Tue, 3 Dec 2024

Breaking the Attack Cycle

Breaking the Attack Cycle

Unless spontaneous and opportunistic, criminals and terrorists will have a plan to follow before, during, and after an act. This remains true even for an unsophisticated attack, as even inept criminals or terrorists will make some attempt at preparation.

At each stage of the attack cycle, there are opportunities to detect and disrupt the chain of events.

While it may not always be possible, the objective is to make life harder for those planning a terror or criminal operation. You may force them to slip up and reveal themselves. Certainly, it should not be made easy for them.

The aim of this article is to give an insight into the subject matter we teach our teams, this blog post a summary of key points we teach regarding the Attack Cycle.

We tend to go the extra mile with our teams, not only in this subject but also medical and tactical training.

We hope this brief snippet will also encourage others to think about the stages of the cycle and what steps they can take to protect themselves or their business and reduce their vulnerability as targets.

If you consider yourself a potential target or have a responsibility for others, whether as a business owner or someone working in protective security, then the attack cycle is something you must understand.

Target Selection / Surveillance

Why choose one target over another? Depending on the aims of the operation, there could be many reasons.

Is that house the only one without an alarm? Are the security procedures at that government building too relaxed? Does a certain location have the potential for high victim density?

Attack goals play a significant role in target selection. One criterion is viability. For example, if your house lacks an alarm, it will be a more attractive target for a thief. If your nightclub has a poor door search security policy, you may find yourself dealing with a shooting incident or worse.

In Iraq we can see clearly that some teams are better prepared than others, poor quality uniforms and equipment denotes poor training, they are easier targets.

Would you choose to attack the alert, well drilled, intelligent team? Or the team with kit hanging off them that sleeps and smokes each time the vehicle stops?

To disrupt the attack cycle at this stage, it’s not hard, avoid presenting yourself or your asset as an obvious or an easy / easier target.

Planning

The level of planning can vary significantly depending on the target and the organisation or individuals involved.

Organisations such as the IRA, Al Qaeda, or criminal groups planned at an exceptionally high level. Evidence suggests that planning for the Al Qaeda attack on the Twin Towers began as far back as 1996.

Those involved in attack planning need to know how to execute the operation and what resources are required. There may be opportunities to identify suspicious purchases or thefts of specialised tools, equipment, or chemicals in the lead-up to an operation.

 

Usually, there will be an increase in communication. For government-level intelligence and surveillance agencies, this is a critical indicator of an imminent attack. In the past, failures to notice or share communications have had devastating consequences.

One example is the Omagh bombing carried out by the RIRA in August 1998. There was intelligence leading to the bombers, and GCHQ was monitoring their communication enroute to the target site, but this information was not relayed or shared across all agencies before the attack, we have seen this happen time and time again.

It’s about piecing together a complex puzzle. If the pieces are not shared, the task becomes harder.

Hostile surveillance is likely during the planning stage, and although it may be unsophisticated, it can still be difficult to detect.

For example, when planning a bank robbery, criminals will want to know:

  • Where the entry points are.
  • The locations of alarms.
  • Security guard routines.
  • Window positions.
  • The nearest police station.
  • Pedestrian and traffic patterns.
  • Road and public transport exit routes
  •  

These are just some of the questions for a bank robbery. Planning a more complex act of terrorism or an attack on a protected individual is far more challenging.

The complexity and difficulty may expose attackers during the hostile reconnaissance stage.

This is where guards should be trained, this is where CCTV operators should be trained, they are often your first line of defence.

Have you noticed the same person lingering repeatedly?

Make a note of it. See someone filming suspiciously? Report it. If you work in a protective security team and observe the same faces in different locations, it’s time to take additional precautions.

Deployment / Attack

Well-planned attacks, whether criminal or terror-based, often succeed—especially now that we face a new breed of terrorist adversaries, with attackers are highly motivated, well-trained, and often willing to die.

Less-trained but equally impactful lone wolf attackers are difficult to detect. However, they may operate with the support of networks that have a planning structure similar to that of modern military units, incorporating specialists in communications, logistics, explosives, cyber warfare, and psychological operations.

Once surveillance is complete and planning finalised, it’s time for attackers to deploy and strike.

At this stage, methods to stop or hinder the attack include preventative security measures, such as blast walls, reinforced doors, reactive security teams, and the rapid response of government agencies.

Below are some of the most common types of attacks and corresponding mitigation measures. This is not an exhaustive list but is intended to prompt critical thinking:

Firearm / Weapon Attacks 

Cost-effective, requiring little planning, and easily executed by lone wolves. These attacks often result in high-impact mass casualties and may end in hostage situations.

Examples include the Paris attacks or the murder of Lee Rigby in Woolwich or the 2023 attacks on Children in Annecy, France, with minimal planning and low cost, such attacks can generate significant global impact.

Mitigation Measures

Conduct security drills and use differentiated alarms. While fire alarms and drills are standard in many workplaces, specific alarms and responses for terror attacks outside hostile locations are not. They should be practiced and drilled as with Fire safety.

Vehicle-Borne Improvised Explosive Devices (VBIEDs) 

High-impact, mass-casualty attacks that are relatively easy to plan and can strike from a distance. They also have high psychological value by instilling public fear.

Mitigation Measures

Though large-scale blasts can overwhelm countermeasures, infrastructure such as blast walls, Hesco barriers, blast-resistant films, bollards, and parking restrictions can protect high-value targets. In cities like London, much of the infrastructure is designed to minimise blast impact. Next time you’re in such a city, try spotting these subtle countermeasures.

Complex / Combined Attacks 

These were common in the kinetic periods in conflict zones like Afghanistan and Iraq, these attacks often start with an explosion to weaken defenses, followed by ground assaults involving fighters equipped with suicide vests or heavy weaponry. An example is the Serena Hotel attack in Kabul in 2008.

Mitigation Measures

Blast mitigation measures, such as barriers, improve survivability during the initial phase. Professional, reactive security teams are critical for halting subsequent attack phases. Drills, repeated training, effective communication, and regularly updated contingency planning are essential for preparedness.

Cyber Attacks 

Among the most significant threats to governments and businesses today, many organisations (Especially here in Iraq) remain unprepared and slow to address the risks.

The consequences of an attack on vital infrastructure can be devastating, especially if cyber and physical attacks are combined.

Mitigation Measures

Educate yourself on secure password policies, VPN use, the dangers of public Wi-Fi, and protection against phishing and malware. Regularly change PINs and passwords, avoid reusing them, and clear browsing histories. 

Be mindful of how seemingly minor details can build a target profile. For instance, listing your bank in browser favourites, displaying your birth date on social media, or posting real-time photos of vacations can provide information to potential attackers. 

Conduct regular cybersecurity audits to identify and address vulnerabilities. Work with professionals to probe networks for weaknesses that hackers might exploit. This proactive approach is critical for safeguarding organisational assets.

The key is training, and thankfully there are organisations like ISC2 that can provide you a high level of basic training for free.

The Escape and Exploitation

The escape phase of a criminal act is a vital component in the planning of an operation.

Criminals aim to enjoy the proceeds or outcomes of their crimes while avoiding a life spent languishing in a prison cell.

In recent years, the dynamics of terrorism have evolved, with those carrying out attacks often considered expendable.

At the forefront, these individuals are prepared to die, and escape plans are frequently overlooked. However, at the planning and operational levels, significant effort is devoted to covering tracks and ensuring the escape of key personnel. This allows for the continued planning, supply, and execution of future operations. Within terrorist cells, bomb-makers, logistics teams, and tacticians are far more valued than foot soldiers.

Following attacks, exploitation plays a crucial role as a recruiting tool, a method to spread fear (e.g., execution videos), and as a means to attract further funding.

Groups such as ISIS and Al-Qaeda elevated this to an unprecedented level through prolific use of social media, newsletters, and professionally produced films showcasing their operations and life within their organisations, the production quality of Hamas and the Islamic Resistance of Iraq has developed even more so.

These methods are highly effective. Despite efforts by Western agencies to block accounts and remove content, such materials continue to proliferate across the internet with ease.

Terrorist attacks, by their nature, are high-profile, always newsworthy, and invariably shocking; however, thankfully they remain relatively rare.

The majority of worldwide attacks have occurred in just three countries: Afghanistan, Iraq, and Pakistan.

In Western Europe, between 2000 and today, there were less people killed by terrorists than are murdered in the United States each year.

The likelihood of being subjected to a terrorist event is low, even in a high risk zone, but the possibility is real. Threats are ever-present.

Vigilance serves as both a safeguard and a deterrent. Complacency, on the other hand, increases vulnerability.

Stay aware, educate yourself about the risks, learn the appropriate precautions to take, and seek professional assistance when necessary.

At Al Zaeem we are on hand to help 24 hours a day, for security, training and consultancy. The above is a basic introduction to the skills we teach our staff, to dive deep, give us a call!