Selected Topics in International Terrorism and the Application of Information Technology:

Volume I: Terrorism Tactics, Trends, and Technologies Dr. Bhavani Thuraisingham The University of Texas at Dallas

ABSTRACT This is the first in a series of reports we are writing on International Terrorism and the application of information technology to combat terrorism. We will first discuss the following topics: , Al-Qaeda, and Aviation Terrorism. In particular, we will discuss the facts and give an analysis. Then we will discuss the applications of information technology. The paper is concluded with future directions. Much of the information for the on terrorism tactics and trends is based on the essays I wrote to obtain the certificate in terrorism studies at St. Andrews University in Scotland between January and May 2010.

DISCLAIMER: The Views and Conclusions contained in this report are those of the author (Dr. Bhavani Thuraisingham) and do not reflect the policies and procedures of the University of Texas at Dallas or the United States Government.

1. Introduction Terrorism can be traced back to the origins of mankind. Whenever people formed groups, one group competed against the other resulting in violence and terrorism. As stated in [1], Terrorism is the systematic use of terror especially as a means of coercion . It is also stated that at present, the International community has been unable to formulate a universally agreed, legally binding, criminal law definition of terrorism . Common definitions of terrorism refer only to those violent acts which are intended to create fear (terror), are perpetrated for an ideological goal, and deliberately target or disregard the safety of non-combatants (civilians). There are different types of terrorism. One is single issue terrorism where anti-abortion groups or animal rights groups inflict fear and engage in violence. Another is terrorism due to political violence where one ethnic group fights against another. A third is right and left wing terrorism and the fourth is terrorism due to the differences in religious beliefs. In each type of terrorism, the terrorists create fear and cause harm to promote their beliefs and ideologies. Some of the terrorist groups are random groups, while some are organized and have a central structure while still some others are organizers and have a decentralized structure. Our goal is to apply information technologies to combat terrorism. However, one size does not fit all. In order to effectively apply technologies, we need to understand the way terrorists function, their structure, financial networks, beliefs ideologies and tactics. If the group is predictable, then we need certain types of technologies. If the group is unpredictable, then we need adaptable techniques to detect their activities. This report is the first in a series we are writing on terrorism studies and the role of information technologies. It studies three terrorist groups (Hamas, Al-Qaeda and Hezbollah) as well as aviation terrorism and then examines the role of information technology to combat terrorism. The discussion of the terrorist groups and the information on aviation security was obtained when the author was conducting research on the subject as part of her certificate course in terrorism studies at St. Andrews University in Scotland from January – May 2010. The work on applying information technologies is the author’s research on this topic since September 2001 [2]. We are also motivated by the research carried out at the University of Maryland on modeling the behavior of Hamas [3] and the research at the University of Arizona on the dark web [4]. The work reported in this report is also partially sponsored by the Air Force Office of Scientific Research under the Assured Information Sharing MURI project. Daniel Wolfe (formerly of the NSA) defined assured information sharing (AIS) as a framework that “provides the ability to dynamically and securely share information at multiple classification levels among U.S., allied and coalition forces.” The DoD’s vision for AIS is to “deliver the power of information to ensure mission success through an agile enterprise with freedom of maneuverability across the information environment”. The 9/11 commission’s report has stated that we need to move from a need to know to a need to share paradigm. Our objective is to help achieve this vision and implement DoD’s information sharing strategy [5] by defining an AIS lifecycle and developing a framework to realize it. However, in order to understand the information that is to be shared we need to understand the activities of the terrorists. This prompted us to study the terrorism tactics and modus operandai . This report is divided into two parts. Part 1 consists of three sections 2, 3 and 4. Section 2 describes selected terrorist groups, section 3 describes aviation terrorism, section 4 will discuss other aspects of terrorism. Part 2 consist of two sections 5 and 6. Section 5 provides an overview of applying information technology to combat terrorism and section 6 focuses on data mining, security and privacy. The report is concluded in section 7. Each section is self- contained and has all the references listed at the end of the section.

References [1] http://en.wikipedia.org/wiki/Terrorism [2 Data Mining for Counter-terrorism http://www.computerworld.com/s/article/9064938/Univ._of_Md._launches_data_mining_port al_for_counter_terrorism_research [3] Aaron Mannes, Amy Silva, V.S. Subramanian, Jonathan Wilkenfeld, Stochastic Opponent Modeling Agents” A Case Study with Hamas, http://www.cs.umd.edu/~asliva/papers/SOMAHamas-icccd08.pdf [4] http://ai.arizona.edu/research/terror/ [5] http://cio- nii.defense.gov/docs/InfoSharingStrategy.pdf?PHPSESSID=32930f8f3338d326404ec8dbdab bf41e

Part I: Terrorism Tactics and Trends 2. Discussion of the Ideologies of Selected Terrorist Groups 2.1 HAMAS A. Facts 1. The Group’s Origin After the fall of the Turkish Ottoman Empire, Britain and France took over the southern part of this empire around 1917. Britain named part of the empire British Palestine and this continued until 1929. Around 1929, there was tremendous pressure from the US and USSR to split Palestine for the Arabs and the Jews. Therefore, east of the Jordan River was separated and called Trans-Jordan which is mainly today’s Jordan. The remaining part remained Palestine. Then in 1947, partly due to some terrorist activities by a group called Irgun headed by Menachim Begin (who would eventually become the prime minister of ), Britain, US and USSR brought the matter up to the UN (United Nations) who then divided Palestine into two parts (one for Arabs and one for Jews) consisting of four regions: (i) Gaza was managed by Egypt, (ii) (west of the Jordan River) was managed by Jordan, (iii) managed by Syria and (iv) the remaining part which became Israel in 1948. There was continued antagonism and fighting between the and the Arabs as the Arabs felt that what had come to be known as Israel should be part of Palestine even though 75% of what used to be Palestine until 1929 was now Jordan. Subsequently in 1964, the Palestinian Liberation Organization (PLO) was formed as the global organization for the (who were considered to be those from Gaza, West Bank and Golan Heights even though all of Jordan was at one time Palestine). It is stated that PLO urged Egypt, Jordan and Syria to wage a war with Israel which came to be known as the 1967 war. Israel won this war and Gaza, West Bank and Golan became occupied terrorists. In addition, Israel had also captured the Sinai area from Egypt. At that time the Arabs wanted to leave Israel completely, but Gen. Moshe Dian urged them to stay which many believe was the biggest mistake made by Israel. Subsequently in 1982, Israel gave the Sinai area back to Cairo which many believe was the second mistake made by Israel. During the next two decades, war continued with missile attacks from both sides (Arabs and Israelis). PLO’s dominant party was and they made their government in the West Bank. During such a period, in 1987, a terrorist group called Hamas was born in the . While at that time PLO was still considered to be a terrorist group with several such as the at the Munich Olympics, in 1991 PLO was recognized by the USA as a legitimate organization. However, Hamas still remains a terrorist organization and has waged attacks and suicide bombings not only with Israel but also has fought with the Fatah party. In the 2006 elections, even though Hamas won the largest percentage of votes, Fatah is still in charge of the so called Palestinian state [1], [2].

2. Aims and Ideology Hamas’ ideology is to establish an in all of Palestine. As discussed in the paper on the “Pragmatic Ideology” of Hamas by Shari Gruber from the Fletcher School at Tufts University, the ideology of Hamas is to establish all of Palestine (aka West Bank, Gaza, Golan Heights and Israel) as an Islamic state. This ideology was born due to various sources as quoted by Hamas. For example, Hamas has quoted the following from Hasan Al-banna (founder of the in Egypt): “Israel will be established and will stay established until nullifies it as it nullified what was before it”. Hamas states that it will establish all of Palestine as an Islamic state by means of carrying out . Jihad is a holy war that Muslims are allowed to carry out in the name of Islam. It tolerates violence except against civilians. However, Hamas has justified Jihad against innocent civilians by quoting that the Israelis have attacked innocent Palestinian civilians. While the long-term goal of Hamas is to establish an Islamic state in all of Palestine, it (Hamas) has been pragmatic and somewhat flexible and focussed on smaller goals such as maintaining its control in Gaza. Hamas has applied its ideology throughout the three stages of its existence; the first one called the (i.e. uprising), the second is the Oslo process and the third is the post-Oslo process. During the first intifada, Hamas used armed struggle/violence against Israel. During the Oslo process in 1993 when Israel and PLO signed the Declaration of Principals, Hamas ideology was threatened. It began suicide attacks against Israel. Furthermore, during this time Hamas used its funds to help the Palestinian people and get their support. During the post-Oslo process in 2000, Hamas gained a lot of power due to the support from the Palestinian people and won the highest percentage of the popular votes in the 2006 elections which made it a formidable group. In the post-2005 period, Hamas has become a force to be reckoned with by Israel, other Islamic groups as well as the world. However, Hamas can no longer hide among civilians and other groups as it is now a major group in Palestinian politics [3].

3. Leadership The main founder of Hamas is Sheikh . He was killed in March 2004 during an Israeli airstrike as he was leaving a Gaza City mosque. Together with Yassin, Abdel Aziz al- Rantissi and Mahmoud Zahar (all three belonged to the Palestinian wing of Egypt's Muslim Brotherhood) were the co-founders of Hamas. Rantissi was also killed in a Helicopter attack in April 2004. The real leader of Hamas is not publicly disclosed. However, the following are currently the senior members of Hamas and are considered to be the leaders of Hamas as far as the world is concerned: Khaled Mashaal, Ismail Haniyah, and Mahmoud Zahar. Since Rantissi was killed, Mashaal is considered to be the main leader. He also heads the Dyrina branch of the political wing of Hamas. He is also considered to be the prime minister of the Palestinian people by Hamas since Hamas got the highest percentage of votes in the 2006 elections. However President dismissed him in 2007 and the Fatah party is the governing party for the Palestinian people. Mahmoud Zahar is the co-founder of Hamas and heads the Gaza Strip [2].

4. Structure The structure of Hamas is not very clear. Various accounts have been reported. In [4] it is stated that Hamas structure is divided into four units or groups. They are: (i) Infrastructure: This group recruits personnel for Hamas, distributes funds and also makes appointments. It appears that this group essentially provides the HR (human resources) functions for Hamas. (ii) Popular violence: This is the group that provides the framework for the Intifada. It appears that the military actions are determined by this group. (iii) Security: This group essentially provides the Intelligence functions. They gather information about those who collaborate with the authorities, inform about them to what are called “shock committees”. These committees question the suspects and kill them if they think it is necessary. (iv) Publications: This group is essentially the Press group. They publish documents, propaganda material, and leaflets and make press releases. Some articles have stated that there are two wings for Hamas: The political wing and the military wing. The military wing was formed in 1992 and carries out the military operations. This wing is listed as a terrorist organization by many countries. The political wing is also called the social wing. This group collects funds and makes political decisions and works closely with the military wing. One could state that the groups discussed above (Infrastructure, Popular Violence, Security and Publications) are the political/social wing while the military wing carries out the actual war/terror activities [4].

5. Financial Network It is estimated that the annual budget for Hamas is about $70 million. Hamas gets its funding from numerous organizations, many of them interconnected. Syria is a major sponsor of Hamas. In fact, many of the Hamas leaders operate from Syria. Israel states that the Syrian government helps Hamas a great deal with funds as well as with the purchase of arms and ammunition. Several countries in the Middle East are also the financial supporters of Hamas. These include , and . Funds also come from the Gulf States. There is an activity called Dawa that obtains funds for Hamas for humanitarian purposes. It is stated that there is no separation between funds obtained for Dawa and funds obtained for terrorism. In addition, funds are obtained from mosques, pro-Islamic charity organizations as well as from overseas pro-Islamic groups including in Europe and the US. As stated in [5], four of the major organizations that collect money for Hamas are the following: • UK - The Palestine Relief and Development Fund (Interpal) • USA - The Holyland Foundation (HLF) • Germany, Denmark, Belgium, Holland - Al Aqsa Foundation • France - Comité de Bienfaisance et Solidarité avec la Palestine Hamas also gets funding from Asia and Africa. pro-Islamic groups that fund Hamas from Asia come from Pakistan, Afghanistan, and India as well as from Malaysia and Indonesia. The Holyland Foundation has been somewhat active in Africa, although activities in Africa are limited. The political/social wing of Hamas is very active in recruiting members from mosques in foreign countries and getting funds from these members. Other terror organizations such as Hezbollah also assist Hamas [5].

6. Strategies and Attack Record The initial strategy employed by Hamas from its inception until around 2005 was armed resistance and attacks. It has employed numerous attacks since 1987 including suicide attacks, rocket attacks, improvised explosive device attacks (IED) and several shootings. While Liberation Tigers of Tamil Eelam (LTTE) masterminded suicide attacks, Hamas learned from them and carried out numerous such attacks between 1993 and 2005. The early attacks by Hamas were on collaborators who they considered to be traitors and the Israeli military. Later its attacks included Israeli targets (e.g., buildings and temples) and the West Bank. This was followed by suicide bombings against Israeli civilian targets. Hamas has also used Guerilla warfare in the Gaza Strip a great deal and to a lesser extent in the West Bank. Notable suicide attacks included the first and second Bus suicide bombings in 1996 that claimed the lives of 47 people in total, Mahane Yehuda Market attack in 1997 that claimed the lives of 16 people, Dolphinarium discotheque suicide bombing in 2001 that claimed the lives of 21 people, Sbarro restaurant suicide bombing in 2001 that claimed the lives of 15 people, Haifa Bus 16 attack in 2001 that claimed the lives of 15 people, the Passover massacre in 2002 that claimed the lives of 30 people, Matza restaurant suicide bombing in 2002 that claimed the lives of 16 people, Rishon LeZion attack in 2002 that claimed the lives of 16 people, Patt junction bus bombing in 2002 that claimed the lives of 19 people, Haifa bus 37 suicide bombing in 2003 that claimed the lives of 17 people, Jerusalem bus 14A attack in 2003 that claimed the lives of 17 people, Jerusalem bus 2 suicide bombing in 2003 that claimed the lives of 23 people, and the Beersheba attack in 2004 that claimed the lives of 16 people. The total number of fatalities between 1993 and 2005 due to suicide bombings is 480. Since 2005, Hamas changed its strategy without changing its ideology. Its new strategy was to be part of the political process. At least for the near team, it acknowledged Israel and was also willing to accept a limited space for Palestine (the Palestinians have requested Israel to give back the land Israel acquired as a result of the 1967 war). At first it appears that Hamas is going to work together with the Palestinian Authority towards a solution to the Palestinian problem. This has enabled Hamas to have a say in the Palestinian Authority’s budget as well as an attempt to be recognized as a legitimate organization. This new strategy taken by Hamas has been criticized by Al-Qaeda. However some are suspicious that Hamas would eventually undermine the Palestinian Authority and Mahmoud Abbas and become the main political party for the Palestinians. Once this is established some expect that Hamas would then follow its ideology of making an Islamic state in all of Palestine, carrying on with Jihad, and eventually attempting to annihilate Israel especially with the support of the leaders in Iran [6], [7], [2].

B. Analysis

1. The Group’s Impact While Hamas has been unable to fulfill its long-term goal and that is to establish an Islamic state in all of Palestine, it has achieved some of its short term objectives in maintaining its strong presence in Gaza. Its terror attacks especially between 1993 and 2005 have made it a group to be fearful of. Its suicide bombings have impacted numerous innocent civilians in Israel as well as the more moderate Palestinians. Hamas has also been instrumental in uniting the Islamic people especially when it comes to Israel. Furthermore, terror groups such as Al- Qaeda have been impacted by Hamas with respect to the use of suicide bombings to scare what they consider to be their adversary. Furthermore, Hamas has been impacted by Al- Qaeda especially since Al-Qaeda has made it clear that there should be no truce between Hamas and Israel. Hamas has also impacted other terror groups such as LTTE. While Hamas mastered suicide bombing from LTTE, LTTE created a military wing based on the military wing of Hamas. Although Hamas’s military and political/social wings are closely tied together, I believe this was not the case with LTTE which caused the divide between the two wings and possibly contributed to the downfall of LTTE. Unlike LTTE, Hamas is a very close knit group. Since the founder of Hamas (Yassin) died in 2004, Hamas has changed its strategy and that is to be a political force among the Palestinians. While Hamas has lessened its attacks and violence, I believe that it has become a group to be more fearful of in the long run. With the support it is getting from the Palestinian people and its funding sources coming from most of the Islamic countries as well as from the pro-Islamic groups in US and Europe, Hamas is becoming a formidable force to be reckoned with in the future. That is, the new strategy adopted by Hamas makes it more dangerous. Therefore, while the attack patterns of Hamas have been straightforward (i.e., attacks against traitors and Israel), in the future these attacks could become more dangerous similar to those of Al-Qaeda. The views of the current Iranian leaders may also result in a more violent Hamas. Therefore, innovative strategies have to be adopted to predict the behavior of Hamas and prevent its attacks.

2. The Future of the Group As long as Israel exists in its current form, Hamas will continue to exist. Hamas has lessened its violence and has gained political power among the Palestinian people. I believe that Hamas will continue to play a major role in the political process and eventually try to take over the rule from the Palestinian authority. This is based on the various articles I have read about Hamas’ new strategy. However, should Hamas fail in doing this, then it will likely revert back to its terror roots. Furthermore, it will have all the support from Islamic states such as Iran, and other Islamic terror groups such as Al-Qaeda. Therefore, Hamas could become even more violent than it has been in the past. Unlike Al-Qaeda, Hamas has a single focus and that is to destroy Israel in its current form. Therefore, its attacks so far have been mostly limited to causing violence in Israel and attacking Israeli targets. I have been unable to determine a pattern of attack carried out by Hamas. It does not follow any special event such the release of a video by a Hamas leader. It has attempted to attack Israel whenever it can using whatever means it has such as rockets and gun fire. However with Iran’s nuclear activities and the inability of the Western nations to eliminate Al-Qaeda, and Israel being the common enemy to almost all of the Islamic states, the future could be quite dangerous. That is, Hamas may acquire nuclear weapons and weapons of mass destruction through countries like Iran and Pakistan. Therefore, unless a solution to the Palestinian problem can be formulated that is acceptable to all parties, the future remains unclear. Another thought that has crossed my mind in conducting my research for this paper is the role of Jordan. It appears that much of British Palestine is now part of Jordan. Furthermore, it is not clear where the Jordanians were before the formation of Jordan (or the East Bank). Why is it then that Jordan does not have to give up any of its land to form a Palestinian state? This is something I would like to explore further in the future.

References

[1] History of Hamas, http://en.wikipedia.org/wiki/History_of_Hamas [2] Hamas, http://en.wikipedia.org/wiki/Hamas [3] Shari Gruber, Hamas: Pragmatic Ideology, http://fletcher.tufts.edu/al_nakhlah/archives/spring2007/shai-2.pdf [4] Dugdale-Pointon, TDP. (16 May 2006), Hamas (Harakat al-Muqawamah al-Islamiyya) , http://www.historyofwar.org/articles/weapons_hamas.html [5] Israeli Ministry of Foreign Affairs, The Financial Sources of the Hamas Terror Organization, July 2003 http://www.mfa.gov.il/MFA/MFAArchive/2000_2009/2003/7/The%20Financial%20Sources %20of%20the%20Hamas%20Terror%20Organiza [6] Jonathan D. Halevi, Undermining Mahmoud Abbas: The "Green Revolution" and the Hamas Strategy to take over the Palestinian Authority, April 2005, http://www.jcpa.org/brief/brief004-21.htm [7] Sherifa Zahur, Hamas and Israel, Conflicting Strategies for Groups Based Politics, December 2008, http://www.strategicstudiesinstitute.army.mil/pdffiles/pub894.pdf

2.2 AL-QAEDA A. Facts

1. The Group’s Origins While some argue that the origins of Al-Qaeda go back to Israel, being situated in the Middle East and on Islamic land, the actual origins of Al-Qaeda can be traced back to the time of the Soviet Union’s [USSR] invasion of Afghanistan. The Saudi royal family was anxious that the powerful Soviet Union might invade other Muslim countries including Saudi Arabia. Mr. Osama Bin Laden, who is now known worldwide as the leader of Al-Qaeda and who came from an extremely wealthy family in Saudi Arabia, was incensed by foreign invasion into Islamic land and started a movement to defeat the Soviet Union. Therefore, from around December 1979, he worked toward this and Al-Qaeda was officially established around 1988. Bin Laden and his men went to Afghanistan and recruited several thousand Muslim men to fight the USSR. The USSR was defeated in 1989. Bin Laden then returned to Saudi Arabia. Then in August 1990, Sadam Hussein from Iraq invaded Kuwait. This again made the Saudi’s anxious as Sadam was considered to be powerful and he could eventually own many of the lucrative oil fields. Bin Laden offered his men to fight Sadam. The United States (US) also offered its troops. The Saudi government chose the US’s offer over Bin Laden’s. This angered Bin Laden and soon he began a vendetta against the US. Due to his arguments with the Saudi’s, he was banished from Saudi Arabia. This was around 1991 and the Sudanese government gave him a home. He then moved to Sudan and was there until 1996. This was the time I believe that Al Qaeda started going from strength to strength. Bin Laden was incensed that US troops were on Saudi soil and near Holy Land: Mecca and Medina. Therefore, Al-Qaeda attacked the US soldiers in Saudi Arabia in 1996. This caused some friction between the then Sudanese government and Al-Qaeda and Bin Laden wase ordered to leave Sudan. At that time Afghanistan was the perfect place for them. After the USSR left, many of the several thousand fighters were still there and it became a lawless nation. A group called the Taliban who supposedly came from the Northern Pakistani region and who were essentially ruling Afghanistan, opened their doors to Bin Laden. The next five years would be crucial for Al-Qaeda to mastermind numerous terror plots, the most horrifying and according to them the most spectacular among the plots was the 9/11 US World Trade Center bombing. Today Al-Qaeda has gone from a “centralized control and centralized operations” to a “decentralized control and decentralized operations”. It is also now geographically dispersed. Numerous groups are operating under the name of Al-Qaeda, although quite a few of them have received their training in Afghanistan or Pakistan. It is also believed that Bin Laden is now in Pakistan.

One theory is that back in the 1980s, the US offered tremendous support to Al-Qaeda in terms of money and training to fight the USSR [1]. However, some others (e.g., terrorism expert Mr. Peter Bergen) argue that this was not the case as Al-Qaeda had money as many of the members were rich and college-educated. They did not need the US and that the US came to know of the existence of Bin Laden only in 1996.

2. Aims and Ideology Al-Qaeda’s ideology is to hunt and kill anyone (person or organization) who has harmed Muslims in any way. Harming a Muslim would include occupying a Muslim land, not allowing a Muslim to practice his religion or the law, or cause grief in any way to a Muslim or to a Muslim nation. While other terrorist groups have mostly fought for a particular cause within a region, Al-Qaeda started the notion of Global Jihad around 1994. To maintain this ideology, terrorism expert Rohan Gunaratne states that Al-Qaeda’s principal aim is to “inspire and incite” the Muslims around the world to fight for its cause and to attack anyone and everyone who causes harm to the Muslims [2]. Today the primary enemy of Al- Qaeda is the US and its allies (including UK, Canada, Australia, India, Israel and others). Al- Qaeda feels that the US as a superpower is controlling the Muslims by having its troops in Muslim land. Therefore until US removes its troops, it will continue to be Al-Qaeda’s primary enemy. Should the US remove its troops (which I believe US should not do), then I believe that Al-Qaeda will not stop. It will then start its attacks on Israel and as it believes that Israel is a foreigner on Islamic soil.

Non-Muslim nations are not the only nations that have been targeted by Al-Qaeda. Muslim nations that do not strictly practice the Sharia law are also being targeted by Al-Qaeda. Muslim nations who are providing support to the US and its allies (e.g., Pakistan, Egypt, Saudi Arabia) are also considered to be enemies of Al-Qaeda, although I am not sure whether this is 100% accurate.

Al-Qaeda also believes in carrying out attacks of, what it calls “spectacular” nature. This was evident in the world trade center bombing. It also carried out multiple attacks simultaneously to incite fear and terror among innocent civilians. This was also clear in the 9/11 attacks, the 3/11 (March 11) attacks in Madrid and the 7/7 attacks in London.

3. Leadership Back in 2001 when Al-Qaeda was its strongest, the leader was Bin Laden. His deputy operations chief was the Egyptian doctor Ayman Al-Zawahiri . In addition, there were several other leaders including Mohammed Atef and Khalid Sheikh Mohammed. However, many members of the leadership have been either been killed or arrested. Today (March 14, 2010, the day I submit this assignment), Mr. Richard Holbrook, US special envoy for Afghanistan and Pakistan, states that “Al-Qaeda is under great pressure after losing key members of its leadership”. The most recent arrest of a key leader was that of Mullah Baradar in Pakistan. Today Bin Laden remains the leader of Al-Qaeda with Ayman Al-Zawahiri still his deputy.

4. Structure Until 2001, the structure of Al-Qaeda was clear with central control coming from Bin Laden and the leaders, and the network operation also coming from the leadership. However, with the loss of much of the significant leadership, Al-Qaeda has become decentralized both in terms of control and operation. It is also now geographically dispersed with presence in several countries including the US, UK, France, Germany and Spain. There are several organizations now operating under the Al-Qaeda name. For example, some have stated that the order for the Madrid bombings and the London bombings did not come directly from Bin Laden. However, the local operatives who were mostly trained in Afghanistan and Pakistan carried out the terror attacks. The Mumbai bombings were carried out by a Pakistani terror group. This group is believed to have some links to Al-Qaeda, but it is not clear as to the exact nature of these links.

5. Financial Network It is estimated that the annual budget for Al-Qaeda is about $30 million. Bin Laden was once an extremely wealthy man with family assets. His family sent him money until the mid 1990s which was about $7 million a year. However, due to pressure from US and Saudi governments, his financial support was cut off. Al- Qaeda still gets a significant amount of donations from the terrorist sympathizers. The funding comes from around the world and is collected in mosques and other places of congregation of the international Islamic communities. The members of Al-Qaeda are mostly college-educated and have resources. In addition, there is also an underground network and an illegal banking system, Hawala, used by terrorists to deposit and transfer funds.

In his article on Surveillance and Disruption [4], Eric Christian describes the covert financial network of Al-Qaeda and how it is being disrupted by the US and its allies due to certain provisions in the Patriot Act as well as the use of the Treasury information system FINCEN among others. Author Mark Basile states that Al-Qaeda has developed highly effective strategies for generating funds [5]. It uses both legitimate and illegitimate businesses and has employed business savvy people. It also operates cunningly by transferring small amounts of funds so as to not generate suspicions. It has effectively leveraged “the global financial system of capital markets,” and it also has very strong ties with Islamic charities. As a result, the author argues that the disruption of Al-Qaeda’s financial system by the US and its allies is not straightforward. One needs a massive collaborative effort together with the support of all the banks to disrupt this network.

6. Strategies and Attack Record Princeton Professor Michael Doran gives an excellent exposition of the “Grand Strategy of Al-Qaeda” [6]. According to Doran, Al-Qaeda has stated that they are not the revolutionaries. They are laying the ground work for the next generation who will be the revolutionaries and ensure that Muslim states will become fundamental Islamic states and that the infidels (e.g., the US and its allies) will be defeated. Al-Qaeda claims that their struggles started with the two super powers, the US and the USSR, who they believed were oppressors of the Muslim communities. One of them was defeated (USSR) and they have to work on defeating the US and its allies. Al-Qaeda’s strategy is to appeal to the Islamic people around the world, get their sympathy, explain the cruel behavior to them and to their religion by the infidels and get their support. Doran states that the Arab “southerners” have been downtrodden and therefore getting their support is a critical strategy for Al-Qaeda. Al-Qaeda uses their personal contacts and propaganda and video to recruit its members. However, due to the fact that the organization is now decentralized, such an approach is becoming more and more difficult. However, fortunately for them (unfortunately for the world), there is now the Internet. Therefore, much of the directions and recruiting now is being carried out on the Internet. Just like counter-terrorism experts have access to various data mining and analysis tools, I believe that Al-Qaeda with its mostly educated members also has access to these tools and therefore they can mine and analyze the various blogs and chats and extract the nuggets so that they can carry out targeted marketing to recruit members and also to carry out specific attacks. Since 1992 there has been a steady stream of attacks by Al-Qaeda, mostly what they call Spectacular. The initial attack began in December 1992 when the US troops in Aden, Yemen were being deployed to Somalia. Certain hotels were attacked. However, the US troops escaped as they were not in those hotels at that time. The next attack was on the world trade center in 1993. This should have been a major warning to the US. Other significant attacks include the attack on the US troops in the Khobar towers in Saudi Arabia in 1996, the attacks on the American Embassies in Africa (Kenya and Tanzania) in 1998, the USS Cole attack in Yemen in 2000 and the 9/11 attacks in September 2001. This was followed by attacks in Bali, Turkey, and the Madrid attacks in 2004 and the London attacks in 2005. There have been continued attacks since then, including possibly the Mumbai attacks in 2008.

B. Analysis

1. The Group’s Impact Al-Qaeda has had a tremendous impact on the entire world. It’s due to the actions of Al- Qaeda that we now have the Global War on Terror. While I had read about the 1993 World Trade Center bombing and the 1996 attacks, it was not until the US Embassy bombings in Africa that I became familiar with Al-Qaeda and Bin Laden. While terrorist organizations like Hamas and Hezbollah had united the Muslim people around the world to some extent, it was Al-Qaeda through its Global Jihadist ideology that essentially brought much of the Islamic people together to sympathize with the plight of the Muslims around the world and the perceived cruelty to them by the so-called infidels. While LTTE masterminded suicide bombings and Hamas carried them out in the Middle East, Al-Qaeda popularized suicide bombings around the world. Suicide bombings became a household name in the world. Until the 9/11 attacks, much of the Western world were not aware of the power of . Al-Qaeda has had great influence on terrorism studies which includes cyber terrorism as well as attacks on the critical infrastructures, bioterrorism and the use of Weapons of Mass Destructions (WMDs). Scientists, Engineers, Technologists, Policy Makers, Criminologists, Sociologists, Psychologists, Terrorism Specialists and Lawyers have united to study how terrorism can be reduced or eliminated. The focus is on developing tools to combat terrorism. It was mainly due to the 9/11 attack that the US was able to make a strong case that Sadam Hussein had Al-Qaeda connections (we know now that this was probably not the case) and took the war on terror from Afghanistan to Iraq. This resulted in Al-Qaeda, which was probably dormant in Iraq, to become active and carry out numerous terror activities in Iraq including the beheadings of several innocent individuals. It is now believed that Iraq is more stable and therefore the fight now is with the Talibans in Afghanistan. In my opinion (and I may be in the minority), the war on Iraq was justified even though the Intelligence was faulty. This is because Sadam Hussein was no ally of the west and his power could have caused potential problems in the future. Some others have argued that the US should have made Sadam Hussein an ally and extracted information about Al-Qaeda from him. Al-Qaeda has also had a significant impact on the ideology of the US. During the cold war the US was operating on a need to know paradigm. The objective is not to give out any data/information to anyone unless that person has a need to know. However the 9/11 commission report [7] has stressed that we now need to migrate from a need to know to a need to share paradigm. This has caused some significant challenges. Do we then share information even though there are policies against sharing certain information? Do we share information during emergency situations and worry about the consequences? To fight the global war on terror, the US has to work not only with the allies (e.g., UK, Canada, Australia and possibly even France, Germany, Italy and Spain) but also with those who are not strictly its allies including Muslim countries such as Saudi Arabia, Pakistan and Turkey. Therefore, should different policies be enforced for different types of partners, some who may be trustworthy, some who may be semi trustworthy and some who may be untrustworthy? Are these so-called partners playing games with the US? Are they conducting offensive operations against the US? All of these questions have resulted mainly due to the 9/11 attacks. Al-Qaeda has also had a major impact on the way we travel (e.g. air travel, train travel), the people we communicate with, our conversations on the telephone and the emails we send as we do not know who is monitoring us. Al-Qaeda attacks have also given an opportunity for some states to label opposition groups as terrorists and take actions against them. While in some situations this is justified, it is very unfortunate in many cases as legitimate law abiding groups especially in third world countries are being branded as terrorists. In summary, I believe that Al-Qaeda has changed the face of terrorism. Global terrorism is now common practice. It is not isolated to the countries that have political problems. Any country or person who has harmed Muslims in any way as perceived by Al Qaeda is subject to attacks. Furthermore, there are several smaller groups that have sprung up that now operate under the name of Al-Qaeda, but are only remotely connected to Bin Laden and his team. Al- Qaeda has changed the world. We now have two eras: before 9/11 and after 9/11. There is always the lingering question as to whether Al-Qaeda could have been eliminated back in 1998. It has been reported that during the December 1998 operation that President Clinton launched in Afghanistan, the US narrowly missed Bin Laden. It was at that time that the President was being impeached. Therefore, had things been different then and President Clinton did not have his domestic troubles, could Bin Laden have been captured resulting in the end of Al-Qaeda?

2. The Future of the Group As long as Al-Qaeda perceives that there is injustice being done to Muslims, it will continue to exist. This could be (i) the existence of foreigners in Islamic soil, which also includes Israel, (ii) Muslims abroad are not allowed to practice their religion according to the Koran or the Sharia law and (iii) there are Muslim nations who are sympathetic to the infidels. However, the global war on terror has made it somewhat difficult for the group to carry out business as usual. They are now developing novel ways to carry out their operation. The network is decentralized with a very loose federation, although Bin Laden is still the leader and has tremendous influences on the group. In spite of the efforts of the US and its allies to disrupt the finance network of Al-Qaeda, its network appears to be somewhat strong due to illegal finance activities and Hawala. Finally, the global economic crisis is also a motivation for many poor Muslims to join Al-Qaeda. Unemployment all over the world is at a very high number and this has made many youths (men and women) frustrated at not being able to get a job even though some of them have received an education. This will motivate them to join terrorist organizations. In summary, Al-Qaeda is alive and well. What the US and its allies should strive for is never to let it get as strong as it was back in 2001. The US and its allies should continue its global war on terrorism and fight strategically and intelligently. They must also have solid evidence and strategy before embarking on wars.

References [1] http://en.wikipedia.org/wiki/Al-Qaeda [2] http://www.currenttrends.org/research/detail/al-qaedas-ideology [3] http://www.geo.tv/3-14-2010/61055.htm [4] Erickson, Christian. "Surveillance and Disruption of Covert Financial Networks: Al Qaeda in Historical and Global Context" Paper presented at the annual meeting of the International Studies Association, Honolulu, Hawaii, Mar 05, 2005 http://www.allacademic.com/meta/p71255_index.html [5] Mark, Basile, Going to the Source: Why Al Qaeda's Financial Network Is Likely to Withstand the Current War on Terrorist Financing, Studies in Conflict & Terrorism, Volume 27, Issue 3 May 2004 [6] http://www.crucial-systems.com/The_grand_strategy_of_Al_Qaeda [7] The 9-11 Commission Report, http://www.gpoaccess.gov/911/Index.html

2.3. HEZBOLLAH A. Facts

1. Origin Hezbollah was born between 1982 and 1985. The group instrumental in forming Hezbollah is Khomeini's followers. Ayatollah Khomeini was the leader of the Islamic revolution in Iran in the late 1970s. It is essentially a Shiite Islamic political and parliamentary party operating in Lebanon. It provides social services, hospitals and food for the Shiites in Lebanon. Hezbollah was formed in response to Israel’s invasion of South Lebanon in 1982. Hezbollah has been condemned by some Arab countries while others have praised them. This might possibly be due to the fact that Hezbollah is a Shiite group while many of the Arab countries are Sunni Muslims. While Hezbollah’s main base is in Lebanon, it also has cells in North Africa, Asia, the Middle East and Europe [1].

2. Ideology, Aims and Objectives Their ideology is essentially that of Shiite radicalism [2]. The goals of Hezbollah are to expel the Americans and their allies (e.g., French) from Lebanon and ensure that there is an Islamic regime in the region. They believe that only an Islamic regime can stop imperialists from invading the country. Hezbollah’s primary objective is to eliminate Israel. They have stated that their struggles will end only when Israel is obliterated. They strongly believe that Israel has no place in the Middle East. They want to “liberate Jerusalem”. Since December 2009, Hezbollah has modified its ideology and believes that they should integrate into the Lebanese society and also focus on politics and the Shiite religion. However, they still believe that the United States and Israel are their enemies. So essentially they have three fronts: politics, religion and terror.

3. Structure and Funding Hezbollah gets its funding from Iran and Syria. Therefore, its head, , called the secretary general, works closely with Iran and Syria. His deputy is Sheikh Naim Qassam. Under Hassan is the decision-making council which manages the various councils that include the Executive Council, The Judicial Council, The Political Council, Political Advisor, the Jihad Council and the Military Council. The Executive Council has many desks including the Culture desk, the Social desk, and the desk. It provides education and support to the members. The Political council maintains foreign relations, relations with the Christians and the Islamic movement. The Jihad and Military Councils conduct war against Israel and the terror activities [3]. Essentially, Hezbollah has a central structure with central control. As discussed in the various modules of the Terrorism studies course, with such a structure, it is easier to monitor the activities and have tight control over the members. Hezbollah gets its funding mainly from Iran. It is estimated that Iran gives as much as $200 million a year. It also gets its funding from Shiite Lebanese, Syria and others who are sympathetic to its causes. In addition, expatriates sympathetic to Hezbollah, including wealthy Shiites living abroad, also contribute a great deal [4].

4. Strategy Hezbollah gets its strength from both Iran and Syria. However, because of the issue between Syria and Iran, Hezbollah is not their tool; it has its own goals and strategies. It has to position itself so as to be useful to both Iran and Syria, as well as support the Palestinians in their quest for Palestine. At the same time, it conducts its legal and illegal businesses to get its own support. To maintain its position with Iran, Syria, the Middle East and Palestinians, its main strategy is to go to war with Israel. To some extent they wish for Israel to invade Lebanon which would then incense the Middle East, especially Syria and Iran. Furthermore, this would make US and Israel want not only to fight the Palestinians but also Lebanon, Syria and Iran [5]. In the recent war in 2006, Hezbollah captured two Israeli soldiers that angered Israel and subsequently Israel attacked Lebanon. This prompted Hezbollah to launch rocket attacks against Haifa. Israel then carried out a more massive attack against Hezbollah which is what it wanted. This then prompted Syria, Iran and the Arab countries to continue their support. It has been quoted that Hezbollah’s strategy is very much like the strategies used in the game of chess [6]. Hezbollah has used media to carry out its propaganda. The main TV station operating from Lebanon for Hezbollah is Al Manar. Al Manar has grown significantly since the 1990s and is now seen by many Muslims in the Middle East. Hezbollah also operates a radio station Al- Nour. More recently Hezbollah has used the Internet and Facebook effectively for propaganda [7].

5. Targets and Tactics Hezbollah’s terrorist tactics have been bombings, kidnappings and hijackings, mostly in the Middle East. Hezbollah also supports the Palestinians a great deal in their terrorist activities. Below are some examples of its attacks as stated in [3]. October 1983: Explosion at the U.S./French Headquarters in Beirut, 240 U.S. Marines and 58 paratroopers killed (this attack was much publicized in the US). December 1983: Explosion at the U.S. Embassy in Kuwait. March 1984: Kidnapping and murder of CIA Beirut Station Head William Buckley. April 1984: Explosion at the Zaragosa restaurant in Spain. September 1984: Car bomb detonated at the U.S. Embassy in Kuwait. December 1884: Kuwaiti passenger jet hijacked en route from Dubai to Karachi, 2 U.S. citizens murdered. May 1985: Kidnapping of Terry Anderson (much publicized in the US). June 1985: TWA passenger jet hijacked en route from Athens to Rome, U.S. citizen murdered (much publicized in the US). January 1987: Kidnapping of Rev. Terry Waite (much publicized in the US). June 1987: Kidnapping of American journalist Charles Glass. February 1988: Kidnapping and murder of UNIFIL Col. Higgins. April 1988: Kuwaiti flight KU-22 hijacked en route from Bangkok to Kuwait. March 1992: Explosion at the Israeli Embassy in Buenos Aires, 29 civilians killed and 250 injured. April 1993: Explosion at the U.S. Embassy in Beirut, 63 employees killed. July 1994: Explosion at the Jewish community "AMIA" building in Argentina, 100 civilians killed, 200 injured. June 1996: Involvement in attack on U.S. Army base in Saudi Arabia, 19 killed and 500 injured, although this attack was mainly attributed to Al-Qaeda. October 2000: Israeli citizen Elhanan Tannenbaum kidnapped. Hezbollah built up its military capability a great deal in the 1980s, 1990s and the early . With its change in ideology, it has somewhat lessened its guerilla and terror tactics. It is also focusing on politics and religion. It is playing an increased role in Lebanese politics and spreading Shiite Islamic beliefs. However, the US government and many foreign governments still consider Hezbollah as an “A-Team” terrorist organization [8].

B. Analysis

1. Impact of Hezbollah’s Ideology, Aims and Objectives on the Group’s Structure, Strategy, Targets, Tactics Hezbollah’s strategy is to obliterate Israel, expel the US, France and their allies from Lebanon and liberate Jerusalem. Its objective is also to strengthen the position of minority Shiite Muslims with respect to the majority Sunnis. These are in a way conflicting goals. On the one hand it has to work with the Sunnis to obliterate Israel and on the other hand it has to work against the Sunnis to strengthen its position. In order to accomplish the latter, it has the strong support of Iran. In order to obliterate Israel, it works to support the Palestinian cause. Hezbollah has very focused goals and here Hezbollah is similar to say, Hamas or the IRA. Al- Qaeda’s goals are much broader and that is to kill the infidels. Because of its narrow focus, Hezbollah’s structure is highly centralized. Because of the fact that it has to please both the Shiites and the Sunnis of the world, its strategy is to attack Israel so that Israel invades Lebanon and that makes Hezbollah’s position stronger. Because Israel is their main focus, their attacks have been on Israel. Furthermore, to satisfy their goal of expelling the US and its allies from Lebanon, it has kidnapped US officials in Lebanon and killed US troops in Lebanon. Hezbollah’s change in ideology is also supported by its structure and strategy. It wants to be a political force in Lebanon. This makes it more difficult for US and Israel to launch attacks against Hezbollah as it is now a political party. This in turn may make it less difficult for Hezbollah to launch terror attacks against Israel.

2. Is the Group’s Structure and Strategy Appropriate for the Achievement of Its Goals? The previous section has shown that Hezbollah’s ideology aims and objectives have impacted its centralized structure and its strategy of launching attacks against Israel. Essentially this has enabled Hezbollah to accomplish its goals of weakening Israel, and making it strong in the eyes of the Islamic world. The question is: are there structure and strategies sufficient to fulfil all their goals? With respect to obliterating Israel, Hezbollah’s goals are not very different from many of the Middle Eastern countries. Essentially, Israel is their common enemy. They all unite when it comes to Israel. Therefore from this point of view, Hezbollah’s highly centralized structure and its strategy of attacking Israel have been somewhat effective. However, it needs to do a lot more if it wants to obliterate Israel. It has to possibly form closer partnerships with countries in the Middle East. However, due to the fact that the US is a strong ally of Israel, it will be extremely difficult for Hezbollah to accomplish this goal. With respect to expelling the US and its allies from Lebanon, not all the Arab countries are in agreement. Saudi Arabia and Jordan are considered to be allies of the US. Here, Hezbollah gets all its support from Iran and Syria who are both enemies of the US. Therefore, to accomplish this goal, Hezbollah must expand its alliances to other countries in the neighborhood. These countries could be other Arab countries in the region or perhaps Russia and China. While Russia and China are working with the US, they are not exactly allies of the US. Therefore, a US presence in foreign countries is not something that Russia or China would want. This gives them incentive to perhaps join forces with Hezbollah. Hezbollah also wants to have a strong Shiite presence. To accomplish this they must have a very strong partnership with Iran. This is due to the fact that most of the other countries in the region are Sunni Muslim countries. In summary, Hezbollah has somewhat conflicting goals. To obliterate Israel, it needs the support of all the Arab countries, but the US is a major obstacle for Hezbollah to accomplish this goal. To expel the US and its allies from Lebanon, Hezbollah has to form partnerships with the enemies and not so friendly partners of the US. To maintain a strong presence as a Shiite movement, it needs the support of Iran perhaps at the expense of making partnerships with some other Arab countries.

3. Possible Future Strategy and Tactics of Hezbollah Considering the Strategies Currently Followed by the Group The encouraging news for the US and its allies is that Hezbollah is no longer acting as a guerrilla group [9]. Instead, it is fighting in a more conventional way. This was evident in the recent 34 day war against Israel in 2006. This means that the US and its allies can study the tactics of Hezbollah and be prepared to counter-attack. If one has a good idea about its enemy, then one can prepare defensive strategies. However, in the case of hijackings and kidnappings, it is very difficult to predict the behavior of the enemy and therefore, complicated reasoning methods are needed for defensive strategies. This means that Hezbollah may not always use predictable tactics against Israeli, the US and its allies. It might likely revert back to its guerrilla tactics off and on. This means it might follow the lead of Al-Qaeda. To follow the strategy of Al-Qaeda, Hezbollah might migrate to a more decentralized structure from a centralized structure. It might also follow hybrid strategy where some activities are centralized while others (e.g., Jihad council) may be decentralized. Note that the former US Deputy Secretary of State, Mr. Richard Armitage, has stated recently that in spite of its modified ideology and tactics, Hezbollah is an “A-Team” terrorist organization. The success of a terrorist or even a resistance movement is to change its strategy and thwart the enemy. This is what Al-Qaeda has mastered. Therefore, if Hezbollah wants to be more effective and achieve its goals, it has to change its strategy from time to time. For this, they need terror strategists and technical experts. Its effective use of the media including Al Manar, the Internet and Face Book are useful tools for recruitment. To expand its support from more countries (other than Iran and Syria), it has to carefully develop a plan to go global so as to not antagonize Iran and Syria. This is something it has to do possibly with the cooperation of Iran and Syria and this will be a challenge. The main question is, should Hezbollah be focused and work very closely with Iran and Syria or should it move a little closer to say the strategies of Al-Qaeda and operate more globally?

References [1] Hezbollah, http://en.wikipedia.org/wiki/Hezbollah [2] Ideology of Hezbollah, http://en.wikipedia.org/wiki/Ideology_of_Hezbollah [3] Understanding the History, Motives, Structure and Capabilities of Hezbollah http://vitalperspective.typepad.com/vital_perspective_clarity/2006/08/hezbollah_under.html [4] Hezbollah Funding, http://wapedia.mobi/en/Funding_of_Hezbollah [5] Hezbollah Strategy, http://aggravated.blogspot.com/2006/07/hezbollahs-strategy.html [6] A Middle East chess match; Understanding Hezbollah's strategy http://goliath.ecnext.com/coms2/gi_0199-5608990/A-Middle-East-chess-match.html [7] Hezbolla’s Media Weapon http://97.74.65.51/readArticle.aspx?ARTID=2238 [8] Hezbollah: A State within a State, http://www.currenttrends.org/research/detail/hezbollah-the-state-within-a-state [9] The US Response to Hezbollah’s War Tactics., http://security09.tumblr.com/post/269526006/the-u-s-response-to-hezbollahs-war-tactics- post-5

3. Introduction to Aviation Terrorism and Security A. Facts 1. Basic Information about the Airport London’s Heathrow airport was opened in 1946 in the Hounslow suburb of London. It is about 15 miles from Central London and is in a densely populated area. The first terminal to open is what is now known as Terminal 2. Terminal 1 was opened in 1968. Terminal 3 was used for long haul flights (over the ocean) since 1970. Terminal 4 was opened in the 1980s and was used mainly by British Airways. Then in 2008, the thoroughly modern Terminal 5 was opened and most of the British Airways flights moved to this new terminal. Due to the large amount of space now available for aircraft since the opening of the new terminal, the older terminals are undergoing massive expansions and improvements. There has been much discussion recently about building a third runway. However, with the changeover to the Conservative government of David Cameron who has formed a coalition with the Liberal Democrat Nick Clegg, it was announced the week of May 10 that there will not be a third runway. Heathrow is considered the third busiest airport in the world in terms of the number of passengers passing through (after Atlanta-Hartsfield, and Chicago-O’Hare). It is estimated that approximately 70 million passengers pass through Heathrow in a year. It is also stated that in terms of the number of airlines, Heathrow is the largest. Since London is centrally located in the world, almost every major city now has a nonstop flight to London (except cities in Australia which make a stop either in Singapore or Bangkok). In fact several cities in the US have multiple daily flights to London (e.g., ORD, JFK, IAD, DFW, BOS, LAX, SFO, ATL). Heathrow airport has had several terrorist incidents and scares. In the early years, they were due to IRA terrorists and more recently they are due to Islamic terrorists. The most recent highly publicized incident is the Liquid bombing attack threat in August 2006. However, the most unforgettable event is the bombing of Panam 103 over Lockerbie, Scotland which took off from Heathrow. Other terrorism incidents include the following: IRA bombs in 1974 in Terminal 1 car park, Semex explosives in the bag of a pregnant Irish woman in 1986, and more recently in 2008 a man went through the perimeter fence onto the runway. The airport has also had accidents. Most recent was the British Airways flight from Beijing to London which crash-landed at Heathrow in 2008 (see for example. [1], [2], [3]).

2. The Airport’s Security System Against Terrorism Heathrow airport is a legacy airport built in 1946 not far from central London. Therefore, it does not have much space to expand like some of the modern airports that have been built far from the city center (e.g., Denver international airport). The airport has undergone massive additions and renovations over the past 65 years with very careful planning. Unlike the modern airports that can incorporate security systems without much difficulty, incorporating security into as massive and legacy airport like Heathrow can be very difficult. Nevertheless, the BAA (British Aviation Authority) has incorporated a fairly comprehensive security system over the years. Below we give some of the essential features of the security system at Heathrow. (More details on the procedures, equipment and the measures taken to secure airports after 9/11 are detailed in the next two sections.) First, the BAA manages the Heathrow airport including its security. The airport has perimeter security with fencing and it has incorporated surveillance cameras throughout including at the Paddington Express train station. It has also incorporated various types of biometric devices, as well as has installed a full body scanner. The airport carries out extensive screening at the ticket counter, the security checkpoints, and again before boarding. Following the August 2006 liquid bombing terror threat, Heathrow was the first airport to limit the amount of liquid that one can carry past the security checkpoint. Transit passengers have to go through extensive security checks including going through scanners. After finding bombs in car parks in the 1970s, the airport has installed good surveillance systems to monitor car parks and also have several dogs sniffing for explosives and drugs. Terminal 5, an ultra modern terminal, was opened in 2008 with modern security facilities. Due to additional space for aircraft, this has enabled Heathrow to conduct massive expansions and modernizations to its other four terminals in stages. These efforts have incorporated security into the business processes right from the beginning.

3. Procedures and Equipment Available to Counter Aviation Terrorism Background: Aviation security has been a concern since commercial flights became common practice in the late 1940s and beyond. Especially, hijacking and bombing of aircraft became a major concern. As discussed in the St. Andrews Terrorism Studies Module on Aviation Security, early hijackings of the aircraft were by those from the Soviet Union and Eastern Bloc countries seeking asylum in the western countries. Then came a period of hijackings of flights between Cuba and the US. This was followed by a period of massive hijackings mainly due to the Middle East conflict. There were less incidents reports in the late 1980s and 1990s, although the Panam 103 bombing was a significant terrorist incident. However, it was only after 9/11 that much of the general public became aware of aviation terrorism and safety issues. Since then there have been numerous efforts to secure airports all over the world, especially at London’s Heathrow airport, both in terms of physical means as well as through technological means. Procedures and Equipment : Perimeter security has been strengthened with surveillance cameras with appropriate lenses, proper lighting, high fencing and also ensuring that the building is secure. Focus was also given to HVAC (heating, ventilation and air conditioning) issues and airport personnel had to have appropriate IDs and badges to enter certain buildings of the airport. After 9/11, airports also became very strict about cars parked close to terminals as well as who they allow into the gate area. Before 9/11, especially in the US, it was possible for those who are not travelling to go up to the gate to send off their relatives or greet their friends. This is not possible anymore. You have to show your boarding pass and ID at the security checkpoints before you can proceed. Emergency Preparedness: Physical security also includes emergency preparedness operations and business continuity planning. If an incident occurs (either terrorism or natural disaster), then how can airports continue their operation with minimum disruption? Special consideration has been given to business continuity after 9/11. For example, the information in the computers that run the air traffic control system has to be replicated together with the equipment at another site (this could be a cold site or a hot site) so that there is minimum disruption in case of a system failure. There are also emergency exercises that have been carried out to ensure that should an incident occur, the business continuity plans can be carried out without a hitch. Ticketing agents: For the checked luggage, the ticket agent will ask you some security questions such as who packed your bag and where was it packed. Again, these questions are not usually asked in the US. They are, however, very strict in the UK. The bags can only have TSA approved locks, otherwise they have to be unlocked. After the bags are checked, you proceed to the security checkpoint with your carry-on luggage. Security checkpoints have tightened security a great deal. This is the procedure that passengers must follow. First, passengers are allowed only one carry-on bag at London airports. In the US, they are allowed one carry-on together with a pocket book or laptop bag. I have noted that they do not check this as much in the US, but they are very strict in the UK. After showing their boarding passes and ID, passengers have to make sure that the total amount of liquid they carry into the aircraft is 3.3 ounces (or 50 ml) or less. However, airports have been lax about this; some of them check for a total maximum of 3.3 ounces while some others check whether each container has a capacity of more than 3.3 ounces. I find that there is no uniformity across the airports even within the US. Then before you go through the X-ray machine, you have to put your laptop on a tray, remove shoes, coats, hats, belts and even scarves (this is especially the case in the US, while in the UK I have noted that they are not as strict about this) and put all liquids in a small plastic bag. The bags are also checked for explosives and sharp objects (e.g., knives). Then before you board the flight, there may be additional checks, especially in the UK. They ask you questions about who you contacted and where you purchased the goods. They may check your bags again. Matching passenger names to watch lists: Another security measure in aviation safety was matching checked luggage to the passenger list. This was especially the case after Panam 103 bombing in December 1988. If a passenger is not on board and his/her luggage is checked, then the luggage is removed from the aircraft causing much distress to the passengers due to significant delays. Another security measure is checking whether a passenger is in a terrorist watch list. While this is a very good procedure, it has caused false alarms. Airlines also have to report to law enforcement if a passenger pays cash for a ticket or gets a one way ticket. Technologies : Technology has advanced a great deal including surveillance cameras, biometric devices and equipment for explosive detection. Surveillance includes placing cameras at multiple locations, including possibly hidden locations and gathering streaming data and analyzing the data for suspicious behaviors. The surveillance analysis techniques can not only detect suspicious behavior but are also able to capture features even at a distance. Surveillance techniques together with face detection are also being used to determine the identity of any suspicious people. Biometric devices are also being used for face detection, fingerprint detection, and iris/retina scanning. These biometrics devices have issues with respect to producing false positives and false negatives. Biometric devices are also being used to detect behavior patterns including facial expressions and gait. Explosive detection is the major challenge faced by aviation security. Today, there is equipment to detect plastic explosives. There is also a lot of research and development to improve the detection of plastic explosives and provide better accuracy as well to detect liquid explosives. Finally, in 2010, full body scanners were introduced at Heathrow. This scanner can see through clothing and would likely have caught the explosives hidden in the underwear of the Christmas Day terrorist in 2009 (see also [4], [5], [6], [7], and [8]).

4. Developments in Aviation Security After the 9/11 Attacks In the US, the Department of Homeland Security (DHS) was established after 9/11 and Transportation security was made part of DHS. The TSA (Transportation Security Administration) was also established and the members of TSA are screened heavily and go through strict background checks. In the UK, the BAA (British Aviation Authority) is responsible for managing the airports including the security. The previous section discussed the procedures and equipment in place to detect aviation terrorism. In order to be able to enforce the procedures, appropriate policies and laws have to be enacted. In her book on aviation and airport security, Kathleen Sweet discusses the security risks involved with respect to aviation terrorism, and developed approaches to handle these risks. She also discusses several aspects including terrorist incidents, geopolitical climate, cargo and passenger security, factoring security into the business processes, and TSA regulations. She states that identifying the threats, the security loopholes, exploiting the vulnerabilities, conducting risk analysis and developing approaches to mitigate the risks to an acceptable level are some of the impacts on aviation security after 9/11 (see also [9]). In their book on airport security, Price and Frost provide a comprehensive framework for airport security. They discuss policies and procedures as well as provide a step-by-step guide to implementing security programs. They state that implementing the airport security plans and procedures need the cooperation of many government and nongovernmental organizations as well as the continuous focus of the airport authorities (see also [10]). The US and Europe have allocated billions of dollars (pounds, euros) to secure airports as well as carry out research to develop breakthrough technologies such as equipment to detect plastic bombs and biometric devices for face and fingerprint detection. For example, DHS has a program called USVISIT to check the immigration status of the passengers entering the country. This system is used at airports throughout the US as well as other ports of entry (e.g. border). The 9/11 Commission report also made several recommendations with respect to aviation safety. The results include the following: Aviation and Transportation Security Act — P.L. 107–71, Implementing Recommendations of the 9/11 Commission Act of 2007 (H.R. 110-1, P.L. No: 110-53) and the National Strategy for Aviation Security. The UK has also come up with several pieces of legislation after the 9/11 and 7/7 attacks (London underground bombings). These include the following: Anti-Terror, Crime & Security Act (2001) and the Prevention of Terrorism Act (2006). The 9/11 Commission report has also stated that we need to migrate from a need to know to a need to share paradigm. Therefore, information sharing between agencies such as FBI, CIA, DoD, DHS, as well as between coalition partners (e.g., US, UK, Canada, Australia) has become paramount to security. Various technologies for sharing information based on standards for data representations and infrastructures have been developed while at the same time enforcing appropriate security and private policies. A related security measure especially after 9/11 is the increased awareness of cyber security. Richard Clark, former security czar of the Clinton and Bush administrations has stated that cyber security will be the biggest challenge to security. For example, the air traffic control systems and/or the baggage handling systems may be compromised by worms and viruses. Even if appropriate patches are installed, these viruses may change patterns and not be detected. Finally, protecting the data so that highly sensitive security plans and strategies do not get into the wrong hands is also a major concern and is being examined.

B. Analysis 1. Analyze the Airport’s Security System and Identify Loopholes The airport has installed a fairly comprehensive security system that does many things from perimeter security to security screening. Nevertheless, there have been incidents such as a person going through the security perimeter fence onto the runway and the baggage handlers (e.g., BAA) not being vigilant and allowing some things such as sharp objects to get through. I have heard of stories in the news where TSA has carried out mock experiments and found that several bottles with liquids, as well as sharp objects, have been allowed through the security checkpoints. In addition, there are people who should have been stopped from boarding the flight (e.g., the most recent Times Square terrorist who boarded a UAE flight in JFK after purchasing a one way ticket paid in cash). While Heathrow has been stricter than say airports in the US, people have been able to take many small bottles of liquid past the security checkpoint. Furthermore, there are instances when the shoes are not examined at Heathrow. However, the full body scanning equipment would likely solve this problem. Another major security concern is that we are detecting incidents many times after the fact. We are fortunate that actual attacks have not happened in recent years. One success story is preventing the terrorists from boarding planes from the UK to the US who were planning to make the liquid bombs in the aircraft. In this case, Scotland Yard was very vigilant and carried out a successful analysis and subsequently preempted the attack. The security devices that are installed may not be 100% accurate. For example, many of the biometric devices give false positives and false negatives. False positives result in the denial of service and unnecessary delays; and false negatives would be quite dangerous as they would allow terrorists to board the flight. We need the human in the loop to check the results of the devices and that takes time. Even more dangerous, these biometric devices and the security systems may be under attack (e.g., worms and viruses). The techniques to handle such attacks are still premature and therefore a hacker could cause chaos with the security system. Finally, the airport does not use sophisticated data analysis tools to prevent a person from boarding the airplane even if he/she is in the watch list. That is, the tools to connect the dots in real time are not there yet. The techniques are still in the research and development stages. There are cases we have heard of when people have boarded the plane at Heathrow bound for the USA and these people were on terrorist watch lists. There are also situations where a person was on the watch list even if he should not have been. Therefore, we need data analysis tools that can “connect the dots” in real-time and also tools that can distinguish between different people with the same name. For example, Edward Kennedy, the Senator, is not the same person as say Edward Kennedy, the terrorist, (note that the late Senator Edward Kennedy was stopped and searched several times at the DCA airport back in 2003 as he probably was on some watch list.) Heathrow airport is in a heavily populated area. This is ideal for terrorists as any crash soon after takeoff can result in massive damages. This is perhaps one of the biggest security loopholes with Heathrow airport which several other airports do not have. Furthermore, modernizing a legacy airport is also a challenge. This is why the BAA has to be continually vigilant, integrate security processes into the planning activities, conduct risk analysis and develop approaches to mitigate the risks. Finally, due to colonial rule, like many European countries, Britain has a fairly large Islamic population. In addition, the Irish Republican Army has been a major threat in the past to the UK. Therefore, these issues have to be factored into securing Heathrow airport. Here again, monitoring and conducting surveillance of suspicious individuals has to be carried out continually. Immigration controls are also absolutely necessary. In summary, we need better security perimeters, vigilant security personnel, better data analysis and biometric tools as well as 24x7 monitoring of the airport.

2. Suggest Measures That Will Strengthen the Airport’s Security System I ended the previous section by stating that we need better security perimeters, security personnel and analysis tools as well as 24x7 monitoring. I will examine each of the measures. Security perimeters : Heathrow airport has a fairly solid security perimeter and yet someone was able to penetrate the system. The CISSP (Certified Information Systems Security Professional) training manuals have devoted an entire module (out of 10 modules) to physical security. The material discusses appropriate fences, doors, locks, lighting, barricades, bollards, and many more items for physical security. We need accurate surveillance systems, but more importantly, systems that can detect unauthorized and suspicious individuals in real- time. Detecting events in real-time is a challenge and we need more research and development efforts. Personnel : We need solid background checking tools to check the work history and mental state of those screening baggage and passengers. This will involve gathering human intelligence about the people, as well as use tools to connect the dots. There have been concerns that this violates privacy. But security has to be our foremost concern. Another measure is job sharing and job rotation. That is, multiple BAA workers share the job or carry out job rotation. This way the errors of a BAA worker (or a TSA worker) may be caught on time. Tools and Technologies : As I have stated before, we need state-of-the-art tools. This means improved data analysis tools, biometrics tools and bomb detection tools. There is a lot of research on developing data mining tools for connecting the dots. Privacy advocates strongly argue against this, but we need such tools. Malware detection : We cannot ignore one of the hidden and most dangerous security threats and that is cyber terrorism. We need better tools for detecting malware. The malicious code will change patterns and therefore, we need appropriate tools to detect such changes. There is research in this area, but it will take time before the tools are deployed. Vigilant monitoring : Here again, the malware detection tools will be needed for monitoring the software for malicious code. Furthermore, we need people to monitor the terrorists and detect any changes in their behavior patterns. We need trained psychologists and sociologists to work together with technologists to develop viable solutions. Location of Heathrow airport and the legacy nature: Unfortunately we cannot do anything about it except change location and that is not feasible with today’s economic climate. Terminal 5 was a very good strategy. We need to continue to develop such measures. Business continuity planning and disaster recovery methods including simulation exercises are crucial. Immigration and the Nature of the Population : Britain should make every effort to monitor who is arriving and from where and for what purpose. Since Heathrow airport is one of the major gateways into Britain, conducting real-time background checks as a person goes through immigration is very important. There have been many discussions during the recent election about immigration issues. I strongly believe that the governments (either US or UK or for that matter, any government) must control the entry points and the borders as much possible and not think about the political consequences. Uncontrolled borders are an extremely serious threat to the security of the nation and airport security plays a major role here.

3. Indicate Whether the Airport Has the Level of Preparation Necessary to Implement These Measures The question now is, does Heathrow Airport have the level of preparation to implement the security measures? I would say yes for most of the measures and here is why. Heathrow has a very long history – almost 65 years. It has successfully adapted to change, as well as adopted change. Still it has maintained its position as the third busiest airport in the world in terms of passenger volume and the busiest in terms of the number of different airlines maintaining a presence in London. It has been the center of aviation for almost 65 years due to its central location with non-stop flights from practically every major city in the world. Finally, the British are known for their careful planning and organization and they carry out the functions meticulously and pay attention to details. All of these capabilities could make Heathrow one of the safest airports in the world. Baggage handling, screening personnel, perimeter security and using technologies are not specific to Heathrow. Therefore, as technologies are developed, there are ways to insert them into the security framework. Location of the airport and immigration will continue to be a challenge. Therefore, airport planners, construction engineers, law enforcement, and immigration authorities (among others) have to work together to provide viable security solutions. Finally, there are the privacy advocates; they will continue to dampen the security efforts of the government. While there are some who say that one needs to balance the security and privacy needs, I believe that it is difficult to achieve both. The question is what do we want? Do we want to maintain the privacy of the individuals or do we want to secure the nation? There are some technologies that carry out say data mining for security applications but at the same time try to ensure privacy. However, the effectiveness of these technologies is yet to be determined (see also [11], [12]). In summary, a lot of progress has been made in terms of aviation security at London’s Heathrow as well as at other major airports. However, terrorists are also very cunning and are coming up with new ways to attack the airports and planes. They have access to many of the technologies that we have due in part to the rogue nations. Therefore, our challenge is to be several steps ahead of the terrorists to make improvements in airport and aviation security.

References [1] http://www.heathrowairport.com/ [2] http://en.wikipedia.org/wiki/London_Heathrow_Airport [3] http://en.wikipedia.org/wiki/Expansion_of_London_Heathrow_Airport [4] http://www.allbusiness.com/transportation/air-transportation-airlines/13847783-1.html [5] http://www.information-age.com/home/information-age-today/316296/staggering-it- failure-at-heathrows-terminal-5.thtml [6] http://www.securitypark.co.uk/security_article262043.html [7] http://www.securecomputing.net.au/News/69724,heathrow-airport-introduces-biometric- security-system.aspx [8] http://www.businessweek.com/technology/content/aug2006/tc20060810_208055.htm [9] Kathleen Sweet, Aviation and Airport Security, CRC Press 2008. [10] Jeffery Price and Jeffery Forest, Practical Aviation Security: preventing and predicting Future Threats, Butterworth, 2008. [11] B. Thuraisingham, Data Mining, Natural Security, Privacy and Civil Liberties, ACM SIGKDD, 2002. [12] B. Thuraisingham, Web Data Mining and Applications to Counter-Terrorism, CRC Press (Taylor and Francis), 2003.

4. Other Aspects of Terrorism In section 2 and 3 we discussed selected terrorist groups and provided an overview of aviation security with Heathrow airport as an example. We have briefly examined other terrorist groups as well as airports. In addition, we have also examined maritime security and international policing. We list them in this section. Maritime security . As stated in [1], maritime security is concerned with the prevention of intentional damage through sabotage, subversion, or terrorism. Maritime security is one of the three basic roles the United States Coast Guard has gradually developed in response to a series of catastrophic events, which began in 1917. There are three main maritime security activities conducted by the Coast Guard. Nnote that we have USD centric focus, and many of the policies also apply to maritime security for our allies: Port Security, Vessel Security and Facility Security. Port security : U.S. ports must take several measures in order to reduce the risks and to mitigate the results of an act that threatens the security of personnel, facilities, vessels, and the public. The regulations draw together assets within port boundaries to provide a framework to communicate, identify risks, and coordinate resources to mitigate threats and consequences. Vessel Security : The owners/operators of vessels must designate security officers for vessels; develop security plans based on security assessments, and implement security measures specific to the vessel’s operation. For example, the terrorist attack on USS Cole was a compromise to Vessel Security measures. Facility Security : A facility is any structure located in, on, under, or adjacent to any waters subject to the jurisdiction of the U.S. and used, operated, or maintained by a public or private entity. Examples include oil storage facilities and passenger vessel terminals. International Policing : As stated in [2], the International Police is an organization of police officers representing various countries throughout the world, brought together to assist in the training, organization, stabilization of a destabilized region, or creation of indigenous police forces primarily in war-torn countries. Note that International Police is not Interpol. Interpol (International Criminal Police Organization) is an organization facilitating international police cooperation [3]. List of Terrorist Organizations Examined : While we have studied the tactics of Hamas, Hezbollah and Al-Qaeda, I have examined a number of other terrorist organizations (both Islamic and non Islamic) including the following; 1. Aum Shinrikyo (Japan) 2. Basque Fatherland and Liberty (ETA) (Spain, France) 3. Irish Republican Army (IRA) (Ireland) 4. Liberation Tigers of Tamil Eelam (LTTE) (Sri Lanka) 5. Kurdistan Worker Party (PKK) (Turkey) 6. National Liberation Army (ELN) (Colombia) 7. Revolutionary Armed Forces of Colombia (FARC) (Colombia) 8. Revolutionary United Front (RUF) (Sierra Leone) 9. Shining Path (Sendero Luminoso, SL) (Peru) 10. The Red Army Faction (Germany)

CBRN: In this report we have focused on terrorisms with respect to attacks and violence. The attacks may utilize conventional weapons or non conventional weapons (e.g., CBRN –p Chemical, Biological, Radiological and Nuclear). Each type of weapon may need different solutions. Cyber terrorism (e.g., attacks on computers) is beyond the scope of this report. Our research on cyber security can be found in [4]. List of Airports Examined : In addition to Heathrow airport security, I have also examined security with respect to Chicago’s O’Hare airport and Singapore’s Changi airport. In addition, after examining the security measure provided by Israel’s El-Al airlines, I believe that other international airlines should follow El-Al’s security model [5].

References [1] http://en.wikipedia.org/wiki/Maritime_security_(USCG) [2] http://en.wikipedia.org/wiki/International_Police [3] http://en.wikipedia.org/wiki/Interpol [4] M. Masud, L. Khan and B. Thuraisingham, Data Mining for Malware Detection, CRC Press, 2011 (also appeared in PhD Thesis, Mahedy Madu, UTDallas, 2009) [5] http://en.wikipedia.org/wiki/El_Al

End of Part I Part II: Technologies to Combat Terrorism 5. Applications of Information Technology Several information technologies are being examined to combat terrorism. Most notable is data mining. We have been developing data mining tools for intrusion detection, fraud detection, social network analysis as well as to conduct surveillance. Data mining is the process of analyzing vast amounts of data and extracting the nuggets often previously unknown. We have also focused on privacy violations that could arise due to data mining. I feel that in order to model the terrorist behavior, it is important to understand their modus operandi and this was the main reason I signed up for the Terrorism certificate studies at St. Andrews. The challenge is that the terrorist patterns might change and this will be very difficult to model. Therefore, with respect to data mining, we need traditional data mining techniques to study the behavior of terrorists who do not change their tactics and adaptive real-time data mining to study the behavior of the terrorists who change their tactics. I now feel that when I wrote the book on data mining for counter-terrorism back in 2003 [1], I did not have a deep understanding of terrorism. Since then we are conducting research on applying data mining techniques for social network analysis, surveillance and many other applications. To understand better how terrorists function, I took the Terrorism studies course at St. Andrews University. With groups like Hamas and Hezbollah, our solutions may be directly applicable. That is, if they are going to be predictable, then modeling their behavior and conducting analysis with the tools we have developed would be less complex. However, if the terrorist is going to adapt his/her behavior based on the reaction of say US or Israel’s response to terror, then it will be far more complicated to predict how the terrorist will adapt its behavior. Can we learn from other terrorist organizations? Will Hezbollah behave the same way as other terrorist organizations? At present Hezbollah’s structure is more or less centralized. However, it may become more decentralized to have a more global impact. This would also mean more complexities in modeling their behavior and activities. This is one of the challenges we are facing with groups like Al-Qaeda. They are decentralized and unpredictable. Therefore, we need solutions that can adapt [2]. In addition we also need solutions to model the behavior of the adversary [3]. The question is, what is our strategy to combat terrorism? The scenario that is emerging is the following: there are vast amounts of data out there in the form of emails, web sites, twitter pages, Facebook pages, chats and databases. Much of this data is in the form of text, video, images, and audio. Semantic web technologies such as RDF (Resource Description Framework) are being explored to represent this vast amount of unstructured data [4]. We are interested in extracting concepts from this data using data mining techniques, and then linking the concepts into a network (which can be regarded to be a social network). Then the networks are analyzed to extract the nuggets using further data mining techniques. These nuggets are the knowledge that the agencies will use to get a competitive advantage over their competitors and in this the competitors are the adversaries [5]. Such a process has come to be called knowledge management. In addition, the nuggets extracted from the vast data sources have to be assembled into a data product and shared among the various agencies. Therefore, in the end it is not only extracting the useful nuggets, it is also about sharing the right data at the right time at the right place to form the right product. Essentially we are forming a supply chain for developing data products to combat terrorism [6]. In summary, in addition to data mining, a number of the technologies are suitable for combating terrorism including semantic web, knowledge management and social networking.

References [1 B. Thuraisingham, Data Mining Technologies and their Applications in Business Intelligence and Counter-terrorism, CRC Press, 2003. [2] B. Thuraisingham, Data Mining Technologies and their Applications for National Security, Lecture Notes, AFCEA, 2003 - Present [3] B. Thuraisingham, Knowledge Management through Semantic Web and Social Networking, , Lecture Notes, AFCEA, 2008 - Present [4] Tim Berners Lee, Weaving the Web, Harper, London, 1999. [5] B. Thuraisingham, M. Kantarcioglu, Data Supply Chain Management: Supply Chain Management for Incentive and Risk-based Assured Information Sharing, UTD Technical Report, July 2010 [6] M. Kantarcioglu et al, Modeling Adversarial Behavior, To appear in Springer Data Mining Journal, 2010.

6. Data Mining for Security Appliciations 6.1 Types of Threats Data mining has many applications in security including both national/international security as well as for cyber security. The threats to national security include attacking buildings, destroying critical infrastructures such as power grids and telecommunication systems (see [1]). Data mining techniques are being investigated to find out who the suspicious people are and who is capable of carrying out terrorist activities. Cyber security is involved with protecting the computer and network systems against corruption due to Trojan horses and viruses. Data mining is also being applied to provide solutions such as intrusion detection and auditing. In this section, we will discuss data mining for national/international security. To understand the mechanisms to be applied to safeguard the nation and the computers and networks we need to understand the types of threats. In [2] we described real-time threats as well as non real-time threats. A real-time threat is a threat that must be acted upon within a certain time to prevent some catastrophic situation. Note that a non real-time threat could become a real-time threat over time. For example, one could suspect that a group of terrorists will eventually perform some act of terrorism. However, when we set time bounds such as a threat will likely occur say before July 1, 2004, then it becomes a real-time threat and we have to take actions immediately. If the time bounds are tighter such as a threat will occur within two days then we cannot afford to make any mistakes in our response. Note that threats could be malicious threats due to terror attacks or non-malicious threats due to inadvertent errors. We examine various types of threats. Terrorist Attacks and External Threats When we hear the word terrorism, it is the external threats that come to our mind. My earliest recollection of terrorism is “riots” where one ethnic group attacks another ethnic group by essentially killing, looting, setting fires to houses, and other acts of terrorism and vandalism. Then later on we heard of airplane hijackings where a group of terrorists hijack airplanes and then make demands on governments such as releasing political prisoners who could possibly be terrorists. Then we heard of suicide bombings where terrorists carry bombs and blow themselves up as well as others nearby. Such attacks usually occur in crowded places. More recently we have heard of using airplanes to blow up buildings. Threats also include shootings and killings. All of these threats are sorts of external threats. These are threats occurring from the outside. In general, the terrorists are usually neither friends nor acquaintances of the victims involved. But there are also other kinds of threats and they are insider threats. We will discuss them in the next section.

Insider Threats Insider threats are threats from people inside an organization attacking the others around them through perhaps not bombs and airplanes but using other sinister mechanisms. Examples of insider threats include someone from a corporation giving information to a competitor of proprietary products. Another example is an agent from an intelligence agency committing espionage. A third example is a threat coming from one’s own family. For example, a betrayal from a spouse who has insider information about assets whereby the betrayer gives the information to a competitor for his or her advantage. That is, insider threats can occur at all levels and all walks of life and could be quite dangerous and sinister because you never know who these terrorists are. They may be your so-called “best friends” or even your spouse or your siblings. Note that people from the inside could also use guns to shoot people around them. We often hear about office shootings. But these shootings are not in general insider threats, as they are not happening in sinister ways. That is, these shootings are sort of external threats although they are coming from people within an organization. We also hear often about domestic abuse and violence such as husbands shooting wives or vice versa. These are also external threats although they are occurring from the inside. Insider threats are threats where others around are totally unaware until perhaps something quite dangerous occurs. We have heard that espionage goes on for years before someone gets caught. While both insider threats and external threats are very serious and could be devastating, insider threats can be even more dangerous because one never knows who these terrorists are.

Transportation and Border Security Violations Let us examine border threats first and then discuss transportation threats. Safeguarding the borders is critical for the security of a nation. There could be threats at borders from illegal immigration to gun and drug trafficking as well as human trafficking to terrorists entering a country. We are not saying that illegal immigrants are dangerous or are terrorists. They may be very decent people. However, they have entered a country without the proper papers and that could be a major issue. For official immigration into say the USA, one must go through interviews at US embassies, go through medical checkups and X-rays as well as checks for diseases such as tuberculosis, background checks and many more things. It does not mean that people who have entered a country legally are always innocent. They could be terrorists also. At least there is some assurance that proper procedures have been followed. Illegal immigration can also cause problem to the economy of a society and violating human rights through cheap illegal labor. As we have stated, drug trafficking has occurred a lot at borders. Drugs are a danger to society. It could cripple a nation, corrupt its children, cause havoc in families, and damage the education system and cause extensive damage. It is therefore critical that we protect the borders from drug trafficking as well as other types of trafficking including firearms and human slaves. Other threats at borders include prostitution and child pornography, which are serious threats to decent living. It does not mean that everything is safe inside the country and these problems are only at borders. Nevertheless we have to protect our borders so that there are no additional problems to a nation. Transportation systems security violations can also cause serious problems. Buses, trains and airplanes are vehicles that can carry tens of hundreds of people at the same time and any security violation could cause serious damage and even deaths. A bomb exploding in an airplane or a train or a bus could be devastating. Transportation systems are also the means for terrorists to escape once they have committed crimes. Therefore, transportation systems have to be secure. A key aspect of transportation systems security is port security. These ports are responsible for the ships of the United States Navy. Since these ships are at sea throughout the world, terrorists may have opportunities to attack these ships and the cargo. Therefore, we need security measures to protect the ports, cargo, and our military bases.

6.2 DATA MINING FOR NATIONAL/INTERNATIONAL SECURITY Non Real-time Threats Non real-time threats are threats that do not have to be handled in real-time. That is, there are no timing constraints for these threats. For example, we may need to collect data over months, analyze the data and then detect and/or prevent some terrorist attack, which may or may not occur. The question is how does data mining help towards such threats and attacks? As we have stressed in [2], we need good data to carry out data mining and obtain useful results. We also need to reason with incomplete data. This is the big challenge, as organizations are often not prepared to share the data. This means that the data mining tools have to make assumptions about the data belonging to other organizations. The other alternative is to carry out federated data mining under some federated administrator. For example, the Homeland Security department could serve as the federated administrator and ensure that the various agencies have autonomy but at the same time collaborate when needed. Next, what data should we collect? We need to start gathering information about various people. The question is, who? Everyone in the world? This is quite impossible. Nevertheless we need to gather information about as many people as possible; because sometimes even those who seem most innocent may have ulterior motives. One possibility is to group the individuals depending on say where they come from, what they are doing, who their relatives are, etc. Some people may have more suspicious backgrounds than others. If we know that someone has had a criminal record, then we need to be more vigilant about that person. To have complete information about people, we need to gather all kinds of information about them. This information could include information about their behavior, where they have lived, their religion and ethnic origin, their relatives and associates, their travel records, etc. Yes, gathering such information is a violation of one’s privacy and civil liberties. The question is what alternative do we have? By omitting information we may not have the complete picture. From a technology point of view, we need complete data not only about individuals but also about various events and entities. For example, suppose I drive a particular vehicle and information is being gathered about me. This will also include information about my vehicle, how long I have driven, do I have other hobbies or interests such as flying airplanes, have I enrolled in flight schools and asked the instructor that I would like to learn to fly an airplane, but do not care to learn about take-offs or landings. Once the data is collected, the data has to be formatted and organized. Essentially one may need to build a warehouse to analyze the data. Data may be structured or unstructured data. Also, there will be some data that is warehoused that may not be of much use. For example, the fact that I like ice cream may not help the analysis a great deal. Therefore, we can segment the data in terms of critical data and non-critical data. Once the data is gathered and organized, the next step is to carry out mining. The question is what mining tools to use and what outcomes to find? Do we want to find associations or clusters? This will determine what our goal is. We may want to find anything that is suspicious. For example, the fact that I want to learn flying without caring about take-off or landing should raise a red flag, as in general one would want to take a complete course on flying. Once we determine the outcomes we want, we determine the mining tools to use and start the mining process. Then comes the hard part. How do we know that the mining results are useful? There could be false positives and false negatives. For example, the tool could incorrectly produce the result that John is planning to attack the Empire State Building on July 1, 2005. Then the law enforcement officials will be after John and the consequences could be disastrous. The tool could also incorrectly product the result that James is innocent when he is in fact guilty. In this case, the law enforcement officials may not pay much attention to James. The consequence here could be disastrous also. As we have stated, we need intelligent mining tools. At present, we need the human specialists to work with the mining tools. If the tool states that John could be a terrorist, the specialist will have to do some more checking before arresting or detaining John. On the other hand, if the tool states that James is innocent, the specialist should do some more checking in this case also. Essentially with non real-time threats, we have time to gather data, build say profiles of terrorists, analyze the data and take actions. Now, a non real-time threat could become a real- time threat. That is, the data mining tool could state that there could be some potential terrorist attacks. But after a while, with some more information, the tool could state that the attacks will occur between September 10, 2001 and September 12, 2001. Then it becomes a real-time threat. The challenge is to find exactly what the attack will be. Will it be an attack on the World Trade Center or will it be an attack on the Tower of London or will it be an attack on the Eiffel Tower? We need data mining tools that can continue with the reasoning as new information comes in. That is, as new information comes in, the warehouse needs to get updated and the mining tools should be dynamic and take the new data and information into consideration in the mining process.

Real-time Threats In the previous section we discussed non real-time threats where we have time to handle the threats. In the case of real-time threats, there are timing constraints. That is, such threats may occur within a certain time and therefore we need to respond to it immediately. Examples of such threats are the spread of smallpox virus, chemical attacks, nuclear attacks, network intrusions, and bombing of a building before 9am in the morning. The question is what type of data mining techniques do we need for real-time threats? By definition, data mining works on data that has been gathered over a period of time. The goal is to analyze the data and make deductions and predict future trends. Ideally, it is used as a decision support tool. However, the real-time situation is entirely different. We need to rethink the way we do data mining so that the tools can give out results in real-time.

For data mining to work effectively, we need many examples and patterns. We use known patterns and historical data and then make predictions. Often for real-time data mining as well as terrorist attacks, we have no prior knowledge. For example, the attack on the World Trade Center came as a surprise to many of us. As ordinary citizens, there is no way could we have imagined that the buildings would be attacked by airplanes. Another good example is the 2002 sniper attacks in the Washington DC area. Here again, many of us could never have imagined that the sniper would do the shootings from the trunk of a car. So the question is how do we train the data mining tools such as neural networks without historical data? Here we need to use hypothetical data as well as simulated data. We need to work with counter-terrorism specialists and get as many examples as possible. Once we gather the examples and start training the neural networks and other data mining tools, the question is what sort of models do we build? Often the models for data mining are built before hand. These models are not dynamic. To handle real-time threats, we need the models to change dynamically. This is a big challenge.

Data gathering is also a challenge for real-time data mining. In the case of non real-time data mining, we can collect data, clean data, format the data, build warehouses and then carry out mining. All these tasks may not be possible for real-time data mining as there are time constraints. Therefore, the questions are what tasks are critical and what tasks are not? Do we have time to analyze the data? Which data do we discard? How do we build profiles of terrorists for real-time data mining? We need real-time data management capabilities for real- time data mining. From the previous discussion, it is clear that a lot has to be done before we can effectively carry out real-time data mining. Some have argued that there is no such thing as real-time data mining and it will be impossible to build models in real-time. Some others have argued that without real world examples and historical data we cannot do effective data mining. These arguments may be true. However, our challenge is to then perhaps redefine data mining and figure out ways to handle real-time threats. As we have stated, there are several situations that have to be managed in real-time. Examples are the spread of smallpox, network intrusions, and even analyzing data emanating from sensors. For example, there are surveillance cameras placed in various places such as shopping centers and in front of embassies and other public places. The data emanating from the sensors have to be analyzed in many cases in real-time to detect/prevent attacks. For example, by analyzing the data, we may find that there are some individuals at a mall carrying bombs. Then we have to alert the law enforcement officials so that they can take actions. This also raises the questions of privacy and civil liberties. The questions are what alternatives do we have? Should we sacrifice privacy to protect the lives of millions of people? As stated in [3] we need technologists, policy makers and lawyers to work together to come up with viable solutions.

Analyzing the techniques We have discussed data mining both for non real-time threats as well as real-time threats. As we have mentioned, applying data mining for real-time threats is a major challenge. This is because the goal of data mining is to analyze data and make predictions and trends. Current tools are not capable of making the predictions and trends in real-time, although there are some real-time data mining tools emerging and some of them have been listed in [4]. The challenge is to develop models in real-time as well as get patterns and trends based on real world examples. In this section, we will examine the various data mining outcomes discussed in [3] and discuss how they could be applied for counter-terrorism. Note that the outcomes include making associations, link analysis, forming clusters, classification and anomaly detection. The techniques that result in these outcomes are techniques based on neural networks, decisions trees, market basket analysis techniques, inductive logic programming, rough sets, link analysis based on the graph theory, and nearest neighbor techniques. As we have stated in [2], the methods used for data mining are top down reasoning where we start with a hypothesis and then determine whether the hypothesis is true or bottom up reasoning where we start with examples and then come up with a hypothesis. Let us start with association mining techniques. Examples of these techniques are market basket analysis techniques. The goal is to find which items go together. For example, we may apply a data mining tool to data that has been gathered and find that John comes from Country X and he has associated with James who has a criminal record. The tool also outputs the result that an unusually large percentage of people from Country X have performed some form of terrorist attacks. Because of the associations between John and Country X, as well as between John and James, and James and criminal records, one may need to conclude that John has to be under observation. This is an example of an association. Link analysis is closely associated with making associations. While association rule-based techniques are essentially intelligent search techniques, link analysis uses graph theoretic methods for detecting patterns. With graphs (i.e. node and links), one can follow the chain and find links. For example, A is seen with B and B is friends with C and C and D travel a lot together and D has a criminal record. The question is what conclusions can we draw about A? Link analysis is becoming a very important technique for detecting abnormal behavior. Therefore, we will discuss this technique in a little more detail in the next section. Next let us consider clustering techniques. One could analyze the data and form various clusters. For example, people with origins from country X and who belong to a certain religion may be grouped into Cluster I. People with origins from country Y and who are less than 50 years old may form another Cluster II. These clusters are formed based on their travel patterns or eating patterns or buying patterns or behavior patterns. While clustering divides the population not based on any pre-specified condition, classification divides the population based on some predefined condition. The condition is found based on examples. For example, we can form a profile of a terrorist. He could have the following characteristics: Male less than 30 years old, of a certain religion and of a certain ethnic origin. This means all males under 30 years belonging to the same religion and the same ethnic origin will be classified into this group and could possibly be placed under observation. Another data mining outcome is anomaly detection. A good example here is learning to fly an airplane without wanting to learn to take-off or land. The general pattern is that people want to get a complete training course in flying. However, there are now some individuals who want to learn flying but do not care about take-off or landing. This is an anomaly. Another example is John always goes to the grocery store on Saturdays. But on Saturday, October 26, 2002, he goes to a firearms store and buys a rifle. This is an anomaly and may need some further analysis as to why he is going to a firearms store when he has never done so before. Is it because he is nervous after hearing about the sniper shootings or is it because he has some ulterior motive? If he is living say in the Washington DC area, then one could understand why he wants to buy a firearm, possibly to protect him. But if he is living in say Socorro, New Mexico, then his actions may have to be followed up further. Applying data mining for counter-terrorism can have consequences when it comes to privacy and civil liberties. As we have mentioned repeatedly, what are our alternatives? How can we carry out data mining and at the same time preserve privacy? Privacy is beyond the scope of this report. Details can be found in [5].

Link Analysis In this section, we discuss a particular data mining technique that is especially useful for detecting abnormal patterns. This technique is link analysis. More recently there have been several efforts on link analysis, especially to analyze social networks [6] . Link analysis uses various graph theoretic techniques. It is essentially about analyzing graphs. Note that link analysis is also used in web data mining, especially for web structure mining. With web structure mining, the idea is to mine the links and extract the patterns and structures about the web. Search engines such as Google use some form of link analysis for displaying the results of a search. The challenge in link analysis is to reduce the graphs into manageable chunks. As in the case of market basket analysis, where one needs to carry out intelligent searching by pruning unwanted results, with link analysis one needs to reduce the graphs so that the analysis is manageable and not combinatorially explosive. Therefore, results in graph reduction need to be applied for the graphs that are obtained by representing the various associations. The challenge here is to find the interesting associations and then determine how to reduce the graphs. Various graphs theoreticians are working on graph reduction problems. We need to determine how to apply the techniques to detect abnormal and suspicious behavior. Another challenge on using link analysis for counter-terrorism is reasoning with partial information. For example, agency A may have a partial graph, agency B another partial graph and agency C a third partial graph. The question is how do you find the associations between the graphs when no agency has the complete picture? One would ague that we need a data miner that would reason under uncertainty and be able to figure out the links between the three graphs. This would be the ideal solution and the research challenge is to develop such a data miner. The other approach is to have an organization above the three agencies that will have access to the three graphs and make the links. One can think of this organization to be the Homeland security agency. We need to conduct extensive research on link analysis as well as on other data and web data mining techniques to determine how they can be applied effectively for counter-terrorism. For example, by following the various links, one could perhaps trace say the financing of the terrorist operations to the president of say country X. Another challenge with link analysis as well with other data mining techniques is having good data. However, for the domain that we are considering, much of the data could be classified. If we are to truly get the benefits of the techniques, we need to test with actual data. But not all of the researchers have the clearances to work on classified data. The challenge is to find unclassified data that is a representative sample of the classified data. It is not straightforward to do this, as one has to make sure that all classified information, even through implications, is removed. Another alternative is to find as good data as possible in an unclassified setting for the researchers to work on. However, the researchers have to work not only with counter-terrorism experts but also with data mining specialists who have the clearances to work in classified environments. That is, the research carried out in an unclassified setting has to be transferred to a classified setting later to test the applicability of the data mining algorithms. Only then can we get the true benefits of data mining.

References [1] Bolz, F., et al., The Counter-terrorism Handbook: Tactics, Procedures, and Techniques, CRC Press, FL, 2001. [2] Thuraisingham, B., “Web Data Mining Technologies and Their Applications in Business Intel [3] Thuraisingham, B., “Data Mining: Technologies, Techniques, Tools and Trends,” CRC Press, FL, December 1998[4] Kdnuggets, www.kdnuggets.com [5] B. Thuraisingham, Data Mining, National Security, Privacy and Civil Liberties, ACM SIGKDD Explorations, 2002. [6] David Skillicorn, Knowledge Discovery for Counterterrorism and Law Enforcement, CRC Press, 2008

End of Part II

7. SUMMARY AND DIRECTIONS This report has described the ideology, tactics and modus operandi of the terrorist groups. Then it discussed issues on aviation terrorism. Other aspects of terrorism that have not been included in this report include maritime terrorism and law enforcement. Then we discussed applying various information technologies to combat terrorism. This is the first in a series of reports we are writing on terrorists’ tactics and applying information technologies to combat terrorism. In the next report, we will be discussing the finance network for Al-Qaeda and the information technologies to use to analyze this finance network. One way to make a terrorist group ineffective is to thwart their funding. Our ultimate goal is for the agencies to share the right information at the right time to fight the global war on terror.