Terrorist Communication

“In Vietnam we had air superiority, land superiority and sea superiority, but we lost. So I realized there was something more to it…” John Boyd

We will also lose the fight against terror until local law enforcement takes a central role in targeting and detecting individuals inspired to commit terrorist acts by networked extremist organizations. Local law enforcement agencies are situated to act as prime collectors and sensors to see the indicators of a terror attack by non-state actors.

All attacks involve hostile surveillance, whether hasty or deliberate. All attacks by networked extremists entail communication. Activity based intelligence with a focus on terrorist surveillance and communication at a local level is key to public safety.


To stop, reduce, and mitigate these events we must rely on detection, recognition, and reporting at the lowest possible levels. The collection of information and action taken on the street by officers is more natural to the problem than applying the Goliath resources of the nation to protect the US homeland and its citizens.

Our national security entities do not entrust local law enforcement with intelligence requirements for terrorism. The current critique of fusion center activity effect is related to this persistent problem. Until the officer on the street is a fully vested stakeholder in the counterterrorism enterprise, our gains will be few and far between.

Electronic media and means of communication are proven to have enabled terrorist recruitment from afar. The initiation to terror now simplified to a declaration of allegiance. In 2015, the Islamic State of Iraq and the Levant (ISIL) published a guide demonstrating intent to recruit low capability-high intent actors within criminal organizations and gangs. Gang members and criminals are vulnerable to recruitment as with Molenbeek and Paris.


The capability to provide individuals and small groups with abbreviated online training and simple attack constructs has real consequences. The evidence from San Bernardino, Molenbeek, and Orlando demonstrate this. And electronic media provide ‘moral’ encouragement, coaching, and even emotional support for those on the road to terror.


The detection, recognition, and reporting of terrorist communication and surveillance is crucial to defeating attacks. And time is not on our side. Overt and covert electronic communications have shortened the cycle of attack from years and months to mere weeks. From planning and targeting to pre-operational surveillance, the advent of internet tools ramps up the entire cycle.

We buy time whenever we find terrorist communications or surveillance. Detection sooner than later is our preference. Catching real-time threats or attack messaging aimed at triggering a given terrorist event is important. Running toward the sound of gunfire or detonation is only part of law enforcement response.


Open source monitoring by local law enforcement of social media platforms, content analysis of text and images, electronic foot-printing, and link analysis all provide investigative support, a warning or indication with a local nexus. ISIL is active in all fifty states, and the frequency of attack plots is growing. ISIL demonstrates a real capability to act against both ‘near and far’ enemies.

Officers must hone their skill at detecting hostile surveillance by terrorist and criminal actors. Criminals employ the same counter-surveillance and counter-intelligence techniques as terrorists to avoid arrest and protect their criminal enterprise. British security forces learned to deploy forces in such a way as channel terrorist surveillance of targets for covert detection. Create the opportunity to detect hostility. Become adept at recognizing signs and evidence of clandestine messaging, physical and electronic.

Terrorist organizations flounder without reliable communication as the joint purpose derails. The prime function of terrorist command and control is to project intent and authority through a communication system.

Covert communication enables the terrorist underground to function, avoid detection, maintain cover, and transmit secret messages. This skillset is very different and unrelated to the discrete skills and methods of terrorist attack – homemade explosives (HME), small unit tactics, firearms training, and assault planning. The indicators are also very different. We must know how the communication method functions and what evidence or lack thereof indicates covert activity.

We will fail to interdict attacks time and again until local officers know the ground better than the criminal or terrorist adversary. Higher level collection efforts will rarely obtain the needed terrain association and understanding of local conditions. A studied knowledge of the street alone makes the invisible visible and illuminate an otherwise dark network.

Covert communication by networked extremists uses a system of couriers and cut-outs. The system may be physical or electronic or both. Voice, print, radio and electronic communications may all play a part. The hostile intent of networked extremists hinges on the ability to route messages through network nodes.

The redundant messaging creates reliability. Compartmentation in messaging produces security. Networked extremists and criminals balance these issues in a trade-off between the interest in counterintelligence and the need for exposure to develop support in populations vulnerable to terror messaging (or market-share in the narcotics trade).

Tightly structured terrorist groups like Al Qaeda before 9/11 used direct instruction in training camps to foster organization discipline. But loosely structured networks are more prevalent today. The trend is toward the dissemination of open source training with electronic media like Al Qaeda’s online electronic magazine Inspire or ISIL’s Dabiq publication.

With a large global audience, Dabiq and Inspire magazines focus on radicalizing the ‘Far’ enemy and encourage unguided attacks in the West. The Tsarnaev brothers were inspired by electronic media and acted out the April 2013 Boston Marathon bombing from directions contained within.

The current use of various social media platforms currently facilitates radicalization across the globe with great success. Networked extremists use Twitter with effect for terrorist recruitment, attack messaging, and other command communications. These platforms are behind the problem of returning ‘Foreign Fighters’, lone wolf, and wolf pack attacks in Europe and the US.

We know our networked enemies thrive in a complex adaptive environment. This despite the energy and massive resource of numerous nation states dedicated to the counter-terrorism agenda. Light organizations decide and act faster than the vertical bureaucracies which oppose them. Whether tight and disciplined or loose and chaotic both drug trafficking and terrorist networks exploit the flexibility of horizontal organization. And both are unafraid to use violence to achieve goals.

The trend toward loose organizational structures makes them inherently difficult to infiltrate or penetrate with human sources and informants. Individual members do not promote to sensitive roles in these networks. High-level sources do not avail the counter-terrorism effort. Hence the failure to interdict recent attacks in California and Florida. Satellite imagery has little value when searching for children throwing rocks.

Strikes to capture and kill terrorist leadership are mitigated in flat networks with robust organizational continuity plans. Its network disperses its ideology and command intent despite the arrest. The center of gravity shifts in a system that readily replaces functions and roles.

Loose connection to the sprawling horizontal organization of ISIL is visible in the examples of Molenbeek, San Bernardino, and Orlando. It explains the lack of discipline, amateurish tradecraft, and absent counterintelligence protocol. This method succeeds because we are not listening or looking with enough focus at the local level.

These lethal amateurs have no direct contact with the central command of a terrorist organization but remain inspired to act by the extremist cause, cultivated perception of oppression and hatred of the West. Electronic media communicate hate speech and ideology with great effect.

Without access to Inspire magazine and the online teaching of Al Qaeda’s Anwar al-Awlaki, the Boston bombing was unlikely. The internet is used for command and control to recruitment, finance, propaganda, training, and education.

But some elements never change. Both networked extremists and criminals continue to communicate by couriers and cut-outs. Messages are received and safely delivered to persons or places. The courier system maintains the network; it is used to deliver money, equipment, forged documents, contraband, weapons, and propaganda.

Dark organizations know that interception of the messages or contraband carried by courier creates jeopardy. The knowledge possessed by couriers threatens systems and plans. Tight networks like cartels or pre-9/11 Al Qaeda will continuously monitor its courier system for exposure to counter-terrorist forces or law enforcement.

Surveillance cells in cartels (known as halcón or ‘hawks’) communicate observation to cartel sector chiefs or ‘Plaza’ bosses. These leaders message the cartel ‘Central’ command. For tactical and operational communication, cartel relies on a wide-area covert radio network.


The radio network facilitates operations from Mexico to Central America. It is a vast system of radio antennas, signal relays, base stations, and handheld radios. The components in whole are less expensive than mobile options. Radio networks are easy to maintain but difficult to monitor, track, and disrupt.


The electronic methods are faster than the timeworn use of physical couriers, cut-outs, and drops. In Columbia, some strategic communication by Pablo Escobar and the Medellin cartel was sent by carrier pigeon. Escobar signed these airborne messages with a thumbprint for authenticity.


Recent strategic communications by cartel command use a system of cut-outs based on the hybrid use of BBM (Blackberry’s Instant Messaging) and the Internet. Every Blackberry BBM message has an encryption hash. Blackberry does not require name and phone detail to register for the BBM messaging service. It is secure and anonymous.

Cut-outs received BBM messages from both command and operational cells. The cut-outs change their physical location, WiFi access point, and IP address. On receipt of a BBM message, a cut-out transcribes the message to a laptop or pad. The message goes to a second cut-out by the internet. It is sent again by Blackberry to the final recipient.


The man-in-the-middle defeats cellular monitoring. Interception and identification complicated by disparate communication systems and cut-outs. The cut-out does not need to know or ever have direct contact with either sender or receiver.

Networked extremists enhance communication security with encryption, concealment, steganography, and multiple options for access and retrieval. They scheme to anonymize the use of electronic devices and access to the Internet. ISIL developed instruction and guides to secure communications for members.

The transnational operations of El Salvador’s MS-13 gang supported covert communications through gaming consoles, both Sony Playstation and Microsoft Xbox 360. This back channel skirts cellular communication but enabled voice over internet protocol (VOIP), group text chat, virtual world interaction, and video teleconferencing.


Despite the use of radios, pads, laptops, and cellphones, direct physical contact matters. Local law enforcement is best suited to detect it where it happens. Officers know the ground, the people, customs, habits, and social atmosphere where they work.


Covert methods like the ‘Brush Pass’ are familiar to law enforcement. Brief encounters between individuals with objects are common to street narcotics investigations. We draw an analogy between the mechanics of communication and transfer of objects that work for terrorists and criminal alike.


Law enforcement is keen to spot the ‘lingering’ and ‘lurking’ of persons in an area. These behaviors often precede a brush-pass. Officers may observe signals, hand gestures, eye contact, and following before exchange. These actions design to time a pass when both sides feel secure – always prepared to abort or hold off until ready.


Criminals and terrorists alike use ‘Dead Drops.’ Dead drops use concealment and camouflaged containers for messages or contraband that blend into a hide. Dead drops allow two individuals to switch possession of an object without direct interaction like the brush pass.


As with brush-passes, officers will watch for signals for filling or taking objects from dead drops. The use of silent signals may be more sophisticated with terror networks than drug enterprises. But the increasing prevalence of loose network structure says otherwise. Tomorrow’s terrorist will be an amateur.

Covert communication system selected by networked extremists and criminal organization will combine the elements of couriers, cut-outs, passes, and drops in a system. Depending on the transfer requirement, it may be physical or electronic.

By example, a senior leader in a network can send a command by courier to a cut-out at a designated location by dead-drop. The cut-out may then pass the command to a target cell at a second location (also using a dead drop). The cut-out never meets directly with the sender or receiver.


Urban areas offer congested streets, restricted field and angle of view, and dead spaces ideal for concealment and camouflage. And cities are conducive to criminal measures for early warning, security, and counter-surveillance. But an officer’s acute local knowledge of the ground will  make the invisible visible, and reveal the weakness and vulnerability of hostile communications and surveillance.

Semper in Via!

Facebooktwittergoogle_pluslinkedinrssyoutubeby feather
Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather