “Cut-out” Communications – Communication through cut-out is an age-old form of indirect communications and security technique that allows the leadership to deliver orders to the operative securely. A cut-out is a courier or a trusted agent who serves as a courier between two people who may not know one another. In recruiting, the cell member is typically recruited by a reliable supporter of the organization, who places him or her in indirect communication with the commander generally through secure messages. The recruiter never sees the operative again, and the cell member receives orders from an unknown commander appointed above him. These orders are delivered to the operative via various secretive methods. Often, messages are in code and may be concealed by embedding in books, newspapers and other written documents. This system generally goes undetected, but the terrorist operative must follow orders from people whose legitimacy he cannot confirm. The main strength of a cut-out system is the inability of operatives, if they are arrested, to identify other group members. This minimizes the damage caused to the organization by the compromise of one individual or one cell.
• Cut-out through Electronic Systems – The same indirect communications principle described above is used, but electronic media serve as the channels of communication -- such as secure Internet chat rooms or telephone conversations.
• Mail Drop – This is a method where the postal system or electronic mail delivery is used to send and receive communications. Regular post or delivery services can be used to deliver written mail, floppy disks, memory chips or SIM cards, all of which may or may not be encrypted in order to send or receive orders. Authentication may be done by code-words or passwords that are sent via separate secret communications.
• Dead Drop – This is a method where information is left at a pre-arranged location known only to the group members.
TERRORIST COMMAND AND CONTROL *C2) CELLS
Some groups may use a supervisory team that operates and commands its subordinate cells. Other groups go so far as to dispatch field leadership officers to check up on the status of the operation and provide the other cell leaders with mission support. Both are called a Command and Control (C2) Cell. The C2 cell generally contains two to three terrorists in the following roles:
Operative in Charge (OIC) – Serves as the overall mission commander as well as the tactical operations cell leader. May be near the target during the attack or observe from a distance.
Assistant Operative in Charge (AOIC) – A deputy assisting the OIC in executing the mission. Driver/Messenger - Supports the OIC and AOIC in movement and communications with leaders and other cells.
TERRORIST INTELLIGENCE CELL
This cell provides the eyes and ears of the terrorist organization. It is extremely important because its members conduct target selection -- they decide who or what will be attacked; when an attack will be carried out; and the most effective means for doing so.
Typically, “Intel” cell members are the most experienced members of the organization. Once surveillance has been conducted and tactical decisions made, the cell creates a briefing package for both the senior and field terrorist leadership. When the decision to strike is made, it is then passed on to the tactical operations cell. The package describes the plans and feasibility of the attack to the terrorist leadership and is usually delivered via courier.
The intelligence cell rarely participates in an attack because its members would risk being identified -- that is, if counter-surveillance efforts picked up their repeated presence at a given location. Occasionally, they do participate; Al Qaeda used a combined cell in the bombing of the American embassy in Nairobi, Kenya, in which an intelligence cell member helped carry out the attack. His involvement later helped to identify one of the surviving terrorists and to break the rest of the cell.
Cell Leader
• An experienced terrorist
• Highly trusted, “leads from the front”
• Actively participates in collecting information
• Responsible for security of the cell
• Reports only to a designated superior or directly to the organization’s leadership
Surveillance Team
The surveillance team observes and reports on targets they may wish to attack. Skilled groups use dedicated, highly-trained people for this task.
• Combined groups may use logistics cell personnel or non-terrorist supporters for surveillance.
• May be a single individual.
• Unlikely to use handheld radios to communicate with other members when actively conducting surveillance. More likely to use cell phones or report verbally after surveillance is completed.
• Identifiable by position and behavior.
• Look for the “four sames”: same type of people, in the same place, at the same time of day, doing the same activity.
• Look for behaviors that, at first glance, might appear normal, but may be out of context. For example, a couple picnicking near a lake next to a nuclear power plant may appear normal, but picnicking every day for a week, or an absence of food, makes this activity suspicious.
Photography Team
• Usually one or two people, male or female.
• Identifiable by behavior; people using still or video cameras, overtly or discreetly.
• Films subjects not typically photographed by tourists, such as embassies, building entrances and exits, security personnel, and so on.
Penetration Team
• This may be an intelligence cell or tactical operations cell member who has received the proper penetration information. Therefore, all penetration attempts need to be evaluated as the start of a real attack.
• Enters target area for surveillance purposes.
• Usually one or two people, male or female.
• No radio communications until mission is complete. (Cell phone, hand signals or other non-verbal methods may be used.)
• May walk the attack pattern they intend to use (called a “walk-down”.)
• Will attempt to enter a facility using ruses, false IDs or false stories.
• May try to use unusual entrances or exits; may be seen pacing or undertaking close observation of a facility.
• Will dress in an attempt to look like facility staff, tourists, etc.
Security/Driver
• Usually one person, male or female.
• Stands off to the side to watch the team’s flank.
• May double as an escape driver.
• Uses pre-determined signals for the team to leave.
• Identifiable by behavior. Single person sitting in running vehicle, vehicle that circles the area repeatedly, horn-honking that brings other people back to the vehicle.
TERRORIST TACTICAL OPERATIONS CELLS
Cell Leader – This person is usually the overall mission commander, as well as the head of the attack arm. The tactical operations cell leader personally leads attack operations.
Tactical Operatives – The number of operatives depends largely upon the mission at stake. The operative’s job is to carry out the actual attack according to plan. This might involve assassinating a target, dropping (leaving behind) bombs, carrying out a suicide mission or any other type of attack.
Rear/Flank Security – The cell may require a final security check of the target before the attack, covering routes of approach that police or security force may use when they arrive. This team member may be armed or serve just act as a lookout.
Insertion/Extraction Driver – This driver may be the same driver from the logistic cell or a specially designated person with evasive driving skills. Teams that arrive by vehicle and expect to depart in the same vehicle designate an insertion/extraction driver. This driver may stand off from the operations area and act as a look-out. He or she may also be on the ready to provide more firepower or drop off weapons and supplies.
TERRORIST LOGISTICS CELLS
Cell Leader– Supervises all cell members’ duties and is responsible for acquiring the supplies necessary for an attack. May fulfill duties of another cell member as well.
Supply Officer – Obtains needed weapons, equipment and supplies, through either legal or criminal methods. Driver – Provides transportation for tactical operations and intelligence cells and moves the group’s supplies and personnel.
Bomb Master – Conducts all phases of assembling bombs, with the exception of delivery. Rarely takes part in the attack unless the arming procedure is complex or the device is a “special” weapon (e.g. dirty radioactive bomb, nuclear fission bomb.)
Arms Handler – Expert in acquiring and preparing weapons and explosive components.
Courier – Receives and delivers written communications, passes voice messages, makes and receives money transfers. May also locate supporters outside of the organization, when necessary for funding and additional assistance.
Emergency Support Teams – Not de facto members, but active supporters of the organization:
• Emergency Medical Support – Doctors, nurses, surgeons and specialists who will provide services and treatment to injured terrorists.
• Emergency Legal Support - Lawyers and other legal professionals that will represent members of the group if arrested and work toward their release from jail.
• Emergency Financial Support - Supporters that can provide money and supplies in emergency, with no questions asked.
- Add your comment
- trackback url: http://www.gsnmagazine.com/cms/trackback/440-3
