HLSS523Wk7

profileRawono1
ChallengingtheLoneWolfPhenomenoninanEraofInformationOverload.pdf

Full Terms & Conditions of access and use can be found at https://www.tandfonline.com/action/journalInformation?journalCode=ujic20

International Journal of Intelligence and CounterIntelligence

ISSN: 0885-0607 (Print) 1521-0561 (Online) Journal homepage: https://www.tandfonline.com/loi/ujic20

Challenging the “Lone Wolf” Phenomenon in an Era of Information Overload

Avner Barnea

To cite this article: Avner Barnea (2018) Challenging the “Lone Wolf” Phenomenon in an Era of Information Overload, International Journal of Intelligence and CounterIntelligence, 31:2, 217-234, DOI: 10.1080/08850607.2018.1417349

To link to this article: https://doi.org/10.1080/08850607.2018.1417349

Published online: 26 Mar 2018.

Submit your article to this journal

Article views: 3298

View related articles

View Crossmark data

Citing articles: 2 View citing articles

International Journal of Intelligence and CounterIntelligence, 31: 217–234, 2018 Copyright © Taylor & Francis Group, LLC ISSN: 0885-0607 print/1521-0561 online DOI: 10.1080/08850607.2018.1417349

AVNER BARNEA

Challenging the “Lone Wolf” Phenomenon in an Era of Information Overload

The phenomenon of individual Islamic terrorist attacks (“Lone Wolf”) taking place in Europe, the United States, and Israel raises questions about the ability of intelligence agencies to prevent such deadly assaults. Dealing with unexpected attacks by “lone wolves” has been made even more problematic by the return to Europe and the U.S. of extremists who have received training in terrorism from the Islamic State of Iraq and Syria (ISIS) and from other terrorist organizations based in Syria and Iraq. The general public’s fear of terrorism remains high, while attempts have been made, primarily by extreme right-wing politicians, to exploit that fear for their own political advantage.1 This factor may, in turn, be giving terrorists greater incentives to act.

Western intelligence services claim that they have significantly upgraded their knowledge and systems for discovering and countering security threats, and have improved their coverage of ISIS.2 Yet, the concern is whether individual terrorists, operating in the digital age of information overload, are identifying weaknesses in intelligence organizations and

none defined

Dr. Avnea Barnea is a research fellow at the National Security Studies Center, The School of Political Sciences, at the University of Haifa, and lecturer on “Counter Intelligence in Democratic Societies” in the Department of Political Science at The Hebrew University of Jerusalem. He is the head of the special program on competitive intelligence, corporate security, cybersecurity, and crisis management in the MBA program at Netanya Academic College, Netanya, Israel. Dr. Barnea is a former senior officer with the Israeli Intelligence Community.

217

taking advantage of them. Is this then a new phenomenon—of the Lone Wolf, a Black Swan3—whose attacks are almost impossible to predict and prevent?

Assessment of the effectiveness of intelligence agencies in preventing terrorism, especially those of lone wolf’ attacks, is difficult because the study of counterintelligence gets little scholarly attention, somewhat as a result of exaggerated secrecy limitations. The issue then is whether assessing the extent to which the advanced measures, developed over the past decade in the field of information which were designed to stop “classic” terrorist attacks, are effective against today’s type of terrorism. I hypothesize that these advanced measures are not effective against lone wolves.

STUDYING COUNTERINTELLIGENCE

In 1949, in the United States, Central Intelligence Agency (CIA) analyst Sherman Kent introduced the triplicate framework within which to consider the issue of intelligence as knowledge (information), activity (measures to be taken), and organization (developing resources to enable activities).4 Following Kent’s terms, counterintelligence is not just an activity or organization but also knowledge and it is based on a solid methodology. To Kent, the need is obvious for counterintelligence information (knowledge) for use in taking counterintelligence measures (activity) and for devoting resources to make these tasks happen (organization).5

An early definition of counterintelligence developed in the U.S. government in the 1950s states that counterintelligence is

the knowledge for the protection and preservation of the military, economic and productive strength of the United States, including the security of the Government in domestic and foreign affairs against or from espionage, sabotage, subversion and all other (similar) illegal acts designed to weaken or destroy the United States.6

Sherman Kent divided counterintelligence into two parts: domestic security intelligence and foreign security intelligence. Later, counterintelligence was divided into information control (including security clearance and security of documents); physical security (guards systems and alarms), and area control (border control and restricted areas). Quickly becoming clear was that counterintelligence required mainly covert activities, such as the detection of threats of espionage, terror, and subversion. Also involved were investigation for finding evidence of such threatened activity and research, which interpreted and organized the information so that it could

INTERNATIONAL�JOURNAL�OF�INTELLIGENCE�

218 AVNER�BARNEA�

be properly utilized. Counterintelligence was then clearly based on the process of the Intelligence Cycle7 with very few modifications.

After World War II, counterespionage became the focus of counterintelligence,8 but this changed after the collapse of the Soviet Union in 1991, and the attendant decline of espionage threats, which marked the end of the Cold War and the beginning of the democratization of Eastern Europe.

THE POST-9/11 ERA

Since the beginning of the 21st century, and particularly after the terrorist attacks on New York City and Washington, DC, of 11 September 2001 (9/11), the increase in worldwide terror has changed the face of counterintelligence so that preventing terrorism has now become the major security goal of the Western world. The United States and other Western countries for a long time delayed the diverting of their efforts toward counterterrorism, especially Islamic terrorism, and to building internal cooperation among both their various intelligence agencies and with law- enforcement organizations and legal systems. This task is still incomplete, as such a change in focus demands constructing new intelligence capabilities in personnel, in organizational structure, and in technologies, including dedicated information systems.

Research has yet to come to grips with the change in focus from counterespionage to counterterrorism.9 Most studies of counterterrorism fail to recognize how counterterrorism intelligence issues differ from traditional intelligence issues, and they also ignore the vital role of intelligence in making its efforts successful.10 In fact, conducting counterterrorism intelligence now relies heavily on targeted signals intelligence (SIGINT), liaison relationships, document exploitation, and interrogations—factors that have been frequently overlooked, as they are not as important as in conventional intelligence.

While counterterrorism intelligence is mostly focused on stopping terrorist groups and networks, some independent and other groups have drawn strength from state sponsors,11 and a new layer of terrorism has appeared: the “Lone Wolf” phenomenon. The regular tools used by counterintelligence against terrorist cells cannot prevent lone wolf attacks.

The “Lone Wolf” terrorist phenomenon is enormously challenging to counterterrorism agencies worldwide. During the past 15–20 years of intensive combat against terrorism, capabilities for gathering huge amounts of open source intelligence (OSINT) has led to remarkable improvements, but they have not created enough of an advantage to enable counterintelligence organizations to halt terrorism.

AND�COUNTERINTELLIGENCE VOLUME�31,�NUMBER�2�������������������������������������������������������������

CHALLENGING�THE�“LONE�WOLF” PHENOMENON� 219

Given that the West’s principal fight against terrorism continues to be waged in Europe, that the European Union’s (EU) objectives and strategies have only recently received due attention in the relevant academic community is remarkable. The EU has been approaching counterterrorism in many ways, such as increasing the exchange of information between police and intelligence agencies, protecting critical infrastructure, developing external action, enacting counterterrorism legislation, controlling European borders, and fighting against terrorist recruitment and financing. All these actions are steps in the right direction, but taking them earlier would have had a far greater impact.12

Notably, among the world’s nations, Israel has a long experience with efforts at preventing terrorism, mainly internal, but also foreign. As a result, Israel has been at the forefront of designing counterterrorism programs since the early 1970s.13 Yet, despite having developed both offensive and defensive modus operandi with high rates of success, Israel has also been unable to completely prevent terrorism14

“LONE WOLF” ATTACKS: THE DEVELOPMENT IN TERRORISM

A significant number of the recent terrorist attacks carried out in France, Germany, the United Kingdom, and other Western European countries, as well as in the United States and Israel, belong to the pattern of “Lone Wolf.”

A “loner” or “lone wolf” is an individual who performs an act of terrorism independently: he (and occasionally, she) is generally not part of any organization, and sometimes acts spontaneously. Rarely sharing his suicide intentions with others, he will sometimes leave a message of final farewell on the Web before acting.

Recent lone wolf terrorist attacks in Europe, the United States, and Israel can be divided into four categories, determined by the relationship that the “loner” had with Islamic terrorist groups:

1. The individual had previously been in contact with a terrorist organization, but at the time of committing the attack, he was not part of this terrorist infrastructure. An example of such individual would be someone returning to Europe from the Middle East or a refugee who had arrived after having once fought for ISIS or other Islamic organizations in Syria and Iraq.

2. The individual had been in contact with virtual operators via the Internet, usually through social media platforms of Islamic groups.

3. The individual had had diverse virtual connections with extremist Islamic groups and was influenced by them, but had not received direct instruction to execute an attack.

4. The individual had acted without any contact with extreme Islamic networks and without anyone’s guidance, but rather was incited by his own distinctive distress.

INTERNATIONAL�JOURNAL�OF�INTELLIGENCE�

220 AVNER�BARNEA�

Important to note is the opinion of many that there is no lone wolf phenomenon,15 but rather that individual Islamist terrorists are always linked to such terrorist organizations as al-Qaeda or ISIS. This view contradicts a careful analysis of these attacks.

In the ongoing “Intifada of Knives” in Israel, which began in October 2015, the stabbing attacks are frequently done by lone wolves, as well as by “classic” terrorists who are members of organized cells. In 2016, when discussing this “Intifada of Knives,” Israel’s Chief of Staff, General Gadi Eizencott, said: “There were no warnings about suicide stabbing attacks. Israel faced 101 such events in the past three months, but we did not have even one single warning.”16 The situation in Israel has not changed substantially since then; lone wolves are a serious concern to counterintelligence officials.

THE PHENOMENON OF “LONE WOLF”

The phenomenon of “lone wolf” attacks is not new. Most political murders in history, or attempts, were carried out by terrorists who acted alone. The assassinations of President Abraham Lincoln, President John F. Kennedy, Senator Robert F. Kennedy, Swedish Prime Minister Olaf Palme, the Rev. Martin Luther King Jr., Prime Ministers Indira Gandhi and Rajiv Gandhi, as well as the attempted murders of President Ronald Reagan and Pope John Paul II, were carried out by lone wolves. (The assassination of Israel’s Prime Minister Yitzhak Rabin is not included because the assassin, Yigal Amir, had at least one partner involved in his plan.17) Another example of a political lone wolf attack was by Timothy McVeigh who, in 1995, set off a bomb in front of the Federal Building in Oklahoma City killing 168 and wounding hundreds. Although he received assistance from Terry Nichols in building the bomb, McVeigh acted essentially alone from that point on.

Recently, every jihadist terrorist attack by “lone wolves” has managed to surprise the intelligence organizations.18 The 22 March 2017 strike in London on the Westminster Bridge near Parliament led to four deaths, with dozens more injured. The perpetrator, Khalid Masood, was a British citizen and convert to Islam.

Although this is an era of increased information transparency, in which much of what happens in the public sphere, including radical activity, is known and shared,19 counterintelligence organizations have not usually known about the intentions of “lone wolves.” Even when they have been somewhat familiar with the perpetrators, the security authorities have failed to prevent the attacks because these “lone wolves” operate on the peripheries of Islamic religious group terrorist activity. In response to public criticism taking them to task for their lack of success, police

AND�COUNTERINTELLIGENCE VOLUME�31,�NUMBER�2�������������������������������������������������������������

CHALLENGING�THE�“LONE�WOLF” PHENOMENON� 221

officials have tended to reply that they often rely on information released by the intelligence agencies. They claim to have difficulty receiving focused intelligence warnings, especially about the intentions of “lone wolves,” despite the huge resources devoted to dealing with this challenge. Britain’s security services have revealed that, in the UK alone, they were monitoring over 3,000 people suspected of having intentions to commit terrorist attacks.20 This large number has raised serious questions regarding the extent and effectiveness of the preventive measures taken by the UK’s intelligence community.

The difficulties seem to stem from the fact that after the process of filtering suspicious information by the intelligence agencies, many potential terrorists fit into a broad pattern of threatening behavior with dangerous personal profiles, but the agencies have little or no ability to focus on specific human targets. As a result, intelligence organizations are too often helpless. Various security programs to identify potential terrorists such as “Contest,” used by British intelligence,21 unfortunately feature more “noises'” than “signals,” and do not provide quality preventive intelligence.

Post-mortem analyses conducted by Western intelligence agencies after terrorist attacks have usually brought to light information about superficial contacts that terrorists had had with various suspicious parties, including extreme Islamist factions. Despite this awareness, the terrorists usually do not give specific advance warnings of their intentions and leave the security people to react to events instead of preventing them.

A year ago, ISIS uploaded a video to the Internet called “Message to the Lone Wolves,” urging terrorists to declare their support for ISIS, but warned them not to be in direct contact with its known members prior to making a terrorist act for fear of premature exposure. Likewise, Omar Hussain, a British citizen and a key operative of ISIS in Syria, praised the “Warrior acting alone” in the West.22

IDENTIFICATION OF TERRORISTS’ THREATS

General Aharon Yariv, a former commander of the Israeli Military Intelligence and later a Cabinet Minister, has emphasized that a key factor in a dedicated counterintelligence organization is the prevention of terrorism. General Yariv added that “unlike a classical battlefield, where composition of intensive military resources can achieve a victory, targeted intelligence is a critical factor to win against terrorism.” Yariv emphasized that counterterrorism is based on targeted intelligence, which enables both the stopping of attacks in time, and the damaging of the terrorist bases and operatives that activate terrorism. He noted the importance of seeking to prevent threats through a thorough monitoring of terrorist cell

INTERNATIONAL�JOURNAL�OF�INTELLIGENCE�

222 AVNER�BARNEA�

members, including their personal connections, especially those known individuals who tend to guide and direct such activities.23

For many years, the implicit assumption was that terrorism was carried out in secrecy by small groups (cells), acting under exact instructions from senior operatives who supported them by providing logistical and operational back-up and ideological guidance. This “theory” of terrorism asserted that the chances of the successful implementation of attack plans were higher if they were conducted by small groups, rather than by individuals. Terrorism, the theory claimed, relied on strong secrecy and discipline, a variety of capabilities, absolute authority, and the ability to make modifications in programs, including last-minute changes in selected targets.

In meeting this goal of monitoring cell members, various dedicated information technologies that can identify and analyze hidden connections between terrorists and suspects, based on their actions taken in the digital space, have been shown to be effective. For example, hidden connections have led to the discovery of terrorists’ intentions and have thus generated timely warnings. Notably, the chances for preventing terrorist attacks through these technology systems have been higher when attacks came from small terrorist cells. When one suspect was detected, it was possible to quickly reach other suspects in the cell connected with him, usually without his knowledge, based on information gathered from the virtual space24 and communication devices used by the terrorist. Human intelligence (HUMINT) gathered by means of agents’ personal contacts has always been considered a very significant complementary factor; its contribution was often critical in terrorist prevention, even more so than information from technological systems.25 But HUMINT alone has had difficulty penetrating these small clandestine cells as they are highly compartmentalized.

While monitoring terrorist cells has been very difficult, the technological breakthroughs made by specialized information systems have led to an improvement in the availability of early warnings about potential terrorist activities. Counterintelligence organizations have lately gained a significant advantage over terrorist organizations, especially since the transition to digital communication and the use of Big Data platforms.

Beyond extracting information passing through the Internet and high- speed processing of large volumes of data, digital communication and Big Data have enabled new capabilities, such as identifying complex relationships between people and other entities (e.g., locations, vehicles, financial transactions, bank accounts, credit cards). In turn, this has enabled counterintelligence to discover activists directly connected to other suspects (the “first generation”), and thereby increasing the chances of successful counterterrorism. Digital clues about potential hazards often

AND�COUNTERINTELLIGENCE VOLUME�31,�NUMBER�2�������������������������������������������������������������

CHALLENGING�THE�“LONE�WOLF” PHENOMENON� 223

on-line (and immediate), can quickly locate additional connections, isolating those that seem suspicious and can focus on identifying individuals’ intentions to harm.

Thus, intelligence targets have been monitored through various measures to find out more about their intentions and abilities. American National Security Agency (NSA) intelligence officer Edward Snowden, who defected from the United States and is now living in Russia, plainly described the tremendous technological efforts invested in the United States and in Britain in thwarting terrorism.26 He noted that, while intelligence gathering and countering the actions of groups (cells) have had a “track record” of success, there have been such few successes in identifying “lone wolf” suspects, due to the absence of focused information. The result has often been endless amounts of information with almost no effective operational options. According to Snowden, no correlation was found between additional information and the rate of the effectiveness of counterintelligence efforts.27

In addition, Snowden’s revelations, exposing the huge volume of monitoring by the U.S. Intelligence Community on its Western allies, undermined trust and cooperation between U.S. intelligence organizations and the European intelligence services in their efforts to prevent terrorism.28

DEDICATED INFORMATION SYSTEMS FOR COUNTERTERRORISM

Developed about 20 years ago, Link Analysis is an information systems tool29 that was originally created to facilitate a faster transfer of information through the telecommunications infrastructure. Later, it was adapted for other areas, such as analyzing information and building contextual links in order to enhance human capabilities to better understand the essence of huge volumes of information in business, mainly in marketing, marketing research,30 and other fields requiring competitive intelligence.31 Law enforcement organizations, including the police, also made extensive use of Link Analysis to prevent criminal activities, especially by organized crime. Among the leading advanced tools were British i2 and applications made by the Israeli software company Svivot. The Federal Bureau of Investigation (FBI) began using Link Analysis in the late 1990s, and the British police gained a significant advantage over criminal organizations that were stunned by the high capacity of this tool.

The concept behind Link Analysis is the theoretical ability to perform automatic links by mapping relevant connections between different pieces of information through various entities without the analysis of their content. It had already existed in the mid 1980s. But only after significant progress within the field of digitations was it possible to apply the theory to an operational tool. Link Analysis was implemented after the 9/11

INTERNATIONAL�JOURNAL�OF�INTELLIGENCE�

224 AVNER�BARNEA�

terrorist attacks in intelligence organizations which had failed to expose and analyze hostile networks.32 According to the official investigation committee of the American administration,33 the NSA had received information just prior to the 9/11 attacks about some of the hijackers and their relationships with al-Qaeda, but failed to produce any intelligence warning to help stop the terrorists (the terrorists had, in fact, trained in flight schools in various locations in the United States). While the American intelligence services had evaluated the significance of the information, they had not followed up by mapping the links among these terrorists, so their analysis, unfortunately, had not resulted in a clear warning. Link Analysis systems are capable of amplifying weak signals’ threats into early-warning operations.34 It continues to be used today for the intensive tracking of counterintelligence targets.

With the development of Big Data systems, special information systems have led to better abilities of particular counterintelligence organizations. Integration of Big Data internal systems with highly sophisticated Link Analysis capabilities seems to enhance the success rate in foiling terrorist activities—an example is British police forces’ efforts against organized crime.35

But these automatic systems are not infallible; when they have been wrong or did not help to target suspects, usually as a result of lack of targeted information, failures in preventing terrorism have resulted. The November 2015 terrorist attacks in Paris that killed 130 people are a good example. French counterintelligence had superficially acknowledged the terrorists’ threat but had been unable to recognize the relationships among the terrorists before the attacks; its suspicions were not aroused. Had it had such knowledge, French counterintelligence could have taken preventive steps.36

Another example of the high reliance on advanced information technology capabilities by British intelligence occurred in 2005, after the Islamic terrorist bombings of London’s public transportation system. The attack killed some 50 people. Only by surprise did British intelligence learn that the terror cell that had carried out the attack had no connections with al-Qaeda. The four terrorists involved had been influenced by British Muslim Websites and by clerics, but had not conducted the attacks on behalf of al-Qaeda as initially claimed by the British authorities.37 The leader of the attackers had been under surveillance by the British counterintelligence agency, the MI5, two years earlier, but the information collected on him did not include his suspicious ties to the other attackers, and did not facilitate the focus on those suspected—information that could have prevented the attacks. Better mapping by the MI5 of the prime suspect’s connections could have created an early-warning signal which would have resulted in their arrest before they carried out their attack.

AND�COUNTERINTELLIGENCE VOLUME�31,�NUMBER�2�������������������������������������������������������������

CHALLENGING�THE�“LONE�WOLF” PHENOMENON� 225

The “Lone Wolf” Exception

While preventing terrorist attacks initiated by networks (terrorist cells) is highly supported by dedicated intelligence information systems, this is not the case in the “Lone Wolf” phenomenon. When the hazards do not originate in the classic configuration of organized terror cells, the advantages of advanced technological tools are far more limited due to the fact that terrorists usually do not receive instructions from an external source. As attacks are now increasingly of the individual “lone wolf” type, Link Analysis tools seem to have lost their power to facilitate early detection (early warning) of threats.

Yet, these tools remain useful for investigation after the execution of “lone wolf” attacks, in efforts to identify collaborators or other operatives connected to the terrorists. The effectiveness of a post-mortem to help avoid the next attack remains low, since its prime strength is to find out more about the recent attack. The fact that ISIS has consistently claimed responsibility for the attacks by “lone wolves” has a cognitive effect of scaring the public, but ISIS’s claiming responsibility does not help prevent the next attack. Regarding the July 2016 attack in Nice, the French authorities discovered in retrospect that the terrorist driving the truck probably had ties with jihadist elements. But this was not learned soon enough: the perpetrator had been careful not to share his intentions with others, and so his ties had not been considered suspect.38 German authorities have reached similar conclusions regarding the vehicular attack by Anis Amri, a Tunisian, in Berlin on Christmas 2016, that killed twelve people and injured 56 others. Amri also had been careful and had not shared his intentions with others.

THE RISE IN SOCIAL MEDIA PLATFORMS

Social media is a major factor in transmitting messages among people. In social media, people are easily exposed to new ideologies, including extremist communications of every kind. The spread of ideas and beliefs passes at great speed from person to person. By means of dedicated information systems, social media monitoring capabilities help to identify people who are undergoing the processes of radicalization. Whether these newly radicalized people are expressing mere opinions and thoughts, or if they have actually begun acting or intend to do so is impossible to know. The monitoring methods and models developed by social network researchers, and the automated tools for gathering online social information for the business sector,39 are also used to construct an intelligence picture to help prevent terrorist recruitment and planning attacks.40

INTERNATIONAL�JOURNAL�OF�INTELLIGENCE�

226 AVNER�BARNEA�

The ability to predict individual acts of terror based on information collected from the social media, as claimed by experts of these kinds of dedicated systems, is highly questionable.41 Some intelligence organizations claim to have identified the secret of tracking potential terrorists through the social media, along with the claims of certain private corporations that supply such tools to these security organizations.42 Without empirical evidence, these claims are highly questionable, considering the complexity of this issue. Considerable difficulty persists in not only assessing the significance of the information flowing through the social networks, but also in identifying concrete intentions for human behavior, and in properly analyzing the complex texts of different languages by automated means. These goals await a significant breakthrough.

Nonetheless, in March 2017, Nadav Argaman, Managing Director of the Israel Security Agency (ISA), reported such a capability for identifying and tracking suspected terrorists.43 A month later,44 more details were disclosed. Through close monitoring of the social media in the occupied territories, the ISA succeeded in arresting 400 potential terrorists, most of whom were detained without a trial. The ISA is apparently combining social media information gathered from open source intelligence (OSINT) with its own data bases, which comprise some 2.6 million inhabitants of occupied Judea and Samaria. Considering that the information in ISA data bases is solid, as a result of extensive monitoring of this population since 1967, when Israel occupied these territories, the biggest challenge is to extract information on suspects from the social media discourse. This is a complex undertaking with a potential for many errors. Since implementing this new tracking system, which is quite similar to systems already put into practice in other Western countries, including the U.S., UK, France, and Germany, Israel has experienced an increase in “lone wolf” attacks, including one in April 2017 that involved the fatal stabbing of a British student. While the ISA nevertheless claims to have reduced the number of “lone wolf” attacks, it has not included the possible effects of other variables that might be leading to a decrease, such as the Palestinian society’s disappointment in the poor political results arising from the “Intifada of Knives,” the lack of outright Palestinian public support for these assaults, and successful counterintelligence efforts by the Palestinian Authority’s security forces. More concrete evidence is required to evaluate the accuracy of the claimed rate of success of the ISA’s new counterintelligence strategy.45

COUNTERING SOCIAL MEDIA’S CHALLENGES

During his visit to Israel, former FBI official Tim Murphy said that he would demand that Facebook, Twitter, and the rest of the social network services

AND�COUNTERINTELLIGENCE VOLUME�31,�NUMBER�2�������������������������������������������������������������

CHALLENGING�THE�“LONE�WOLF” PHENOMENON� 227

stop publishing risky content, and also ask them to identify agitators and potential terrorists.46 This does not seem practical, as Facebook alone has more than one billion, 200 million members, and the amount of information it passes through its servers is endless. To perform quality surveillance is impossible, especially when those being radicalized have learned to hide their intentions and stay “below the radar” for fear of being monitored by counterterrorism organizations. Murphy’s demand to monitor suspicious information on the social networks also seems to lessen the protective responsibility of the FBI and other counterintelligence organizations worldwide. Counterintelligence organizations must build new capabilities; they should not lean on social media platforms to perform the monitoring for them. In 2015 Andrew Parker, head of MI5,47

acknowledged that terrorists and radical elements were aware of the capabilities of intelligence organizations for social network monitoring and were using digital tools, such as encrypted messaging software (e.g., Telegram and WhatsApp). Radicalized Web surfers operate with extreme caution by hiding words and using codes. The use of these tools, known as “Remote Intimacy,” is quite simple and available on the Internet. In fact, ISIS encourages their use48 to recruit and lead individuals to radicalize. Yet, the border dividing online content of religion and ideology and various efforts to recruit terrorists or convince “lone wolves” to act is very complicated. That someone being monitored expresses solidarity with terrorist activities and ideology does not mean that he or she will act. In fact, in most cases, the person probably will not act. Counterterrorism thereby becomes much more challenging.

In the era of Facebook, Telegram, Twitter, WhatsApp, and other social media and messaging applications, to discern the meaning of the relationships among people and to identify networks of secret cells that intend to act is very difficult. Would-be terrorists have changed their methods of action and become very careful in using these open-source tools. Counterintelligence would greatly benefit if ISIS activists who were conducting the attacks could be identified in the social media. However, many of the more recent attacks have been carried out by “lone wolves” who are usually not connected to key recruiters and terrorist operatives or to anyone. Obviously, once counterintelligence organizations succeed in identifying an organized terrorism operator, their work is facilitated and the variety of tools at their disposal that can be operated successfully can make their work relatively easy. But, individual terrorists operate differently, making many of the normal intelligence organizations’ efforts largely futile, as they often act against suspects who actually do not cause harm.49

When the amount of information becomes enormous and continues to expand exponentially, leading to an inability to focus on specific potential terrorists and identify their intentions in time, the chances for success are

INTERNATIONAL�JOURNAL�OF�INTELLIGENCE�

228 AVNER�BARNEA�

not high. A decade ago, a head of MI5 was interviewed about the reasons for the failure in preventing the terrorist attacks of 2005 and 2007 in Britain. He noted that “the security services suspect 1600 people of involvement in terrorism,”50 making it impossible to focus on the few who eventually carried out the attacks. British officials expressed the same sentiment after the deadly terrorist attack on the British Parliament in London on 22 March 2017. The huge number of suspects, approximately 3000 individuals, were on the MI5 list of terrorist suspects in 2017,51 similar to the number of targets revealed by the French internal intelligence agency DGSI after the attack on the Champs-Elysées in April 2017,52 requires a much broader intelligence attention than previously. It is a problem not only of allocation of resources but of creating new capabilities to deal with complex issues, such as tracking “lone wolves,” and working in the virtual sphere with endless pieces of information.

THE BENEFITS OF TARGETED INTELLIGENCE

The number of terrorists identified as “lone wolves” is increasing. The dedicated intelligence information tools developed over many years to identify potential attackers in advance have become less valid and in some cases ineffective, since they are based on the classical modus operandi of terrorism that is not applicable to cases of “lone wolves.” Yet, the more that “lone wolves” succeed in their self-defined missions, the greater the self-confidence of those considering imitating them, which in turn frustrates the intelligence organizations and the heads of state who are accountable for the public security.

Israel has been facing a surprising increase of “lone wolf” terrorist attacks, with approximately 200 since October 2015. Despite its efforts, the ISA has met with extreme difficulty in trying to prevent them—in contrast to its high success rate with “classic” terrorist cells.

The experience in Western countries in the last 15 years shows that responding to counter-terrorism requirements by lowering the sphere of privacy and enlarging the power of legal authorities to treat suspects53 is not providing the expected value. Considerable doubts arose regarding the effectiveness of these “big moves” taken by intelligence organizations, backed up by lawmakers. They do not seem to be leading to more effective early-warning signals.54 Thus, the quality of targeted intelligence apparently remains the most significant element in stopping terrorism.

Intelligence efforts that fail to provide advance warning of terrorist attacks, including attacks by “lone wolves,”55 caused European countries to take further steps to minimize threats, especially after the U.S. did so in the aftermath of 9/11. While public opinion has gradually acknowledged the importance of security, it is still unwilling to take such necessary

AND�COUNTERINTELLIGENCE VOLUME�31,�NUMBER�2�������������������������������������������������������������

CHALLENGING�THE�“LONE�WOLF” PHENOMENON� 229

measures as the closure of borders, the security surveillance of suspicious populations, the denial of citizenship to individuals of concern, and the granting of greater immunity to security forces, because these steps would result in a perceived reduction of freedom and human rights.

The European Union’s new privacy law, General Data Protection Regulation,56 which was to be implemented in all EU countries by May 2018, may make even more difficult the counterintelligence activities of collecting private information about citizens. It also will require more cooperation among intelligence organizations. Yet, this regulation may not help counterintelligence stop terrorism, especially by “lone wolves.” In such cases, attacks might be prevented only by security forces in the field whose quick reaction could thwart an attack before it was carried out.

REFERENCES

1 David Bartal, “What Are You so Afraid of?,” Haaretz Weekend Supplement, 17 March 2017, pp. 56–58.

2 Rukmini Callimachi, “How ISIS Built the Machinery of Terror Under Europe’s Gaze,” The New York Times, 29 March 2016, available at http://www.nytimes. com/2016/03/29/world/europe/isis-attacks-paris-brussels.html?_r=1

3 According to Nassim Taleb, The Black Swan: The Impact of the Highly Improbable (New York: Random House, 2010), a Black Swan is an event, positive or negative, that is deemed improbable yet has massive consequences. Taleb shows that Black Swan events explain almost everything about our world, and yet we—especially the experts—are blind to them.

4 Sherman Kent, Strategic Intelligence for American World Policy (Princeton, NJ: Princeton University Press, 1949), p. ix.

5 Ibid., p. 3. 6 Report of the Commission on Governmental Security (Washington, DC, 1957),

pp. 48–49. 7 According to the Central Intelligence Agency (CIA), the Intelligence Cycle is a

closed path consisting of stages including the issuance of requirements by decisionmakers: planning and direction, collection, processing, analysis, and dissemination of intelligence. Available at https://www.cia.gov/kids-page/ 6–12th-grade/who-we-are-what-we-do/the-intelligence-cycle.htm

8 Roy Godson, Intelligence Requirements for the 1980's: Counter Intelligence (New Brunswick, NJ: National Strategy Information Center, Transaction Books, 1980, pp. 13–30.

9 According to the U.S. Department of State, the National Strategy for Combating Terrorism, “Not only do we employ military power, we use diplomatic, financial, intelligence, and law enforcement activities to protect the Homeland and extend our defenses, disrupt terrorist operations, and deprive our enemies of what they need to operate and survive,” available at https://2001–2009.state.gov/s/ct/rls/ wh/71803.htm. Counter-terrorism incorporates the practice used by governments that are based on intelligence to combat or prevent terrorism.

INTERNATIONAL�JOURNAL�OF�INTELLIGENCE�

230 AVNER�BARNEA�

10 Daniel Byman, “The Intelligence War in Terrorism,” Intelligence and National Security, Vol. 29, No. 6, 2014, pp. 837–865

11 Michelle Van Cleave, Counterintelligence and National Security (Washington, DC: National Defense University Press, 2007).

12 Javier Argomaniz, Oldrich Bures, and Christian Kaunert, “A Decade of EU Counter-Terrorism and Intelligence: A Critical Assessment,” Intelligence and National Security, Vol. 30, Nos. 2–3, 2015, pp. 191–206.

13 Avner Barnea, “The Unique Nature of Humint,” in Amos Gilboa and Ephraim Lapid, eds., Israel’s Silent Defender: An Insider Look at Sixty Years of Israeli Intelligence (New York: Gefen Publishing House, 2012), pp. 207–216.

14 According to a research paper published in 2005, targeted killings and preemptive arrests in Israel, which aimed to reduce the capacity of terror organizations to commit attacks, actually sparks estimated recruitment to the terror stock that increased rather than decreased the rate of suicide bombings. See Edward Kaplan and Alex Mintz, “What Happened to Suicide Bombings in Israel? Insights from a Terror Stock Model,” Studies in Conflict & Terrorism, Vol. 28, 2005, pp. 225–235.

15 Daveed Gartenstein-Ross and Nathaniel Barr, “The Myth of Lone-Wolf Terrorism,” Foreign Affairs, 26 July 2016, available at https://www. foreignaffairs.com/articles/western-europe/2016-07-26/myth-lone-wolf-terrorism

16 Gili Cohen, “Eizencott: Out of 101 Knives Attacks We Did Not Have Even One Warning,” Haaretz, 18 January 2016, available at http://www.haaretz.co.il/news/ politics/1.2824704 (Hebrew).

17 Avner Barnea, “The Assassination of a Prime Minister: The Intelligence Failure that Failed to Prevent the Murder of Yitzhak Rabin,” The International Journal of Intelligence, Security and Public Affairs, Vol. 19, No. 1, 2017, pp. 23–43.

18 Jacob Siegel, “Lone Wolves, Terrorist Runts, and the Stray Dogs of ISIS,” The Daily Beast, 24 October 2014, available at http://www.thedailybeast.com/ articles/2014/10/24/in-canada-the-stray-dogs-of-isis.html

19 Sean Larkin, “The Age of Transparency,” Foreign Affairs, May/June, 2016, available at https://www.foreignaffairs.com/articles/world/2016-04-18/age- transparency

20 Robin Simox, “British Counterterrorism Policy After Westminster,” Foreign Affairs, 28 March 2017, available at https://www.foreignaffairs.com/articles/ united-kingdom/2017-03-28/british-counterterrorism-policy-after-westminster

21 “Contest": A dedicated program by the British Intelligence for the Suppression of Terror, which began operation in 2013, available at https://www.gov.uk/ government/collections/contest

22 Leda Reynolds, “ISIS Recruiter Uses PET CAT to Entice Youngsters to Join Terror Group,” Express, 21 December 2015, available at http://www.express. co.uk/news/world/628560/Islamic-State-recruiter-uses-pet-cat-entice-youngsters- terror-group

23 Aharon Yariv, “The Function of Intelligence in Combating Terror, ” in Zvi Ofer and Avi Kober, eds., Intelligence and National Security (Tel Aviv: Maarachot, 1987, in Hebrew), pp. 335–346.

AND�COUNTERINTELLIGENCE VOLUME�31,�NUMBER�2�������������������������������������������������������������

CHALLENGING�THE�“LONE�WOLF” PHENOMENON� 231

24 Andreas Golovin, “Fundamental Elements of the Counterintelligence Discipline,” Intelligence and Counterintelligence Studies (Hauppauge, NY: Nova Science Publishers, 2009), pp. 1–69.

25 Avner Barnea, “The Unique Nature of Humint.” 26 Glenn Greenwald, No Place to Hide: Edward Snowden, the NSA, and the U.S.

Surveillance State (New York: Metropolitan Books, 2014). 27 Glenn Greenwald, “Members of Congress Denied Access to Basic Information

about NSA,” The Guardian, 4 August 2013, available at https://www. theguardian.com/commentisfree/2013/aug/04/congress-nsa-denied-access. See also Thomas Eddlem, “The NSA Domestic Surveillance Lie,” The New American 22 September 2013, available at https://www.thenewamerican.com/usnews/politics/ item/16580-the-nsa-domestic-surveillance-lie

28 Michelle Flournoy and Adam Klein, “What Europe Got Wrong About the NSA,” Foreign Affairs, 2 August 2016.

29 Philip Klerks, “The Network Paradigm Applied to Criminal Organizations: Theoretical Nitpicking or a Relevant Doctrine for Investigators? Recent Developments in the Netherlands,” Connections, No. 24, 2001, pp. 53–65.

30 Kenneth E. Clow and Karen E. James, Essentials of Marketing Research: Putting Research into Practice (Los Angeles: SAGE Publications, 2013), pp 145–146.

31 Avner Barnea, “Link Analysis as a Tool for Competitive Intelligence,” Competitive Intelligence Magazine, July–August 2005.

32 John Picarelli, “Transnational Threat Indications and Warning: The Utility of Network Analysis,” AAAI Technical Report FS-98–01, U.S. National Security Council, 1998, available at http://www.aaai.org/Papers/Symposia/Fall/1998/FS- 98–01/FS98-01-016.

33 The 9/11 Commission Report Final Report of the National Commission on Terrorist Attacks Upon the United States, Executive Summary, 22 July 2004, available at https://www.fas.org/irp/offdocs/911comm-execsumm.pdf

34 Paul Schoemaker and George Day, “How to Make Sense of Weak Signals,” MIT Sloan Management Review (Spring 2009).

35 Antonio Badia and Mehmed Kantardiz, “Link Analysis Tools for Intelligence and Counterterrorism,” Proceeding, ISI'05 Proceedings of the 2005 IEEE International Conference on Intelligence and Security Informatics, University of Louisville, Louisville, KY, 2005, available at http://citeseerx.ist.psu.edu/ viewdoc/download?doi=10.1.1.93.8703&rep=rep1&type=pdf

36 Rukmini Callimachi, “How ISIS Built the Machinery of Terror Under Europe’s Gaze.”

37 Mark Townsend, “Leak Reveals Official Story of London Bombings,” The Guardian, 9 April 2006, available at https://www.theguardian.com/uk/2006/apr/ 09/july7.uksecurity

38 Daveed Gartenstein-Ross and Nathaniel Barr, “The Myth of Lone-Wolf Terrorism.”

39 Martin Harrysson, Estelle Metayer, and Hugo Sarrazin, “How Social Intelligence can Guide Decisions,” McKinsey Quarterly, November 2012, available at http:// www.mckinsey.com/industries/high-tech/our-insights/how-social-intelligence-can- guide-decisions

INTERNATIONAL�JOURNAL�OF�INTELLIGENCE�

232 AVNER�BARNEA�

40 John Bohannon, “How to Attack the Islamic State Online,” Science, 17 June 2016, Vol. 352, No. 6292, pp. 1380.

41 Catherine Caruso, “Can a Social-Media Algorithm Predict a Terror Attack?,” MIT Technology Review, 16 June 2016, available at https://www. technologyreview.com/s/601700/can-a-social-media-algorithm-predict-a-terror- attack/

42 Jonathan Ferziger and Peter Waldman, “How Do Israel’s Tech Firms Do Business in Saudi Arabia? Very Quietly,” BloombergBusinessweek, February 2017, available at https://www.bloomberg.com/news/features/2017-02-02/how- do-israel-s-tech-firms-do-business-in-saudi-arabia-very-quietly

43 Tal Shalev, “The ISA Director Assesses that More Terrorist Attacks Will Be on Passover,” Haaretz, 20 March 2017, available at http://news.walla.co.il/item/ 3050008

44 Amos Harel, “Israel Arrested 400 of Palestinians Suspected of Planning Attacks after Monitoring Social Networks,” Haaretz, 16 April 2017.

45 An article published in Israel by Or Hirshoga and Hagar Shizaf, “Targeted Killings: The New System to Confront Individuals’ Terror Has Been Exposed,” Haaretz, 26 May 2017, available at http://www.haaretz.co.il/magazine/. premium-1.4124379, states that most Israeli monitoring of the social media against terrorism is done in occupied Judea and Samaria, which are under a military regime. The majority of the suspected terrorists who are arrested are held in prison for a long time without being brought to justice. This situation raises striking questions as to the real effectiveness of these information systems tools.

46 Nehama Doek, “There Is a Need to Kill the Head of ISIS as We Did to Bin Laden,” Yediot Ahronoth, 29 July 2016.

47 “MI5 Boss Warns of Technology Terror Risk,” BBC, 17 September 2015, available at http://www.bbc.com/news/uk-34276525

48 Thomas Tracey, “ISIS has Mastered Social Media Recruiting ‘Lone Wolf’ Terrorist,” Daily News, New York, 17 September 2015, available at http:// www.nydailynews.com/new-york/isis-recruiting-lone-wolf-terrorists-target-times- square-bratton-article-1.1941687

49 Some 20,000 potential terrorists were listed in MI5’s databases in 2017, while only 3,000 of them belong to the short list of extremely suspected terrorists. This may indicate that the British intelligence community has a serious problem in focusing on the “right” targets. Retrieved from http://www.ynet.co.il/articles/0,7340,L- 4968869,00.html

50 Catherine Mayer, “Outnumbered: A London Trial Reveals Why Some Terrorists Will Always Slip Through the Net,” Time, 14 May 2005, p. 25.

51 John Edwards, “A Former MI5 Agent Tells Us Why It’s So Easy for Terror Suspects Like Khalid Masood to Move Around Without Being Arrested,” Business Insider, 23 March 2017, available at http://uk.businessinsider.com/mi5- agent-surveillance-of-islamic-terrorist-suspects-2017-3

52 Adam Nossiter, “Attack on Champs-Élysées Injects More Uncertainty into French Vote,” The New York Times, 21 April 2017, available at https://www. nytimes.com/2017/04/21/world/europe/paris-champs-elysees-gunman.html?_r=0.

AND�COUNTERINTELLIGENCE VOLUME�31,�NUMBER�2�������������������������������������������������������������

CHALLENGING�THE�“LONE�WOLF” PHENOMENON� 233

There are contrary opinions about whether Karim Cheurfi, the gunman killed after he shot a policeman on the Champs-Elysées, Paris, in April 2017, was a Lone Wolf. He had a long criminal record and spent more than a decade in prison for the attempted murder of two policemen. Since, in February 2017, he was already under investigation for terrorism by the French intelligence agency DGSI he could have been stopped in time. This attack was more of an intelligence failure.

53 Claire Adidia, David Laitin, and Marie-Anne Valfort, “The Wrong Way to Stop Terrorism,” Foreign Affairs, 1 February 2017, available at https://www. foreignaffairs.com/articles/2017-02-01/wrong-way-stop-terrorism

54 Glenn Greenwald, No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State. These conclusions are the result of the information received from Snowden, a U.S. National Security Agency (NSA) intelligence officer, who plainly described the tremendous technological efforts in which the United Stated and Britain had invested in seeking to thwart terrorism.

55 Daniel Byman, “How to Hunt a Lone Wolf: Countering Terrorists Who Act on Their Own,” Foreign Affairs, March/April 2017, available at https://www. foreignaffairs.com/articles/2017-02-13/how-hunt-lone-wolf

56 According to the European Union’s new General Data Protection Regulation (GDPR), all Internet companies that collect personal information on the framework of their activity (e.g., Google, Facebook, cyber companies) will be prohibited from maintaining personal information about European citizens, and any of the limited personal information that will be stored in Europe will be subject to European restrictions. In order to obtain personal information, security authorities in each country will have to request specific information about suspects. This will mark a great change to the current situation, in which information is available only to the intelligence organizations in the United States because the leading global companies of social media and the Internet are based in the U.S. For further details see: https://en.wikipedia.org/wiki/ General_Data_Protection_Regulation

INTERNATIONAL�JOURNAL�OF�INTELLIGENCE�

234 AVNER�BARNEA�

  • STUDYING COUNTERINTELLIGENCE
  • THE POST-9/11 ERA
  • “LONE WOLF” ATTACKS: THE DEVELOPMENT IN TERRORISM
  • THE PHENOMENON OF “LONE WOLF”
  • IDENTIFICATION OF TERRORISTS’ THREATS
  • DEDICATED INFORMATION SYSTEMS FOR COUNTERTERRORISM
    • The “Lone Wolf” Exception
  • THE RISE IN SOCIAL MEDIA PLATFORMS
  • COUNTERING SOCIAL MEDIA’S CHALLENGES
  • THE BENEFITS OF TARGETED INTELLIGENCE
  • REFERENCES