Terrorist HUMINT/CI Practices
Keshav Mazumdar
Antiterrorism Officer & Sr VP ATAB
Anti Terrorism Accreditation Board
The following points are the opinions of criminal (insurgents) regarding the security forces and the measures they undertake to escape detection, and arrest
Terrorist Have CI Also
- This presentation is an accumulation of comments and case scenarios acquired from years of interviews with IRA Captives, IRA Training Manuals and intelligence gathered from years of investigation and research.
- The important point here is that the IRA members provided methods to prevent future IRA attacks and penetrations.
- Much can be learned from the following comments on how we can better perform our Intelligence mission.
Intel Needs to be Compartmentalized
- Friendly (IRA republican militant) intelligence needs to be constituted in a better manner and be more prepared as compared to the rivals.
- They need to be arranged into cells, where each party has restricted knowledge about the other, so that they are adequately protected.
Individuals that can Recognize Terrorist Need to Be Assessable
- Friendly agents and informers with good contacts should be situated at all communication and transportation channels and other organizational (trade union) and infrastructure administrative areas.
Analysis of Enemy Intelligence
- An analysis of enemy intelligence should be carried out to understand them from every aspect.
- This will enable them to secure their personal resources and exploit the weaknesses of the rivals.
Intelligence Officers are Valuable
- As a key guiding principle, it was pointed out that even though it was very easy to replace the fatalities from the enemy soldiers, the intelligence agents and spies who backed British efforts were very valuable resources and it would be very difficult or impossible to substitute them.
Protect IRA Intel Assets
- The IRA intelligence should give priority to recognizing important intelligence personnel at both the individual and group level whose loss would prove to be very damaging for them.
Threats to Intel Agents
- After enemy intelligence agents have been identified, they should be pressurized and forced to suspend their activities.
Execute Police Officials
- The police agents should be executed if they do not give in.
Kill Police that Commit Acts Against the IRA
- Those police and paramilitaries who indulge in criminal activities against the IRA personnel or support harsh measures should be eradicated even when the incident occurred a long time back.
Well Planned Attacks
- Prior to the assassination, layouts, plans, timing and personal characteristics of the target should be thoroughly studied.
- This kind of extreme secretive assassination section also provided ways for getting rid of the weapons used.
Visual Recognition of Police
- To facilitate movement and reduce suspicion, individual members should encourage visual or other recognition with British or non-republican point of view.
Confidentiality
- It needs to be made certain that utmost confidentiality is maintained while enlisting.
- Prevent individual guerrillas from becoming aware of the identities of more than a certain number of compatriots. Also, the knowledge about planning and organization, which is “an essential A-B-C of urban guerrilla security”, should be restricted.
Don’t Carry Information
- It should be ensured that there is no negligence, in discipline and lack of vigilance.
- Documents, marginal notes addresses, telephone books biographical information, maps and planning materials should not be carried at any cost.
Rules Must Be Enforced
- All the required information should be instilled in memory.
- Those allies who infringe rules once should be corrected, however if they make these mistakes again, they should be punished.
Stay on the Move
- Always be on the move and stay cautious so that police cannot identify the location.
Develop Assets to Report on Police
- Obtain information about police and security movement, activity and strength on a daily basis.
- In the event of detention, security and silence needs to prevail, especially with respect to the identities or locations of the insurgents.
Operational Security is Crucial
- By and large, the most crucial lesion for guerrilla security regarding the prevailing threat is to never permit any violations in security measures nor show any negligence in their implementation.
CI Functions
- Several CI reflections, in addition to particular treatments of the subjects that directly fall under the CI domain are interlinked through instructions and fundamental tradecraft.
- Some of these reflections have been discussed below, being essentially derived from Military Studies but also widely dealt with in other sources.
- These considerations are meant to determine the scope of the CI functions taken into account.
Keeping Secrets and Concealing
Information: The significance and challenges faced when protection information is considered, as well as using codes and ciphers.
Through this practice, those who know operational details are prevented from sharing this knowledge, even with their spouse and closest colleagues.
Counter Surveillance
- Surveillance. Friends and foes are both considered as well as the different kinds and means employed.
- Several tradecraft topics which are linked to surveillance practices in different situations are also taken into account, for instance, becoming familiar with the area and target, flow of traffic, and the places where police stations and security centres are situated.
Recruiting and Testing New Recruits
- Recruiting, Evaluating and Training. This is a process that consists of several CI sensitivities; hence it receives the same amount of importance as several other insurgent groups.
- The jihadist recruit should possess the following characteristics: intelligence and vision, watchfulness and prudence, ability to survey, analyse, take action, change locations, and stay hidden, maturity, and the capacity to keep secrets.
- The different ways in which recruits can be “tested” for trustworthiness and competence are also considered, as well as the specific procedures through which agents who will be working for the sake of the movement will be enlisted.
Protecting the Cells Funds
- Financial Security Precautions.
- The issues regarding handling and management of operational funds are also considered which include the requirement of keeping the location secret and preventing the safeguarding of money in a single location.
Protecting Forged Documents
- Protecting Documents, Forged and Real.
- This dimension pertains to the security of all documents and being completely familiar with them in case one encounters interrogation about the relevant documentations. In addition, there needs to be tradecraft-like strictures with respect to travelling to a country which allegedly issues the forged passport being used.
Don’t Carry Multiple ID
- Care with Aliases.
- In those areas where operation is generally carried out, one should prevent having multiple identities.
- Also, the names of group members should be compatible.
Briefing Members on Interrogation Techniques
- Arrest and Interrogations. This pertains to the different kinds of interrogations as well as physical and psychological oppression which a mujahid might have to face.
- It also considers the different ways in which he should act in order to make the charge that he was tortured and demand that this fact be included in official records of his interrogation and imprisonment.
Safe Houses
- Security for Facilities from Infidel Surveillance and Actions.
- Safe houses and other facilities, mainly in urban localities, need to be carefully chosen.
- The selection entails appropriateness, entry and exit routes, as well as emergency escape routes and hidden places within these facilities which provide areas for hiding documents or other sensitive things.
Communication Security
- Communications Security. This element pertains to giving attention to the means and risks associated with maintaining telephonic contact, conducting personal meetings, delivering information through messengers, letters, facsimile machine, wireless communications, TV and radio.
Defensive CI Practice
- Insurgent forces make significant attempts in preventing the enemy [POLICE] from obtaining knowledge about its leadership, organization, support system, planning and location.
Cases:
- Many important defensive CI concerns were presented by Carlos Revilla Arango in his significant article “Insurgent Counterintelligence”. Amongst these was the prevalent need to have compartmentalization, vigilance in enlistment, communications, and protection of identities, implementation of control over cadres and other important areas and creating identification with others.
“Insurgent Counterintelligence”
- Establishing agent networks, guarding information, (especially the recognition of guerrillas and attainment of rosters that the Japanese diligently looked for), securing different means of communication and short-listing of recruits.
- Permitting the development of some kind of unexpected and unanticipated action which would have a negative impact on the operations.
- Recognizing the spies and informants and handling them appropriately.
Tupamaros Insurgent Group
Utilize “War Names” or AKA
- The Tupamaros Insurgent group were divided into cells which had two to six members, and each member in the group was not aware of the real identities of the other member (they referred to each other using “war names” or aliases). The leaders of each cell reported to a hierarchical leadership and they either had combatant/commando duties or support duties of different kinds. If a single member or leader was arrested and successfully questioned, there were little chances of the whole cell or even most of the members being detained. Cells of the “support” kind mainly dealt with intelligence matters, however, all constituents formed their personal contacts and sources, whatever their orientations were.
Recruit Only Those you Know
- Recruiters depended on the personal contacts of the recruits, extensive application information and background checks with neighbours, friends and others.
- This would reduce chances of compromise by allowing informants to enter the structure.
IRA’s Michael Collins
- The main objective of the intelligence organization of Michael Collins was to gather important information using its vast network of well-located typists, clerks, businessmen, policemen, waiters, desk clerks, transportation workers and others who managed to obtain the most sensitive internal information from the British security along with other external information that was important too.
- There were limited technical ways of achieving this objective; however, they were all employed.
- Using this information, the Volunteers (IRA) operational force could attack and eradicate the intelligence forces as well as those personnel who played a vital role in the British intelligence-collecting process.
Michael Collins “Brain Centre”
- Every Volunteer organization had a devoted intelligence official who was managed by a brigade intelligence counterpart, an arrangement which made it possible to achieve this objective. The latter was headed by the official who was responsible for managing the daily activities at the Volunteer intelligence headquarters, which was supervised by Michael Collins.
- The intelligence HQ was also referred to as the “Brain Centre” and the main staff members were called the “Inner Circle”. The subordinate officials were responsible for hiring agents and informants who would provide information to the HQ which would be used in the targeted operations of important intelligence officials. The intelligence officials at the HQ were assigned particular business domains regarding which they had to collect information and analyse and also combine and analyse disjointed information.
Conclusions
- There are variations in the guerrilla movements discussed here with respect to historical background, objectives, ideology, religion, race, resourcing and sophistication. However, majority of the groups have to work in an environment characterized by hostility and violence which means that the insurgent, regardless of his background, “lives in a world of security arrangements and survives by observing them” The insurgency is compelled by government intelligence and security measures to “carry out rigorous security examinations, rearrange components, relocate assets, alter its communications or re-educate its membership”. These are in addition to other actions which need constant supervision to ensure safety from any kind of disaster.
- Even though the groups are distinct from each other in their nature and places of operation, when they face similar problems, they come up with analogous counterintelligence responses, as has been seen from the earliest of times. Such common ideas are executed because of the widely accessible information pertaining to the techniques, common sponsors and instructors from past and present and the examinations of the CI requirements by guerrilla groups.
Defense Element and Guidelines
- There are both offensive and defensive elements of the counterintelligence responses of the guerrillas.
- Either of the elements is not perceived to be sufficient for granting the operational autonomy and security which is needed for engaging in active plans.
- With respect to the defensive element, extensive guidelines which address general conduct in addition to particular operational security requirements are sometimes formulated and added in recruitment and training sessions.
- Background and character assessment methods may be employed by the more experienced groups.
Terrorist Use Trade Craft
- These approaches might be as rigorous as the government security inspection or even more than that, provided the outcomes.
- Insurgent and terrorist groups are quite vigilant in securing their locations, abilities, methods of planning and objectives from existing and prospective opponents.
- In fact, some groups have become quite systemized in the practice of deception, cover story forgeries, forged papers, fake identities and several other tradecraft practices and use them proficiently.
Informants Executed
- Majority of the guerrilla organizations are constantly feeling the serious and sensitive threat of infiltration and treachery.
- In order to survive, these organizations need to conduct loyalty tests from time to time and also have vigilance approaching paranoia.
- European, Latin American, Asian, Middle Eastern and African groups provide rich examples, however, once informants or agents are identified, they are almost always executed during the process.
- In some groups, the punishment for treachery is very severe with the disloyal member being subjected to extreme torture and violence.
Sever Punishment for Betrayal
- These provide strong examples to others who might think about betraying.
- The security guidelines and processes are often kept as written documents.
- These guidelines serve as a means of training and reference for the guerrillas.
- At times, these serve as the norms of normal fraternal or social organizations which have incorporated huge doses of violence, fraud and uncompromising hate.
Targeting Members of Police
- Guerrilla counterintelligence, in its most extreme form, seems to infiltrate susceptible areas of the government, military and police intelligence organizations, all of which are the offensive elements.
- They also include buying, blackmailing or forcing members, and sometimes targeting certain individuals or any other member and murdering them.
Michael Collins Techniques are Still being used Years Later
- The historical approaches like the ones employed by Michael Collins eight decades ago appear to be ancient history, however, the approaches employed by Israeli Mossad against certain Islamic terrorist heads and those that are used by the terrorist groups themselves prominently exhibit similarity with respect to the process and method used. The jihadist literature especially stresses focused study and evaluation of military, government and police intelligence. However, guerrilla and terrorist groups, as well as organizations like criminal motorcycle gangs and animal rights supporters have made attempts to study and anticipate the methods employed by their opponents.
Targeting of CI Officers
- Targets on state intelligence and security agencies by the guerrillas may turn out to be a greater portion of insurgent activities.
- The safety of the terrorist and insurgent groups has become vulnerable and operational liberty is becoming more restricted because of the analytical tools, surveillance, interceptions abilities and, more broadly, the technological development of the government.
Eradicating Intelligence Officials by Assassination
- Michael Collins supported with some success that eradicating an enemy intelligence official by force or assassination not only discourages the security forces, but it also develops greater disinclination amongst the population to oblige with the state agencies. When viewed from this angle, what the state or its residents rightly label as a terrorist act or coldblooded execution may, in the guerrilla insurgent’s view, actually be a “rational” counterespionage approach. An understanding of this perspective is important in addition to a complete comprehension of the objectives of guerrilla and the CI planning.
The Oldest Intelligence Techniques Still Work
- An evaluation of intelligence in war was carried out by Keegan more than 200 years ago. In his study, he found that the dispersed, networked insurgent/terrorist groups faced a lot of threat which made him believe that it would be productive to revert to the techniques “which have come to appear outdated, even ancient, in the age of satellite surveillance and computer description” for carrying out intelligence/counterintelligence missions. He found that there were benefits which could be obtained “only by returning to the oldest of all intelligence techniques, direct and personal counter-espionage”
Red Teaming Methods
- However, it is easier to support these ideas rather than execute them in a CI sense. These ideas are all excellent in a variety of ways and are reflected to some extent in the existing US military’s stress on language and regional studies, culture intelligence programs, red-teaming methods, “human terrain system” development, and other attempts to encourage skills pertinent to human intelligence.
Shadow Battles
- These issues increase the intricacy of the CI “shadow battles”, as has been referred to by a particular specialist.
- Those insurgents and terrorists, who are recruited in counterintelligence areas, as well as all others, are aware of this and also understand it to some extent.
- Majority of the governments place a lot of importance on the technology gaps for intelligence and information management.
- In certain cases, there is a decrease in this gap, particularly for those groups who have access to hardware and software resources.
- Insurgent counterintelligence has successfully integrated the latest developments in time-based frameworks in the past few decades.
Blunders Often Cause Vital Loss
- Even though “CI wisdom” has a long history of thousands of years, and has incorporated most of the modern developments, insurgents still face several drawbacks due to the continuous pressure.
- Most of the times, these are huge blunders because of which influential leaders are lost, as well as places of operations, important information, and other psychological setbacks.
Internal Conflicts
- The insurgent CI mechanisms are deemed to be weak due to indiscipline and negligence, unpredictable morale, internal conflicts, worsening objectives, motivation (including criminalization) and pure bad luck as had been warned by Alberto Bayo almost 60 years back.
Arango
- These blunders can be exploited by the counterinsurgent governments and spies, who can also develop them if they are well prepared and show perseverance, as is apparent from the history.
- Arango, a CIA officer, studied both the insurgent and the counterinsurgent CI issues and found out the approach which is most successful: active CI officers who possess carefully generated information and have constantly investigated their guerrilla opponents.
Analogous Methods
- They officers are aware of their ideology and tradecraft and carefully develop a CI plan of action, analytical drudgery and other hostile actions so that they can increase chances of insurgent failure.
- However, there is continual threat of those insurgent and terrorist CI plans that are based on analogous methods, have the same objectives and may be executed with a lot of effectiveness.
Terrorist Ideology
- In an insurgent network there is ‘’ideology’’ at the top of the hierarchy. Ideology gives birth to ‘’strategic objectives’’ and each of these strategies , after more refinement and evaluation leads to a ‘’plan’’ wherein resources are dedicated , that is put to use in the most optimum fashion to achieve the desired results.
NOTE: Tactics are Methods
- There is a plane between strategy and tactics.
- Tactics is the collective name for ‘’methods’’ of engaging, employing or maneuvering resources in a conflict on in a battle.
- This plane is known as ‘’doctrine’’. The doctrine, in addition to other variables drives the plan.
How Does the Public See Them
- The doctrine lays out how operations were conducted by this group in the past, not only ops but all facets connected with the movement, how other similar groups from our country or other countries performed and a critical study of their success and failures and how ‘’legitimate’’ are the actions of the insurgents in the eyes of the media and public.
- At this point ‘’legitimacy’’.. that is the governments views about the movement does not take precedence over that of media/public.
Plotting the Tactics
- It surely will factor in the long run but for immediate purposes a tactical win, say a successful attack on the security forces given wide publicity by the media and jeopardizing the prestige of the government before the public due to its failure.. this is more important.
- In addition to providing a focus for planning it also lays out the tactics. A tactic is a specific/specialized element of a mission but we can have an array of tactics to achieve a general objective , like repeated tactical operations in order to overwhelm the media with news of insurgent activity.
- When tactics are added up the plan leads to the formation of a ‘’plot’’. Tactics form the repository of the group which contains rehearsed/practiced actions making up the modus operandi. One or more members of the group are specialized in the usage of a specific tactic.
Military Skill Sets
- These specific skills can cover expertise in weapons and explosives, map reading, deception, intelligence and counterintelligence, psychological operations, sabotage, surveillance and counter surveillance, photography and forgery in document preparation, medicine and first aid, propaganda, target selection and assessment, hand to hand combat, couriers to name a few.
Deny their Desired Objectives
- The crux of the matter is we must dedicate all our efforts to detect this ‘’plot’’, prompt the insurgents and hence deny them their desired objectives and destroy our target which can be the insurgents themselves or any other variable associated with their intended plot.
- We must also, and this is more important in counterinsurgency, leave room to exploit the enemy to our advantage using counterintelligence techniques. From the above it is clear that to detect, deny, exploit and destroy we need intelligence and counterintelligence and without these two, however much we pitch in our military might we can never succeed to eradicate the movement.
Insurgent Intelligence
- Insurgents place heavy reliance on gathering intelligence.
- They use all means necessary, i.e. informants, double agents, surveillance, to further their collection of vital intelligence.