Analysis - Security Studies

Citizen Detective

Challenges and Approaches to Disrupting Terrorist attacks
Thursday، February 16، 2017
Citizen Detective

As terrorist groups continuously launch more attacks across the Middle East, Europe and the United States, ranging from suicide bombings to remotely-triggered explosions and improvised explosive devices (IEDs), it has become evident that to prevent such attacks, security services must re-think the stages of each attack, starting from target selection to execution and capitalizing on  successful operations.

Terrorist attacks have become increasingly complex, especially as terrorist organizations have mushroomed and developed their tools in a global environment that has made it relatively easy for them to get hold of the necessary materials. On the other hand, Western societies continue to seek new ways of rupturing the process of preparation and execution of terrorist attacks in order to prevent or at least reduce the risk of having successful attacks.

Some Western security theorists perceive terror groups as rational actors who take the decision to carry out attacks according to cost-benefit analysis, therefore making it easier to understand and prevent attacks.

The terror attack process

Actors capable of carrying out terrorist operations vary from being a member in organizations and networks with extensive human and material resources to being an individual lone wolf attackers. Their targets and the tools they use also differ widely. However, there are common characteristics in the way attacks are planned.

Christopher Pendas writes that terror attacks are carried out in the following three stages:

1. The Pre-attack Phase: This includes three tasks that begins with target selection. Generally, the organization or individual planning the attack chooses the possible targets and selects the preferred option based on meeting the required criteria including the risks, the chances of success and to what extent the operation can be executed using the available means.

The attacker will usually carry out pre-operational surveillance on the target to find out the security measures in place and evaluate whether the operation can be successfully executed.

Once the target has been selected, the attacker will survey the target more closely to find out every detail about it, such as the security measures in place and how they could be penetrated, and any activity conducted around the target - especially in cases where the attack involves targeted individuals. The attacker then analyses the available data.

Terror organizations normally use specialists for the job of surveillance, rather than the person who will carry out the actual attack. This was the case in the 2008 Mumbai attacks, when the attackers used an agent called David Headley for the task of target reconnaissance.

Once enough information has been gathered, the planning of  the attack begins. The attackers are selected and trained to learn specific skills they will need to carry out the attack. The acquired skills through training include language skills and cover stories they will use to hide their identities, along with target practice, direct combat and means of escape in addition to acquiring the necessary weapons. During this stage, communication between the various actors is increased (except in the case of lone wolves).

2. The Attack Phase: At this stage, the attacker heads to the target to implement the terrorist attack it at a predetermined time, set according to the information gathered, as mentioned previously. The attacker usually has a clear motive. The motives vary between causing the greatest possible destruction, be it in terms of number of casualties, disrupting the economic and financial stability of the country, or spreading fear in society, as well as winning notoriety and followers for the group to which he or she belongs.

3. The Post-Attack Phase: This phase involves two main tasks. Firstly, the getaway is a route or to ensure the attacker leave the site of the attack. In some cases, this is not possible due to the ensuing fight with security forces, or may not even be desired, in the case of suicide attacks.

The second task relates to the media capabilities of the organization utilizing the attack in order to send a message, raise its prestige among terrorist groups and its ability to compete against other groups, and to confuse the state by spreading fear in society.

As terrorism expert Brian Jenkins once wrote, "terrorists want a lot of people watching, not a lot of people dead.”

Source: Christopher Pendas," Tag Archives: Terrorist attack cycle", December 14, 2013, available at, 

Ways of confronting terrorism

The terrorist attacks of 9/11 and subsequent attacks in Western countries have revealed the fundamental difficulties security services face in dealing with terrorist threats. Security agencies have often failed in one way or another to deal with the wave of terrorist attacks that have hit Western nations. Noting these difficulties, experts have proposed three basic approaches to set up preemptive mechanisms for disrupting the terror attack process and preventing attacks at an early stage.

1. Placing intelligence services on high alert: This approach relies on the abilities of intelligence agencies to disrupt terrorist plots at an early stage. The planning stages include activities that might attract the attention of security agencies, such as increased communications between terrorist elements, military-style training, money transfers and financial transactions or reconnaissance by attackers or their accomplices at target sites. All this may raise the suspicions of security and intelligence services.

Western terrorism experts such as Dennis Blair, Brian Jenkins and George Friedman emphasize the importance of infiltrating terrorist groups by recruiting or planting agents inside them. Through this mechanism, intelligence agencies can discover a group’s plans in order to identify who is planning attacks, monitor their communications and allow the police or security services to arrest them.

Despite the difficulties involved in infiltrating these networks, it has been successful in some cases. For example, a group who were planning to attack the Fort Dix army base in New Jersey were arrested in May 2007 after federal investigators planted spies in the group. They monitored its activities and kept agents abreast of its plans for 15 months.

This method was also used against the Moroccan Amine El-Khalifi who was arrested in 2012 for planning to carry out a suicide bombing against Washington D.C.’s Capitol Building. He was detained after contacting people to assist him in implementing the operation, who turned to be FBI agents. 

The intelligence agencies’ network of sources is strengthened by the monitoring of various media outlets linked to terrorist organizations. Many of these groups use social media and YouTube. They also use Google Earth for attacks’ planning, command and control, and for communications between cells in different areas, as well as to drum up material and human support.

Tracking these sources and decoding encrypted messages between terrorist operatives allows intelligence services to understand the rationale of these groups and in some cases, prevent attacks. One example is that of Hosam Maher Smadi, who was arrested in the US in 2009 for planning to bomb a skyscraper in Dallas, Texas. He was detained after he revealed his plans on an internet chat room.

2. Terrorist ambitions vs. capabilities: This refers to a weakness in the planning process described above. Terrorist operatives often have ambitions that go far beyond their resources. Many terrorists try to carry out huge attacks that exceed their capabilities, for example, by attempting to use advanced weapons without having sufficient experience.

Others lack knowledge of reconnaissance and surveillance, or are unable to deal with the psychological and emotional stress of the initial planning stages, meaning they may expose their plans before the operation is carried out.

This helps explain the failure of Ahmed Ressam’s plot to bomb Los Angeles International Airport . Ressam was arrested as he entered the US from the Canadian border in 1999, carrying explosives in the chassis of his car. He had been unable to cope with the psychological pressure of such a large operation. Terrorism expert, Bruce Hoffman, said Ressam was an amateur terrorist, who lacked the psychological strength of, for example, the 9/11 bombers. When he faced customs officials at the border of the state of Washington, he panicked and tried to flee.

Two other unprofessional terrorists were Mohammed Rehman and his wife Sana Ahmed Khan, who were arrested in Britain in May 2015. Rehman, who called himself the “Silent Bomber” on Twitter, revealed his plans to carry out an attack by tweeting “Westfield shopping center or London underground? Any advice would be appreciated greatly."

The authorities responded by arresting the couple, and it soon became clear that they were attempting to make explosives in order to attack one of the sites he had tweeted about.

3. Partnership with citizens: Many Western states have started programs focused on partnering with individuals in order to thwart terrorist threats. Nick Vaughan-Williams has called such individuals who help the state citizen detectives, who the state encourages to play a greater role in fighting terrorism. Vaughan-Williams says European citizens have become surveillance agents in a way that makes them parts of a broad system for countering terrorist threats.

Western experiences of this model have focused mainly on equipping citizens with policing and security skills and capacities such as situational awareness and swift reporting. The aim is to strengthen individuals’ awareness of early signs of threats in their vicinity, observe any unnatural behavior in their surroundings and pass on the information they have to the relevant security agency.

The idea of partnership with individuals was fundamental to foiling the Fort Dix plot. Authorities had been monitoring the group responsible for the plot since 2006, when they went to a video store to get a VHS tape copied to a DVD. The video, which included military exercises and shooting practice, alarmed an employee at the store, who informed security agencies. The FBI took up the case and planted two spies in the group, who monitored its activities until the plotters were arrested in 2007.

The terror attack planning process and ways of disrupting it


1) Christopher Pendas," Tag Archives: Terrorist attack cycle", December 14, 2013, available at,

2) Scott Stewart, "Detection Points in the Terrorist Attack Cycle", Stratfor, March 1, 2012 , available at, 

3)Scott Stewart, "A Primer on Situational Awareness", Stratfor, June 10, 2010, available at,

4)   George Friedman, "the cycle terrorism", geopolitical futures, March 23, 2016, available at,

Current challenges

While the approaches put forward in Western literature on terrorism are useful, some of the challenges they address are specific to Western states, which continue to suffer from a lack of coordination between intelligence agencies and face problems sharing and exchanging classified information with domestic and international partners.

These problems have emerged recently in France and Belgium. A French parliamentary committee has called on the government to reform the intelligence agencies through setting up a more unified system. In Belgium, there have been growing calls for better exchange of intelligence information between agencies, both domestically and abroad.

On the other hand, the nature of terrorist groups today places further pressures on the intelligence services. The challenge arises from the growing role played by “lone wolves”, in conjunction with the fact that the attacks are currently more random attacks against small targets. This is a strategy promoted by senior terrorist leaders such as Nasir Al-Wuhayshi - head of Al Qaeda in the Arabian Peninsula until he was killed in 2015 - who in 2010 urged members to “focus on simple attacks against soft, easy targets”.

What has made simple terror attacks more complex is the fact that terrorist groups and their members are able to create new tools to carry out their attacks. The situation no longer necessarily requires complex or advanced weapons. Rather, any tool can be adapted to be used for terrorist purposes - what Corri Zoli has labeled “low-tech terrorism”.

The self-proclaimed Islamic State’s English language magazine “Rumiyah” is an example of terrorist groups calling for this kind of strategy. Its third issue included an article titled “Just Terror Tactics”, which called on ISIS supporters to use trucks to carry out terror attacks. It noted how easy they are to obtain without raising suspicions and how they serve the desired purpose - both in terms of number of casualties and their effectiveness at spreading fear in Western societies.

This terrorist creativity means that Western societies are vulnerable to terrorist attacks against many types of unexpected targets, as happened in the Nice truck attack in July 2016 and a similar operation in Berlin in December.

Security agencies, therefore, need to develop mechanisms that allow them to overcome their own problems as well as working more effectively to understand and tackle today’s terrorist threats.

Key sources:

1) Al Hayat Media Center, "just terror tactics", Rumiyah, issue 3, Safar 1438 (November 2016), available at, 

2) Bruce Hoffman, "Rethinking Terrorism and Counterterrorism since 9/11", Studies in Conflict & Terrorism, Volume 25, Issue 5, 2002.

3) Christopher Pendas," Tag Archives: Terrorist attack cycle", December 14, 2013, available at,

4) Corri Zoli, "Lone-Wolf or Low-Tech Terrorism?", lawfare, August 17, 2016, available at,

5) Erik J. Dahl, "The Plots that Failed: Intelligence Lessons Learned from Unsuccessful Terrorist Attacks against the United States", Studies in Conflict & Terrorism, 34:621–648.

6) George Friedman, "The Cycle of Terrorism", Geopolitical Futures, March 23, 2016, available at,

7) James A. Malcolm, "Project Argus and the Resilient Citizen", politics, political studies association, VOL 33, issue 4, December 2013.

8) Raffaello Pantucci, "The Islamic State Threat to Britain: Evidence from Recent Terror Trials", March 17, 2016, available at,,2011

9) Scott Stewart, "A Primer on Situational Awareness ", Stratfor, June 10, 2010, available at,

10) Scott Stewart," Detection Points in the Terrorist Attack Cycle", stratfor, March 1, 2012, available at, 

Keywords: TerrorismSecurity