The Terrorism Warning Process: A Look behind the Curtain

The Terrorism Warning Process: A Look behind the Curtain
Current mood: angry
Category: Life

The Terrorism Warning Process: A Look behind the Curtain
By Fred Burton

U.S. and German officials fear terrorists are in the advanced planning
stages of an attack against U.S. military personnel or tourists in Germany,
ABC News reported May 11. The report followed the issuance of a Warden
Message by the U.S. Embassy in Berlin on April 20 announcing that U.S.
diplomatic and consular facilities in Germany were increasing their
security posture in response to a heightened threat situation. The message,
which remains in effect, also encouraged Americans in Germany to increase
their vigilance and take appropriate steps to bolster their own personal
security. Continuing chatter from a number of sources indicates the threat
is real.

The warning comes as no surprise. Like much of Europe, Germany has a large
Muslim population, and within that population is a small but dedicated
radical element. It was in Germany where a diverse group of Muslim students
from various countries was radicalized and later organized into the
"Hamburg Cell." Members of the cell, including Mohamed Atta and Ramzi
Binalshibh, would go on to attend al Qaeda training camps in Afghanistan,
where they were selected to form the nucleus for al Qaeda's 9/11 operation.
Even after the Hamburg Cell was dismantled, the jihadist network in Germany
has remained active in publishing Internet propaganda and recruiting and
sending young Muslim men to fight in places like Iraq.

Additionally, jihadists left two timed incendiary devices on trains in the
German towns of Dortmund and Koblenz on July 31, 2006. The group allegedly
responsible for the attack comprised mainly Lebanese Muslims living in
Germany, who reportedly had been incensed over the Prophet Mohammed cartoon
controversy. German prosecutors have alleged that the men charged in
connection with the attack were also radicalized after arriving in Germany.
In many ways, then, Germany is facing the same tactical realities as the
United Kingdom and other countries in that it faces a threat from homegrown
militants as well as from professional al Qaeda operatives.

The warning in Germany, however, does provide an opportunity to draw back
the curtain on the U.S. terrorism warning process -- to examine what drives
it, why it sometimes works and why it sometimes does not.

Reasons for Warnings

The U.S. government issues public warnings for a number of reasons. One of
these, of course, is genuine concern for the welfare of U.S. citizens. A
second reason (although perhaps not the second in priority for some
officials) is simple bureaucratic butt-covering. The last thing a
government official wants to do is to end up before a congressional
committee or a governmental accountability review board and answer pointed
questions about why he or she had threat information that was not shared
with the American public.

Indeed, following the bombing of Pan American flight 103, an investigation
conducted by the President's Commission on Aviation Security and Terrorism
discovered that the U.S. Embassy in Helsinki, Finland, received a threat
Dec. 5, 1988, stating that "sometime within the next two weeks" a bomb
would be placed on a Pan American flight flying from Frankfurt to the
United States. The committee found that this threat information had been
selectively distributed by the Federal Aviation Administration and the U.S.
Department of State, giving rise to the charge of a double standard in the
authorities' choice to warn traveling government employees but not the
general public.

Upon receiving the commission's report, the U.S. Congress passed The
Aviation Security Improvement Act of 1990, which said civil aviation
threats could not be passed along only to selected travelers unless the
threat applied only to those travelers. The Bush administration expanded on
that legal precedent to include the dissemination of all threat
information, establishing what is now commonly referred to in the
counterterrorism community as the "no double-standard policy." This policy
requires that threats be disseminated to the public in addition to
government employees.

The "no double-standard" policy was intended to be applied to timely,
credible, corroborated and specific threats. Over time, however, it has
been applied to almost any and every threat. Bureaucratic butt-covering
inevitably leads to this type of overreaction because nobody wants to be
caught not sharing information after the fact, or being accused of making a
bad analytical assessment of the threat. Therefore, nearly everything is
reported, regardless of its veracity. Obviously, this type of overreaction
leads to the release of many more alerts -- many of which are not
well-founded. This leads to alert fatigue.

Warnings also can be issued in an effort to pre-empt an attack. In cases in
which authorities have intelligence that a plot is in the works, but the
information is insufficient to identify the plotters or make arrests,
announcing that a plot has been uncovered and security has been increased
is seen as a way to discourage a planned attack. In practical applications,
however, this does not always work.

Although it might seem logical that militants would abort an operation in
the works once a warning is issued, history has shown otherwise. In the
Dec. 6, 2005, attack against the U.S. Consulate in Jeddah, Saudi Arabia,
for example, the perpetrators not only continued their operation despite
the issuance of a warning, but also despite a government operation that
resulted in the disruption of a second cell that was supposed to
participate in the attack. Several other attacks also were preceded by
warnings or security alerts, including the failed July 21, 2005,
London subway attack, which occurred while the city remained under a
heightened alert following the bombings two weeks earlier.

Sources of Warnings
The intelligence that leads to a warning can come from a variety of places.
Sometimes the warning is spawned by good, hard intelligence from a
technical or human source. Other times it can be a tidbit picked up after
the arrest of a suspect, such as the warnings in 2004 of the plot to attack
financial targets in the United States that followed the arrest of Mohammad
Naeem Noor Khan in Pakistan.

Threat intelligence also often results from interrogating captured militant
operatives, as was seen in the raft of warnings that followed the September
2002 arrest and interrogation of al Qaeda operational planner Khalid Sheikh
Mohammed. Threat information can even come from a previously unknown source
who walks into an agency and volunteers information.

The intelligence services of other countries also will share information
they have obtained with their U.S. counterparts -- though without direct
access to the source, the U.S. agencies might find it difficult to
determine whether the information is credible and to obtain additional
information. Additionally, there are times when foreign liaison services
pass "threat" information as part of a political agenda, perhaps to get a
local insurgent group listed on the U.S. terrorism list -- or merely to
jerk the Americans around.

Of course, all intelligence can be problematic. For one thing, there is the
problem of fabricators, human sources who concoct stories to sell to
intelligence agencies for financial gain. Quite often these fabricators
base their stories on a thread of truth that makes them appear genuine.
During the early 1990s the U.S. Embassy in Beirut was closed on several
occasions due to the bogus and exceedingly dire threat reports of a clever
fabricator who milked the FBI for tens of thousands of dollars.

Secondly, there is the problem of disinformation, or information
purposefully leaked by an organization to mislead or confuse analysts. In
retrospect, the great number of warnings of pending attacks against U.S.
and Israeli interests overseas before the 9/11 attacks -- during what the
9/11 Commission Report calls "The Summer of Threat" -- might have been part
of an al Qaeda disinformation plot to distract U.S. attention from the
group's real plans. Disinformation also can be provided by terrorist
suspects during their interrogations in an effort to create red herrings
and protect real operations that are under way. Such disinformation
attempts by militants also can be useful for pinging the system in order to
judge U.S. responses to threats. This also can serve to help induce alert
fatigue.

Another problem in intelligence is misinterpretation. That is, receiving
intelligence and indicators and then drawing the wrong conclusions from
them, or even misinterpreting an innocuous item to be a critical item of
intelligence. In a 2003 case, for instance, the U.S. national threat level
was raised from yellow to orange during the holidays after a CIA analyst
mistakenly claimed to have discovered a cache of secret al Qaeda messages
imbedded in the moving text at the bottom of the Al Jazeera news channel.
Though some have scoffed at the CIA over the case, the potential blowback
for not taking possible indicators seriously has caused the intelligence
community to err strongly on the side of caution in issuing such alerts.

The Warning Track Record
Because of the problems inherent in intelligence work, and the amount of
bureaucratic butt-covering going on because of the political environment,
the historical track record of warning messages has been mixed. Though the
vast majority of warnings have proven to be false alarms, at times and in
some specific places the warnings have been quite accurate. For example, on
Feb. 15, 2006, the U.S. Embassy in Manama, Bahrain, issued a Warden Message
concerning the threat of al Qaeda attacks in the region. The Australians
issued a similar warning six days later. On Feb. 24, al Qaeda's Saudi node
attacked the Abqaiq oil processing facility near Bahrain. In fact, there
was a clearly discernable pattern in Saudi Arabia in 2004 in which a
warning would be issued and then followed shortly by an attack or raid that
resulted in the arrest of militant suspects.

Another example is the Bali suicide attacks in October 2005. The U.S.
Embassy in Jakarta had been warning about attacks against foreigners at
soft targets in Indonesia since spring 2005, and on Sept. 30, the day
before the attacks, issued a Warden Message warning against possible
attacks in "… places where Americans and other Westerners live, congregate,
shop or visit, including hotels, clubs, restaurants, shopping centers …"
The Oct. 1 attacks targeted restaurants.

The Israelis also have had good intelligence on jihadist threats in the
Sinai. In fact they issued a warning to Israeli citizens to avoid the area
prior to the October 2004 attack against the Hilton hotel in Taba.

This kind of intelligence penetration of al Qaeda has occurred far more
frequently at the local or regional level. It has been far harder to
penetrate the central core. Moreover, after certain intelligence methods
have been disclosed to the public -- such as monitoring the satellite phone
conversations of al Qaeda leaders -- those intelligence sources that had
provided insight into the activities of the core group have dried up.

This intelligence penetration on the tactical level is frequently
short-lived because the type of access that provides the timely and
accurate intelligence needed to predict threats often is then used to
dismantle the organization. Jemaah Islamiyah in Indonesia, al Qaeda in the
Arabian Peninsula and the jihadists linked to al Qaeda in the Sinai --
regional nodes that were subjects of accurate threat reporting over the
past few years -- were all hammered hard by local security forces.
Afterward, though, the quality of the threat information dropped
noticeably, with an increasing spike in the number of false alarms.

For example, after highly accurate threat reporting in Saudi Arabia in 2004
(and a string of successful actions against al Qaeda by the Saudi
government), a rash of warnings in Saudi Arabia in 2005 about pending
attacks against U.S. government and commercial targets proved to be
unfounded. The U.S. Embassy in Riyadh was even closed for two days in
August 2005 because of a threat that did not materialize. A similar pattern
was seen in Indonesia and the Sinai.

As long as there are attackers -- and bureaucrats concerned about being
grilled by Congress -- there will be terrorism threat warnings. The
difficulty will be deciphering which are bogus and which are based on
timely, accurate and specific intelligence.

Analysis Comments - analysis@stratfor.com
Customer Service, Access, Account Issues - service@stratfor.co