Terrorists are relentlessly evolving tactics and techniques for IEDs (Improvised Explosive Devices), and analyzing reporting on IEDs can provide insight complementary to HUMINT on emerging militant methods. Preparing for an upcoming webcast with our friends at Terrogence, we found incidents using sports balls, particularly tennis balls and cricket balls, more frequently appearing as a delivery vehicle for explosives. (continue reading…)
Note: Massive thanks to Dr. Jarret Brachman for his guidance and support in putting together this post. He’s one of the best out there studying violent extremism, and we recommend that you check out his book ”Global Jihadism: Theory and Practice“ and follow him on Twitter.
The Boston bombing investigation continues to reveal new information on the two primary suspects, but quietly reported last Friday was the discovery of jihadi propaganda Inspire Magazine - produced by al-Qaeda in the Arabian Peninsula (AQAP) - on a computer belonging to the elder Tsarnaev brother’s widow. The publication, particularly its first issue containing instructions for building a pressure cooker bomb, was spotlighted as a possible resource immediately after the bombings.
The news the Tsarnaevs possessed Inspire, whether it directly influenced their actions or not, serves as evidence of the AQAP magazine’s reach and visibility in the jihadist community. (continue reading…)
The world learns more by the hour about the Tsarnaev Brothers, Dzhokhar (19) and Tamerlan (26 when killed on Friday), allegedly responsible for the Boston Marathon bombings last week. Their lives in the United States, travel activities since arriving in the country, and reputation amongst peers and family are slowly becoming clear, and every new detail provides a small bit of additional color to those believed to be behind the bombings that left three dead and more than 180 injured.
Here’s a Recorded Future timeline of their life events up to December 2012 that will continue to fill as additional information on each brother becomes available on the open web:
The above timeline gives us an overview of the quickly filling in life story for each of the brothers. We’re also interested in the answers to several more specific questions that can be derived from the burst of reporting on the brothers:
Quotations about the Tsarnaev brothers
Doku Umarov Connections
These storylines and connections will fill out as we learn more from the younger brother Dzhokhar’s testimony. If you want to further examine or build off of these views, check out the Recorded Future report on the Tsarnaev brothers here.
Updated at 1:12 am EST on Friday, April 19 to include breakdown by continent and network graph.
Reports today suggest that the horrific attack on the Boston Marathon was carried out using a pair of pressure-cooker bombs. While police scour video and photos for clues (the FBI is seeking any available content), we mapped reported use of this type of weapon during the past three years to serve as a resource for anyone investigating the bombings:
Update - Pressure Cookers in Asia
Pressure cooker bombs have been more commonly seen in Indian and Southeast Asian attacks than anywhere else. Recent reports out of India also suggest that the weapon has become a “fad” in militant camps along the Afghanistan/Pakistan border. In contrast, discounting thwarted attacks such as the attempted attack on Times Square in 2010, the United States has experienced just one bombing with a pressure cooker, and that was back in 1976. There’s also little to see in Europe during the last several years.
We can also take the same data set and visualize any connections between people and organizations previously involved in the user of pressure cooker bombs across Asia. The two views bookending this paragraph provide a clear indication: pressure cooker bombs are relatively rare with the exception of Southeast Asia, which makes for an interesting strand to follow when piecing together background on the two recently identified suspects.
Like so many organizations in the Boston community and elsewhere, we had employees, friends, and family in the area during the attack. You can send any tips to the FBI. Our thoughts are with all of those affected, and please let us know in the comments if there are other aspects of the media that we should further analyze.
A pair of bombings in Hyderabad late on Thursday left nearly 20 dead and many more injured. Reporting out of India, while remaining careful about attribution, is likening the attacks to tactics previously carried out by Indian Mujahideen (IM). IM is a designated terrorist group by several countries including the United States with suspected ties to Lashkar-e-Taiba (LeT) and ideological links to Al Qaeda. In addition to unfolding details about the attacks, there are also reports emerging that broad intelligence warnings were made several days prior to the bombings.
Analysis of open source reporting on the Indian Mujahideen reveals an extremely active period of arrests and scrutiny during the last three months. It also shows the complexity of the security challenge faced by India in unraveling a network of operatives across several groups including IM, LeT, and the Students Islamic Movement of India (SIMI) as well as the border of neighboring Pakistan. The timeline below shows events related to the IM taking place between December and Wednesday, February 20, one day prior to the attacks.
You can explore the timeline live, but we’ll call out some of the crucial events that were known during the three months prior to the bombings:
- Dec 27 as reported by the New Indian Express: The Maharashtra Anti Terrorism Squad arrested three more members of Indian Mujahideen related to an August 1 bombing in Pune. Arrested were Sayyed Arif alias Kashif Biyabani, Munib Iqbal Memon, and Farooq Bagwan.
- January 18 as reported by Bhaskar: Delhi police were warned of a possible attack by Indian Mujahideen and Lashkar-e-Taiba in the capital on Republic Day. The holiday passed without incident.
- February 5 as reported by the Indian Express: The National Investigation Agency (NIA) arrested an alleged Indian Mujahideen operative Aftab Alam alias Farooq, who is reportedly an IED expert. He was already being held in Tihar Jail west of New Delhi.
One of the takeaways from this set of events is that Indian security organizations were well aware of threats and actively pursuing leads on known entities within the organization. A particular With an idea of what events related to the Indian Mujahideen preceded the attacks, we also want to sketch out alleged affiliations of the organization’s recognized leadership and head figures including brothers Riyaz Bhatkal (now known to have been briefly held by police in 2008) and Iqbal Bhatkal as well as Abdul Subhan Quereshi and Fasih Mohammad (now under arrest after being deported from Saudi Arabia).
The network of known affiliations to other individuals aside, there are some key points to be noted in considering what was available in the open source before the recent bombings. During June of 2012, reports allegations emerged that Pakistan’s ISI was protecting the Bhatkal brothers living in Karachi. After the arrest of Fasih Mohammed in October, charges filed by the Special Cell in the court of Chief Metropolitan Magistrate Vidya Prakash reportedly said that Mohammed and “LeT chief Zaki-ur-Rehman alias Lakhvi monitored the 26/11 attacks from a control room set up in Malir in Karachi, Pakistan.” There are also indications that bomb plots to be carried out in Hyderabad were prepared and approved well before the lighter weight August 1 bombing series in Pune based on intelligence gathered from an arrested IM member.
This quick summary of open source information available prior to yesterday’s bombings suggests that attention to key IM operations by Indian security forces may have delayed the attacks in Hyderabad. Still, the inability to ultimately prevent the attacks shows just how challenging a security scenario India faces with operatives interacting across groups (IM, LeT, and the banned SIMI) while receiving training and possibly protection across the border in Pakistan. We’ll go further into these issues during the weeks to come, but for now, we hope these tools from Recorded Future provide support to anyone following the still unfolding details of the tragic events in Hyderabad.
Like many of you, we’ve kept a close eye on Mali and the related attack on the Amenas oil facility in Algeria, and the conflict is only getting more complicated as militant factions continue to splinter. You may have seen our monitoring on Mali set up earlier this month, and this post will expand on those initial observations by looking for early signals of the conflict in Mali spilling into and being closely intertwined with known entities in Algeria.
Let’s start with a look at Al-Qaeda in the Islamic Maghreb (AQIM), the Salafi-jihadist militant group and U.S.-designated Foreign Terrorist Organization operating in North Africa, activities in Mali. The group traces its provenance back to Algeria’s civil war and became an al-Qaeda affiliate with broader regional and international ambitions in 2006. Communication between AQIM and al-Qaeda was separately verified by documents captured in the raid on Bin Laden’s compound in Abbottabad. Below is a timeline of commentary on the organization’s activities in Mali during the run up to and while the recent hostage crisis took place.
Some interesting points occur in the lead up to the attack on Amenas. A few choice notes:
- On September 26, Secretary of State Hillary Clinton said, “al-Qaida in the Islamic Maghreb and other groups have launched attacks and kidnappings from northern Mali into neighboring countries.”
- On November 19, Moussa Ag Assarid, spokesperson for the National Movement for the Liberation of Azawad (NMLA) said the secular Tuareg rebels who came from Timbuktu, are fighting the Islamists of MUJAO in Menaka, Mali, as well as reinforcements from al-Qaeda, in the Islamist Maghreb.
- On December 3, Mokhtar Belmoktar announced his split from AQIM to create a movement spanning the entire Sahara desert, said one of his close associates and a local official who had been briefed on the matter on Monday.
One of the highlights out of the network, given the mention Qaeda reinforcements making their way into the region, is an event in Tunisia. On December 21, Tunisia’s Interior Minister, Ali Laarayedh, announced the arrest of 16 members of a terrorist cell affiliated with AQIM called “The Militia of Uqba Ibn Nafaa in Tunisia.” The cell reportedly attended “a training camp run by three Algerians close to AQIM leader [Abdelmalek Droukdel].” Laarayedh added that the cell’s members were sent to AQIM camps in Algeria and Libya for training. Three Libyans were reportedly among the arrested.
This brings us to one of the most controversial storylines to emerge out of the hostage crisis is that of ties between AQIM and Algeria’s intelligence operation Département du Renseignement et de la Sécurité (DRS). Our interest in the AQIM-DRS connections include claims of a relationship between the Algerian intelligence agency with former AQIM leader Mokhtar Belmoktar.
How does this link with the arrest in Tunisia of Libyans training in Algeria? In March 2012, it was reported that Belmoktar, an Algerian operating in Mali, was in Libya buying up weapons. The below timeline outlines claims from various media outlets of relationships between AQIM and DRS:
There are reports on the relationship dating back several years. This write up from Al Jazeera back in November 2010 highlights links, the same publication wrote of DRS arming AQIM, and All Africa writes further:
In September 2006, the nondescript GSPC, with the help of the DRS and US intelligence agencies, internationalised itself by adopting the Al Qaeda brand and renaming itself as AQIM.
That’s not necessarily unequivocal evidence, but it is interesting that allegations of a relationship seem to really tail off in early 2012 when northern Mali fell under militant control. This write up from World Politics Review details the security challenges related to AQIM that emerged at that time:
One source of tension was over ownership of the AQIM problem. In spite of its expansion outside Algeria, AQIM remained an Algerian-led organization for which Algerian targets remained a high priority. As a result, Mauritania, Mali and Niger believed that Algeria could be doing more to pull its weight. Conversely, Algeria believed that Mali and Niger were particularly weak links in the regional strategy to counter AQIM activity, and that these countries allowed the group free rein to launch operations from their territories. There has also been an element of mistrust among regional states that local government and military authorities are at a minimum complicit (.pdf) in the illicit economic activity that pervades the region, and that they might compromise (.pdf) shared intelligence on AQIM operations.
One more angle to consider in analyzing the build up to the French intervention and hostage crisis is the military activity in Mali and Algeria prior to the events.
A few interesting events of note aside from the well known UN deliberations on intervention and the deployment of African led forces:
- December 10, 2012: A Tunisian policeman was killed during clashes with suspected Islamist fighters near the border with Algeria.
- December 22, 2012: Large exercises took place in the desert with the Algerian army is preparing for a broad confrontation with al-Qaeda.
Taking a look at the information surfaced in the open source, what do you think about claims of a relationship between DRS and AQIM? Is that irrelevant at this point given the state of the conflict and potential impact of further spillover into Algeria? Is the instability and cache of weapons contained in Libya going to further fuel the fire in Mali? You can follow the reports of conflict in Mali and Algeria using Recorded Future, and we’d be interested to hear your comments on the situation in the comments.