An Analysis of Al-Qaida Tradecraft is the 'companion document' to DSSi's Hunting the Sleepers:
http://www.metatempo.com/huntingthesleepers.pdf
This analysis of what is portrayed as Al-Qaida's tradecraft will be largely parenthetical; it is based on the HTML document made possible by John Young's Cryptome effort, and the original (unedited, uncommented, unredacted) is available at:
http://cryptome.org/alq-terr-man.htm
Comments on the text will be contained within brackets and italicized [as such] so they can be distinguished from the original text and Cryptome comments.
The analysis of this tradecraft has, as its primary focus, the identification of 'sleeper' (covert) operators so that they can be neutralized; please see DSSi's Hunting the Sleepers for a less disjointed and referential approach.
Analysis is a complicated matter, and relies heavily upon the skill and experience of the analyst; in this case, the primary analyst has over 20 years of unconventional warfare and intelligence experience. Tradecraft can be defined as the means and methods of intelligence and espionage, the processes used by intelligence officers, operators, and assets (agents) to go about their business. The intelligence community, as well as 'non-State actors' such as Al-Qaida, train personnel in tradecraft dogmatically--a set of rote procedures to accomplish a purpose. This creates inherent weakness in the personnel--without understanding the fundamentals of the tradecraft, they can't "improvise, adapt, and overcome" very well. Any rote procedure creates a vulnerability that can be turned to an opponent's advantage, and in this case, perhaps that advantage can lead to identification and neutralization of Al-Qaida sleeper agents. The killing of innocents, by any side, in any conflict, is reprehensible and should be prevented, but not at the cost of limiting the freedoms, the pursuit of life and liberty that is essential to happiness. It's like going into a knife fight with a dull blade and one hand tied behind your back, but to do otherwise makes the fight, and a victory, meaningless.
[This is the original Cryptome document introduction.]
8 December 2001. Thanks to WM and SA.
Several commentators have observed that this manual appears to be a compilation of material drawn from various military, intelligence and law enforcement manuals for internal security, guerilla and covert operations around the globe, and thus is not unique for its alleged sponsorship by Al Qaeda -- which is not mentioned in the manual. Most of these manuals make use of each other's offerings and are studied and emulated worldwide by internal security, military, intelligence and commercial organizations for offensive and defensive purposes. For more on "terrorism manuals," search Google on the term.
[True. Just as in the hacker community, where details of a technical vulnerability can cross the globe in minutes, and 'exploit' code can become available in hours, the 'tempo' of communication and information sharing among non-State actors is rapid, and a contributing factor in why they are formidable opponents. What one group finds useful quickly propagates to other groups for application, an 'evolution' that is difficult for bureaucratic organizations, such as conventional military and intelligence organizations, to respond to.]
A more comprehensive "Encyclopedia of the Afghan Jihad" was allegedly discovered in September 2001 which was claimed to be so frightening that most of it could not be made public -- not unlike claims made by the Department of Justice for parts of this manual.
It is not yet clear whether any of these manuals are authentic, or are fabrications for disinformation and propaganda, as described in The Creation and Dissemination of All Forms of Information in Support of Psychological Operations (PSYOP) in Time of Military Conflict.
Comments for publication (or not) welcome; send to: jya@pipeline.com
A reader suggests comparing with manuals of the School of the Americas:
http://www.soaw.org/soam.html
Released by the Department of Justice on December 7, 2001.
Source: http://www.justice.gov/ag/trainingmanual.htm
The manual is cited in the embassy bombing trial on Days 22, 37, 38, 42 and 47, at, respectively, pages 3333 ff., 5273 ff., 5475 ff., 5986 ff. and 6288 ff.. Here is the information in the trial transcript about finding the manual, which was Exhibit 1677-T (p. 3333.):Al Qaeda Training Manual The attached manual was located by the Manchester (England) Metropolitan Police during a search of an Al Qaeda member's home. The manual was found in a computer file described as "the military series" related to the "Declaration of Jihad." The manual was translated into English and was introduced earlier this year at the embassy bombing trial in New York. The Department is only providing the following selected text from the manual because it does not want to aid in educating terrorists or encourage further acts of terrorism.
Al Qaeda Training Manual
Cover - Lesson 4
Lesson 5 - Lesson 8
Lesson 9 - Lesson 11
Lesson 12 - End
1. That on May 10, 2000 the residence of Nazih al Wadih Raghie located in Manchester, United Kingdom was searched and the following items were seized by the British authorities: Below that is listed the Government Exhibit numbers and the Bates numbers for 1650, 1675, 1676, 1677, 1677-T as well as 1678. It is further stipulated and agreed that the other materials produced by the government in discovery pertaining to these searches are also authentic photographs or other reproductions of films seized or documents copied from computers seized from the premises.No address was provided for the Raghie residence.
Fifteen pages of the training manual not released by DoJ but published by The Smoking Gun have been inserted: pages 69, 153-160, 170-175.
Missing pages 70-74, 99-152 and 161-169 are welcomed. Send to: jya@pipeline.com
Source: http://www.justice.gov/ag/manualpart1_1.pdf (1.1MB)
The Al Qaeda Manual
The attached manual was located by the Manchester (England) Metropolitan Police during a search of an al Qaeda member’s home. The manual was found in a computer file described as “the military series” related to the “Declaration of Jihad.” The manual was translated into English and was introduced earlier this year at the embassy bombing trial in New York.
______________________________
CONTENTS
[by Cryptome]
Cover First Lesson - General Introduction
Second Lesson - Necessary Qualifications and Characteristics for the Organization's Members
Third Lesson - Counterfeit Currency and Forged Documents
Fourth Lesson - Organization Military Bases, "Apartments Places" - Hiding
Fifth Lesson - Means of Communication and Transportation
Sixth Lesson - Training
Seventh Lesson - Weapons: Measure Related to Buying and Transporting Them
Eight Lesson - Member Safety
Ninth Lesson - Security Plan
Tenth Lesson (partial) - Definition of Special Operations
Eleventh Lesson - Espionage (1) Information-Gathering Using Open Methods
Twelfth Lesson - Espionage (2) Information-Gathering Using Covert Methods
13th, 14th and 15th Lessons not available
Sixteenth Lesson (partial) - Assassinations Using Poisons and Cold Steel
Seventeenth Lesson (partial) - Torture Methods
Eighteenth Lesson - Prisons and Detention Centers
[Stamp] GOVERNMENT EXHIBIT 1677-T UK/BM-1 TRANSLATION IT IS FORBIDDEN TO REMOVE THIS FROM THE HOUSE UK/BM-2 TRANSLATION DECLARATION OF JIHAD [HOLY WAR] AGAINST THE COUNTRY’S TYRANTS MILITARY SERIES [Emblem]: A drawing of the globe emphasizing the Middle East and Africa with a sword through the globe [On the emblem:] Military Studies in the Jihad [Holy War] Against the Tyrants UK/BM-3 TRANSLATION [E] 19/220 In the name of Allah, the merciful and compassionate PRESENTATION To those champions who avowed the truth day and night... ...And wrote with their blood and sufferings these phrases... -*- The confrontation that we are calling for with the apostate regimes does not know Socratic debates..., Platonic ideals..., nor Aristotelian diplomacy. But it knows the dialogue of bullets, the ideals of assassination, bombing, and destruction, and the diplomacy of the cannon and machine-gun.[This is interesting rhetoric, but most notable is the 'apostate' reference. While the U.S. concentrates on the events of 11Sept2001, the use of the term is directed at Islamic States that don't meet the interpretation of Al-Qaida's view of Islam, notably Saudi Arabia. This implies that the U.S.-centric view of the world, and the 'war on terror' in particular, have little to do with how Al-Qaida itself sees the conflict: control of Islam, control of the Holy Cities.]
***... Islamic governments have never and will never be established through peaceful solutions and cooperative councils. They are established as they [always] have been by pen and gun by word and bullet by tongue and teeth[The two components that contribute to the world-view of an Al-Qaida member, culture and religious interpretation, are unified in a way that occurs naturally in a 'warrior culture' (see Japan's 'bunbu itchi' or 'pen and sword in accord') but is largely alien to the Western form of thought. Islam is not 'just a religion,' but a way of life; this interpretation of Islam, therefore, makes the struggle ('jihad'--poorly translated in this document, which would have the reader believe it was merely about fighting and force of arms, rather than of ideas and an ontology) as inherent as breathing. This is no room for compromise, no room for reinterpretation, no way to surrender short of death itself.]
UK/BM-4 TRANSLATION In the name of Allah, the merciful and compassionate Belongs to the guest house Please do not remove it from the house except with permission.[If this is a reference to the original document itself, it shows a rather naive approach to operations security (opsec). On the other hand, it is probably a novel concept that tradecraft can be attacked, or taken advantage of, so control of the handbook is likely considered to be less important than the details of planned operations. Note that the U.S. itself is split on this issue--concerns for 'sources and methods' in the intelligence community, while the U.S. military makes their Field Manuals (FMs) available for similar vulnerability analysis and exploitation.]
[Emblem and signature, illegible]
UK/BM-5 TRANSLATION
Pledge,O Sister
To the sister believer whose clothes the criminals have stripped
off.
To the sister believer whose hair the oppressors have shaved.
To the sister believer who's body has been abused by the human
dogs.
To the sister believer whose...
Pledge, O Sister
Covenant, O Sister ... to make their women widows and their
children orphans.
Covenant, O Sister ... to make them desire death and hate
appointments and prestige.
Covenant, O Sister ... to slaughter them like lambs and let the
Nile, al-Asi, and Euphrates rivers flow with their blood.
Covenant, O Sister ... to be a pick of destruction for every
godless and apostate regime.
Covenant, O Sister ... to retaliate for you against every dog
who touch you even with a bad word.
[The language here is worth considering for what it tells us about the mindset and profile of an Al-Qaida operator. First, the language is intentionally chosen, and selected from various areas of the Qur'an. Clothes are given by Allah for protection and beautification ("We have sent down clothes for you so that it covers the private parts of your body and also should be the means of protection and beautification for your body, and the best clothing is the clothing of piety. This is one Sign from the Signs of Allâh; perhaps people may learn lesson from it"); loss of clothing (piety) comes from betrayal of the agreement with Allah (the Covenant with Allah is the Qur'an; "it should not be that Satan involve you again in the mischief the way he had gotten your parents (Adam and Hawwa) out of Paradise and had stripped them off from their clothes in order to uncover their private parts to each other") or by force. Shaving is a sign of non-belief, but also an element of the Hajj ("sacrifice a Hady (animal, i.e. a sheep, a cow, or a camel, etc.) such as you can afford, and do not shave your heads until the Hady reaches the place of sacrifice") with implications regarding what is known of the 11Sept2001 operators (did their shaving indicate that martyrdom was completion of an act of pilgrimage, with themselves as the sacrifice?). The references to the covenant, the agreement with Allah as delivered to the Prophet as the Qur'an, and 'o sister' are calls to fealty and commitment; in the points, it is obviously to martytdom and sacrifice of self in the greater struggle (Dar al-Harb, the House of War).]
UK/BM-6 TRANSLATION
In the name of Allah, the merciful and compassionate
Thanks be to Allah. We thank him, turn to him, ask his
forgiveness, and seek refuge in him from our wicked souls and bad
deeds. Whomever Allah enlightens will not be misguided, and the
deceiver will never be guided. I declare that there is no god
but Allah alone; he has no partners. I a l s o declare that
Mohammed is his servant and prophet.
[Koranic verses]:
"O ye who believe! Fear Allah as He should be feared, and die not
except in a state of Islam"
"O mankind! Fear your guardian lord who created you from a single
person. Created, out of it, his mate, and from them twain scattered
[like seeds] countless men and women; fear Allah,through whom ye
demand your mutual [rights], and be heedful of the wombs [that
bore you]: for Allah ever watches over you."
"O ye who believe! Fear Allah, and make your utterance straight
forward: That he may make your conduct whole and sound and
forgive you your sins. He that obeys Allah and his messenger, has
already attained the great victory."
Afterward,
The most truthful saying is the book of Allah and the best
guidance is that of Mohammed, God bless and keep him.
[Therefore,]the worst thing is to introduce something new, for
every novelty is an act of heresy and each heresy is a deception.
[This is particularly striking in that it is an expansion of the Prophet's marriage sermon. The introduction is expanded with the 'deceiver' comment. What are identified as 'Koranic verses' are Qur'an 3:102, 4:1, and 33:70-71. The afterward is new, but calls upon the Qur'an's definition of deception as the tool of evil to beguile the believer with the attractions of the world, another call to personal sacrifice to escape from the illusion. Why is this striking? The use of the marriage sermon is probably an element in the initiation into Al-Qaida, part of the enrollment process, and so shows the personal connection between Al-Qaida and its membership.]
UK/BM-7 TRANSLATION
Martyrs were killed, women were widowed, children were orphaned,
men were handcuffed, chaste women's heads were shaved, harlots'
heads were crowned, atrocities were inflicted on the innocent,
gifts were given to the wicked, virgins were raped on the
prostitution alter...
After the fall of our orthodox caliphates on March 3, 1924 and
after expelling the colonialists, our Islamic nation was
afflicted with apostate rulers who took over in the Moslem
nation. These rulers turned out to be more infidel and criminal
than the colonialists themselves. Moslems have endured all kinds
of harm, oppression, and torture at their hands.
[3Mar1924 was Atatürk's abolishment of the Sultanate and Caliphate, and the region plunged into internecine conflict.]
Those apostate rulers threw thousands of the Haraka Al-Islamyia
(Islamic Movement) youth in gloomy jails and detention centers
that were equipped with the most modern torture devices and
[manned with] experts in oppression and torture. Those youth had
refused to move in the rulers' orbit, obscure matters to the
youth, and oppose the idea of rebelling against the rulers. But
they [the rulers] did not stop there; they started to fragment
the essence of the Islamic nation by trying to eradicate its
Moslem identity. Thus, they started spreading godless and
atheistic views among the youth. We found some that claimed that
socialism was from Islam, democracy was the [religious] council,
and the prophet-God bless and keep him-propagandized communism.
Colonialism and its followers, the apostate rulers, then started
to openly erect crusader centers, societies, and organizations
like Masonic Lodges, Lions and Rotary clubs, and foreign schools.
They aimed at producing a wasted generation that pursued
everything that is western and produced rulers, ministers,
leaders, physicians, engineers, businessmen, politicians,
journalists, and information specialists. [Koranic verse:] "And
Allah's enemies plotted and planned, and Allah too planned, and
the best of planners is Allah."
[Note the revulsion, but also the implication of conspiracy (Masonic
Lodges, etc.); the neo-Luddite denunciation of learned professions is not
supported by Islam, nor by the cultures of the region. 3:54 is the referenced
verse from the Qur'an; the implication being that the plans of Al-Qaida
are the plans of Allah.]
UK/BM-8 TRANSLATION
They [the rulers] tried, using every means and [kind of]
seduction, to produce a generation of young men that did not know
[anything] except what they [the rulers] want, did not say except
what they [the rulers] think about, did not live except according
to their [the rulers') way, and did not dress except in their
[the rulers'] clothes. However, majestic Allah turned their
deception back on them, as a large group of those young men who
were raised by them [the rulers] woke up from their sleep and
returned to Allah, regretting and repenting.
The young men returning to Allah realized that Islam is not just
performing rituals but a complete system: Religion and
government, worship and Jihad [holy war], ethics and dealing with
people, and the Koran and sword. The bitter situation that the
nation has reached is a result of its divergence from Allah's
course and his righteous law for all places and times. That
[bitter situation] came about as a result of its children's love
for the world, their loathing of death, and their abandonment of
Jihad [holy war].
Unbelief is still the same. It pushed Abou Jahl- may Allah curse
him-and Kureish's valiant infidels to battle the prophet - God
bless and keep him - and to torture his companions - may Allah's
grace be on them. It is the same unbelief that drove Sadat,
Hosni Mubarak, Gadhafi, Hafez Assad, Saleh, Fahed -Allah's curse
be upon the non-believing leaders - and all the apostate Arab
rulers to torture, kill, imprison, and torment Moslems.
These young men realized that an Islamic government would never
be established except by the bomb and rifle. Islam does not
coincide or make a truce with unbelief, but rather confronts it.
The confrontation that Islam calls for with these godless and
apostate regimes, does not know Socratic debates, Platonic ideals
nor Aristotelian diplomacy. But it knows the dialogue of
bullets, the ideals of assassination, bombing, and destruction,
and the diplomacy of the cannon and machine-gun.
The young came to prepare themselves for Jihad [holy war],
commanded by the majestic Allah's order in the holy Koran.
[Koranic verse:] "Against them make ready your strength to the
utmost of your power, including steeds of war, to strike terror
into (the hearts of) the enemies of Allah and your enemies, and
others besides whom ye may not know, but whom Allah doth know."
UK/BM-9 TRANSLATION
I present this humble effort to these young Moslem men who are
pure, believing, and fighting for the cause of Allah. It is my
contribution toward paving the road that leads to majestic Allah
and establishes a caliphate according to the prophecy.
According to Imam Ahmad’s account, the prophet - God bless and
keep him - said,...
[A few lines of Hadith
verses, not translated]
UK/BM-10 TRANSLATION
GENERAL INTRODUCTION
UK/BM-11 TRANSLATION
5- We cannot resist this state of ignorance unless we unite our
ranks, and adhere to our religion. Without that, the establishment
of religion would be a dream or illusion that is
impassible to achieve or even imagine its achievement. Sheik Ibn
Taimia - may Allah have mercy on him - said, "The interests of
all Adam's children would not be realized in the present life,
nor in the next, except through assembly, cooperation, and mutual
assistance. Cooperation is for achieving their interests and
mutual assistance is for overcoming their adversities. That is
why it has been said, 'man is civilized by nature.' Therefore,
if they unite there will be favorable matters that they do, and
corrupting matters to avoid. They will be obedient to the
commandment of those goals and avoidant of those immoralities.
It is necessary that all Adam's children obey."
He [Sheik Inb Taimia] then says, "It should be understood that
governing the people's affairs is one of the greatest religious
obligations. In fact, without it, religion and world [affairs]
could not be established. The interests of Adam's children would
not be achieved except in assembly, because of their mutual need.
When they assemble, it is necessary to [have] a leader. Allah's
prophet - God bless and keep him - even said, 'If three [people]
come together let them pick a leader.' He then necessitated the
rule by one of a small, non-essential travel assembly in order to
draw attention to the remaining types of assembly. Since Allah
has obligated us to do good and avoid the unlawful, that would
not be done except through force and lording. Likewise, the rest
of what he [God] obligated [us with] would not be accomplished
except by force and lordship, be it Jihad [holy war], justice,
pilgrimage, assembly, holidays, support of the oppressed, or
the establishment of boundaries. That is why it has been said,
"the sultan is Allah's shadow on earth.1"
____________________
1 The book "Tharwat Al-Sinam Fe Al-Ta'at wa Al-Nizam," by
Ibrahim Al-Masri, copying from Al-Fannawi Ibn Taimi's collection,
28-380.
UK/BM-12 TRANSLATION
Principles of Military Organization:
Military Organization has three main principles without which it
cannot be established.
1. Military Organization commander and advisory council
2. The soldiers (individual members)
3. A clearly defined strategy
[A structure--hierarchical--defined by a common purpose. This is characteristic of 'voluntarist' organizations--members are self-selecting, but of varying degrees of dedication. A 'core cadre' comprises the command function, those completely dedicated to the purposes of the organization. A 'clearly defined strategy' is therefore essential in holding the organization together, since the majority of the membership will not be part of the core. One of the critical points necessary in understanding Al-Qaida's organizational structure and decision process is whether cells are under positive (directed, commanded: "go do this") or negative (coordinated, given constraints, told when something is a problem: "don't do that") control. Positive control requires far more communication (C3: command, control, communications) than does negative control (which is much more "fire and forget"--initiate an operation, but leave cells to handle things pretty much on their own). Organizations requiring positive control are more vulnerable in certain respects--more communication, the necessity of communication, etc. Negative control organizations leave operating cells with more autonomy, and they are thus more difficult to disrupt. Cells operating 'on their own' as it were would need a guiding strategy to help problem-solve without resorting to potentially dangerous communication with 'command' (which may betray the identity of sleepers), so the more clearly and simply the strategic parameters can be established, the better for individual members.]
Military Organization Requirements:
The Military Organization dictates a number of requirements to
assist it in confrontation and endurance. These are:
1. Forged documents and counterfeit currency
2. Apartments and hiding places
3. Communication means
4. Transportation means
5. Information
6. Arms and ammunition
7. Transport
[Note the mix of enablers, sanctuary, tools and tradecraft, intelligence, and armament. By no means is this a complete, or even an ordered (most important or greatest priority first), list; see Hunting the Sleepers for applicable rules of thumb for this sort of work.]
Missions Required of the Military Organization:
The main mission for which the Military Organization is
responsible is:
The overthrow of the godless regimes and their replacement with
an Islamic regime. Other missions consist of the following:
[This 'mission statement' for Al-Qaida is clearly directed at 'apostate' States such as Saudi Arabia (a primary focus as the land of the Prophet and location of the two most Holy Cities in Islam). Note that the missions are operationally focused, and again, not in what one would consider an 'order of importance.']
1. Gathering information about the enemy, the land, the
installations, and the neighbors.
[Tactical intelligence, of direct application to operations. This is like casting a large net to catch a certain sort of fish--a wide intelligence program to look for vulnerabilities that can be exploited. 'Local' intelligence is important for sleepers in order to blend in.]
2. Kidnaping enemy personnel, documents, secrets, and arms.
[Kidnapping is directly against the principles of good 'operations security' (opsec) for a sleeper. Capture of documents, secrets, and armaments is higher risk than one would assume for sleepers. In all probability, this is a 'rule' for guerrilla war (where it goes make sense) that sleepers would be told to ignore. Some terrorist groups do consider kidnapping--for profit, for intelligence, for the media, etc.,--so inclusion of these sorts of points are indicators that the manual is a more general primer that requires specific additional training.]
3. Assassinating enemy personnel as well as foreign tourists.
[Again, a function of some terrorist groups--Egyptian, South American, etc. Enemy personnel could be assassinated by sleeper agents, but tourists are too high profile for safety. Tourists are targets because of the economic impact that such casualties cause.]
4. Freeing the brothers who are captured by the enemy.
[An extremely dangerous and high-profile sort of operation. Planning for this sort of operation is incredibly complex, and needs to account for the risk/return factor. Are the numbers of prisoners worth the risk? Has little enough time passed that the information they could provide to the enemy has not yet been acquired (interrogation and torture establish a clock on how long such information can be assumed to be uncompromised--torture in particular is like a downhill bicycle race)? It wasn't surprising that the uprising in the prisoner-of-war camp, where armaments were smuggled to the prisoners, occurred--it's a lower risk solution to the same problem, it makes the job of guarding prisoners more difficult (yes, it encourages killing prisoners, which only stiffens the resolve of those that remain free to not be captured), and prisoners may succeed in freeing themselves.]
5. Spreading rumors and writing statements that instigate
people against the enemy.
[Psychological Operations (PSYOP), which requires operational sophistication to accomplish. Written statements requires a population that can read. Other media require receivers (which require power, of one sort or another). Internal and defensive PSYOP could be handled by 'whisper campaigns' but in many ways, it's better to let the enemy "do themselves in" as the U.S. did in Vietnam. In Afghanistan, for example, the Northern Alliance are going to be their own worst enemy--they're little better than the Taliban in many ways, they enjoy little popular support that will persist over time, and their failings contributed to the rise of the Taliban in the first place. Taliban strategic retreats can be spun in PSYOP terms--they were done to move military attacks away from civilian centers--while letting the issue of governance fall to the Alliance, a PSYOP disaster-in-the-making for the Alliance and its supporters.]
6. Blasting and destroying the places of amusement, immorality,
and sin; not a vital target.
[Not a vital target, but possible points of leverage. Members of the 11Sept2001 sleeper cells visited Las Vegas. Among the many interesting points about Las Vegas are the large numbers of tourists that stay in a very small number of facilities. Anthrax or some other biological warfare (BW) agent delivered to the casino/hotel systems (through air circulation systems, HVAC) would expose tens of thousands at a time; most of those individuals would enter the mass transportation systems (airports, aircraft, trains, buses), spreading the infectious agent/infection, and arriving back at their home destinations before common incubation periods would become an issue. Yes, the CDC is prepared to deliver 'push-packages' to cities in the U.S., but could it handle tens of thousands of possible cases throughout the entire U.S. and the world? Could airports and aircraft be decontaminated effectively? The 'test cases' of anthrax through the U.S. postal system expose the frightening potential of BW agents--the spores persist, travel, and are a trickier problem than thought. Even with few fatalities, the mass transportation systems of the U.S. would come to a crashing halt.]
7. Blasting and destroying the embassies and attacking vital
economic centers.
[The prior attacks of Al-Qaida fell mostly in this category, including the events of 11Sept2001. Attacking economic centers is an interesting evolution in terrorism. Terror attacks could be on leadership (assassination), strategic, or attrition. The strategic implication of economic center attacks is to create a relative weakness--if the U.S. (or Saudi Arabia--this isn't U.S.-centric) feels the economic 'pinch' of the attacks, it cascades throughout the economy (yes, the return of the 'domino' theory, only it does apply in economics while it didn't in geopolitics). Much of the U.S.'s military strength comes from the ability to trade dollars for lives--putting military equipment at risk, rather than soldiers. World War II was largely won by the U.S.'s ability to keep throwing materiel into the fight, while depriving the enemy of their own economic power. Political implications are also critical--failing economies tend to force Americans to look domestically, and have less interest outside the borders. Mass attrition attack remain another possibility--use of some Weapon of Mass Destruction (nuclear, chemical, biological, radiological) to kill large numbers of the population, critical population segments (financial, early responders, etc.), or deny critical locations (Wall Street and other exchanges, Silicon Valley, etc.).]
8. Blasting and destroying bridges leading into and out of the
cities.
[Cities have 3-7 days of 'inertia'--supplies on the shelves necessary to support the population. Some cities are more vulnerable than others (e.g. the California Bay Area), and some cities would be in trouble even more rapidly if additional attacks were staged (water, sanitation, power). While not mentioned, it should be assumed that tunnels and mass transportation 'nexus' points would be considered targets as well.]
[These points are an odd mix of 'sleeper-possible' targets and more
conventional guerrilla/terror targets. Sleepers are hoarded--a player only
uses such pieces on the board when the sacrifice is worth the move. What
a commander is willing to 'spend' sleepers on is indicative of resources
(how many sleepers), and the risk/return decision-making process. If the
tape of the bin Laden gathering that the U.S. Department of Defense released
is accurate, what should be considered 'chilling' is not the scale of death
that was achieved, but that the original operational 'battle damage assessment'
was predicted to be much lower than actual. At the cost of ~20 lives and
$500,000US, the operation would kill the passengers, and a contained number
of floors in WTC (as well as the financial consequences--critical to factor
in, if Al-Qaida profited by their foreknowledge of the attacks in the financial
markets). Either Al-Qaida has more sleepers at their disposal than one
would like to imagine, or the cost per casualty in terms of risk/return
is very different than is commonly assumed. Complicating the assessment
is the certain knowledge of the probable U.S. response to the attacks.
Something more is clearly going on than a 'one-off' attack.]
UK/BM-13 TRANSLATION
Importance of the Military Organization:
1. Removal of those personalities that block the call's path.
[A different handwriting:] All types of military and
civilian intellectuals and thinkers for the state.
2. Proper utilization of the individuals' unused capabilities.
3. Precision in performing tasks, and using collective views on
completing a job from all aspects, not just one.
4. Controlling the work and not fragmenting it or deviating
from it.
5. Achieving long-term goals such as the establishment of an
Islamic state and short-term goals such as operations
against enemy individuals and sectors.
6. Establishing the conditions for possible confrontation with
the regressive regimes and their persistence.
7. Achieving discipline in secrecy and through tasks.
[The translation for this section is clearly awkward and leaving much to be desired. Rather than 'importance,' this is probably best thought of as 'purpose' or 'function.' As seems to be the pattern, this is not an ordered list (item 5 would be near the top if it were). Item 1 is a function of expedience--remove obstacles. Item 2 turns to personal empowerment for the betterment of the organization--use the talents and skills of the personnel. Item 3 could almost come from a popular culture management text--do the job right, get the team to provide their input to accomplish the job. Item 4 is more management 'wisdom'--stay on purpose, stay on message; what's interesting is the way this plays off against compartmentalization, where leadership would break a project up into tasks for security purposes. Cells of the organization are clearly directed to be as self-sufficient in operations as possible--a different approach to security. Compartmentalization is useful when team members are security risks, and full knowledge with a cell would compromise the overall operation. Centralization of 'the work' implies a certain degree of trust in the cell members, while not trusting communication channels or other 'support' cells. The 11Sept2001 cells knew the rough parameters of the missions, as well as the fact that they were chosen for 'martyrdom' missions; if the bin Laden tape released by the U.S. Department of Defense is accurate, cell members didn't know the exact target of the mission until shortly before the operation took place. This still implies a great deal of trust in the cell members (the time between selection/training and the operation was considerable); they had little supervision, access to considerable resources, and could have 'defected' at any time, but didn't. Item 5 is the primary focus of Al-Qaida; Saudi Arabia is the essential target, although Afghanistan was an opportunity that Al-Qaida seemed to feel it couldn't pass up. Item 6 facilitates item 5--if you can't establish an Islamic (in their interpretation of Islam) State, then prepare the way through operations, building a support base, laying the ground work. In retrospect, item 6 may explain much of bin Laden's focus during the U.S.-supported Afghan war against the Soviets--the real question is whether his planning horizon was that far out in time. Item 7 is essential in any opposition force--in an ordered list, it would be near the top. Security is safety, the luxury of continued existence, planning, and operations. The fact that Al-Qaida appears not to have suffered a human penetration (HUMINT, or human intelligence), and takes care of their operations security (against signals and technical intelligence, SIGINT and TECHINT), means that discipline is very good indeed.]
UK/BM-14 TRANSLATION
NECESSARY QUALIFICATIONS AND CHARACTERISTICS
FOR THE ORGANIZATION’S MEMBERS
UK/BM-15 TRANSLATION
Necessary Qualifications for the Organization’s members
1 - Islam:
The member of the Organization must be Moslem. How can an
unbeliever, someone from a revealed religion [Christian,
Jew], a secular person, a communist, etc. protect Islam and
Moslems and defend their goals and secrets when he does not
believe in that religion [Islam]? The Israeli Army requires
that a fighter be of the Jewish religion. Likewise, the
command leadership in the Afghan and Russian armies requires
any one with an officer’s position to be a member of the
communist party.
[The aim of Al-Qaida is, after all, to establish Islamic States (by their interpretation); this can't well be accomplished by non-moslems (nobody has your self-interest at heart quite as much as yourself).]
2 - Commitment to the Organization’s Ideology:
This commitment frees the Organization’smembers from
conceptional problems.
[This is a "leave the thinking to us" sort of argument--accept the interpretation of the leadership, they'll tell you what's right and what's wrong. In Islam, one of the defining points between Shi'a and Sunni is whether a 'middleman' (mullah, ayatollah, cleric, etc.) is interposed between a moslem and Allah. This may be coming from the Wahhabism influence in Al-Qaida, where many moslems are considered in jahiliyya (pre-Islamic barbarism) or apostate. Most interesting is the organizational implication--hierarchical control comes in part from control of interpretation, which is similar to the old Soviet approach (where the definition of a 'good communist' and the 'dialectic' were controlled by the Party).]
3 - Maturity:
The requirements of military work are numerous, and a minor
cannot perform them. The nature of hard and continuous work
in dangerous conditions requires a great deal of
psychological, mental, and intellectual fitness, which are
not usually found in a minor. It is reported that Ibn Omar
- may Allah be pleased with him - said, “During Ahad
[battle] when I was fourteen years of age, I was submitted
[as a volunteer] to the prophet - God bless and keep him.
He refused me and did not throw me in the battle. During
Khandak [trench] Day [battle] when I was fifteen years of
age, I was also submitted to him, and he permitted me [to
fight].
[Contrast this approach with that of many drug distribution networks in the West, where legal minors are chosen for many tasks in the final 'meet the consumer' phase of drug transactions because of the legal benefits and privileges of legal minority in the criminal justice system. Guerrilla warfare certainly utilizes what are considered 'children' in the West, but Al-Qaida needs individuals more capable (and sleepers need the privileges of legal majority).]
4 - Sacrifice:
He [the member] has to be willing to do the work and
undergo martyrdom for the purpose of achieving the goal and
establishing the religion of majestic Allah on earth.
[The argument between interpretation of Qur'an for and against martyrdom is too extensive to enter into here. As referenced earlier, however, regarding shaving and whether the 11Sept2001 operators should be considered as self-'sacrifices.' The Qur'an is not quite as clear on suicide as many make it out to be. 4:29 of the Qur'an says, in one translation: "O ye who believe! Eat not up your property among yourselves in vanities: But let there be amongst you Traffic and trade by mutual good-will: Nor kill (or destroy) yourselves: for verily Allah hath been to you Most Merciful!" This is not the strongest of language against suicide; in Western languages, it seems more like "don't kill yourself, Allah has given you much to live for." Another translation muddies the water further: "O you who believe! do not devour your property among yourselves falsely, except that it be trading by your mutual consent; and do not kill your people; surely Allah is Merciful to you." This translation makes more sense in the context, and refers not to suicide, but the killing of fellow moslems (Dar al-Islam, the House of Islam). If this interpretation is the 'proper' one for Al-Qaida, what of the moslems killed in the 11Sept2001 attacks? Are they jahiliyya or apostate? Or is the 'benefit of the doubt' given that they were indeed true and faithful moslems? The Qur'an states in 2:190: "Fight in the cause of Allah those who fight you, but do not transgress limits; for Allah loveth not transgressors." Al-Qaida wouldn't be in a 'state of Islam' if they killed fellow moslems without making amends. 4:92 of the Qur'an says: "Never should a believer kill a believer; but (If it so happens) by mistake, (Compensation is due): If one (so) kills a believer, it is ordained that he should free a believing slave, and pay compensation to the deceased's family, unless they remit it freely. If the deceased belonged to a people at war with you, and he was a believer, the freeing of a believing slave (Is enough). If he belonged to a people with whom ye have treaty of Mutual alliance, compensation should be paid to his family, and a believing slave be freed. For those who find this beyond their means, (is prescribed) a fast for two months running: by way of repentance to Allah: for Allah hath all knowledge and all wisdom." The events of 11Sept2001 wouldn't qualify as a mistake, but even if interpreted as such, it will be interesting to see how bin Laden and Al-Qaida make compensation. Reluctance on the part of bin Laden to kill Afghans, even allied with the U.S. as part of the 'war on terror,' shows that some interpretation along these lines is probable (was the 'collapse' of the Taliban and Al-Qaida related in some way to this? time may tell). This subject is one of the most fundamental aspects of Al-Qaida members' profiles that needs to be developed.]
5 - Listening and Obedience:
In the military, this is known today as discipline. It is
expressed by how the member obeys the orders given to him.
That is what our religion urges. The Glorious says, “O, ye
who believe! Obey Allah and obey the messenger and those
charged with authority among you.” In the story of Hazifa
Ben Al-Yaman - may Allah have mercy on him - who was
exemplary in his obedience to Allah’s messenger - Allah
bless and keep him. When he [Mohammed] - Allah bless and
keep him - sent him to spy on the Kureish and their allies
during their siege of Madina, Hazifa said, “As he
[Mohammed] called me by name to stand, he said, ‘Go get me
information about those people and do not alarm them about
me.’
[The first quote is 4:59 in the Qur'an: "O ye who believe! Obey Allah,
and obey the Messenger, and those charged with authority among you. If
ye differ in anything among yourselves, refer it to Allah and His Messenger,
if ye do believe in Allah and the Last Day: That is best, and most suitable
for final determination." This quote establishes the Qur'an as the final
arbiter--which Al-Qaida has already usurped in item 2 above, "commitment
to the organization's ideology." The story regarding the Medina attack
is interesting because of the Prophet's reinforcement of Hazifa's courage
to go among the enemy, telling Hazifa to "fear none." The moslems with
the Prophet were in a low state, to say the least, yet circumstances led
to victory, and establishment of the Hajj. Such stories have significant
meaning for sleepers as well as guerrilla groups--have faith, be obedient,
and Allah will deliver final victory.]
UK/BM-16 TRANSLATION
As I departed, I saw Abou Soufian and I placed an arrow in
the bow. I [then] remembered the words of the messenger -Allah
bless and keep him - 'do not alarm them about me.'
If I had shot I would have hit him."
[The implication here for sleeper agents is to not warn or alarm the enemy if at all possible; in guerrilla warfare, this is a critical element of success--strike where attention and preparation are inadequate or absent.]
6- Keeping Secrets and Concealing Information
[This secrecy should be used] even with the closest people,
for deceiving the enemies is not easy. Allah says, "Even
though their plots were such that as to shake the hills!
[Koranic verse]." Allah's messenger - God bless and keep
him - says, "Seek Allah's help in doing your affairs in
secrecy.”
[This is a clear effort at operational security (opsec) against penetration or 'doubling' by members of the organization, or the possibility of 'leaks' to family and friends. The Qur'an quote regarding the plots of enemies is 14:46: "Mighty indeed were the plots which they made, but their plots were (well) within the sight of Allah, even though they were such as to shake the hills!" The second point is taken from two Qur'an quotes, 4:81 and 4:114: "They have 'Obedience' on their lips; but when they leave thee, a section of them Meditate all night on things very different from what thou tellest them. But Allah records their nightly (plots): So keep clear of them, and put thy trust in Allah, and enough is Allah as a disposer of affairs." and "In most of their secret talks there is no good: But if one exhorts to a deed of charity or justice or conciliation between men, (Secrecy is permissible): To him who does this, seeking the good pleasure of Allah, We shall soon give a reward of the highest (value)." The 'just' nature of the organization's purpose justifies the necessity of secrecy in protecting operations.]
It was said in the proverbs, "The hearts of freemen are the
tombs of secrets" and "Moslems' secrecy is faithfulness,
and talking about it is faithlessness." [Mohammed] - God
bless and keep him - used to keep work secrets from the
closest people, even from his wife A'isha- may Allah's
grace be on her.
[This is important because sleepers live among non-moslems, and may develop relationships that would perhaps encourage 'defection' or disclosure of operations.]
7. Free of Illness
The Military Organization's member must fulfill this
important requirement. Allah says, "There is no blame for
those who are infirm, or ill, or who have no resources to
spend.”
[Fitness is essential to physical operations; those that are ill may have greater support costs, less availability, and there's an additional security risk (talking under sedation).]
8. Patience
[The member] should have plenty of patience for
[enduring] afflictions if he is overcome by the enemies.
He should not abandon this great path and sell himself and his
religion to the enemies for his freedom. He should be
patient in performing the work, even if it lasts a long
time.
[An unappreciated characteristic of the best personnel in special operations, patience is essential in developing adequate intelligence, waiting for the opportunity when success has the greatest potential, development of necessary skills, proper planning, etc. Few lasting victories as rapidly achieved--Rome wasn't built in a day, nor did it fall in one.]
9. Tranquility and "Unflappability"
[The member] should have a calm personality that allows him
to endure psychological traumas such as thoseinvolving
bloodshed, murder, arrest, imprisonment, and reverse
psychological traumas such as killing one or all of his
Organization's comrades. [He should be able] to carry out
the work.
[Sleepers need this ability to a great degree--anger, fear, uncertainty, doubt, etc. exhibit in body language, which can betray operations. U.S. Secret Service and other law enforcement train to detect indicators of hostile behavior. Internal security, particularly enforcement of discipline or removal of security risks, would require personnel to 'prune' their own organization, sometimes a very difficult task psychologically (having fought together, lived together, eaten together--the very things that create internal cohesion can be barriers to removal of internal threats).]
10. Intelligence and Insight
When the prophet - Allah bless and keep him - sent Hazifa
Ben Al-Yaman to spy on the polytheist and [Hafiza] sat
among them, Abou Soufian said, "Let each one of you look at
his companion." Hazifa said to his companion, 'Who are
you?" The companion replied, “So-and-so son of so-and-so.”
UK/BM-17 TRANSLATION
In World War I, the German spy, Julius Seelber [PH]managed
to enter Britain and work as a mail examiner due to the
many languages he had mastered. From the letters, he
succeeded in obtaining important information and sent it to
the Germans. One of the letters that he checked was from a
lady who had written to her brother's friend in the fleet.
She mentioned that her brother used to live with her until
he was transferred to a secret project that involved
commercial ships. When Seelber read that letter, he went
to meet that young woman and blamed her for her loose
tongue in talking about military secrets. He, skillfully,
managed to draw out of her that her brother worked in a
secret project for arming old commercial ships. These
ships were to be used as decoys in the submarine war in
such a way that they could come close to the submarines, as
they appeared innocent. Suddenly, cannonballs would be
fired from the ships's hidden cannons on top of the ships,
which would destroy the submarines. 48 hours later that
secret was handed to the Germans.
11. Caution and Prudence
In his battle against the king of Tomedia [PHI, the Roman
general Speer [PH]sent an emissary to discuss with that
king the matter of truce between the two armies. In
reality, he had sent him to learn about the Tomedians'
ability to fight. The general picked, Lilius [PH], one of
his top commanders, for that task and sent with him some of
his officers, disguised as slaves. During that mission,
one of the king's officers, Sifax [PH]pointed to one of
the [disguised] slaves and yelled, "That slave is a Roman
officer I had met in a neighboring city. He was wearing a
Roman uniform." At that point, Lilius used a clever trick
and managed to divert the attention of the Tomedians from
that by turning to the disguised officer and quickly
slapping him on the face a number of times. He reprimanded
him for wearing a Roman officer'suniform when he was a
slave and for claiming a status that he did not deserve.
UK/BM-18 TRANSLATION
The officer accepted the slaps quietly. He bowed his head
in humility and shame, as slaves do. Thus, Sifax men thought
that officer was really a slave because they could
not imagine that a Roman officer would accept these hits
without defending himself.
King Sifax prepared a big feast for Lilius and his
entourage and placed them in a house far away from his camp
so they could not learn about his fortifications. They
[the Romans] made another clever trick on top of the first
one. They freed one of their horses and started chasing him
in and around the camp. After they learned about the extent
of the fortifications they caught the horse and, as planned,
managed to abort their mission about the truce agreement.
Shortly after their return, the Roman general attacked King
Sifax' camp and burned the fortifications. Sifax was forced
to seek reconciliation.
B. There was a secret agent who disguised himself as an
American fur merchant. As the agent was playing cards aboard
a boat with some passengers, one of the players asked him
about his profession. He replied that he was a "fur merchant."
The women showed interest [in him] and began asking the agent -
the disguised fur merchant - many questions about the types
and prices of fur. He mentioned fur price figures that amazed
the women. They started avoiding and regarding him with
suspicion, as though he were a thief, or crazy.
12. Truthfulness and Counsel
The Commander of the faithful, Omar Ibn Al-Khattab - may
Allah be pleased with him - asserted that this characteristic
was vital in those who gather information and work as spies
against the Moslems' enemies. He [Omar] sent a letter to Saad
Ibn Abou Wakkas - may Allah be pleased with him - saying,
“If you step foot on your enemies' land, get spies on them.
Choose those whom you count on for their truthfulness and
advice, whether Arabs or inhabitants of that land. Liars'
accounts would not benefit you, even if some of them were
true; the deceiver is a spy against you and not for you.
[Omar Ibn Al-Khattab was the second Caliph, notable for his dramatic spread of Islam. He led a model moslem life (humility when he could have lived lavishly--an interesting model for bin Laden in many ways). His diplomatic moves were an example of tolerance, he kept Islam united under strenuous circumstances, he invented the Islamic calendar, and formed the Islamic judicial system based on the Qur'an. The Waqqas element mentioned was part of Omar's successful campaign into Persia while greatly outnumbered (most accounts converge on a six-to-one ratio).]
[The emphasis is upon penetration, short and long term, for strategic
and tactical benefit. Al-Qaida likely has an intelligence network of moles
to compliment their network of sleeper agents, if these three items are
adhered to.]
UK/BM-19 TRANSLATION
13. Ability to Observe and Analyze
The Israeli Mossad received news that some Palestinians were
going to attack an Israeli El Al airplane. That plane was
going to Rome with Golda Meir - Allah's curse upon her
- the Prime Minister at the time, on board. The Palestinians
had managed to use a clever trick that allowed them to wait
for the arrival of the plane without being questioned by
anyone. They had beaten a man who sold potatoes, kidnaped
him, and hidden him. They made two holes in the top of that
peddler's cart and placed two tubes next to the chimney
through which two Russian-made "Strella" [PH]missiles could
be launched. The Mossad officers traveled the airport back
and forth looking for that lead them to the Palestinians.
One officer passed the potato cart twice without noticing
anything. On his third time, he noticed three chimneys, but
only one of them was working with spoke coming out of it.
He quickly steered toward the cart and hit it hard. The
cart overturned, and the Palestinians were captured.1
____________________
1. This story is found in the book A'n Tarik Al-Khida' "By Way of
Deception Methods," by Victor Ostrovsky [PH]. The author claims
that the Mossad wants to kill him for writing that book.
However, I believe that the book was authorized by the Israeli
Mossad.
[Note the study of one of the organization's adversaries, the Mossad, for how they operate as well as lessons to be learned. Such lessons come from publications (which they question--historically, non-State actors that are targeted by the Mossad have eventually been assassinated, thus calling into question the nature of the relationship between Ostrovsky and the Mossad by his on-going existence) rather than the various Palestinian movements, which have little in common with, nor little sympathy for, organizations such as Al-Qaida. Objectivity and observation skills are prized in intelligence work, as are interpretation and decision-making capabilities; recognition of these skills is not unusual, given the history of Al-Qaida.]
14. Ability to Act, Change Positions and Conceal Oneself
a. [An example] is what Noaim Ibn Masoud had done in his
mission to cause agitation among the tribes of Koraish,
those of Ghatfan, and the Jews of Koreitha. He would control
his reactions and managed to skillfully play his role.
Without showing signs of inconsistency, he would show his
interest and zeal towards the Jews one time and show his
concern about the Koraish at another.
b. In 1960, a car driven by an American colonel collided
with a truck. The colonel lost consciousness, and while
unconscious at the hospital, he started speaking Russian
UK/BM-20 TRANSLATION
fluently. It was later discovered that the colonel was a
Soviet spy who was planted in the United States. He had
fought in Korea in order to conceal his true identity and
to gather information and critical secrets. If not for the
collision, no one would have suspected or confronted him.
[Again, the ability to blend in is essential for moles/sleepers, as well as the urban guerrilla, a lesson reinforced often by this manual.]
UK/BM-21 TRANSLATION
COUNTERFEIT
CURRENCY AND FORGED DOCUMENTS
UK/BM-22 TRANSLATION
Financial Security Precautions:
1. Dividing operational funds into two parts: One part is to
be invested in projects that offer financial return, and
the other is to be saved and not spent except during
operations.
2. Not placing operational funds [all] in one place.
3. Not telling the Organization members about the location of
the funds.
4. Having proper protection while carrying large amounts of
money.
5. Leaving the money with non-members and spending it as
needed.
[Note that none of these items mention counterfeit currency. Item one recommends putting part of the money 'to work'--making more money at the risk of losing the investment, which is why the admonition to save the other part for operational purposes. This indicates that the 'risk profile' of the organization is less risk-averse when it comes to financial resources. It may also be a way to talent-spot--finding organizational members with a knack for making money out of money. The next items are clearly security measures--dispersal of funds, compartmentalization of knowledge about funds (to compartmentalize the investment/banking function, or to prevent 'sleepers' from defecting with the funds?), safety of monetary transportation, and utilization of non-institutional banking mechanisms (hawala networks; keeping cash with contacts not likely to be arrested; keeping deposits made in conventional financial institutions out of the names of members). These mechanisms are probably just the tip of the iceberg for financial controls and the financial network; resiliency of the financial support of Al-Qaida is one of its strengths, and will allow it to outlive the personalities that drive the organization.]
Forged Documents (Identity Cards, Records Books, Passports)
The following security precautions should be taken:
1. Keeping the passport in a safe place so it would not be
ceized by the security apparatus, and the brother it
belongs to would have to negotiate its return (I'll give
you your passport if you give me information)
2. All documents of the undercover brother, such as identity
cards and passport, should be falsified.
3. When the undercover brother is traveling with a certain
identity card or passport, he should know all pertinent
[information] such as the name, profession, and place of
residence.
4. The brother who has special work status (commander,
communication link,...) should have more than one identity
card and passport. He should learn the contents of each,
the nature of the [indicated] profession, and the dialect
of the residence area listed in thedocument.
5. The photograph of the brother in these documents should be
without a beard. It is preferable that the brother's
public photograph [on these documents] be also without a
beard. If he already has one [document] showing a
photograph with a beard, he should replace it.
6. When using an identity document in different names, no more
than one such document should be carried at one time.
UK/BM-23 TRANSLATION
7. The validity of the falsified travel documents should
always be confirmed.
8. All falsification matters should be carried out through the
command and not haphazardly (procedure control)
9. Married brothers should not add their wives to their
passports.
10. When a brother is carrying the forged passport of a certain
country, he should not travel to that country. It is easy
to detect forgery at the airport, and the dialect of the
brother is different from that of the people from that
country.
[This is a curious mix of precautions. Item 1 is clearly directed at casual law enforcement scrutiny--serious crimes or suspicion of 'terrorist' status is unlikely to lead to the bargain posited parenthetically. Passports are clearly not intended for both travel and normal identification. Item 2 appears to only have been partially adhered to by the 11Sept2001 cells, of which at least a small number used their actual identities. The validity of Saudi Arabian citizenship for the large number of hijackers remains in question--were they really those individuals, or were they cases of assumed identity or identity theft? Assumed identities and identity theft are better than purely fictitious identities, which may raise questions if investigated, and are unlikely to provide the benefits of 'deeper cover' (such as credit ratings that work to the individual's advantage). Item 3 is essential precaution--know the details of all identities, completely. Item 4 gives a brief insight into the organizational structure of Al-Qaida (discussed in more detail in Hunting the Sleepers)--cells have commanders (something assumed, as standard for such organizational approaches), but 'communication link' implies explicit specialization, possible application of network theory, and hints of support structures that lead from command to operational cells. That such individuals may become compromised and need alternative identities to escape is accounted for in advance, a sign of realistic planning. The burden associated with such a position is added to by the necessity of additional memorization; the consolation is that escape is potentially easier because of the precaution. Item 5 is for the benefit of sleepers blending in, not looking like devout moslems and thus raising suspicions. Item 6 is a 'lesson learned' from the colorful history of other non-State actors, where personnel have been 'caught out' by casual police attention finding multiple identity documents (Japanese Red Army, Ilich Ramirez Sanchez, etc.). Item 7 requires either a certain faith in the documents, or a certain amount of risk--the best way to confirm validity is to have legitimate documents (the reason for the 11Sept2001 cell members obtaining U.S. State driver's licenses) or to have them scrutinized by someone capable of telling the difference between false and real documents. Item 8 points again at a support network of dedicated personnel--cells contact command for falsified papers, which are obtained by command from compartmentalized support cells, and transported to the cells through command. Item 9 removes leads post-operation, in the event of apprehension, or that might lead to leverage on a member. Item 10 is obvious and practical--individuals, especially security personnel, will recognize inconsistencies of identity for supposed natives, while most foreigners will not. Assumption of identity or identity theft as a means of acquiring documents certainly requires avoidance of anyone that would recognize the 'switch.' This item also implies forged documents of more remote countries--neighboring countries or those with a common language would have a greater chance of recognizing the inconsistencies as well.]
Security Precautions Related to the Organizations’ Given Names:
1. The name given by the Organization [to the brother] should
not be odd in comparison with other names used around him.
2. A brother should not have more than one name in the area
where he lives {the undercover work place)
[Item 1 is a basic for blending in--look, sound, and act like those
you're trying to blend in with, including using appropriate names. Item
2 is personal compartmentalization--strict boundaries for use of different
identities.]
UK/BM-24 TRANSLATION
Organization MILITARY BASES
"APARTMENTS PLACES" -HIDING
UK/BM-25 TRANSLATION
Definition of Bases:
* These are apartments, hiding places, command centers, etc. in
which secret operations are executed against the enemy.
These bases may be in cities, and are [then] called homes or
apartments. They may be in mountainous, harsh terrain far from
the enemy, and are [then] called hiding places or bases.
During the initial stages, the Military Organization usually
uses apartments in cities as places for launching assigned
missions, such as collecting information, observing members of
the ruling regime, etc.
Hiding places and bases in mountains and harsh terrain are used
at later stages, from which Jihad [holy war] groups are
dispatched to execute assassination operations of enemy
individuals, bomb their centers, and capture their weapons. In
some Arab countries such as Egypt, where there are no mountains
or harsh terrain, all stages of Jihad work would take place in
cities. The opposite was true in Afghanistan, where initially
Jihad work was in the cities, then the warriors shifted to
mountains and harsh terrain. There, they started battling the
Communists.
[Sanctuary, a place providing safety and security, cover and concealment, is considered to be an essential basic element in guerrilla warfare. This situation needs to be redefined for 'urbanized terrain'--developed areas such as camps, towns, and cities. Sleeper or other covert operatives that are 'in place' for extended periods of time need to blend in, act like those around them ("when in Rome, do as the Romans do"), and do nothing that would attract suspicion or attention. One of the strengths of modern non-State actors engaged in resistance operations is 'spot terrorism'--cells members that have normal lives, switch into operators for the very brief period of the operation, and then reintegrate into the society around them. Sanctuary is more than a place, it's a process--how the operator lives as much as where he lives. Most of the attention in the following points is about the location, which is striking given the recent history of non-State operations, which have relied increasingly on 'spot sanctuary' for 'spot terrorism'--temporary locations prepared specifically for operational support by core cadre members or isolated support cells dedicated to this purpose (where 'contact' with the sleepers is non-existent, handled either through 'command' or through pre-arranged dead-drops). Either for security reasons or because dedicated personnel aren't available, cells are responsible for their own sanctuary requirements, and such locations are longer term.]
Security Precautions Related to Apartments:
1. Choosing the apartment carefully as far as the location,
the size for the work necessary (meetings,storage, arms,
fugitives, work preparation).
2. It is preferable to rent apartments on the ground floor to
facilitate escape and digging of trenches.
3. Preparing secret locations in the apartment for securing
documents, records, arms, and other important items.
4. Preparing ways of vacating the apartment in case of a
surprise attack (stands,wooden ladders).
UK/BM-26 TRANSLATION
5. Under no circumstances should any one know about the
apartment except those who use it.
6. Providing the necessary cover for the people who frequent
the apartment (students,workers, employees, etc.)
7. Avoiding seclusion and isolation from the population and
refraining from going to the apartment at suspicious times.
8. It is preferable to rent these apartments using false
names, appropriate cover, and non-Moslem appearance.
9. A single brother should not rent more than one apartment in
the same area, from the same agent, or using the same
rental office.
10. Care should be exercised not to rent apartments that are
known to the security apparatus [such as] those used for
immoral or prior Jihad activities.
11. Avoiding police stations and government buildings.
Apartments should not be rented near those places.
12. When renting these apartments, one should avoid isolated or
deserted locations so the enemy would not be able to catch
those living there easily.
13. It is preferable to rent apartments in newly developed
areas where people do not know one another. Usually, in
older quarters people know one another and strangers are
easily identified, especially since these quarters have
many informers.
14. Ensuring that there is has been no surveillance prior to
the members entering the apartment.
15. Agreement among those living in the apartment on special
ways of knocking on the door and special signs prior to
entry into the building’s main gate to indicate to those
who wish to enter that the place is safe and not being
monitored. Such signs include hanging out a towel, opening
a curtain, placing a cushion in a special way, etc.
UK/BM-27 TRANSLATION
16. If there is a telephone in the apartment, calls should be
answered in an agreed-upon manner among those who use the
apartment. That would prevent mistakes that would,
otherwise, lead to revealing the names and nature of the
occupants.
17. For apartments, replacing the locks and keys with new ones.
As for the other entities (camps,shops, mosques),
appropriate security precautions should be taken depending
on the entity’s importance and role in the work.
18. Apartments used for undercover work should not be visible
from higher apartments in order not to expose the nature of
the work.
19. In a newer apartment, avoid talking loud because
prefabricated ceilings and walls [used in the apartments]
do not have the same thickness as those in old ones.
20. It is necessary to have at hand documents supporting the
undercover [member]. In the case of a physician, there
should be an actual medical diploma, membership in the
[medical] union, the government permit, and the rest of the
routine procedures known in that country.
21. The cover should blend well [with the environment]. For
example, selecting a doctor’s clinic in an area where there
are clinics, or in a location suitable for it.
22. The cover of those who frequent the location should match
the cover of that location. For example, a common laborer
should not enter a fancy hotel because that would be
suspicious and draw attention.
[Item 1 is practical--sleepers don't want to have to keep renting new places and moving, since moving entails risk (exposure of operational materials such as guns, explosives, identity documents, etc.). Advanced knowledge of the rough parameters of the operational requirements are necessary though; the mention of 'fugitives' implies that not all sleeper operations would be martyrdom operations. Item 2 is curious from a U.S. perspective--there isn't a lot of digging related to apartments, so this is a reminder that most of this preparation is non-U.S. oriented, another reason why, for example, the 11Sept2001 cell members kept to themselves, they may have felt inadequately or inappropriately prepared. Escape and evasion is cat-and-mouse in three dimensions; going up during an escape may be more valuable an option than immediate egress on the ground floor. Item 3 best requires a bit of remodeling--placing secure items inside walls (generally behind plumbing, which throws off metal detectors), but in cities with higher crime rates, more obvious security measures would not be considered unusual or attract notice. Item 4 connects with item 2 (another example of how the document wasn't 'rationalized' by a careful author or editor), and demonstrates again that the orientation of the training is decreasingly effective in 'advanced' countries where law enforcement and military tactics prepare for such things. Item 5 is operational security through compartmentalization. Items 6 through 8 connect to a critical trait of sleep agents: pretexting. Plausability is critical in all activities. The location needs to 'match' the cover identity (large, well-furnished, well-located apartments wouldn't fit well with a 'starving student' cover identity). Remote locations make observation of a location more difficult (observers may well be obvious) but also make operating more difficult on the cell members (their activities are also more obvious, there is less 'cover and conceal' to their benefit), so the recommended trade-off is avoiding seclusion. In large urban settings there is rarely a 'suspicious time,' but in circumstances where cover identity is critical, timing is important (it wouldn't do for a day-laborer to be around the house during working hours without a pretext, a reason, an excuse); in non-U.S. countries, there are also curfews imposed and which would need to generally be abided by. Holding the pretext together--appropriate identity corresponding to appropriate location--is reinforced, but again with an admonition to use non-moslem identities. Item 8 would best apply in countries outside the Middle East, particularly where moslem appearance would be less common, and thus a point of profiling for law enforcement. Item 9 is an issue of operational security, because multiple rentals would raise suspicions. Item 10 is another curious point--operational security would be compromised if the 'sanctuary' was known to the local security apparatus, but how would the Al-Qaida cell members know? Avoiding locations of 'prior Jihad activities' by their own organization, or known in the public domain, is certainly a good idea. Avoiding locations of 'immoral' activity is mixed--criminal activities mean that people largely tend to mind their business, there's a high transient population, etc. The downside is that such areas are generally under greater scrutiny by law enforcement, and neighbors may be informers or perhaps be raided for their own criminal activities (where they will generally attempt to bargain away everyone they know to save themselves). It would be interesting to hear the rationale for item 11--is the concern heightened security in the area, the greater numbers of law enforcement available, or the possibility that such a location may suffer collateral damage in an attack by some other cell or non-State group? Item 12 connects to item 7, reinforcement showing how a trade-off was decided--greater risk through higher traffic is better than greater risk through easier observation/apprehension. Sleepers need to blend in, and activity is easier to blend with than isolation. Item 13 is further protection for sleepers--there are fewer questions when everyone is a stranger (and prefer to stay that way). Isolation from neighbors is more common in Westernized countries, while the number of 'informers' relating to the age of an area is distinctly non-Western. Items 14 & 15 are operational security--is the location still safe? Preventing exposure of sanctuary by avoiding surveillance or 'tailing' is the 'external' member's responsibility (anyone outside the location); indicating the security of the location by an indicator is the 'internal' member's responsibility (anyone inside the location). Symbolic interaction (coded knocks, etc.) is the transition period from one concern to another. Note the depth of implied activity (continual observation for security) and commitment (not putting other cell members at risk, even at the expense of one's own safety). Item 16 is adherence to a pretext, maintaining the appearances of cover identities. Item 17 is normal security, even for ordinary individuals, who commonly rekey locks or add locks that others may not have keys for (such as the landlord). Item 18 is operational security; normally interior rooms with no windows are used for sensitive activities (device assembly, etc.), or basements when available. Item 19 is simple caution in a modern world, where construction is accomplished as cheaply as possible. Items 20 & 21 are disturbing in implication--use of medical personnel cover. Physicians have respect and greater privileges in most societies, and are rarely the subject of suspicion; additionally, physicians would have access to substances (pharmaceuticals, radiologicals, etc.), be part of 'early responder' teams, and provide other sorts of advantage to sleeper operations. Both items support the necessities of pretexting--have the supporting documentation, blend in appropriately. Item 22 again reinforces pretexting--the concept is clearly a fundamental element in the sleeper's tradecraft for Al-Qaida.]
Source: http://www.justice.gov/ag/manualpart1_2.pdf
(1.1MB)
UK/BM-28 TRANSLATION FIFTH LESSON MEANS OF COMMUNICATION AND TRANSPORTATION UK/BM-29 TRANSLATION In the name of Allah, the merciful and compassionate Means of Transportation Introduction: It is well known that in undercover operations, communication is the mainstay of the movement for rapid accomplishment. However, it is a double-edged sword: It can be to our advantage if we use it well and it can be a knife dug into our back if we do not consider and take the necessary security measures. Communication Means: The Military Organization in any Islamic group can, with its modest capabilities, use the following means: 1. The telephone, 2. Meeting in-person, 3. Messenger, 4 . Letters, 5. Some modern devices, such as the facsimile and wireless [communication]. Communication may be within the county, state, or even the country, in which case it is called local communication. When it extends expanded between countries, it is then called international communication.[This section of the tradecraft manual should be read not only for tactical intelligence, but also strategic. If Al-Qaida is an organization that functions using positive control, the level of traffic necessary to manage cells and operations presents a significant vulnerability. If Al-Qaida is an organization that functions using negative control, traffic is greatly reduced, cells are nearly autonomous, and communication is less of a risk because less of it occurs. The difficultly for negative control organizations is the necessity of pre-arrangement--pre-planning, training, agreed upon codes/ciphers, lower levels of operational support, etc. In addition, the communication that occurs is much more critical--it's happening for a reason, and therefore has different intelligence value. Pure information theory is problematic for intelligence analysis because of the tendency to assume that all communication is alike in value, which just does not hold in the real world. Positive control organizations will have greater variation in the intelligence value of traffic--some intercepts are worth more than others. Negative control organizations have a greater baseline intelligence value for message traffic; since exposure is a concern, the message must be worth the risk. This attachment of value to message traffic is critical to the evolving field of intelligence analysis. For example, traffic analysis can remain incredibly useful even when operators use codes or ciphers. Attachment of valuations to messages in positive control organizations makes network mapping far easier (identification of command & control elements); valuation of messages in negative control organizations is less helpful, but can be used to establish roles of individuals in networks, and any traffic analysis is helpful--it can identify sleepers. Al-Qaida sends clear indications that it is a 'negative control' organization through many aspects of its tradecraft, but this section is particularly helpful. The recognition of the fatal nature of security lapses establishes an appreciation for the need for operational and communication security. The means chosen for communication are intended to be infrequent, to meet the security needs of sleepers, but clearly inadequate for 'positive control' organizations. Communication is oriented largely at coordination, 'triggering' actions or operations, giving warning, etc., indicative of a 'negative control' approach. For more on this sort of analysis, and the value it has in targeting Al-Qaida, see Hunting the Sleepers.]
Secret Communication is Limited to the Following Types:
Common, standby, alarm
1. Common Communication: It is a communication between two
members of the Organization without being monitored by the
security apparatus opposing the Organization. The common
communication should be done under a certain cover and after
inspecting the surveillance situation [by the enemy].
2. Standby Communication: This replaces common communication
when one of the two parties is unable to communicate with the
other for some reason.
3. Alarm Communication: This is used when the opposing security
apparatus discovers an undercover activity or some undercover
members. Based on this communication, the activity is stopped
for a while, all matters related to the activity are abandoned,
UK/BM-30 TRANSLATION
and the Organization's members are hidden from the security
personnel.
[This categorization is functional--normal communication, a fall-back mechanism, and a way to signal that there is trouble. Operations security is an ever-present concern, but the tradecraft is not clarified as to how they maintain OPSEC under increasing pressure across the types. Law enforcement and security apparatus are experienced at forcing 'alarm communication' in order to map networks of sleepers; how this is managed is not addressed through other than 'normal' tradecraft. Alarm communication, if it is to occur, would need to be a symbol that takes no explicit communication channel (party A connecting to party B) and fits in the context and pretext of the sleepers. Modern covert networks have taken this into account using the media cycle--part of pre-arrangement in 'negative control' organizations could be that exposure of any cell members (including voluntary exposure--a member that knows they are 'blown') constitutes a signal to 'hunker down.']
Method of Communication Among Members of the Organization:
1. Communication about undercover activity should be done
using a good cover; it should also be quick, explicit, and
pertinent. That is, just for talking only.
[This is reinforcement of the need to maintain the pretext of a cover identity. The duration of a communication is related to probability of exposure--much tradecraft has been developed for 'brush-passes' and 'dead-drops' and other mechanisms for minimizing contact duration. Personal communication is very high-risk, but has the advantage of being 'quick, explicit, and pertinent.' It is also interactive, allowing clarification and (most important) certainty. The direct nature of such communication provides direct and indirect risk--identification of sleepers, the risk that one of the parties has turned, etc. but also that such communication could be under surveillance in such a way that doesn't tip off the sleepers.]
2. Prior to contacting his members, the commander of the cell2
should agree with each of them separately (the cell members
should never meet all in one place and should not know one
another) on a manner and means of communication with each other.
Likewise, the chief of the Organization should [use a similar
technique] with the branch commanders.
____________________
[2] Cell or cluster methods should be adopted by the Organization.
It should be composed of many cells whose members do not know one
another, so that if a cell member is caught the other cells would
not be affected, and work would proceed normally.
[Cell structures are 'standard' for non-State opposition forces, for the reasons mentioned--the operational security that the network topology affords. What is not clear is whether organizational cells are structured in a hierarchical network (positive control) or structured into autonomous, heterarchical networks (negative control) where cells are coordinated rather than ordered. Either mechanism enjoys the benefits of compartmentalization for operational security. The tradecraft here implies that while sleeper cells may be autonomous, a command hierarchy is maintained--ultimately perhaps not the best of all possible approaches, but the worst of all possible approaches. Note that a diversity of communication is not explicitly advocated to improve network resiliency; this may increase complexity on commanders, so the trade-off may have been made in decision in favor of simplicity. This is also an explicit assignment of 'roles' in the network--commanders for cells and branch commanders--that tells us a bit more about the Al-Qaida organizational structure. Similarities to drug distribution networks are not coincidental--lessons learned from such organizations have clearly been adopted, through study as well as direct interaction. The core cadre of Al-Qaida resembles the core of drug trafficking networks, with the associated dedicated support networks and replaceable operational cells (similar to the 'street level' of drug distribution--dealers get arrested or killed regularly, causing 'churn' in the network membership, but the structure itself persists).]
3. A higher-ranking commander determines the type and method
of communication with lower-ranking leaders.
[Father, or in this case the commander, knows best. This is clearly a positive control aspect--imposition of an element of tradecraft on a subsidiary, even when the subordinate party/parties may know better (technically, in terms of how it works with the pretext and cover identity, etc.).]
First Means: The Telephone:
Because of significant technological advances, security measures
for monitoring the telephone and broadcasting equipment have
increased. Monitoring may be done by installing a secondary line
or wireless broadcasting device on a telephone that relays the
calls to a remote location...That is why the Organization takes
security measures among its members who use this means of
communication (the telephone).
[There is no good cause to assume, under almost any circumstance, that telephone communication is secure (look up 'semantic forests' on the Internet some time, or U.S. patent 5937422). Message content identification and filtering, traffic analysis, etc. are all highly susceptible to technical means. The tradecraft presented makes an attempt to bring the telephone back into the realm of useful tools.]
1. Communication should be carried out from public places.
One should select telephones that are less suspicious to
the security apparatus and are more difficult to monitor.
It is preferable to use telephones in booths and on main
streets.
[Public telephones are no more and no less secure than any other. The rise of mobile telephones (cellular, GSM, etc.) has changed the economics of making public phones available, dramatically reducing the numbers of available phones. Given the high level of criminal activity that is discussed over public phones, the dedication of increasingly powerful technical means to a decreasing number of installed phones is not difficult. The advantage of a 'throw-away' public phone--one use, coordinated only shortly before the time needed (and not by technical means, such as a pager or other compromised communication channels)--is probability-dependent, and decreasingly convincing.]
UK/BM-31 TRANSLATION
2. Conversation should be coded or in general terms so as not
to alert the person monitoring [the telephone].
[Cryptography takes a message and performs a transformation that obscures the symbols used to communicate (ciphertext looks like noise until decrypted into 'signal'--reader makes right). Coding takes a message and transforms the symbols to obscure meaning. Ciphered communication stands out (unless steganography is utilized, an issue that is discussed in depth in Hunting the Sleepers) amid other 'clear' communication. Coded communications ("How's the weather?" "I bought a Rottweiler puppy.") can blend into other communication without much notice if structured correctly. The drawback is that codes must be pre-arranged, because the symbol-to-meaning mapping is arbitrarily rearranged, the strength of the coding system. Good coding systems, tailored to the purpose and to the pretext of a sleeper's cover identity, can evade detection as effectively as, or more than steganography/cryptography combinations. Note also the assumption of monitoring--tradecraft oriented at remaining functional even under intense scrutiny appears to be intended.]
3. Periodically examining the telephone wire and the receiver.
[A bit naive, but probably useful in establishing a certain sense of paranoia (or perhaps counterproductive: "nothing appears visible, so it must be safe"). Monitoring equipment can pick up emissions, be installed at a relay or switching center, or any number of ways that remain undetected. Any trust in a telephone is misplaced.]
4. Telephone numbers should be memorized and not recorded. If
the brother has to write them, he should do so using a code
so they do not appear as telephone numbers (figures from a
shopping list, etc.)
[Memorization, particularly of infrequently used numbers, is a difficult proposition. The coding mechanism recommended is unusual to say the least--play with it for a moment and see if you come up with anything satisfactory; even mapping numbers to grocery items becomes problematic with repeated numbers ("apples, oranges, apples, apples...").]
5. The telephone caller and person called should mention some
words or sentences prior to bringing up the intended
subject. The brother who is calling may misdial one of the
digits and actually call someone else. The person ‘called
may claim that the call is for him, and the calling brother
may start telling him work-related issues and reveal many
things because of a minor error.
[A conversational coded boundary--handshaking to authenticate communicating parties prior to message passing. Signs and countersigns must be contextually appropriate. Consistent coding mechanisms such as this are susceptible to analysis with an adequate body of source material.]
6. In telephone conversations about undercover work, the voice
should be changed and distorted.
[Like many elements of the tradecraft in this manual, this one has me shaking my head in wonder and disbelief. If the conversation is not being monitored, this is ridiculous. If the conversation is being monitored 'casually' (not fully aware of the affiliation of the sleepers), then this sort of thing will only attract more intense scrutiny. If the conversation is already under intense scrutiny, most efforts to 'change' or 'distort' a voice fall to technical analysis (whispering can, however, provide some temporary protection), and other technical means (traceback and traffic analysis) will increase network vulnerability. Additionally, there are few good pretexts or cover identities that can justify this behavior, or possession of good technical equipment. If coding fails, cryptography should be the next resort, not this sort of thing.]
7. When feasible, it is preferable to change telephone lines
to allow direct access to local and international calls.
That and proper cover facilitate communications and provide
security protection not available when the central
telephone station in the presence of many employees is
used.
[Clearly a non-U.S.-oriented bit of advice. Use by Al-Qaida leadership of satellite phone systems was obviously an attempt to utilize the best in communications technology and avoid 'local' issues such as these. Note that proper cover, a good pretext, and a well-designed coding system wouldn't require privacy to remain an effective mechanism for communication.]
8. When a telephone [line] is identified [by the security
apparatus], the command and all parties who were using it
should be notified as soon as possible in order to take
appropriate measures.
[The implication here is specific intelligence acquired by some form of penetration of local law enforcement or security. Again, Al-Qaida sleepers may be tasked to penetrate law enforcement, intelligence, military, and political hierarchies of hostile State powers. Such penetrations may also be through technical means, through intelligence sharing with other non-State actors or State sponsors, or various counter-intelligence approaches.]
9. When the command is certain that a particular telephone
[line] is being monitored, it can exploit it by providing
information that misleads the enemy and benefits the work
plan.
[A classic disinformation approach, but such attempts to run deception
operations need greater than normal operations security. This approach
may also be used to test security of potentially compromised communication
paths--give up a small benefit to the enemy that is listening in order
to gain certainty regarding compromised communications as well as cell
members and those they've been in contact with.]
UK/BM-32 TRANSLATION
10. If the Organization manages to obtain jamming devices, it
should use them immediately.
[It is unclear what is intended by 'jamming' devices, since jamming would provide little advantage while at the same time exposing a capability, and indicating the hostile nature of organization personnel. As discussed earlier, cryptography (turning 'signal' into 'noise' and back again) would provide potential security, steganography would conceal the fact that some sorts of ciphered traffic was being exchanged (data traffic), but still make traffic analysis an issue (tradecraft that provides an end-to-end approach is discussed in Hunting the Sleepers). What is clear through the language however is that any means or methods that become available to improve communication security will be adopted.]
Second Means: Meeting in-person:
This is direct communication between the commander and a member
of the Organization. During the meeting the following are
accomplished:
1. Information exchange, 2. Giving orders and instructions, 3 .
Financing, 4. Member follow-up
[This sort of meeting is clearly not internal to an operational cell, but instead between the commander of a cell and the 'branch commanders.' Such individuals should have greater training and experience; they also face greater risks, being valuable sources of information if apprehended. Information exchange is bidirectional, while orders and instructions are hierarchically imposed (top-down). Financing would generally mean delivery of information or identification necessary to tap into Al-Qaida's financial network through a cut-out mechanism; while cash provides the greatest flexibility, it also generates suspicion when relied upon too heavily in the conventional economy. Member follow-up implies two organizational functions--review of performance and other issues regarding cell members, and feedback from cell members to the organization. This latter element is unusual, and again distinguishes Al-Qaida from 'normal' non-State actors; hierarchical, top-down networks are generally loath to take operational suggestions or comments from cells, but Al-Qaida has a history of undertaking cell-suggested operations, as well as using cells to acquire or generate new approaches for a learning/evolving organization.]
Stages of the In-Person Meeting:
A. Before the meeting, B. The meeting [itself], C. After the
meeting
[This is an elaborate discussion of operational security tradecraft to protect the safety and security of sleepers participating in a personal meeting. Given the risks, and the potential information such members could provide to law enforcement and security agencies, entering into this level of detail should not be considered unusual. It is, however, quite specific and explicit to the point of losing flexibility.]
A. Before the Meeting:
The following measures should be taken:
1. Designating the meeting location, 2. Finding a proper
cover for the meeting, 3. Specifying the meeting date
and
time, 4. Defining special signals between those who meet.
1. Identifying the meeting location: If the meeting
location is stationary, the following matters should be
observed:
i. The location should be far from police
stations and security centers.
ii. Ease of transportation to the location.
iii. Selecting the location prior to
the meeting and
learning all its details.
iv. If the meeting location is an apartment,
it should not
be the first one, but one somewhere
in the middle.
v. The availability of many roads leading
to the meeting
location. That would provide easy escape
in case the
location ware raided by security personnel.
UK/BM-33 TRANSLATION
vi. The location should not be under
suspicion (by the
security [apparatus])
vii. The apartment where the meeting
takes place should be
on the ground floor, to facilitate escape.
viii. The ability to detect any surveillance
from that
location.
ix. When public transportation is used,
one should alight
at some distance from the meeting location
and
continue on foot. In the case of a private
vehicle,
one should park it far away or in a
secure place so as
to be able to maneuver it quickly at
any time.
If the meeting location is not stationary, the following
matters should be observed:
i. The meeting location should be at
the
intersection of a large number of main
and
side streets to facilitate entry, exit,
and
escape.
ii. The meeting location (such as a coffee
shop) should
not have members that might be dealing
with the
security apparatus.
iii. The meeting should not be held in
a crowded place
because that would allow the security
personnel to
hide and monitor those who meet.
iv. It is imperative to agree on an alternative
location
for the meeting in case meeting in the
first is
unfeasible. That holds whether the meeting
place is
stationary or not.
Those who meet in-person should do the following:
i. Verifying the security situation of
the location
before the meeting.
UK/BM-34 TRANSLATION
ii. Ensuring that there are no security
personnel behind
them or at the meeting place.
iii. Not heading to the location directly.
iv. Clothing and appearance should
be appropriate for
the meeting location.
v. Verifying that private documents carried
by the
brother have appropriate cover.
vi. Prior to the meeting, designing a
security plan that
specifies what the security personnel
would be told in
case the location were raided by them,
and what [the
brothers] would resort to in dealing
with the security
personnel (fleeing,driving back,...)
2. Finding a proper cover for the meeting: [The cover]
i. should blend well with the nature of the location.
ii. In case they raid the place, the
security personnel
should believe the cover.
iii. should not arouse the curiosity of those present.
iv. should match the person's appearance
and his financial
and educational background.
v. should have documents that support it.
vi. provide reasons for the two parties'
meeting (for
example, one of the two parties should
have proof that
he is an architect. The other should
have documents
as proof that he is a land owner. The
architect has
produced a construction plan for the
land)
3. Specifying the Meeting Date and Time:
i. Specifying the hour of the meeting
as well as the
date.
UK/BM-35 TRANSLATION
ii. Specifying the time of both parties'
arrival ana the
time of the first party's departure.
iii. Specifying h o w long the meeting will last.
iv. Specifying an alternative date and time.
v. Not allowing a long period of time
between making the
meeting arrangements and the meeting
itself.
4. Designating special signals between those who meet
If the two individuals meeting know one another's shape
and
appearance, it is sufficient to use a single safety sign.
[In that case,] the sitting and arriving individuals inform
each other that there is no enemy surveillance. The sign
may be keys, beads, a newspaper, or a scarf. The two
parties would agree on moving it in a special way so as
not
to attract the attention of those present.
If the two individuals do not know one another, they
should
do the following:
a. The initial sign for becoming acquainted
may be that
both of them wear a certain type of
clothing or carry
a certain item. These signs should be
appropriate for
the place, easily identified, and meet
the purpose. The
initial sign for becoming acquainted
does not
[fully] identify one person by another.
It does that
at a rate of 30%.
b. Safety Signal: It is given by the
individual sitting
in the meeting location to inform the
second
individual that the place is safe. The
second person
UK/BM-36 TRANSLATION
would reply through signals to inform
the first
that he is not being monitored. The
signals are
agreed upon previously and should not
cause
suspicion.
c. A second signal for getting acquainted
is one in which
the arriving person uses while sitting
down. That
signal may be a certain clause, a word,
a sentence, or
a gesture agreed upon previously, and
should not cause
suspicion for those who hear it or see
it.
[These pre-meeting tradecraft elements could be handled more abstractly by emphasizing: know the location as thoroughly as possible, and have good current intelligence regarding the location; be certain that the location can't be used as a trap, and that multiple escape routes are available; meeting locations should not be suspicious or under observation; personnel should be aware of their security during the approach to the meeting, and not put others at risk; establish a pretext and cover story for the meeting that is plausible, and that is backstopped with documentation and other support; details regarding the meeting should be clear, with a fall-back plan; details should not be communicated with such advance timing that intelligence regarding the location may become dated, or that would allow compromise of the meeting to be achieved; those meeting should follow the tripod of security, and be aware of the other party's arranged "something you are, somthing you have, something you know" (description, something visible as a possession, and signs/counter-signs)--and deviation will be taken as a signal that the situation isn't safe. Note that none of these things guarantees the safety of the meeting, which is why dead-drops have been a preferred method of intelligence tradecraft for decades (at a minimum).]
B. The Stage of the Meeting [itself]: The following measures
should be taken:
1. Caution during the meeting.
2. Not acting unnaturally during the meeting in order
not to raise suspicion.
3. Not talking with either loud or very low voices
([should be] moderate).
4. Not writing anything that has to do with the meeting.
5. Agreeing on a security plan in case the enemy raids
the location.
[While standard points, item 4 is particularly interesting--it means that either organizational control remains local, or that messenger service (by individuals with very good memories) to provide reports to the core cadre are the preferred method of organizational management. This also puts the organizational memory literally in perishable form with the individuals carrying it in their memory--the organization cannot easily get an economy of scale in 'lessons learned' from its own functions. In addition, network segments 'knocked out' for one reason or another either need an alternative communication channel to reestablish contact with the organization, or they are cut off until positive control can be reestablished from the core cadre.]
C. After the Meeting: The following measures should be taken:
1. Not departing together, but each one separately.
2. Not heading directly to the main road but through
secondary ones.
3. Not leaving anything in the meeting place that might
indicate the identity or nature of those who met.
[Operational security to minimize the 'back-trail' in the event suspicion is aroused or hostile parties attempt to backtrail.]
Meeting in-person has disadvantages, such as:
1. Allowing the enemy to capture those who are meeting.
2. Allowing them [the enemy] to take pictures of those
who are meeting, record their conversation, and gather
evidence against them.
UK/BM-37 TRANSLATION
3. Revealing the appearance of the commander to the other
person. However, that may be avoided by taking the
previously mentioned measures such as disguising
himself well and changing his appearance (glasses,
wig, etc.)
[The organization clearly understands the hazards that meetings entail, which is why it is curious that telephone and meetings are the first two elements of communication discussed. Both telephone and in-person meetings afford an immediacy missing in the next communication channels. The trade-off is the opportunity to improve security of communication in exchange for the limitations of asynchronous messaging.]
Third Means: The Messenger:
This is an intermediary between the sender and the receiver.
The messenger should possess all characteristics mentioned in
the first chapter regarding the Military Organization’smember.
These are the security measures that a messenger should take:
1. Knowledge of the person to whom he will deliver the
message.
2. Agreement on special signals, exact date, and specific time.
3. Selecting a public street or place that does not raise suspicion.
4. Going through a secondary road that does not have
check points.
5. Using public transportation (train,bus,...) and disembarking
before the main station. Likewise, embarking should not
be done
at the main station either, where there are a lot of security
personnel and informants.
6. Complete knowledge of the location to which he is
going.
[Messengers have explicit roles in these sorts of distributed networks (see more on network analysis in Hunting the Sleepers), and the unique nature of these roles (knowledge of various cells' membership, locations, contact protocols, messages exchanged, etc.) makes these individuals a much greater risk to the organization. Selection for commitment and discipline of these individuals, then giving them the best possible training and cover identities, provides the only possible protection for the organization. The personal nature of the core cadre of Al-Qaida means they trust messengers more than other means for critical communication.]
Fourth Means: Letters:
This means (letters)may be used as a method of communication
UK/BM-38 TRANSLATION
between members and the Organization provided that the following
security measures are taken:
[Any form of communication with 'permanence' poses a greater risk; verbal communication, without audio recording or note taking, is 'spot' communication--it occurs, and then it's gone. If some sort of preparation isn't taken to 'capture' a spot communication, the ephemeral nature of it provides security for the involved parties. Channels that leave or actually are a persistent record are inherently less secure--relying on 'access control' for security (which doesn't work--penetration or boundary violation is a matter of 'when' and not 'if').]
1. It is forbidden to write any secret information in
the letter. If one must do so, the writing should be
done in general terms.
['General terms' or coded terms? A robustly constructed coded system need not be interactive, it should account for 'stand-alone' communication channels.]
2. The letter should not be mailed from a post office
close to the sender's residence, but from a distant
one.
[The 11Sept2001 cells were known to have driven for hours to accomplish unknown or mundane tasks; distance between sanctuary locations and operational activities improves security for the sanctuary and the operation, but does pose a risk during the travel period (see the extensive tradecraft discussion by Al-Qaida for transportation below, including the highly suspicious activity of obeying local traffic regulations).]
3. The letter should not be sent directly to the
receiver's address but to an inconspicuous location
where there are many workers from your country.
Afterwards, the letter will be forwarded to the
intended receiver. (This is regarding the overseas-
bound letter).
[This use of a cut-out that blends into the context is not unusual, but it does interpose another point of failure into the communication channel. Note the pretext of 'many workers from your country'--foreign labor that repatriates money from 'overseas' is common, and a foundation for many Islamic banks (the 'float' is incredibly useful to the financial institution; BCCI utilized this cultural aspect with good effect). Use of the mobile foreign labor pools (particularly into countries such as Saudi Arabia) for cover is an effective piece of tradecraft--such individuals are common, ubiquitous, essentially faceless, and have access to the nexus points of the political economies. This means of infiltrating assets is a clever 'ontological judo'--using the opponent's strength against themselves. The 'wealthiest' of Islamic countries are the most dependent on imported labor--the regimes most considered corrupt by Al-Qaida are also the ones that make themselves the most vulnerable. This may be an indicator where the 'tens of thousands' trained in Al-Qaida camps have gone to.]
4. The sender's name and address on the envelope should
be fictitious. In case the letters and their contents
are discovered, the security apparatus would not be
able to determine his [the sender's] name and address.
[Is it worth calling this piece of common sense 'tradecraft'? Would Al-Qaida use individual operators without the good sense to falsify a return address? Breaking tradecraft is considered to be a 'slick, paved road to Hell' in the intelligence community, but even seasoned professionals break the rules, get sloppy, get lazy--this may be a reminder to adhere to tradecraft, even in the smallest of things.]
5. The envelope should not be transparent so as to reveal
the letter inside.
[More common sense--even concerned ordinary individuals use 'safety envelopes.']
6. The enclosed pages should not be many, so as not to
raise suspicion.
[This would also cause a postage problem, making it necessary to enter a post office for proper postage (leaving a trail) or guessing as to the proper postage and using numerous stamps (raising suspicions about the letter--a key point in the 'profile' of questionable mail now used in screening).]
7. The receiver's address should be written clearly so
that the letter would not be returned.
[Returned, if item 4 is adhered to, to a non-existent address--either raising suspicions or leaving the letter in postal limbo.]
8. Paying the post office box fees should not be
forgotten.
[Obviously so that one can continue to receive mail. Most mail receiving services (including the U.S. postal service) will notify patrons regarding due box fees, so this may indicate infrequent access to box--a strong possibility if such boxes are located at some distance from the sleeper's sanctuary.]
[These items are worth considering in light of the 'anthrax letters' mailed in the U.S. The letters themselves did not indicate responsibility, origin of the anthrax, or other 'secret' information. It is highly probable that the post office was chosen for its remoteness from the sleepers' sanctuary. The return address on the letter that had one was fictitious, but chosen to 'blend' into the area it was sent from, but also to lull suspicions of the recipient (the fictitious return address may not indicate former residence in the area, but simply good and creative tradecraft). The envelopes did apparently feel 'gritty,' some indication as to what was inside, and raise later suspicions, as did the sealing approach (although leakage of the anthrax and cross-contamination, not apparently intended, has been a greater problem than the attack; in addition, cross-contaminated mail may be the cause of future infections, particularly cross-contaminated mail that ends up disposed of in landfill). The 'block' print was poor tradecraft; proper tradecraft would have been to stick to lettering that used the upright rectangle with a dividing bar as the model (like that used in digital displays)--such print removes most reliable forensic traits, so it is unlikely that the individual responsible for writing the letters and addressing the envelopes had formal intelligence training. The U.S. anthrax letters would not be inconsistent with the tradecraft presented in this manual.]
Fifth Means: Facsimile and Wireless:
Considering its modest capabilities and the pursuit by the
security apparatus of its members and forces, the Islamic
UK/BM-39 TRANSLATION
Military Organization cannot obtain theses devices. In case the
Organization is able to obtain them, firm security measures
should be taken to secure communication between the members in
the country and the command outside. These measures are:
[This is curious, and may indicate the age of the manual contents--facsimile machines and wireless devices have enjoyed a steeply declining price curve and steeply increasing market penetration. Many of the items do not make sense given current state-of-the-art intelligence capabilities, another factor indicating age. Note that where technology is concerned, even 24 months can be considered 'dated'--product turnover cycles every 12-18 months at the consumer level, compared to 3-5 years at the governmental level, have provided opposition groups with a significant tactical advantage if they are willing and able to 'surf the cutting edge.']
1. The duration of transmission should not exceed five
minutes in order to prevent the enemy from pinpointing
the device location.
2. The device should be placed in a location with high
wireless frequency, such as close to a TV station, embassies,
and consulates in order to prevent the enemy from identifying
its location.
3. The brother, using the wireless device to contact his
command outside the country, should disguise his
voice.
4. The time of communication should be carefully specified.
5. The frequency should be changed from time to time.
6. The device should be frequently moved from one
location to another.
7. Do not reveal your location to the entity for which
you report.
8. The conversation should be in general terms so as not to raise suspicion.
[Item 1 is questionable--five minutes is far too long in some situations, given a level of scrutiny and the capabilities dedicated to locating communicating parties. Item 2 is simply absurd--the local traffic will do little to camouflage the message traffic and communication channel if it has already been identified, and the locations described are those subject to considerable attention by law enforcement and intelligence agencies, actually increasing the probability of interception. Item 3 again makes little sense, given current technical capabilities. Item 4 implies an open channel rather than point-to-point, indicating pre-arranged tradecraft elements (it's worth noting that 'number stations' have been in use by the intelligence community for decades). Item 5 implies very old, conventional equipment--no cryptography, no codes, not frequency-hopping, no spread spectrum, etc. Items 6 & 7 are issues of sanctuary--communications are operational elements, and should be undertaken so as not to put one's self at risk. Item 8 again calls into question whether 'general terms' are adequate, rather than robust coding systems. These items really do not pertain well to facsimile, nor to modern wireless communication systems (mobile phones, local short-messaging systems, etc.), which are put to good use by non-State actors (e.g., mobile phones are used by moslem forces in the Philippines to coordinate agitation and rioting, as well as guerrilla attacks).]
Transportation Means:
The members of the Organization may move from one location to
another using one of the following means:
a. Public transportation, b. Private transportation
[Transportation and communication are two of the riskiest elements of activity for any operator--movement equates to risk, whether the movement is of something physical or information. Public transportation is generally under tighter control of a country's government (air, rail, subways, buses, cabs, etc.), directly or through licensing (and thus a point of leverage for investigators), so the trade-off is the potential for scrutiny against sufficient traffic to blend into. Private transportation affords the freedom of movement, scheduling, exactness of destination, etc. that provides the flexibility to make operations easier, at the cost of other forms of exposure (purchase, licensing, operation, etc.).]
UK/BM-40 TRANSLATION
Security Measures that Should be Observed in Public
Transportation:
1. One should select public transportation that is not
subject to frequent checking along the way, such as
crowded trains or public buses.
2. Boarding should be done at a secondary station, as
main stations undergo more careful surveillance.
Likewise, embarkment should not be done at main
stations.
3. The cover should match the general appearance (tourist
bus, first-class train, second-class train, etc).
4. The existence of documents supporting the cover.
5. Placing important luggage among the passengers'
luggage without identifying the one who placed it.
If it is discovered, its owner would not be arrested.
In trains, it [the luggage] should be placed in a
different car than that of its owner.
6. The brother traveling on a "special mission" should
not get involved in religious issues (advocating good
and denouncing evil) or day-to-day matters (seat
reservation,...).
7. The brother traveling on a mission should not arrive
in the [destination] country at night because then
travelers are few, and there are [search] parties and
check points along the way.
8. When cabs are used, conversation of any kind should
not be started with the driver because many cab
drivers work for the security apparatus.
9. The brother should exercise extreme caution and apply
all security measures to the members.
[These items are a realistic assessment of the strengths and weaknesses of public transportation: blend in with the crowd, rely on the necessity of 'high throughput' of traffic to relax security procedures, use of secondary entry/exit points and because of lower scrutiny, maintenance and backstopping of pretext and cover identity, ability to repudiate luggage, reliance on peak traffic periods to relax security procedures, care with public transportation personnel who can later be questioned about operators, and a reminder to stick to tradecraft.]
UK/BM-41 TRANSLATION
Security Measures that Should be Observed in Private
Transportation:
Private transportation includes: cars, motorcycles
A. Cars and motorcycles used in overt activity:
1. One should possess the proper permit and not violate
traffic rules in order to avoid trouble with the
police.
2. The location of the vehicle should be secure so that
the security apparatus would not confiscate it.
3. The vehicle make and model should be appropriate for
the brother’s cover.
4. The vehicle should not be used in special military
operations unless the Organization has no other
choice.
B. Cars and motorcycles used in covert activity:
1. Attention should be given to permits and [obeying] the
traffic rules in order to avoid trouble and reveal
their actual mission.
2. The vehicle should not be left in suspicious places
(deserts,mountains, etc.). If it must be, then the
work should be performed at suitable times when no one
would keep close watch or follow it.
3. The vehicle should be purchased using forged documents
so that getting to its owners would be prevented once
it is discovered.
4. For the sake of continuity, have only one brother in
charge of selling.
5. While parking somewhere, one should be in a position
to move quickly and flee in case of danger.
6. The car or motorcycle color should be changed before
the operation and returned to the original after the
operation.
UK/BM-42 TRANSLATION
7. The license plate number and county name should be
falsified. Further, the digits should be numerous in
order to prevent anyone from spotting and memorizing
it.
8. The operation vehicle should not be taken to large
gasoline stations so that it would not be detected by
the security apparatus.
[An odd mix of items. Cars have the ability to carry multiple individuals as well as cargo; motorcycles have the advantage of mobility, but reduced carrying capacity (as well as 'cover and concealment'). Obeying traffic rules to avoid detection is almost counterproductive--there are situations where obeying the speed limit, for example, is highly suspicious. Proper parking, selection of vehicle to match pretext and cover identity, and compartmentalization of vehicles are standard. Items B3 & B4 are curious--unnecessary risk akin to the mistake made by the first WTC bombers, going back for their truck deposit. Use of one-off rental vehicles, abandonment of operational vehicles, or disposal into the black economy would be far more secure. Preparation for flight as a contingency is always a wise idea (even when the hunter, think and act as the hunted). Item B6 is a high level of effort for little return, and could increase risk (acquiring the equipment, purchase of paint can be traced, location for the activity will have persistent forensic evidence, etc.). Item B7 is odd in the context of item B3 (and the probability in B4 that vehicles used will be disposed of post-operation), and potentially increases risk in some countries (where it may be routine for law enforcement to 'run plates,' and a mismatch or falsification is a point of vulnerability). Item B8 is also curious--surveillance does not map well to size of a station, and larger stations in higher traffic areas may in fact be safer in some countries. Note that no mention is made of vehicle sanitization--not leaving operational materials in vehicles, destruction of potential forensic evidence, etc. The 11Sept2001 cells may not have been sloppy so much as not being instructed in such a fashion as to make forensics difficult or impossible.]
UK/BM-43 TRANSLATION
TRAINING
UK/BM-44 TRANSLATION
* The following security precautions should be taken during
the training:
The Place:
The place should have the following specifications:
1. Distance from the populated areas with the
availability of living necessities.
2. Availability of medical services during the training.
3. The place should be suitable for the type of training
(physical fitness, shooting, tactics).
4. No one except the trainers and trainees should know
about the place.
5. The place should have many roads and entrances.
6. The place should be visited at suitable times.
7. Hiding any training traces immediately after the
training.
8. Guarding the place during the training.
9. Appropriateness of the existing facilities for the
number of training members.
10. Exclusion of anyone who is not connected with the
training.
11. Taking all security measures regarding the
establishment.
12. Distance of the place from police stations, public
establishments, and the eyes of informants.
13. The place should not be situated in such a way that
the training and trainees can be seen from another
location.
[Many of the items are difficult to accomplish in developed countries--the more operationally-specific the training requirements, the harder it is to isolate the camp from potential exposure. This is a primary reason why Afghanistan and other undeveloped countries have been selected for training--either no notice will particularly be taken, or enforcement groups can be co-opted or bribed. Training facilities are essentially sand-table structures--very easy to construct, very easy to maintain, simple to lay out for operational walk-throughs, and not particularly significant when destroyed. Operational security is observed: isolation, compartmentalization, avenues of escape, sanitization, and even local medical support to avoid drawing attention of governmental bodies (is Al-Qaida's medical support limited to medic level, or are there members with full medical (and possibly trauma) education and training? It wouldn't be unusual for medical personnel to be involved (the PFLP was founded by physicians), but the implications of Al-Qaida sleepers under physician cover identities are significant).]
UK/BM-45 TRANSLATION
The Trainees:
1. Before proceeding to the training place, all security
measures connected with an undercover individual
should be taken. Meanwhile, during training at the
place, personnel safety should be ensured.
2. Selecting the trainees carefully.
3. The trainees should not know one another.
4. The small size of groups that should be together during
the training (7-10 individuals).
5. The trainees should not know the training place.
6. Establishing a training plan f o r each trainee.
[Item 1 is to ensure safety and security of the training base--operational security for individuals is essential in the opsec of the base. Item 2 is organizational security--penetration or informers with access to details of training can put operations at risk. Item 3 is curious--are cells trained as a group, or as individuals that are later assembled into cells? Group training improves unit cohesion and decreases security risks (cell members would only know others in their cell). Training size (item 4) is smaller than a typical squad--security is traded off against an economy of scale. From what is known of Al-Qaida training centers in undeveloped countries, this is not adhered to in such countries, so training is either on-going after deployment of sleepers, or supplemented for operation-specific purposes at a later point in time. Item 5 is fairly typical; even in the U.S., when resistance groups train domestically, precautions are taken to limit knowledge of training locations. Item 6 may mean that training goals are established for each individual or that training may be individualized and specialized; redundancy and cross-training, common for U.S. special operators, may or may not be undertaken. It appears that the 11Sept2001 cell members did not completely cross-train (e.g. piloting skills), which would have required advanced knowledge of operations, and been more costly.]
The Trainers:
All measures taken with regard to the commanders apply also
to the trainers. Also, the following should be applied:
1. Fewness of the trainers in the training place. Only
those
conducting the training should be there, in order not
to
subject the training team to the risk of security exposure.
2. Not revealing the identity of the trainer to trainees.
3. Keeping a small ratio of trainees to trainer.
4. The training team members should not know one another.
[Trainers are a vulnerability to the organization--knowledge of numerous members, contact procedures, repositories of tradecraft and capabilities, etc. Items 1 & 2 are for the security of the trainers. Item 3 is an issue of effectiveness--while a higher ratio would be more efficient, it would be less effective because of lower level of individual attention. Item 4 is impractical for most organizations--trainers would be in limited supply and have greater exposure to one another, and action taken to minimize this risk increases other risk (travel of trainers, using rotation to minimize the exposure internal to the organization, which increases exposure externally). Risk is rarely mitigated, merely shifted.]
UK/BM-46 TRANSLATION
WEAPONS:
MEASURES RELATED TO
BUYING AND TRANSPORTING THEM
UK/BM-47 TRANSLATION
Prior to dealing with weapons, whether buying, transporting, or
storing them, it is essential to establish a careful, systematic
and firm security plan that plan deals with all stages. It is
necessary to divide that task into stages: First Stage: Prior to
Purchase; Second Stage: Purchasing; Third Stage: Transport;
Fourth Stage: Storage.
[This section needs to be put into historical context. Non-State actors in the past have relied on weapons smuggling (including in the diplomatic pouch of friendly or sponsoring States), a 'black economy' between groups (trading services or equipment among non-State actors), theft, etc. Some cultures openly sell weapons--markets in undeveloped countries are well-stocked, particularly with Soviet-era gear and various knock-offs; gun shows in the U.S. are similarly easy to purchase weapons at, although this may leave a (questionable) forensic trail. The manual here assumes purchase of weapons (guns and explosives, by the discussion) in the local underground economy. Such weapons are generally stolen, may already have a 'history' (forensic evidence connecting to previous criminal activity), but are commonly of indigenous manufacture. While avoiding one set of risks (leaving a trail), this approach has other risks--faulty equipment, potential informers or undercover agents, etc. The fact that Al-Qaida doesn't resort to lower risk, more reliable ways to acquire weapons is interesting--they may not have access to State support for such activity, may not wish to establish links with other non-State actors, etc. It's worth noting that the definition of a weapon is wonderfully fluid--the 11Sept2001 cells used fairly innocuous box-cutters, the threat of explosives, and turned aircraft into guided missiles. Almost anything can be turned into a weapon; the implications of the weapon can be more powerful than the actual effect (being attacked with a box-cutter, absent surprise, is survivable, as long as one is willing to be cut).]
1. Prior to Purchase Stage: It is necessary to take the
following measures:
a. In-depth knowledge of the place where weapons will be
purchased, together with its entrances and exits.
b. Verifying there are no informants or security
personnel at the place where purchasing will take
place.
c. The place should be far from police stations and
government establishments.
d. Not proceeding to the purchasing place directly by the
main road, but on secondary streets.
e. Performing the exercises to detect the surveillance.
f. One’s appearance and clothing should be appropriate
for the place where purchasing will take place.
g. The purchasing place should not be situated in such
a
way that the seller and buyer can be seen from another
location. To the contrary, the purchasing place
should be such that the seller and buyer can see the
surrounding area.
h. Determining a suitable cover for being in that place.
i. The place should not be crowded because that would
facilitate the police hiding among people, monitoring
the arms receiving, and consequently arresting the
brother purchasing.
UK/BM-48 TRANSLATION
j. In case one of the parties is unable to arrive, it is
essential to prearrange an alternativeplace and time
with the seller.
k. Selecting a time suitable for the purchase so that it
does not raise suspicion.
l. Prior to purchasing, the seller should be tested to
ensure that he is not an agent of the security
apparatus.
m. Preparing a place for storage prior to purchasing.
[Operations security is the general rule: know the location, multiple routes of escape, avoiding surveillance, blending in and sticking with a pretext and cover identity, cover and concealment, fall-back procedures, attempting to verify the dealer, advanced preparation for storing/hiding the weapons. The testing process in item l is interesting in that there is no suggestion as to how this is to be accomplished.]
2. The Purchase Stage:
a. Verifying that the weapons are in working condition.
b. Not paying the seller the price for the weapons before
viewing, inspecting, and testing them.
c. Not telling the seller about the mission for which the
weapons are being purchased.
d. Extreme caution should be used during the purchasing
operation in the event of any unnatural behavior by
the seller or those around you.
e. Not lengthening the time spent with the seller. It is
important to depart immediately after purchasing the
weapons.
[Primary concerns here are not getting screwed on the deal and operations security: checking the weapons (testing is interesting in developed countries, limiting the possible areas in which such transactions could take place), verification prior to payment, not giving away sensitive or secret information, observing erratic behavior (unstated is the appropriate response--if you have a bad feeling, trust your instincts and leave immediately), and not prolonging the transaction any longer than necessary (operations are no time to be social).]
3. The Transport Stage:
a. Avoid main roads where check points are common.
b. Choose a suitable time for transporting the weapons.
c. Observers should proceed on the road ahead of the
transportation vehicle for early warning in case of an
emergency.
d. Not proceeding directly to the storage place until
after verifying there is no surveillance.
UK/BM-49 TRANSLATION
e. During the transport stage, weapons should be hidden
in a way that they are inconspicuous and difficult to
find.
f. The route for transporting the weapons should be
determined very carefully.
g. Verifying the legality of the vehicle, performing its
maintenance, checking its gasoline and water levels, etc.
h. Driving the car normally in order to prevent
accidents.
[Transportation is lower risk than the transaction itself--as long as the transaction was clean (and not a set-up). This is a good process outlined--including an advance vehicle to notify the transporation vehicle, and presumably a chase vehicle to sweep and identify tails or assist in the event of difficulty. Operations security is observed: avoiding scrutiny, identification of optimal route and time for transportation, concerns for surveillance before going to an arms cache or sanctuary, hiding the weapons, making certain the vehicle is safe and secure, obeying traffic regulations.]
4. The Storage Stage:
a. In order to avoid repeated transporting, suitable
storage places should be selected. In case the
materials are bombs or detonators, they should be
protected from extreme heat and humidity.
b. Explosive materials and detonators should be separated
and stored apart from each other.
c. Caution should be exercised when putting detonators
in
the arsenal.
d. Lubricating the weapons and placing them in wooden or
plastic crates. The ammunition should be treated
likewise.
[Proper weapons storage is probably the responsibility of an 'armorer' for the group. Items a through c are safety issues. Item d is to ensure weapon functionality, although crating presents certain challenges--crates are obvious, can be difficult to access in emergency, etc. Note that booby-traps of the cache are not discussed, nor the merits of armed weapons (explosive and detonator, locked-and-loaded pistols, etc.).]
When selecting an arsenal, consider the following:
1. The arsenal should not be in well-protected areas, or
close to parks or public places.
2. The arsenal should not be in a "no-man's-land."
3. The arsenal should not be in an apartment previously
used for suspicious activities and often frequented by
security personnel.
4. The arsenal should not be a room that is constantly
used and cannot be given up by family members who do
not know the nature of the father or husband's work.
UK/BM-50 TRANSLATION
5. The apartment selected as an arsenal should be owned
by the Organization or rented on a long-term basis.
6. The brother responsible for storage should not visit
the arsenal frequently, nor toy with the weapons.
7. The arsenal keeper should record in a book all
weapons, explosive materials, and ammunition. That
book should be coded and well secured.
8. Only the arsenal keeper and the commander should know
the location of the arsenal.
9. It is necessary to prepare alternative arsenals and
not leave any leads in the original arsenals to the
alternative ones.
[Items 1 & 2 may refer to hidden or buried weapons caches. Item 3 is reinforcement of earlier discussions regarding sanctuary locations. Item 4 is interesting in its assumptions--adequate room will be available to the sleeper to dedicate a specific 'forbidden' space to the arsenal (how this doesn't arrouse suspicions or interest is anyone's guess), as well as the fact that caches may be placed with sleepers with family (caches may be kept by support cells rather than operational cells). Item 5 is operations security--long-term rentals are less likely to be visited by landlords, and owned property has no such problem. Item 6 is a safety issue--accidents happen, particularly when given the opportunity. Item 7, an inventory, is a curious point of vulnerability, which is why the recommendation of coding. Item 8 is again an indicator that caches are kept with dedicated support cells, with contact only to the command hierarchy. Item 9 is contingency planning, preparation to move a cache if/when necessary, and not leave indications regarding the new location.]
UK/BM-51 TRANSLATION
MEMBER SAFETY
UK/BM-52 TRANSLATION
Defining Members Safety:
This is a set of measures taken by members who perform
undercover missions in order to prevent the enemies from
getting to them.
It is necessary for any party that adopts Jihad work and
has many members to subdivide its members into three
groups, each of which has its own security measures. The
three groups are:
1. The overt member, 2. The covert member. 3. The
commander
[This is contradictory: 'members who perform undercover missions' and 'overt member.' As with many sections of this manual, indications are that it derives from multiple sources and is an 'organic' document--additive, composite, non-ordered, assembled from a variety of sources (U.S., Soviet, Middle Eastern, Pakistani, etc.).]
Measures that Should be Taken by the Overt Member:
1. He should not be curious and inquisitive about matters
that do not concern him.
2. He should not be chatty and talkative about everything
he knows or hears.
3. He should not carry on him the names and addresses of
those members he knows. If he has to, he should keep
them safe.
4. During times of security concerns and arrest campaigns
and especially if his appearance is Islamic, he should
reduce his visits to the areas of trouble and remain
at home instead.
5. When conversing on the telephone, he should not talk
about any information that might be of use to the
enemy.
6. When sending letters, he should not mention any
information that might be of use to the enemy. When
receiving letters, he should burn them immediately
after reading them and pour water on them to prevent
UK/BM-53 TRANSLATION
the enemy from reading them. Further, he should destroy
any traces of fire so the enemy would not find out that
something was burned.
[Overt members, those known to be Al-Qaida, are indicated as being vulnerabilities: such members should deliberately limit their own knowledge (voluntary compartmentalization--"don't ask, don't care" about things not directly related to them), learn to keep their mouths shut, limit or forego any record of knowledge of other members, be willing to restrict his movements to reduce vulnerability to the organization, and exercising good tradecraft in communications (although if they follow item 1, they shouldn't know anything valuable). That there are overt members is a curiosity in and of itself, and this should be seen as a limited population in small number of places (non-hostile countries or those coopted).]
Measures that Should be Taken by the Undercover Member:
In addition to the above measures, the member should...
1. Not reveal his true name to the Organization's members
who are working with him, nor to the [Islamic] Da'wa
[Call].
[The reference to 'da'wa' is interesting. Da'wa is a process of spreading Islam, an outreach effort that is an "invitation to follow Allah." In some ways, this could be compared to missionary work, or proselytization. Many Islamic relief efforts and educational institutions follow this approach, including as a way to control interpretation of Islamic faith. As an analytical point, this may tell us much about the leadership of Al-Qaida--they've reverted back to the beginning of Islam, and the initial struggles for political/spiritual control (other indications: the significance of dreams to leadership members, key role models for personal and organizational behavior). 'Gnosis,' in this case a resurgence of 'directly delivered' Islam rather than 'dogma' may be one of the contributing factors to the charisma of the leadership, and the support base they've managed to build in grassroots Islam. What is also interesting is the journal of the Egyptian Moslem Brotherhood in the 70s and 80s was called al-Da'wa, and the Sudan has the Organization of Al-Da’wa Al-Islamiya; both of these countries are areas of operation for Al-Qaida, and members of Al-Qaida and these groups overlap. Maintaining cover identities, regardless of other familiarity (to get back to the item), is an operational security element of tradecraft.]
2. Have a general appearance that does not indicate
Islamic orientation (beard,toothpick, book, [long] shirt,
small Koran).
3. Be careful not to mention the brothers' common
expressions or show their behaviors (special praying
appearance, "may Allah reward you", "peace be on you"
while arriving and departing, etc.)
4. Avoid visiting famous Islamic places (mosques,
libraries, Islamic fairs, etc.)
5. Carry falsified personal documents and know all the
information they contain.
6. Have protection preceding his visit to any place
while moving about (apartment,province, means of
transportation, etc.).
7. Have complete and accurate knowledge of the security
status related to those around him in his place of
work and residence, so that no danger or harm would
catch him unaware.
8. Maintain his family and neighborhood relationships and
should not show any changes towards them so that they
would not attempt to bring him back [from the Organization]
for security reasons.
9. Not resort to utilizing letters and messengers except
in an emergency.
UK/BM-54 TRANSLATION
10. Not speak loudly.
11. Not get involved in advocating good and denouncing
evil in order not to attract attention to himself.
12. Break the daily routine, especially when performing an
undercover mission. For example, changing the
departure and return routes, arrival and departure
times, and the store where he buys his goods.
13. Not causing any trouble in the neighborhood where he
lives or at the place of work.
14. Converse on the telephone using special code so that
he does not attract attention.
15. Not contacting the overt members except when
necessary. Such contacts should be brief.
16. Not fall into the enemy's excitement trap, either
through praising or criticizing his Organization.
17. Performing the exercises to detect surveillance
whenever a task is to be performed.
18. Not park in no-parking zones and not take photographs
where it is forbidden.
19. Closing all that should be closed before departing the
place, whether at home or his place of undercover
work.
20. Not undergo a sudden change in his daily routine or
any relationships that precede his Jihad involvement.
Far example, there should not be an obvious change in
his habits of conversing, movement, presence, or
disappearance. Likewise, he should not be hasty to
sever his previous relationships.
21. Not meet in places where there are informers, such as
coffee shops, and not live in areas close to the
residences of important personalities, government
establishments, and police stations.
UK/BM-55 TRANSLATION
22. Not write down on any media, specially on paper, that
could show the traces and words of the pen by rubbing
the paper with lead powder.
[Covert members of Al-Qaida, sleepers, follow tradecraft to protect their affiliation and identities: maintaining cover identities and pretext, not appearing to be moslem in appearance or behavior, backstopping identities, observing safety and security tradecraft diligently, knowing the risk of relationships and communication, maintaining a 'low profile,' not falling into habits or patterns that create vulnerabilities, compartmentalizing cover identity and operations, usings codes for communication, minimizing organizational interaction, keeping a level head and avoiding excitement, taking care regarding surveillance, obeying laws and regulations to avoid attention, maintaining secrecy, not providing 'indicators' of pending operations by behavioral changes. While much of this tradecraft is oriented at what not to do, there is little assistance for what to do in order to blend in--either such material is in other Al-Qaida training materials, imparted in special training, is selected for in potential sleepers (those with experience in target countries), or non-existent (which would encourage cell isolation from the local context, behavior consistent with the 11Sept2001 cells, which also serves to maintain cell unity and discourage defection). Absent 'positive' training materials, this is another indicator that Al-Qaida is a 'negative control' type of organization.]
Measures that Should be Taken by the Commander:
* The commander, whether in overt or covert work, has special
importance for the following reasons:
1. The large amount of information that he possesses.
2. The difficulty of the command in replacing the
commander.
3. Therefore, all previously mentioned security
precautions regarding members should be heightened for
the commander. Many resources should be reserved for
protecting the commanders.
[Al-Qaida recogizes the vulnerability of commanders. Items 1 & 2 indicate that a principle of cybernetics, redundancy of potential command, is not used--it would require information sharing inside the operational cell (the more complete the information sharing, the more redundant the potential commanders, and the more rapid such command could be assumed). Given the tradecraft of the organization, this is more than a compartmentalization issue (security), but also structural--command is hierarchical, with authority coming from greater information and access to information (hierarchy is defined by positional authority as well as monopoly control of resources--interpretation (in this case, of Islam) and possession of information). Such information sharing would undermine authority, although it is doubtful that it is portrayed as such inside the organization. Lack of redundancy of information and command is a key structural vulnerability of Al-Qaida. Note that reservation of resources may also be a source of internal dissention--privileges of command may well be resented by cell members.]
Important Note:
* Married brothers should observe the following:
1. Not talking with their wives about Jihad work.
2. The members with security risks should not travel
with their wives. A wife with an Islamic appearance
(veil) attracts attention.
[Compartmentalization ("need to know") and maintaining pretext and
cover identity (including no obvious signs of being moslem).]
Source: http://www.justice.gov/ag/manualpart1_3.pdf (1.0MB)
UK/BM-56 TRANSLATION NINTH LESSON SECURITY PLAN UK/BM-57 TRANSLATION Defining Security Plan: This is a set of coordinated, cohesive, and integrated measures that are related to a certain activity and designed to confuse and surprise the enemy, and if uncovered, to minimize the work loss as much as possible.[This section of the Al-Qaida handbook describes what we would refer to as 'deception plans.' The U.S. military makes deception plans integral to operational plans, as described in Field Manual 90-2, Battlefield Deception (which an interested reader will need to acquire from http://www.fas.org/irp/doddir/army/fm90-2/toc.htm rather than the Army's own digital library). It's entirely possible that Al-Qaida is using elements of the U.S. military's approach, learned from open source intelligence, or more recently through the U.S. and NATO involvement in Bosnia.]
Importance of the Security Plan:
The work will be successful if Allah grants that. The more solid
is the security plan, the more successful [the work] and the
fewer the losses. The less solid the security plan, the less
successful [the work] and the greater the losses.
[Deception is integral to the operational approach advocated by the training manual. Sleepers rely upon well-backstopped (documented) cover identities that provide the pretext (plausibility) for the operations. The explicit security/deception plan here, however, is like the concept of nested cover stories, what intelligence calls 'peeling the onion.' Taking off one layer merely exposes the next layer, and so on. Robust cover stories nest through multiple layers, with each layer providing a plausible interpretation that appeals to the paradigms and prejudices (preconceived notions) of those doing the peeling (analysts, journalists, politicians, the public, etc.). Once provided with an explanation that appeals to them, an individual will rarely keep peeling, and will in fact tend to discount or discard evidence that is incompatible with such an interpretation. Truth, the reality of the situation, remains buried under the layers, available yet undiscovered. Al-Qaida cells use deception plans to manage and mitigate the consequences of their operations--a good deception plan will misdirect and minimize consequences, while a bad deception plan will allow the 'enemy' to make sense of what is truly going on and take their own measures for management and mitigation.]
Specifications of the Security Policy: A number of conditions
should be satisfied to help the security plan to succeed. These
are: [It should be]
A. realistic and based on fact so it would be credible to the
enemy before and after the work.
B. coordinated, integrated, cohesive, and accurate, without
any gaps, to provide the enemy [the impression of] a
continuous and linked chain of events.
C. simple so that the members can assimilate it.
D. creative.
E. flexible.
F. secretive.
[This is remarkably similar to a special operations approach. Item A is a point from psychological operations (PSYOP)--'mobile truth,' or a reinterpretation of events rather than a fabrication. This maps back to the 'onion' approach to cover stories--the layers of misdirection are matters of interpretation that lead to inaccurate or incomplete conclusions. Outright falsehood would derail the deception, and leave exposed the existence of deception planning. When people feel they already have the answers, they cease asking meaningful questions (a rule of thumb in intelligence: questions are where you ran out of answers; answers are where you ran out of questions). To rely upon backstopping that will clearly be disproven would lead the 'enemy' to perhaps reconsider and reinvestigate. Item B is an attempt to create a robust set of alternatives by making them 'smooth' rather than discontinuous. This is a curiosity that may indicate flaws in the mindset of the author(s) of this section--professional intelligence analysts and operators are paranoid by necessity, and anything that looks 'complete' is automatically suspect. No intelligence model is complete (intelligence has its own version of Godel's Incompleteness Theorem), there is no 'perfect' knowledge in the real world. This bit of tradecraft opts for 'too much of a good thing must be better,' but looking at such a model should make an intelligence professional break out in cold sweat. Items C through F are good elements--simplicity makes the plan easier to understand and implement (and the parallel, from the other side (those being deceived), is that analysts tend to favor Ockham's Razor--the simplest explanation is the one most likely to be true), creativity and novelty increase the possibility for moral or material surprise, flexibility is essential in dealing with the unexpected ("no plan survives contact"), and secrecy is critical for plan success.]
The Method of Implementing the Security Plan: There should be
a
security plan for each activity that is subject to being
uncovered by the enemy. For example, the brother who is charged
with a certain mission might be arrested. It is, therefore,
essential that a security plan be designed for him through which
he will be able to deny any accusation. Likewise, for the group
assigned a collective mission, there should be a security plan
to which all members are committed. Each member would then find
out , learn, and be trained in his role to ensure his assimilation
of it.
[Discovery of an activity is a matter of 'when' and not 'if'--therefore every activity needs to have a deception plan associated with it. The cover identity should be chosen with pretext in mind--the identity should be able to operate toward the desired goal without having to create a great number of additional deception plans. The more complicated an operation or the more at variance it is with the tolerance of the pretext of the cover identity (plausibility), the more layers a deception plan needs to create as insulation (see Churchill's comment: "In wartime, truth is so precious that she should always be attended by a bodyguard of lies."). Such deception plans are actually simpler for the individual rather than a group--group members will commonly present inconsistent stories, have different cababilities of coping under pressure, etc. that can add up and put the deception plan in jeopardy.]
UK/BM-58 TRANSLATION
In this lesson, we shall cover many examples of security plans
related to certain matters:
1. Security plan for an individual mission. 2. Security plan
for a group (important meeting). 3. Security plan for a group
mission (assassination operation).
[Note the change in tone and approach in this section of the manual--much more pro-active, things to be done rather than not to do, examples, etc. Authorship here is different and much more practical.]
1. Example of a security plan for an individual mission
(training in Afghanistan):
Prior to Departure: Traveling through an airport, the brother
might be subjected to interrogation. It is essential that he
be taught the answers to the following anticipated questions:
A. What are the reasons for your travel?
B. How did you get the money for travel?
C. How long is the travel period?
D. Who will meet you in the arrival country?
E. What will you be doing in the arrival country?
(There are different degrees of interrogation)
During Travel (transit country): The brother should be taught
the answers to the following questions:
A. Why are you going to Pakistan?
B. Do you belong to an religious organizations?
C. How did you get the travel money?
D. Who got you the visa to Pakistan?
E. What will you be doing in Pakistan?
F. With whom will you be staying in Pakistan?
Arrival Country (Pakistan): The brother should be taught the
answers to the following questions:
A. Why did you come to Pakistan?
B. How long will you be spending in Pakistan?
C. With whom will you be staying?
UK/BM-59 TRANSLATION
Transit Country (Return): The brother should be taught the
answers to the following questions:
A. What were you doing in Pakistan?
B. Are you a Jihad fighter?
C. Do you belong to religious organizations in your country?
D. Why did you come to our country in particular?
E. Whom will you be staying with now?
F. How long will you spend here?
Return Country (Returningto your Country):
A. What were you doing in the transit country?
B. Addresses and telephone numbers of those who hosted
you
during your stay?
C. Whom did you visit in your group, and for how long?
When Your Travel to Pakistan is Discovered:
A. What were you doing in Pakistan or Afghanistan?
B. In which camp were you trained?
C. Who trained you? On what weapons were you trained?
D. Who assigned you to go to Afghanistan?
E. Whom will you contact in your country?
F. What are the tasks and missions that you intend to execute
in your country?
G. Who else trained with you in Afghanistan?
H. How many of your countrymen are in that camp and in
Afghanistan?
I. What are their names?
J. Who are the group commanders there [in Pakistan]? Where
do
they live and what do they do?
K. What things do the commanders talk about?
[The specificity of this section is striking--training in Afghanistan, with the travel route through Pakistan. Travel is not via a direct route (similar to the tradecraft of the old PFLP). The 'prior to departure' section are the sorts of questions one gets when departing from, for example, countries in the Middle East (question B in particular is one heard more frequently in the region--travel is rare, expensive, and unusual for certain socioeconomic 'classes'). The parenthetical comment regarding 'different degrees of interrogation' is quite accurate--it ranges from simple questions (oddly, those with the most Westernized appearance get the least questioning, when it would seem a perfect opportunity for harassment) to being taken off to a secure room for a more 'intimate' session. 'Transit' countries are part of a multi-stop journey--good tradecraft is to completely 'break' the travel by switching tickets and identities in the intermediate country (European countries are incredibly easy to manage this in), but given the numbers of individuals trained in Afghanistan, such tradecraft is probably reserved to key commanders and core cadre of Al-Qaida. Proper selection of the transit country (one with uniform respect for human and civil rights) means that such questions are formalities, and as long as the pretext is plausible, no further investigation will occur. This, incidentally, may well be one of the reason for the dramatic proliferation and infiltration into non-governmental organizations (religious, humanitarian, and aid) by Al-Qaida, since such organizations would provide easy answers to all the posed questions, and interference by transit country officials would be a serious issue. The 'arrival country' questions, destination Pakistan, are laughable, and show just how little resistance Al-Qaida expected in passing through Pakistan. Return through the 'transit' country becomes slightly more complicated after Pakistan/Afghanistan. Al-Qaida cell members are expected to be asked leading questions that would possibly expose their affiliation (questions A & B). Question C is both a back door leading to potential Al-Qaida membership, but also of forensic use later on if necessary. Note the emphasis in questions D through F are exactly about transit--why 'them' (the transit country), who are you seeing (concerns about the potential for local operations in the transit countries), and how fast can they get rid of you. Getting through Pakistan into Afghanistan is a greased chute, but getting through the transit countries appears just as well expedited. The expected questions in 'return country' seem to imply a 'break' that separates the movement pre-Pakistan from the post-Pakistan travel--note the reference to the transit country, but not regarding Pakistan or Afghanistan. These indications of Al-Qaida's travel tradecraft are inconsistent, but demonstrate that this manual is far from complete, and that some sophistication is present. The next section, 'when your travel to Pakistan is discovered' reinforces that a break occurs, but also that Al-Qaida members assume that somehow intelligence will discover the connection (contingency planning). The questions are far from innocuous, immediately in pursuit of critical intelligence data--what camp, trainers, weapons, training, etc. Then the questions turn inward--Al-Qaida members are sleepers prepared for local operations, and related details are desired: who sent you, who are your contacts, what operations are you supposed to conduct, who else was trained, who else may be in-country (local). Al-Qaida is then assumed to be pursued as a line of questioning--commanders, locations, cover identities, areas of interest, areas of operations, etc. This set of questions as well as later material in the manual indicates clearly that sleepers are expected to be examined carefully, possibly arrested and interrogated, but robust deception planning will eventually return them to circulation, and operations. The overall set of questions presented here indicate generally non-U.S. countries of operation, and in fact, countries of operation in the Middle East (the region that Al-Qaida considers of primary importance--the U.S. is just a sideshow they need to deal with).]
An Example of a Security Plan for a Group Mission (Important
Meeting). The meeting is of two types:
A. A meeting held by those responsible for overt work.
That
[meeting] is held in many places (mosque, apartment,...)
[Note that a mosque is an accepted place for a meeting--no separation in Islam between 'spiritual and secular' matters, a complicating factor for the vast majority of moslems.]
UK/BM-60 TRANSLATION
B. A meeting held by those responsible for covert work.
For that [meeting],great effort on our part should be
exercised to ensure its safety. We shall discuss that meeting
and what makes it secure from enemies spies.
The security plan for that meeting is divided into several
stages:
A. Before the meeting, B. The meeting location, C. During the
meeting, D. After the conclusion of meeting, E. In case security
personnel storm the meeting place and capture one of the
members.
A. Before the meeting: Here the meeting for covert work is
divided into:
Meeting in a Stationary Location: A meeting where more than
three members gather to discuss a plan or prepare for an activity.
Mobile Meeting (Encounter):A meeting among a small number
of members, not more than three, to inform [one another] of
a certain issue.
Security Measures Necessary Prior to the Stationary Meeting:
1. Establishing a plan suitable for the members if any of
them is arrested. It consists of:
Who is the owner of the apartment? What was discussed in the
meeting? Who was with you? What was agreed upon?
2. Specifying the timing of the meeting in such a way as not
to raise suspicion of the members' movements.
3. Not allowing a long period of time between specifying the
meeting time and the meeting itself.
4. Securing the meeting location and the routes leading
to it by the following:
a. Ensuring the security status via telephone.
UK/BM-61 TRANSLATION
b. Assigning members to monitor the place
before and during the meeting.
c. Planting a member close to the nearest enemy
security point (police station, security
administration) to communicate the first
sight of security movement.
d. Posting an armed guard to stop any attack
and to give those meeting a chance to
escape.
5. Specifying what would happen in the event the
police storm the place.
6. Those members going to the meeting should
consider the following:
a. Ensuring that the enemy is not behind them
while on the way to the meeting place.
b. Not heading directly to the meeting place
but through secondary places.
c. Not going to the meeting place as a group
but individually, with time gaps between
them.
d. The clothing and appearance should be
suitable for the meeting place.
e. If the brother uses public transportation,
he should alight before or after the meeting
location. In case he has a private car, he
should park it in a secure place not near
the location that allows him to maneuver
quickly at any moment.
f. Verifying the proper cover for the documents
he has with him.
g. If a member is armed, he should make sure
that the weapon is in good working
condition.
Necessary Security Measures Prior to the Mobile Meeting: When
a
brother goes to a certain meeting (mobilemeeting), he should
review these things:
UK/BM-62 TRANSLATION
a. Is he sure that the enemy is not behind him nor
at the meeting place?
b. Who will meet him?
c. Is there anything that might raise suspicion?
d. Is this the first appointment or the second
(alternative,changed)?
e. Does he know the meeting place in detail?
f. Are his appearance and clothing suitable for the
location where he will stand [meet]?
g. Is his weapon in good working condition?
h. What is the alternative for each action?
i. Not going directly to the person whom he would
like to meet, Verifying the person's appearance
and features.
B. The Stationary Meeting Location: It is necessary that it
have special characteristics to confront any danger to the
meeting members:
1. Location-wise, it should be in the middle of a group
of houses, not at the beginning.
2. Having many routes leading to that location. That
would assist entering and exiting in many ways.
Consequently, it makes surrounding the place difficult
and facilitates escaping from danger.
3. The location should not be close to suspicious
locations ([where] individuals or establishments work
with the security [apparatus]).
4. It is preferable that the apartment be on the ground
floor and have a telephone.
The Mobile Meeting Location (Encounter):
1. The meeting location should be at the intersection of
many roads where it is easy to come, go, and flee.
2. [No text.]
[If this bullet needed to be filled in, the probable 'missing' element is the ability to observe clearly--fields of vision, fields of fire--while enjoying some sort of cover and concealment if necessary.]
UK/BM-63 TRANSLATION
3. The meeting should be held far from places where it is
believed some of whose elements deal with the security
apparatus (coffee shops).
4. The place should not be crowded because that allows
security personnel to go undetected.
5. It is necessary to have alternative locations and
times. That would make it difficult for security personnel
to monitor the place.
B. During the Meeting: The following should be observed:
[If you're keeping track, this is a bulleting error--it should actually be C (which cascades and causes the gap later).]
1. Establishing a security plan that consists of the
following:
a. Proper cover for the members' presence (students,
for example, it is necessary to have books,
notebooks,...)
b. Verifying that personal documents match the
agreed-upon cover.
c. Not having written direction to the meeting place.
If that is necessary, it should be coded.
d. Not having or leaving food or anything else that
would reveal the presence of many people.
e. Surrounding the place with barb wire. That
depends on the importance of the meeting and if
there are items that cannot be carried during
escape.
C. After the Conclusion of the Meeting:
1. Departing singly or in pairs, depending on the number
of members present.
2. Not heading directly onto main roads but to secondary
ones.
3. Not speaking about what was discussed in the meeting,
during or after departure.
4. Removing all observers after the members depart.
UK/BM-64 TRANSLATION
5. Not leaving anything that would lead [to the fact that]
there was anyone there except the owner.
[D. not used.]
E. Raiding and capturing one of the members.
1. Establishing a plan to repel the attack, which
consists of the following:
a. Who will engage the enemy with bullets?
b. Who will flee with the important
documents and who will burn the rest?
c. Not heading directly to other
organization locations.
d. Specifying the escape roads and
Streets.
e. If the place is surrounded by barb
wire, make sure all members have
left.
In case an individual is caught, the following should be done:
Executing what was agreed upon with the brother in the
security plan.
If the brother has important work position (commander,one
who knows the arsenal locations, ...), whatever is necessary
should be done before the enemy discovers anything.
Instruct all members not to go to the meeting location.
Inform all members of the telephone number of that
apartment in order to mislead the enemy.
[This section covers material discussed previously, but again, more pro-actively, more about what should be done rather than what shouldn't, and clearly a more experienced voice. Mobile meetings, parenthetically an 'encounter,' is 'spot' contact--more than a brush pass, but not intended to seem more than a coincidental gathering. Stable meetings require a more detailed deception plan, strict adherence to tradecraft, and active security measures (security alerts, guards, tripwire personnel, armed resistance (playing 'Horatius at the bridge'); also specified are careful entry and exit protocols, pretexting and backstopped cover identities, even armed cell members. Preparation for a mobile meeting focuses on avoiding or evading surveillance, knowing the location and meeting parties, a good pretext, fall-back meeting arrangements, checking a weapon. Meeting location tradecraft is reiterated from the earlier material. Meeting tradecraft relies on pretext and cover identities, although item e is curious (barbed wire isn't suspicious?). Post-meeting exit protocol is fairly standard tradecraft, except for item 4--observers of meetings would, because of security and compartmentalization reasons, be superior in the hierarchy of the organization (higher level commanders, core cadre). This indicates that 'spot checking' probably occurs in the organization--checking on commanders, cells, progress, making personal assessments that are communicated back to the core of the organization. Section E provides a few clues about the function of the organization: armed resistance is an option (rather than relying upon the deception plan alone), roles in the organization are clear (who fights, who runs, who stays behind to take care of security matters), exfiltration protocol is explicit. Damage control efforts are to be undertaken immediately--acknowledgement that captured personnel can resist supplying information for a limited time (although how damage control efforts can be taken by cell members, given reservation of critical information to commanders, is questionable). 'Blown' locations and members are then considered for ways to utilize them in future deception plans.]
UK/BM-65 TRANSLATION
An Example of a Security Plan for a Group Mission (assassinating
an important person)3: Assassination is an operation of
military means and basic security. Therefore, it is essential
that the commanders who establish plans related to assassination
give attention to two issues:
____________________
[3] It is possible to also say "kidnaping an important person."
All security measures and arrangements in assassination
and kidnaping are the same.
[Assassination, or 'leadership-based targeting,' is mentioned as an operation against the 'enemy' but also in dealing with internal security matters--losing the trust of Al-Qaida is dealt with harshly (both as a practical matter and as an 'object lesson' to others in the organization). It is blatantly false that security measures and arrangements for assassination and kidnapping operations are the same--professional execution of either sort of operation require very different tradecraft.]
First Issue: The importance of establishing a careful,
systematic, and solid security plan to hide the operation from
the enemy until the time of its execution, which would minimize
the losses in case the executing party is discovered.
[Two different but complimentary plans need to be assembled--operations security (OPSEC) and deception (consequence management). Note that utilization of the same tradecraft for kidnapping and assassination may be part of the deception plan--claiming, in the event of capture, that kidnapping was the intended course of action.]
Second Issue: The importance of establishing a tactical plan
for
the assassination operation that consists of the operational
factors themselves (members,weapons, hiding places ...) and
factors of the operation (time,place). In this example, we
shall explain in detail the part related to the security plan.
The part related to operational tactics will be explained in
the lesson on special operational tactics.
Security Plan for the Assassination Operation: The security plan
must take into account the following matters:
A. The Commander: The security apparatus should not know
his whereabouts and movements. All security measures and
arrangements related to members of the Military Organization
(soldiers,commanders) apply to him.
B. The Members:
1. They are elements who are selected from various provinces
and are suitable for the operation.
2. During the selection process, members should not
know one another. They should not know the original planners
of the operation. In case they do, the commander should
be
notified. He then should modify the plan.
UK/BM-66 TRANSLATION
3. They should be distributed as small groups (3
members) in apartments that are not known except to
their proprietors. They should also be given field
names.
4. During the selection process, consider whether their
absence from their families and jobs would clearly attract
attention. We also apply to them all security measures
related to the Organization's individuals (soldiers).
[Commanders have a greater tradecraft burden, and should be more diligent to a higher standard than ordinary cell members. Selection of cell members by provinces is for compatibility reasons, but also because it may have operational significance (likely for operations in the Middle East or related to targets from the region--kidnapping or the threat of assassination is an old method of extorting financial support from wealthy individuals and families). Unit cohesion appears to be sacrificed in favor of security--lack of prior contact of cell members (particularly training) and isolation of cells. Operations security is monitored, protecting identification of planners and commanders by immediate willingness to change plans. By 'field names' it should be assumed cover identities and backstopping that fit with the pretext necessary to support the deception plan. Consideration of 'private lives' impacting on operations security indicates the scope of selection in sleeper agents--while travel and long absence because of cover identity might go without notice, members are not selected with their private lives as a contributing factor.]
C. Method of Operating:
1. The matters of arming and financing should not be
known by anyone except the commander.
2. The apartments should not be rented under real names.
They [the apartments] should undergo all security measures
related to the Military Organization's camps.
3. Prior to executing an operation, falsified documents
should be prepared for the participating individuals.
4. The documents related to the operation should be.
hidden in a secure place and burned immediately after
the operation, and traces of the fire should be removed.
5. The means of communication between the operation commander
and the participating brothers should be established.
6. Prior to the operation, apartments should be prepared to
hide the brothers participating in it. These apartments
should not be known except to the commander and his soldiers.
7. Reliable transportation means must be made available. It
is essential that prior to the operation, these means are
checked and properly maintained.
[Reiteration of prior tradecraft discussions, albeit slightly more direct. Item 1 again asserts compartmentalization, with critical information reserved to commanders (requiring 'damage control' to occur from a hierarchically-superior organizational element, and orphaning the cell unless the organization wishes to reestablish control). Item 5 is curiously non-specific, leaving wide latitude.]
D. Interrogation and Investigation: Prior to executing an
operation, the commander should instruct his soldiers on
what to say if they are captured. He should explain that
more than once, in order to ensure that they have
assimilated it. They should, in turn, explain it back to
the commander. The commander should also sit with each of
them individually (and go over] the agreed-upon matters
that would be brought up during the interrogation:
UK/BM-67 TRANSLATION
1. The one who conceived, planned, and executed this operation
was a brother who has a record of those matters with the
enemy.
2. During the interrogation, each brother would mention a
story that suits his personal status and the province of
his residence. The story should be agreed upon with the
commander.
3. Each brother who is subjected to interrogation and torture,
should state all that he agreed upon with the commander and
not deviate from it. Coordination should be maintained
with all brothers connected to the operation.
Note: The fictitious brother who the brothers say conceived,
planned, trained, and executed the operation, should be sent
away on a journey [outside the country].
[Management of the deception plan and preparation of cell members is mild in comparison to approaches such as SERE (Survival, Evasion, Resistance, Escape). Note the 'onion' approach in the deception plan. Item 1 attributes the operation to an individual (or one would presume, to further confuse the issue, an organization of non-State actors or State sponsor not connected to Al-Qaida) that the target is willing to accept (catering to preconceptions). Items 2 & 3 are reinforcement to stick to the cover identity and deception plan. The 'note' is interesting in its contradictions (how can a fictitious 'brother' be sent anywhere? this may be a translation error)--why attribute the operation to an individual in the organization? Al-Qaida is 'notorious' for not claiming formal responsibility for attacks, so this indicates that various trial transcripts related to Al-Qaida operations may require reanalysis in light of increasing knowledge of their tradecraft and deception planning approach.]
[Page inserted.]
Source: http://www.thesmokinggun.com/archive/art/binmurder6.gif
UK/BM-69 TRANSLATION
Definition of Special Operations1:
These are operations using military means and basic security.
Special operations are some of the tasks of groups specialized
in intelligence and security.
____________________
1 Review in detail the notebook: Lessons in Special Operations.
[It's worth considering this in the light of http://www.dtic.mil/doctrine/jel/new_pubs/jp3_05.pdf on the U.S. special operations concept.]
Characteristics of Members that Specialize in the Special
Operations:
It
1. Individual's physical and combat fitness (jumping,
climbing, running, etc.).
2. Good training on the weapon of assassination, assault,
kldnaping, and bombing (special operations).
3. Possessing cleverness, canniness, and deception.
4. Possessing intelligence, precision, and alertness.
5. Tranquility and calm personality (that allows coping with
psychological traumas such as those of the operation of
bloodshed, mass murder). Likewise, [the ability to
withstand] reverse psychological traumas, such as killing
one or all members of his group. [He should be able) to
proceed with the work.
6. Special ability to keep secrets and not reveal them to
anyone.
7. [Good] security sense during the interrogation.
8. Great ability to make quick decisions after altering the
agreed upon plan (proper actions in urgent situations).
9. Patience, ability to withstand, and religiousness.
10. Courage and boldness.
11. Unknown to the security apparatus.
Weapons of Special Operations:
1. Cold steel weapons (rope, knife, rod, ...).
2. Poisons
3. Pistols and rifles
4. Explosives
We note that special operations include assassinations, bombing
and demolition, assault, kidnaping hostages and confiscating
documents, freeing prisoners.
[This is strikingly similar in many ways to the special operations concepts of Western countries (the U.S. among them). It is also worth taking a look at http://cryptome.org/cuw.htm as well.]
[Pages 70-74 not available.]
[Continuation of DoJ file.]
UK/BM-75 TRANSLATION
ESPIONAGE
(1) INFORMATION-GATHERING USING OPEN METHODS
[Compare this document with the extensive discussion at http://www.fas.org/irp/world/china/docs/sources.html
regarding Chinese open source intelligence (OSINT) 'sources and techniques.'
Also worth considering are:
http://cryptome.org/icot-cg.htm
http://cryptome.org/soi.htm
http://www.odci.gov/csi/books/19104/index.html
http://www.7pillars.com/papers/IntelligenceCourse.pdf
http://www.7pillars.com/papers/IntelNet.html ]
UK/BM-76 TRANSLATION
Definition of Espionage5: It is the covert search
for and
examination of the enemy's news and information for the purpose
of using them when a plan is devised. In [the book titled]
"Nile AI-Aoutar wa Fath Al-Bari," [it is said that] the spy is
called an eye because his work is through his eyes, or because
of his excessive and preoccupation with observation, as if all
his being is an eye.
____________________
[5] For details, refer to The Spying Journal: Religious Duty
and Human Necessity.
Espionage in the era of the prophet - Allah bless and keep him -
and his honored companions: The prophet - Allah bless and keep
him - used informants in most of his attacks. As Abou Soufian's
caravan, that was coming from Damascus, was approaching, the
prophet - Allah bless and keep him - wanted to know the
caravan's destination. While the prophet was in Madina, he sent
Talha Ibn Obaidallah and Said Ibn Zeid to the Damascus route to
gather information about the caravan. On their way back to
Madina, and at the conclusion of the Badr battle, they met the
prophet - Allah bless and keep him - in Terban, as he was
descending from Badr to take Madina. [Though] they did not
participate in the battle, they nevertheless got their share
of the [spoils].
In his attacks, the prophet - Allah bless and keep him - would
find out the enemy's intention. In the Hodaibiya [battle] days,
though he did not want war, he exercised caution by sending a
special 40-man reconnaissance group, headed by A'kkasha Ibn
Mohsen Al-Azda. One of that group forerunners found a man who
led them to the enemy's livestock. They captured 200 camels
from that livestock and brought them to Madina.
[This story is recounted in The Life of Mahomet in Chapter 12: http://answering-islam.org/Books/Muir/Life3/chap12.htm ]
The prophet - Allah bless and keep him - had local informants in
Mecca who told him everything, big and small, that might harm
the Muslims' welfare. Among those [enemies] were his uncle Al-
Abbas Ibn Abd Al-Mutlib, and Bashir Ibn Soufian Al-Atki. Al-
Khulafa Arrashidun [Mohammed's successors] advised their
commanders about the importance of using scouts and informants
to learn theenemy's secrets. Abou Bakr Al-Siddik - may Allah
be pleased with him - said to his commander Amro Ibn AI-A'ss -
may Allah be pleased with him -, "Send your informants to bring
you Abou Obeida's news. If he is victorious over his enemy,
then you fight those that are in Palestine. If he needs
soldiers, then dispatch one battalion after another for him.''
[See http://answering-islam.org/Books/Muir/Life3/chap11.htm for supplemental perspective.]
Omar Ibn Al-Khattab - may Allah be pleased with him - advised
his commander Saad Ibn Abou Wakkas - may Allah be pleased with
him - saying, "If you step foot on your enemies' land, get spies
for them. Choose those whom you count on for their truthfulness
[Page break.]
and advice, whether Arabs or inhabitants of that land. Liars'
accounts would not benefit you, even if some of them were true;
the deceiver is a spy against you and not for you." Khaled Ibn
Al-Walid - may Allah be pleased with him - used to take
informants and spies with him in each of his wars against the
Christian Orthodox. He chose them carefully and treated them well.
Principle of Moslems Spying on their Enemies: Spying on the
enemy is permitted and it may even be a duty in the case of war
between Moslems and others. Winning the battle is dependent on
knowing the enemy's secrets, movements, and plans. The prophet
- Allah bless and keep him - used that method. He would send
spies and informants. Perhaps, he - Allah bless and keep him -
UK/BM-77 TRANSLATION
even went himself as in the major Badr attack. AI-Khulafa
Arrashidun [Mohammed's successors] also ordered it [spying].
Since Islam is superior to all human conditions and earthly
religions, it permits spying for itself but not for others.
Majestic Allah says, "Not equal are the companions of the fire
and the companions of the garden," and the prophet says, "Islam
is supreme and there is nothing above it." Islam, therefore,
fights so the word of Allah can become supreme. Others fight
for worldly gains and lowly and inferior goals.
An Important Question: How can a Muslim spy live among enemies
if he maintains his Islamic characteristics? How can he perform
his duties to Allah and not want to appear Muslim?
Concerning the issue of clothing and appearance (appearance of
true religion), Ibn Taimia - may Allah have mercy on him - said,
"If a Muslim is in a combat or godless area, he is not obligated
to have a different appearance from [those around him]. The
[Muslim] man may prefer or even be obligated to look like them,
provided his action brings a religious benefit of preaching to
them, learning their secrets and informing Muslims, preventing
their harm, or some other beneficial goal."
Resembling the polytheist in religious appearance is a kind of
"necessity permits the forbidden" even though they [forbidden
acts] are basically prohibited. As for the visible duties, like
fasting and praying, he can fast by using any justification not
to eat with them [polytheist]. As for prayer, the book (Al-
Manhaj Al-Haraki Lissira Al-Nabawiya) quotes Al-Bakhari that "he
[the Moslem] may combine the noon and afternoon [prayers],
sunset and evening [prayers]. That is based on the fact that
the prophet - Allah bless and keep him - combined [prayers] in
Madina without fear or hesitation."
[Note that Ibn Taimia and Ahmed Ibn Hanbal are two of the sources that Wahhabism will defer to outside the Qur'an or Traditions.]
UK/BM-78 TRANSLATION
Though scholars have disagreed about the interpretation of that
tradition, it is possible - though Allah knows best - that the
Moslem spy combines [prayers]. It is noted, however, that it
is forbidden to do the unlawful, such as drinking wine or
fornicating. There is nothing that permits those6.
____________________
[6] Al-Morabitoun Magazine, Issue No. 6
[An Egyptian periodical, see: http://www.almurabeton.org/ ]
Guidelines for Beating and Killing Hostages: Religious scholars
have permitted beating. They use a tradition explained in Imam
Mosallem's manuscript, who quotes Thabit Ibn Ans that Allah's
prophet - Allah bless and keep him - sought counsel when he was
informed about Abou Soufian's arrival. Abou Bakr and Omar
spoke, yet he [the prophet] did not listen. Saad Ibn Ibada
said, "Do you want us, O Allah's prophet, who controls my life?
If you order us to subdue the camel we would do it, or beat and
follow them to Al-Ghimad lakes (5-day trip beyond Mecca), we
would do it, too." The prophet - Allah bless and keep him -
called on the people, who then descended on Badr. They were met
by Kureish camels carrying water. Among their takers was a
young black [slave] man belonging to the Al-Hajjaj clan. They
took him [as hostage]. The companions of the prophet - Allah
bless and keep him - started asking him about Abou Sofian and
his companions. He first said, "I know nothing about Abou
Soufian but I know about Abou Jahl, Atba, Sheiba, and Omaya Ibn
Khalaf." But when they beat him he said, “O yes, I will tell
you. This is the news of Abou Soufian...” Meanwhile, the
prophet - Allah bless and
UK/BM-79 TRANSLATION
keep him -, who was praying, started to depart saying, "Strike
him if he tells you the truth and release him if he lies." Then
he said, "That is the death of someone [the hostage]." He said
that in the presence of his companions and while moving his
hand on the ground.
In this tradition, we find permission to interrogate the hostage
for the purpose of obtaining information. It is permitted to
strike the nonbeliever who has no covenant until he reveals the
news, information, and secrets of his people.
The religious scholars have also permitted the killing of a hostage
if he insists on withholding information from Moslems. They
permitted his killing so that he would not inform his people of
what he learned about the Muslim condition, number, and secrets.
In the Honein attack, after one of the spies learned about the
Muslims kindness and weakness then fled, the prophet - Allah
bless and keep him - permitted [shedding] his blood and said,
"Find and kill him." Salma Ibn Al-Akwaa followed, caught, and
killed him.
The scholars have also permitted the exchange of hostages for
money, services, and expertise, as well as secrets of the enemy’s
army, plans, and numbers. After the Badr attack, the prophet -
Allah bless and keep him - showed favor to some hostages, like
the poet Abou Izza, by exchanging most of them for money. The
rest were released for providing services and expertise to the
Muslims7.
____________________
[7] Abdullah Ali Al-Salama: Military Espionage in Islam, pp.
253-258.
Importance of Information:
1. Based on the enemy's up-to-date information, his
capabilities, and plans, the Organization's command can
design good-quality and secure plans.
UK/BM-80 TRANSLATION
2. Information about the enemy's intention provides early
warning signs for the command, which in turn makes
appropriate preparation and thwarts the enemy's
opportunity.
3. Information benefits the Organization's command by
providing information about the enemy's strengths and
weaknesses.
4. Information benefits the Organization's command by providing
information about movements of the enemy and his members.
[If this is an ordered list, intelligence is developed to keep informed regarding enemies of the organization and an assessment of their capabilities, disposition, and status, then possible enemy activity in order to be prepared for hostile action. Operational and tactical intelligence are next priority--vulnerabilities, opportunities, order of battle, etc.]
Information requirements include: Newness, Trustworthiness,
Forthcoming, security, and confirmation.
[Perishability, sourcing, value, OPSEC, and verification. Consider:
FM 34-8-2, Intelligence Officer's Handbook at http://www.adtdl.army.mil/cgi-bin/atdl.dll/fm/34-8-2/default.htm
FM 34-130, Intelligence Preparation of the the Battlefield
(IPB) at http://www.adtdl.army.mil/cgi-bin/atdl.dll/fm/34-130/toc.htm
]
General Mahmoud Sheet Khattab said, "The nation that wants to
achieve victory over its enemy must know that enemy very well.
It also must know the site of the battle in detail. Those who
fight an enemy that they do not know, do not win because a
successful military plan must be built on clear and trustworthy
information. The commander who fights an enemy and does not
know his strength (number and materiel) is blind and destined to
fail and fall."
[Is this the same Khattab, a Jordanian, fighting in Chechnya, and supposed to be supported by bin Laden? Also worth considering: Bayan al-Aqeedah wal-Qiyadah by Mahmoud S. Khattab.]
Information Sources: Any organization that desires to raise the
flag of Islam high and proud, must gather as much information
as possible about the enemy. Information has two sources:
1. Public Source: Using this public source openly and without
resorting to illegal means, it is possible to gather at
least 80% of information about the enemy. The percentage
UK/BM-81 TRANSLATION
varies depending on the government's policy on freedom of
the press and publication. It is possible to gather
information through newspapers, magazines, books,
periodicals, official publications, and enemy broadcasts.
Attention should also be given to the opinion, comments,
and jokes of common people.
[With modern open source intelligence (OSINT), it is possible to develop 80-95% of the operational intelligence necessary, against targets in Westernized countries. More of this is discussed in Hunting the Sleepers, but it's important to confirm here that Al-Qaida uses the openness of the West (lower information acquisition costs) against itself. The attention to 'softer' content--psychology, editorial, opinion, emotion, sentiment--is to assess the effect of operations and to manage psychological operations.]
Truman, a past American President, said, "We attribute our
great advance to our press, because it gives America's
enemies the capability of learning what we have not
officially publicized about our plans and even our
establishments.”
In 1954, Allan Dulles [PH],Director of American
Intelligence [CIA], said, "I am ready to pay any amount of
money to obtain information about the Soviet Union, even as
little as what the Soviet Union obtains by simply reading
American newspapers."
The one gathering public information should be a regular
person (trained college graduate) who examines primary
sources of information published by the enemy (newspapers,
magazines, radio, TV, etc.). He should search for
information directly related to the topic in question.
The one gathering information with this public method is
not exposed to any danger whatsoever. Any brother can
gather information from those aforementioned sources. We
cannot label that brother a "Moslem Spy" because he does
not make any effort to obtain unpublished and covert
information.
UK/BM-82 TRANSLATION
2. Secret Sources: It is possible, through these secret and
dangerous methods, to obtain the 20% of information that is
considered secret. The most important of these sources
are:
A. Individuals who are recruited as either volunteers or
because of other motives
B. Recording and monitoring
C. Photography
D. Interrogation
E. Documents: By burglary or recruitment of personnel
F. Drugging
G. Surveillance, spying, and observation
[This is discussed in greater detail in the next section--redundancy, bad editing, indications of a composite document, all are likely contributing factors. Item A is human intelligence (HUMINT), a particularly risky form of espionage. Items B, C, and G are largely technical intelligence. Items D and F imply kidnapping of personnel with the requisite knowledge--risky, potentially exposing the potential operations, but certainly forewarning the 'enemy' of Al-Qaida activity. Item E curiously omits 'dumpster diving,' likely on the assumption that documents of interest to Al-Qaida would be shredded or burned rather than thrown into the trash; burglary of such documents is difficult and risky under such circumstances as well.]
Information Gathering Using Public Means:
A. Newspapers, Magazines,and Official and Party Publications:
In order to gather enemy information, the Military
Organization can use means such as magazines, publications,
periodicals, and official printed matter. Through these
means, it is possible to learn about major government
events and about the news, meetings, and travel of
Presidents, ministers, and commanders. Information may be:
1. Names and photographs of important government
personalities, police commanders, and security
leaders.
2. Published meetings. Through these, one can learn
about major decisions and topics being discussed.
3. Future meeting plans.
4. Present and future enemy capabilities through current
photographs of projects and strategic sites or through
UK/BM-83 TRANSLATION
meetings with top officials.
5. Beneficial news about the enemy's diplomacy and its
present and future plans.
6. Tourism news and the arrival times of foreign tourist
groups.
7. Advertisements about apartments for rent, vacant
positions, or anything else that is useful.
8. Advertisements about new and used car lots. These may
be used in assassination, kidnaping, and overthrowing
the government.
9. Learning the enemy position on current Islamic issues
(veil,beard, dedication, Jihad, ...).
B. Radio and Television: The Military organization can use
these important public sources to gather information all
day and night. The importance of these means is explained
below.
1. Visual and audible news help the Organization to
determine its present and future plans.
2. Interviews may help to identify the government policy
and its general directives.
3. Spotting the appearance of those who occupy high
positions.
4. Learning the prevailing information diplomacy and its
position on contemporary issues.
5. Learning about the interior of important government
places and establishments during their opening
ceremonies or through advertisements.
In addition to the aforementioned, [attention should be given]
to newspapers, magazines, and the public's comments and jokes.
[Note that much of the material indicated here is rapidly perishable, what is known as 'current reporting.' Again, open media provide much of intelligence value, particularly for skilled analysts. Item A8 is amusing, likely unintentionally so due to the phrasing of the translation (used cars for operations, but including 'overthrowing the government' should be enough to get a chuckle out of most readers, imagining decades of rust and poor repair on a vehicle used to attack seats of government).]
UK/BM-84 TRANSLATION TWELFTH LESSON ESPIONAGE (2) INFORMATION-GATHERING USING COVERT METHODS UK/BM-85 TRANSLATION Information needed through covert means: Information needed to be gathered through covert means is of only two types: First: Information about government personnel, officers, important personalities, and all matters related to those (residence,work place, times of leaving and returning, wives and children, places visited) Second: Information about strategic buildings, important establishments, and military bases. Examples are important ministries such as those of Defense and Internal Security, airports, seaports, land border points, embassies, and radio and TV stations.
[Again, the first point is related to 'leadership-based attacks,'
and the second point is regarding potential targets (leadership, economic,
symbolic).]
General security measures that should be taken by the person
gathering information: During the process of gathering
information, whether about governing personalities or
establishments, the person doing the gathering must take the
following security measures:
1. Performing the exercises to detect surveillance while
executing the mission. These exercises are not well
defined, but are dependent on the time, place, and the
ability to be creative. These exercises include the
following:
a. Walking down a dead-end street and observing who is
walking behind you. Beware of traps.
b. Casually dropping something out of your pocket and
observing who will pick it up.
c. Walking fast then stopping suddenly at a corner and
observing who will be affected.
d. Stopping in front of store windows and observing who
is watching you.
e. Getting on a bus and then getting off after it departs
and observing who will be affected.
UK/BM-86 TRANSLATION
f. Agreeing with one of your brothers to look for whoever
is watching you.
[Note that these elements of tradecraft miss certain approaches entirely (item a would miss 'forward tailing' and many of the items would miss a 'checkpoint' approach rather than an active tail. Good tailing operations utilize multiple skilled personnel and chase vehicles. While this tradecraft would suffice against amateurs, it provides little aid regarding professional surveillance.]
2. When receiving the gathered information, let the informants
travel as far as possible from their place of residence and
yours. Let each of them get there using secondary roads,
preferably at night.
[This shifts the travel risk onto the human source, and allows the intelligence officer (in this case, probably a cell commander) to select and secure the location. Note that the circumstances of the meeting may present a problem for the source--remote, little pretext to cover the trip, suspicious timing.]
3. Gather what information you can without emphasizing any
particular part. Do not rush or show urgency because your
excitement may uncover you and the degree of importance of
the information.
[Questions map the space of what is known, and what is not known; questions also map the 'interest' space--what is desired to be known. The intelligence officer needs to maintain 'objectivity' when eliciting information for two purposes--protecting his own organization's security and interests, and to be make the best use of the source. A source with knowledge of an intelligence officer's interests may learn too much about the officer's organization (a risk in the event of informers, turned assets, or interrogation if apprehended), or may decide to 'sweeten' the information flow (ignoring other areas of information that may be important, creating information to meet the level of interest, focusing on such information to make it seem more important, or changing behavior to acquire more information in that category).]
4. Avoid anything that reveals your identity quickly. Do not
attempt to be too creative or inventive. Remember what
Taliran [PHI said to his political emissaries, "Do not be
anxious.”
[If this pertains to the relationship with a human asset, establishing a relationship first and building up trust between the officer and the asset is essential. Affiliation is a tricky issue. 'False flag' operations are still common in intelligence--leading the source to think that the officer is affiliated with a different organization (in the event a source turns or is apprehended) to elicit information. False flag operations can utilize groups in opposition to the real organization (Al-Qaida could represent itself as some form of law enforcement, or Mossad) to get information a source would never provide to the real organization itself; false flags can also be of similar organizational types (another Islamic group) but not your own, for deception and misdirection purposes. Revealing real affiliation (if ever done at all) runs a risk of alienating a source, even after a strong relationship has been established. Being too creative or inventive in cover identity means running the risk of not being able to support the identity--backstopping, in behavior, etc.]
5. Move slowly and travel a great distance. The one who
is successful in gathering information is the one who is not
known or conspicuous.
[Casual violation of traffic regulations are a risk not worth the return. Surveillance of targets or locations may be observed; one of the 'indicators' of being under surveillance is sighting reoccuring individuals, thus the advice to not be 'known' and to be inconspicuous (not attracting attention or sticking in someone's memory). The useful techniques of fitting into a pretext (looking like a tourist at appropriate locations) or falling into a category (once categorized, an operator attracts much less scrutiny--if the category is a harmless one) are not explicitly advised. In some countries, Al-Qaida operators may blend into the indigenous population or a common sub-group, but in others they may automatically be suspect.]
6. Do not accept events at their face value. Do not overlook
a quick friendship or an apparent dispute. Evaluate the
importance of events and do not judge them by their
appearance.
[Interestingly, this is phrased in a neutral fashion rather than being explicit as to the advantages and disadvantages that may be encountered. Sudden friendships may be suspicious (an asset from an intelligence agency or law enforcement 'getting close' to target of interest, the operator), but they can also be real and of great benefit. Disputes can similarly be opportunities--relationships 'in flux' can be rearranged to the benefit of the operator--or indications of risk (a lure, or part of someone else's deception operation). "Paranoia is our profession" is a mantra for intelligence professionals, no matter what their affiliation.]
7. Do not speak vaguely or act mysteriously except when
wanting to get a "blabber mouth" to talk about what he
knows.
[An indication of a good understanding of some aspects of the psychology of human assets. Some assets feel unappreciated (or underappreciated) and are looking for a 'sympathetic ear'--give them an opportunity to talk and they'll take it. For others, the ego-involvement is considerable, so the officer being 'vague' or 'mysterious' is interpreted as a lower level of understanding, and the opportunity for the asset to demonstrate how much they know. More difficult assets will only discuss a matter if they feel that the officer already knows about it, or if they feel a need to correct a misconception. Running a human asset is more an art than a science.]
8. Carry personal credentials and know all their contents.
[Essential for the operator to know the details of the cover identity,
that the cover identity matches the pretext of being in a location or involved
in an activity, and that the operator can withstand a 'normal' level of
background checking and interrogation.]
UK/BM-87 TRANSLATION
9. Prior to collecting the information, make sure that all
necessities related to the mission, especially money, are
ready.
[The comment in the U.S. military is "proper planning and preparation prevent piss-poor performance," a sentiment that Al-Qaida obviously shares.]
10. Study the area where information-gathering takes place
carefully: Open and closed streets, residents' customs,
ways of dressing, and accent.
[A reminder that knowing an area is essential in blending in (although knowing an area implies a certain amount of exposure to it--and exposure to others while doing it). Knowing streets is important for operational purposes, as well as escape and evasion.]
11. It is not permitted to carry any weapons during the
information-gathering process.
[Very few cover identities and pretexts can withstand the casual search turning up a weapon--a situation that the operator could have talked his way out of, or would have been released from custody eventually for lack of cause, becomes incredibly complicated or impossible once a weapon is involved. Criminal penalties are much greater with involvement of a weapon (trespassing, which can plausibly be an accident, is no longer a simple affair if a knife or gun is found on the operator).]
12. Finding a cover prior to gathering the information.
Further, review all security measures concerning members of the
Military [Organization] which are covered in prior lessons.
[Unclear in the original, this probably means selecting a cover identity that matches an operational pretext that is plausible for the operation. Many 'roles' in society give great latitude--student, physician, journalist, maintenance worker, delivery man, etc.]
Methods of Gathering Information Using Covert Means: The
Military Organization may obtain secret information using:
A. Surveillance, intelligence, and observation; B. Theft:
C. Interrogation; D. Excitement; E. Drugging; F. Recruitment.
[Note that Al-Qaida does not discuss intelligence assets other than the officer, captives, or human sources--technical, signal, image, etc. intelligence.]
A. Surveillance, Intelligence, and Observation: Civilian and
military targets (personalities). The monitoring may be done on
foot or by car.
Surveillance on foot:
1. The brother or brothers performing the surveillance
operation on foot study the available information
about the target (height,weight, way of walking, looking
at a recent photograph)
2. Knowing the target's habits, places he visits, and
communications
3. Studying carefully the area where observation will
take place: names of through and dead-end streets,
residents' habits and way of dressing.
UK/BM-88 TRANSLATION
4. Prior to the start of the surveillance mission, making
sure that all needs related to the mission, especially
money, are met.
5. Agreeing on how communications with the leaders will
take place in case the surveillance plan is uncovered
(telephone, a person used for that purpose). The telephone
number should not be written but memorized.
6. Agreeing on special signals to exchange orders and
instructions among the surveillance team members.
7. Knowing the measures to be taken when the target is
lost, such as contacting the leaders or something else
agreed upon.
8. It is not permitted to carry any weapons during the
information-gathering process.
9. It is preferable to have a camera with the
surveillance man in case the target is to personally
contact others.
Surveillance by car:
Surveillance by car requires taking certain measures:
1. Inspecting the car's fuel, water, and lights.
2. The car should be of a common type so it would not
attract people's attention.
3. The car should be in good condition and the driver
should be experienced.
4. The car plates should not contain real numbers. It is
important to use a false license plate and small numbers
in order to prevent anyone from spotting and memorizing it.
5. The car's interior light should be disabled in order
to hide the identity of the surveillance team members
sitting inside.
6. The number and appearance of the car surveillance team
members should match those of the target's car.
[The methods discussed here would develop an intelligence model of a potential target based on time, location, and behavior, later to be analyzed for vulnerabilities the present an opportunity for Al-Qaida. Item foot-1 is interesting for observation of 'way of walking'--a change in this indicator may show behavioral shifts in the target (awareness of target status), or may be an element in borrowing the target's identity (from a distance, different gait is a clear indicator that someone may not be who they appear to be). Item foot-3 would produce intelligence necessary in establishing plausible pretexts and cover identities that blend into the context. Item foot-5 is a 'blown operation' indicator--the target has been alerted or the operator has been spotted (execution of an evasion and escape plan would be indicated prior to making such a phone call). Item foot-6 is explicit regarding a team (good surveillance requires multiple teams); use of coded communication among the squad is good tradecraft if it blends with the pretext and cover identities. Item foot-7 is interesting. Solo operators conducting surveillance will commonly lose the target--loss of the target is better than exposing the operation, targets should only be modeled in segments rather than continuously, target patterns aren't known well enough early in the surveillance process to anticipate behavior, etc. A radical change in target behavior after a pattern is well-established can be a problem--it may indicate knowledge of the surveillance, a deliberate shift in patterns, some other change that may impact on operations, etc. Such changes are problematic the closer they are to initiation of an operation, calling into question whether an operation can proceed. Team surveillance is structured to lose a target--target loss protects the surveillance operation. Teams pick up at different times, hand off from location to location, operate near and far to the target, etc. Contacting a leader would be to coordinate coverage between teams--teams rarely have the perspective of the entire operation, while a leader can provide that function. The ubiquitous nature of mobile phones has dramatically simplified the communication task--almost any cover identity can be expected to use a mobile phone (and new technology, such as handheld computers with wireless communication, add a whole new dimension to the surveillance process). Item foot-9 is to model a target's contact network and gather collateral intelligence on such individuals. Item car-3 should be explicit--experienced in the local traffic regulations as well as the surveillance process. Item car-4 presents an operational risk--surveillance behavior is unusual enough to increase the risk of law enforcement attention, including checking license plates (a false plate will lead to immediate scrutiny and put the operation in jeopardy). Item car-5 implies night surveillance, but doesn't restrict smoking, a common habit of surveillance personnel that also presents a risk. Item car-6 assumes that the target fits his/her context, which may not be accurate, and may not be compatible with the surveillance teams' pretext and cover identities.]
UK/BM-89 TRANSLATION
Performing Surveillance by Car:
1. The car being used for surveillance should keep up with the
target’s car during the surveillance operation, especially
in crowded areas and on side streets. The distance between
the two cars depends on the circumstances.
[Distance between a target's car and a surveillance team is a trade-off--too close and the team may betray that surveillance is taking place, too far away and the team may lose the target. As discussed in comments above, an experienced team will favor losing a target over 'blowing' the operation.]
2. If the target gets out of his car and starts to walk,
one of the surveillance team members should get out and observe
him.
[Another error of tradecraft. The reason for multiple teams is that a second team can exit a vehicle out of sight and approach the location--behavior consistent with the situation. The risk in this approach is the nature of the communication with a commander, who then directs the supplemental team's movements.]
3. Follow all aforementioned measures for surveillance on
foot.
Exercises to detect surveillance by car:
1. The surveillance car speeds up then stops suddenly while
observing which other car is affected (this is done where
there is not a lot of traffic).
2. The surveillance car enters a dead-end street.
3. The surveillance car goes in the opposite direction of
traffic.
4. The surveillance car stops and goes backwards.
5. [The surveillance car] enters a parking lot and immediately
goes out.
6. [The surveillance car] takes a side road and stops.
[To generalize, adopt a behavior that requires a response that can be observed (such as going through a traffic signal indicating stop), or lure a surveillance team into a situation where they will be obvious in the context (such as item 2). Note that the response to surveillance, if discovered, is not specified--combat, escape, bluff, etc. are left to the discretion of the team.]
A. Surveillance, Intelligence,and Observation (Information
about the enemy places)
The Organization’s command needs detailed information about
the enemy‘s vital establishments, whether civilian or
military, in order to make safe plans, reach firm
decisions, and avoid surprises. Thus, the individual who
gathers information about a desired location should, in
addition to drawing a diagram, describe it and all its
details.
UK/BM-90 TRANSLATION
The Drawing: The brother should draw a diagram of the area,
the street, and the location which is the target of the information-
gathering. He should describe its shape and characteristics.
The drawing should be realistic so that someone who never saw
the location could visualize it. It is preferable to also put
on the drawing the directions of traffic, police stations,
and security centers.
The Description: It is necessary to gather as much information
about the location as possible. For instance:
1. Traffic directions and how wide the streets are
2. Transportation leading to the location
3. The area, appearance, and setting of the place
4. Traffic signals and pedestrian areas
5. Security personnel centers and government agencies
6. Embassies and consulates
7. The economic characteristics of the area and traffic
congestion times
8. Public parks
9. Amount and location of lighting
It is preferable to photograph the area as a whole first, then
the street of the [desired] location. If possible, panoramic
pictures should be taken. That is, the collection of views
should be continuous in a such way that all pictures are taken
from one location and that the ending of one picture is the
beginning of the next. The photographer should be experienced
with and proficient in film processing and developing. It is
risky to use an outside film processing service. When observing
a military installation or camp, we discourage taking pictures
where it is forbidden. The brother/photographer should use a
UK/BM-91 TRANSLATION
modern camera that can photograph at night or from a distance,
and only the lens of the camera should be visible. When
gathering information about a military camp, the brother should
draw a diagram of the camp’s overall area, the camp itself, and
its interior, if possible.
The description of the base or camp must contain the following:
1. Location
2. Exterior shape
3. Transportation to it
4. Space [area]
5. Weapons used
6. Unit using the camp
7. Fortifications and tunnels
8. Guard posts
9. Amount and periods of lighting
10. Number of soldiers and officers. Officers’ ranks
11. Ammunition depot locations
12. Vehicles and automobiles
13. Leave policy
14. Commander's name, rank, arrival and departure times
15. Degree and speed of mobilization
16. Brigades and names of companies
17. Sleeping and waking times
18. Telephone lines and means of communication
The brother gathering the information may start a friendship
with one of the soldiers or officers of that base. Information
may be collected gradually and easily from soldiers when giving
them rides from the camp to the bus or train stations, etc.
[The source of this section of the document is clearly experienced at this sort of intelligence operation. Intelligence is clearly valued "in order to make safe plans, reach firm decisions, and avoid surprises." Drawing and making the description of sufficient detail to allow operator visualization is instrumental in mission success--learning 'rote' directions for an operation pales in comparison an adequate and accurate mental model. Structural and contextual detail described in this section give operators a 'fighting chance.' The photographic suggestions are constructive but incomplete--the area should be photographed as extensively as possible, various times of day under different lighting conditions, etc. would be of great help. Photographs from the window of time for the probable attack would be best--light levels, traffic levels, etc. would be tactically significant. Photography of military targets is much higher risk, but modern equipment mitigates such risk considerably. Dependence on film, and thus the risk associated with film development, are interesting in the context of digital equipment--while digital equipment is lovely gear, film quality and light/color responsiveness still make it superior for intelligence purposes. Note in the 'description of the base or camp' section that internal camp layout is not explicitly specified--is it assumed, or does Al-Qaida planning include attacks/devices that are catastrophic? Historically, Al-Qaida attacks have not been 'surgical,' but on a scale that makes internal layout of facilities irrelevant. The risk associated with on-going contact with military personnel is an interesting trade-off (and in contradiction of earlier tradecraft discussion in the manual)--familiarity and the risk of exposure against the off-chance of collecting fragments of intelligence value.]
B. Gathering Information Through Interrogation: Security
personnel in our countries arrest brothers and obtain the
needed information through interrogation and torture.
[If this is not a translation error, the reference to 'security personnel in our countries' is incredibly indiscrete. Al-Qaida is only concerned with the U.S. insofar as it relates to their primary purpose--installation of Islamic regimes (by their interpretation of Islam) in the Middle East, the area that truly matters to them. Islam itself is not inherently nationalistic (see Bernard Lewis' excellent analyses regarding this), so this is another indication that Al-Qaida has slipped off a 'proper' Islamic interpretation.]
UK/BM-92 TRANSLATION
The Military Organization must do likewise. On one hand,
the Organization can obtain important information about
enemy establishments and personnel. On the other hand,
that is a form of necessary punishment.
Information is collected in this method by kidnaping an
enemy individual, interrogating him, and torturing him.
[This, again assuming accurate translation, is further evidence of Al-Qaida's view that their interpretation of Islam is the correct one, while others are either jahiliyya or apostate. The view of torture (including, one presumes, of fellow moslems) as a 'form of necessary punishment' shows the questionable moral ground infirmly supporting Al-Qaida. A position of 'the means justify the end' shows a recognition of 'right' and 'wrong'--and a conscious decision to 'do something wrong' for a greater good. The position demonstrated in the manual overall, but this in particular, is 'by any means necessary,' regardless of the exploitation of the Qur'an--a complete rejection of moral considerations. It's a critical distinction in understanding Al-Qaida's operations--given certain capabilities, does their intention and 'profile' lead to use? While great efforts are made at justification and rationalization, it's clear that Al-Qaida recognizes no limitations or constraints on behavior, and therefore any operation is possible.]
This source of information is not permanent. Also, caution
should be exercised about being deceived by misinformation
from enemy individuals. Thus, the brother who interrogates
the hostage should possess the following characteristics:
1. Should have knowledge and expertise about people's
behavior and morals.
2. Should have a strong personality.
3. Should possess a sixth sense based on practice and
experience.
4. Should be extremely patient.
5. Should be able to act, pretend, and mask himself.
6. Should be intelligent, observant, analytical, and
deductive.
7. Should be able to establish an investigative plan.
[Methods of torture are described later in the document. Detection of 'misinformation' provided by a victim is not explicitly explained--the common method is continuing torture long after story inconsistencies have ceased to occur. The profile for the operator performing the torture is detailed; characteristic selected for are experience, maturity, worldliness, dominant, intuitive, patient, consumate acting abilities, superior intelligence, and operational/intelligence experience. Managing the torture process as an experienced operator and intelligence producer/consumer makes the process more directed at 'useful' data; on-the-fly filtering for what's relevant and applicable as well as detection of false, confused, or inaccurate recollection are critical. Torture is a downhill bicycle race--the operator needs to establish the reality of the situation while hinting at the probable outcome (crippling physical effects, death). At the same time, the victim is trying to hold out while listening to an internal sense of self--past a certain point, death is more desireable than living. At such a point, the operator and the victim are truly engaged--the victim trying to hold out, forcing damage that may bring death more quickly, while the operator tries to sustain the victim while still trying to elicit information. Long-term captivity leads to a different form of torture--patient, with recovery periods. The content of the victim's mind, however, is perishable--from the moment that their organization (and this applies to any side in this miserable game) discovers the victim is missing, the intelligence value of what they know decreases. Operations, locations, contact details, codes, caches, cover identities, etc. are only 'good' for a reasonably short duration. This imposes the nature of the torture session as a race, the victim trying to hold out long enough for the value to be negligable, with the operator trying to get something actionable in time.]
[Compare this next section with the U.S. Department of Justice's guidelines for using human sources: http://www.usdoj.gov/ag/readingroom/ciguidelines.htm ]
C. Gathering Information Through Recruitment: Recruiting
agents is the most dangerous task that an enlisted brother
can perform. Because of this dangerous task, the brother
may be killed or imprisoned. Thus, the recruitment task
must be performed by special types of members.
[False flag operations appear to not be considered. A solid profile of a potential human source, an asset, might indicate a 'low risk' pretext and cover identity that could be used to establish the relationship. While any contact, particularly of sensitive assets, entails risk, some approaches are greater risk than others. Success in the intelligence community for 'coerced' assets has largely come from establishing the relationship in advance of any attempt to use the asset--the relationship creates leverage (or the other way around), and 'cushions the shock' that creates the exposure risk. Compartmentalizing the task of acquiring and running assets is intelligent--it's a tricky business at best, and needs opeational security beyond regular 'sleeper' cells.]
There are a number of motives that might entice an
uncommitted person to take part in intelligence work.
These motives are:
UK/BM-93 TRANSLATION
1. Coercion and entanglement
2. Greed and love for money
3. Displaying courage and love of adventure
4. Love of amusement and deviance
5. Mental and political orientation
6. Fear of being harmed
The Organization may use motives No. 2, 3, 5, and 6 in
recruitment.
['Coercion and entanglement' are likely rejected because of the nature of such relationships, commonly sexual, and the fine hand necessary to play blackmail well. Given the vast majority of Al-Qaida being male, this would require either homosexual activity or female assets (although Al-Qaida may use female operators, that appears unlikely by the organizational profile and the voice of this manual). 'Love of amusement and deviance' would conflict with the interpretation of Islam essential to Al-Qaida--use of such assets would require internal compromise on the part of the intelligence officer running the assets. Note the similarity of the asset profile to what conventional intelligence agencies approve of--profit, psychology, politics, and pressure motivations. More 'serious' intelligence agencies will use sexual assets and 'weirdos,' but not Al-Qaida, nor the U.S.]
Candidates for Recruitment Are:
1. Smugglers
2. Those seeking political asylum
3. Adventurers
4. Workers at coffee shops, restaurants, and hotels
5. People in need
6. Employees at borders, airports, and seaports
[Smugglers are used to breaking the rules and have useful intelligence--safe routes, gaps in the systems, contacts that can be bribed, etc. Political asylum is curious in Al-Qaida's approach--this, in all probability, means flight from some government or another and the necessity of protection. Pogroms against moslems and 'militant Islam' drive potential recruits right into the hands of Al-Qaida. Adventurers flocked to Al-Qaida in large numbers (even during the bombing in Afghanistan by the U.S., moslems were crossing the border to fight with Al-Qaida and the Taliban). Workers in coffee shops, restaurants, and hotels can gather intelligence, assist the organization in support roles, have ready access to the 'cash economy,' and are largely 'invisible.' People in need can be purchased, and may even have gratitude. Employees at borders, airports, and seaports control the entry and exit points to countries, the first line of defense (and in most Westernized countries, the only line of defense). This last category is the most likely to be managed through a 'fear of being harmed'--if not directly, then through threats against family and friends.]
Types of Agents Preferred by The American Intelligence
Agency [CIA]:
1. Foreign officials who are disenchanted with their country's
policies and are looking towards the U.S. for guidance and
direction.
2. The ideologist (who is in his county but against his
government) is considered a valuable catch and a good
candidate for American Intelligence Agency [CIA].
3. Officials who have a lavish lifestyle and cannot keep up
using their regular wages, or those who have weaknesses for
women, other men, or alcoholic beverages. The agent who
can be bought using the aforementioned means is an easy
target, but the agent who considers what he does a noble
cause is difficult to recruit by enemy intelligence.
UK/BM-94 TRANSLATION
4. For that purpose, students and soldiers in Third World
countries are considered valuable targets. Soldiers are
the dominating and controlling elements of those countries.
[U.S. intelligence is far from monolithic; the comment regarding CIA is typical misassessment of the actual U.S. intelligence process and community. The asset profile attributed to U.S. intelligence is largely inadequate, but discussion of the profile is inappropriate. Note the attention on students and military personnel--student movements are considered a leverage point (from Iran to China, the U.S. to the U.S.S.R.), and control of military assets equates to control of the political system. Subversion of politicians in the U.S. is effective because they have command authority over military and intelligence forces; this situation is reversed in most of the countries Al-Qaida is concerned with gaining control over.]
Recruitment Stages: Suppose the Islamic Organization, with its
modest capabilities, wants to obtain information about an
important target (important personality, building, camp, agency,
ministry). It has to do the following:
1. Finding the Agent: In this stage, the Organization picks
the suitable person f o r supplying the information. The
Organization learns about that person: His financial
condition, his family status, his position regarding the
government, and his weaknesses and strengths.
2. Evaluating the Agent: In this stage, the agent is placed
under continuous observation to learn the times of his
departure to and return from work, the places he visits,
the individuals he meets, and his social interaction with
those that he meets in coffee shops, clubs, etc.
3. Approaching the Agent: After gathering information about
him, a relationship with him is developed under a certain
cover, such as:
a. Family connection and tribal relations.
b. Developing a friendship with him in the club, coffee
shop, and workers union. The [recruiting] brother
develops the friendship as if it were unpretentious
and unplanned. The relationship should develop
naturally and gradually in order not to attract the
target’s attention.
Important Note: In case the first brother fails to develop
a friendship with the target, another brother takes over
UK/BM-95 TRANSLATION
after learning from the first about the target’s weaknesses
(motives that can be exploited) such as his love f o r money,
opposition to the government, love for adventure, or
display courage.
4. Recruiting the Agent: After finding, evaluating, and
approaching a target, comes the second stage of recruiting
him. Recruiting may be direct, that is, telling the agent
frankly about working for the Organization for a specific
and agreed-upon salary. A promise is secured in writing or
verbally.
Or recruitment may be indirect, that is, information may be
taken from the target without informing him that he is an
agent. That may be accomplished by giving him gifts,
sharing his joys and sorrows, and attempting to solve his
problems.
5. Testing the Agent: In this stage, the agent is assigned
certain tasks in order to test his ability, loyalty, and
dependability. The agent does not know that the
Organization already has the sought information. If the
information supplied by the agent does not match the
Organization’s existing information, then the agent may be
an unreliable source of information or may be trying to
mislead the Organization. During the testing stage, the
agent should remain under careful observation to spot all
his movements.
6. Training the Agent: This stage applies tothe recruited
agent, that is, the agent who has been recruited directly
UK/BM-96 TRANSLATION
and is aware that he has been recruited by someone or some
organization for money or other things. That agent: may be
trained on the following:
a. Work secrecy and means of gathering and hiding
information
b. The method of passing information on to officials
c. Concealment and disguising
d. Interrogation and resisting the interrogation
e. Explaining the assigned mission in utmost detail
f. Photography
There might not be any training at all. The agent may be
given freedom in his work, relying on his instinct,
talents, background, and the capabilities of his superior
brother.
7. Treating the Agent: The brother who manages the agent
should possess the qualifications of a perfect spy, a
psychiatrist, and an interrogator. There are two points of
view on treating the agent:
First Point of View: Maintaining a strong personal
relationship with the agent. This technique provides the
agent with the motivation that entices him to take chances
in order to please his friend with the information.
However, this technique has disadvantages. The barriers
between the agent and his superiors are removed, and the
agent may ask for many things that were not agreed upon.
Second Point of View: The person managing the agent treats
him roughly and pushes him to the limits for the purpose of
getting as much information as possible. This technique
uses harshness, cruelty, and threats in order to keep the
UK/BM-97 TRANSLATION
agent constantly active. I believe that the Islamic
Military organization can combine the two techniques. The
agent may be treated in a careful Islamic manner, while the
managing brother appeals to the agent's conscience and his
Islamic association with the work for majestic Allah's
religion. He lures the agent with money and gifts, and uses
cruelty and kindness when appropriate.
8. Terminating the Agent’s Services: That should occur when
any of the following take place: a. The recruitment mission
terminates, b. Incapacity to work because of sickness or
changes in the job situation, c. Repeated errors in
security measures, d. The agent requests the termination.
Means for Testing the Recruit: 1. Requesting specific
information that the Organization knows well, 2. Monitoring him
while he performs his covert work, 3. Overpaying him in order to
know his trustworthiness, 4. Giving him a chance to tamper with
the work documents (unimportant documents).
[HUMINT is an art rather than a science because the assets are unpredictable; this is a significant reason why countries such as the U.S. have relied so much on technical means and methods. The asset management process is informative. Organizational knowledge is reviewed for what is needed, and a target is identified that may be able to supply the information. The target is evaluated for suitability and a way to establish a relationship; the target is also modeled for profiling purposes--psychology is essential. Recruiting the target as an asset is achieved under a plausible pretext and cover identity. Blown contact is managed by hand-off to another officer, who attempts a different approach. Note that no major distinction is drawn between the asset knowing or not knowing the nature of the recruiting organization--either not a perceived risk (it may be considered 'filtered out' earlier in the process), or tradecraft not discussed here. Written promises, proof of affiliation, could provide leverage later in the relationship, or present risk, but again no mention of the issue. Testing the agent is structured as a 'one-off'--not taking into account the complexities of such relationships. Training, if supplied, concentrates on operation security, communication security, basic tradecraft, observation skills, and coping with apprehension (indication that assets are not exfiltrated if in jeopardy, or otherwise 'taken care of'). Recognition of the difficulty in running human assets is interesting. This is Machiavelli's dilemma--is it better to be loved or feared? Note the comment in the 'second point of view' regarding "I believe that the Islamic Military organization can combine the two techniques"--an opinion, not a judgment, meaning not something well seasoned by considerable experience. These comments may be added by a less experienced operator. Note that asset 'termination' leaves the asset in place, with no concerns about turning, blowback, or decommissioning. The 'means for testing the recruit' are wishful thinking--ability to monitor the key elements of covert work imply an asset-in-place (possible, given the comment about 'information that the Organization knows well'); overpayment is a questionable test (contact procedures would prohibit actual counting of money during a meeting; significant sums should be transferred in self-confirming ways (funds transfer)); tampering with documents is again questionable (detection requires an untampered reference; how would an asset know quite what to tamper with?). Location of this section and its content would tend to indicate later addition (again, by less competent personnel).]
Important Advice About Dealing with Agents:
1. Do not send sealed packages to the agent or receive them
from him. These could be booby traps.
2. Leaving something for the agent should be done as quickly
as possible. When transporting and giving an item to the
agent at the agreed-upon location, it should not attract
attention and lead to the agent's arrest.
3. The financial status of the agent should be controlled so
that the agent does not suddenly show great wealth. A
UK/BM-98 TRANSLATION
portion of the payment should be given to him, while the
other should be deposited in his bank account.
4. When wishing to recruit an agent, events should occur
naturally. You may agree with a friend that he invite the
person to be recruited for dinner, or something similar.
While that intermediary person is talking with him, he
notices your arrival at your friend’s,greets you, starts
to converse with you, and invites you to sit down with the
person you want to recruit.
5. When meeting with the agent, make sure neither you or the
meeting place are being monitored. Do not enter a place to
meet with an agent before he does. There could be a trap
for you.
6. If you wait for your agent at the agreed-upon location, you
could be a target for him. Be especially careful if he
goes to the bathroom. Once, in Belgium, an Israeli Mossad
officer met an Arab agent. A few minutes after they sat
down, the Arab agent said that he had to go get something.
When he returned, the Israeli intelligence agent was still
there. The Arab agent then pulled out a pistol and shot
the Mossad agent several times.
7. In order to communicate with the agent, it is necessary to
specify locations such as parks, a university campus area,
etc.
8. It is necessary to continuously communicate with the agent,
to learn about his problems and requests, help him as much
as possible, lift his morale, and renew his confidence.
[Item 1 is good operations security; packages leave a risk of exposure as well. Item 2 implies lack or infrequent use of dead-drops, a curious gap in tradecraft (personal contact is, however, more certain). Item 3 is a security measure that is surprisingly necessary (see Aldrich Ames); in Middle Eastern countries, controls are particularly important, since most assets would likely undergo a significant behavioral change. Item 4 is good tradecraft--stick to pretexts. Items 5 & 6 are operations security for the officer running the asset--like wild animals, assets can never be considered 'safe.' Item 7 is setting the groundrules for contact, particularly contexts that will fit with the pretext of the officer's cover identity. Item 8 is 'preventive maintenance'--assets are under intense and unusual pressure, and a psychological collapse puts operations and the officer in jeopardy.]
[Pages 99-152 not available.]
Source: http://www.thesmokinggun.com/archive/terrmanual1.shtml
[Pages 153-160, respectively:]
http://www.thesmokinggun.com/archive/art/terrmanual1.gif
http://www.thesmokinggun.com/archive/art/terrmanual2.gif
http://www.thesmokinggun.com/archive/art/terrmanual3.gif
http://www.thesmokinggun.com/archive/art/terrmanual4.gif
http://www.thesmokinggun.com/archive/art/terrmanual5.gif
http://www.thesmokinggun.com/archive/art/terrmanual6.gif
http://www.thesmokinggun.com/archive/art/terrmanual7.gif
http://www.thesmokinggun.com/archive/art/terrmanual8.gif
UK/BM-153 TRANSLATION
ASSASSINATIONS
USING
POISONS
AND
COLD STEEL
[Comments in this section will be limited to issues of tradecraft and analysis, rather than technique--let each man sort his dead according to his own taste and fashion.]
UK/BM-154 TRANSLATION
Assassinations Using cold Steel.
A- Assassination with a knife: When undertaking any assassination
using a knife, the enemy must be struck in one of these lethal
spots:
From the Front: 1- Anywhere in the rib
cage.
2- Both or one eye.
3- The pelvis (under target's navel)
4- The area directly above the genitals.
From Behind: 1- The
axon (back of the head).
2- The end of the spinal column directly
above the person's buttocks.
B- Assassination with a Blunt Object: A blow with a club must
be
in lethal areas.
From the front:
1- The two eyes.
2- Where the veins and arteries converge in the neck.
3- Top of the stomach, with the end of the stick.
4- Above the genitals, with the end of the club.
5- The area of the congue.
6- Choke the neck with the stick, like in a hanging.
From the rear:
1- The area of the left ear.
2- The back of the head (axon).
(TN: Blunt object, stick, and club were all the same word in
Arabic; different choices were made, to show range of meaning.)
Assassination with a Rope:
1- Choking (Neck area). There is no other area besides the neck.
Assassination using Hands:
1- Choking.
2- Poking the fingers into one or both eyes and gouging them.
UK/BM-155 TRANSLATION
3- Grab the testicles by the hand and twist and squeeze.
4- Grab the rib cage with both hands and squeeze,
Assassination with Poison: We will limit (the discussion] to
poisons that the holy warrior can prepare and use without
endangering his health.
First- Herbal Poisons:
A- Castor Beans
The substance Ricin, an extract from Castor Beans, is considered
one of the most deadly poisons. .035 milligrams is enough to kill
someone by inhaling or by injecting in a vein. However, though
considered less poisonous if taken through the digestive systen,
chewing some Castor Beans covld be fatal. It is a simple
operation to extract Ricin, and Castor Beans themselves can be
obtained from nurseries throughout the country.
Symptoms: Need to vomit - diarrhea - unawareness of surroundings
- the skin turns blue, leading to failure of blood circulation
[sic] and finally ... death.
B- Precatory Beans
The herbal poison Abrin, extracted from Precatory Beans, is very
similar to Ricin. The seeds of this plant are red and black and
are used in prayer beads [TN: like a Rosary]. Prepare a very dark
ink or refine some normal ink to
UK/BM-156 TRANSLATION
D/M/ /S/
/O/
Dimothyl Sulfoxide
[Can be] found with horse breeders or veterinarians, and we can
substitute Nitrobenzene or "cream" [PH]. The poison is mixed with
this substance, and when the enemy touches the poison, he will
die slowly withing 15 minutes to an hour.
Nitrobenzene poison = external poison [by touching]
___
RICIN
| One of these poisons is
|
ABIN
| mixed with Nitrobenzene or
|
RCIN
| DMSO or the "Cream".
Frog poison ___|
UK/BM-157 TRANSLATION
be as fine as possible while keeping it strong enough to
penetrate the shell of Precatory Beans. Put on a pair of leather
gloves and very carefully bore about twelve holes in each of the
prayer beads. After completing that, spray the prayer beads with
DMSO (Dimehtyl Sulfoxide). The Abrin will kill your victim
slowly, but relentlessly.
Extracting Abrin and Ricin
In order to facilitate removing the shells of these seeds, soak
3.2 ounces (an ounce = 31.1 milligrams) of castor-oil plant seeds
in about 10 ounces of water, adding two teaspoons of 1yo [sic,
maybe meant lye] or an alkaline (a substance extracted from soap
powder). You need to submerge the seeds in the water, so cover
them with clean gravel or use marble. Let them soak for an hour,
then take out the seeds, clean them, and let the shells dry. They
can be easily removed after that.
Put the shelled seeds in a mixture four times their weight of
acetone, until they completely harden, Then put them in a covered
glass container, and leave them for 72 hours. After that,
transfer them to another container through a coffee filter. Put
on surgical gloves and a mask, and squeeze out as much of the
acetone as possible. Then add fresh acetone and repeat
UK/BM-158 TRANSLATION
the procedure of leaving them for 72 hours and straining them
through a coffee filter two more times. The final result will be
pure Eysein [PH} or Abrin.
C- The Water Hemlock Plant
A lethal dose is 3.2 grams. It has a palatable taste, and is very
similar to another plant, parsnip.
Symptoms: Nervous spasms within 15 to 60 minutes, including
severe locking and clenching of the jaw to the extent that the
tongue could be cut off.
D- The Tanj Oil Tree
Second- Semi-alkaline substances: They are highly solvent in
alcohol.
A- Tobacco
There is enough nicotine in three cigarettes to kill a person.
Sixty to 70 milligrams of pure nicotine will kill a person within
an hour if eaten.
B- Potato Sprout
The potato sprout (both rotten and green) contains Solanine.
How to Extract Poisonous Alkaline [Alkaloids]
Chop up the leaves finely. It is preferable to make a mixture,
and then put it in a drip coffee maker, through which the boiling
water can penetrate the coffee gradually.
UK/BM-159 TRANSLATION
Fill a metal pot with about 1/3 rubbing (isopropy[l]), alcohol
mixed with Isopropyl. Let it strain and percolate for an hour.
During the first half hour, add alcohol as needed, and during the
second half hour, let it boil until you have two ounces left in
the container. These, [two] ounces or [could be] less are alcohol
mixed with poison alkaline. Put this amount on a plate, and let
the alcohol evaporate. The remainder on the plate will be very
pure poison. There is another method which is not as good, but it
doesn't require the drip coffee maker. It is simply heating the
minced and mixed plants with the alcohol [we had] before over a
low flame. Its symptoms will appear in 160 days.
Poisoning from Eating Spoiled Food
Since .000028 grams will kill a person, this poison is absolutely
lethal. After consumption, the symptoms appear in 12 to 36 hours.
They include dizziness, headaches, constipation, difficulty
swallowing and speaking, fluids coming from the nose and mouth,
and lack of muscle coordination. It results in death from
respiratory failure. If it is received in the blood stream, death
is very swift and almost without symptoms.
How to Prepare Spoiled Food
Fill a pot with corn and green beans. Put in a small piece of
meat and about two spoonfuls of fresh excrement. Pour the water
UK/BM-160 TRANSLATION
into the pot until there is surface tension at the lip of the
pot. Cover the pot tightly. If you do that correctly, there will
be no air trapped in the pot. Leave the pot in a dark, moderately
warm room for 15 days. At the end of that period, you will notice
a substance on the edge of the pot, and a small amount of
rottenness. These are known bacteria colonies, which secrete
their external poison as a result of the process of bacterial
digestion. You can make three or four pots at the same time
During the time of the destroyer, Jamal Abdul Nasser, someone who
was being severely tortured in prison (he had no connection with
Islam), ate some feces after losing sanity from the severity of
the torture. A few hours after he ate the feces, he was found
dead.
[Ricin first came into public awareness with the assassination of Georgi Markov during the Cold War; since then, the recipe has been published in various books (Kurt Saxon), on the Internet, shown up in U.S. militia training materials, etc. Note that the size and structure of the molecule is an element in utilization of DMSO (used because it doesn't leave a needlemark or other point of penetration that would show up in a forensic examination, although it does leave a signature of its own). Nicotine is another well-discussed toxin, of interest because of the availability in most circumstances of cigarettes (prison, Red Cross packages, etc.). The primitive biological weapon necessitates a weak victim and a lack of modern medical care.]
[Pages 161-169 not available.]
Source: http://www.thesmokinggun.com/archive/terrmanual1.shtml
[Pages 170-175, respectively:]
http://www.thesmokinggun.com/archive/art/terrmanual9.gif
http://www.thesmokinggun.com/archive/art/terrmanual10.gif
http://www.thesmokinggun.com/archive/art/terrmanual11.gif
http://www.thesmokinggun.com/archive/art/terrmanual12.gif
http://www.thesmokinggun.com/archive/art/terrmanual13.gif
http://www.thesmokinggun.com/archive/art/terrmanual14.gif
[Comments in this section will be limited to issues of tradecraft and analysis, rather than technique. For detailed descriptions of the torture that goes on in the Middle East (Islamic and Arabic countries as well as Israel) and elsewhere, refer to the Amnesty International reports publicly available. Much of what is described below is 'mild' as torture goes.]
UK/BM-170 TRANSLATION
Torture Methods: Secret agents use two methods of torture:
A. Physical torture. B. Psychological torture
A. Method of Physical Torture:
1. Blindfolding and stripping of clothes.
2. Hanging by the hands.
3. Hanging by the feet [upside down].
4. Beating with sticks and electrical wires.
5. Whipping and beating with sticks and twisted rubber
belts.
6. Forcing the brother to stand naked for long periods of
time.
7. Pouring cold water on the brother's head.
8. Putting out lighted cigarettes on the brother's skin.
9. Shocking with an electrical current,
10. Kicking and punching.
11. Attacking the brother with vicious dogs.
12. making the brother sit on a stake.
13. Throwing in a septic tank.
14. Pulling out the nails and hair.
15. Dragging.
16. Tying the hands and feet from behind.
17. Utilizing sharp objects, such as a pocketknife or piece
of glass.
18. Burning with fire.
19. Sleeping on a bare marble floor without a cover and
flooding the cell with sewer water.
20. Standing on toes and against a wall pressing with the
fingers for long hours. The brother may be denied
sleep, food, drink, and medicine.
21. Beating on cuts and sore parts of the body.
22. Giving the brother a lot of water or very watery
fruits, such as watermelon, after denying him
UK/BM-171 TRANSLATION
food and drink. After the brother drinks or eats
the fruit, his hands and penis will be tied so the
brother will not be able to urinate.
23. Placing drugs and narcotics in the brother's food to
weaken his will power.
24. Placing the brother in solitary confinement where the
cells are made of a special kind of cement that
gets
extremely hot in the summer and cold in winter.
25. Hitting the brother's genitals with a stick or
squeezing them by hand.
26. Dragging the brother over barb wires and fragments of
glass and metal.
B. Methods of Psychological Torture:
1. Isolating the brother socially, cutting him off from
public life, placing him in solitary confinement, and
denying him news and information in order to make him
feel lonely.
2. Forbidding calling him by name, giving the brother a
number, and calling him by that number in order to
defeat his morale.
3. Threatening to summon his sister, mother, wife, or
daughter and rape her.
4. Threatening to rape the brother himself.
5. Threatening to confiscate his possessions and to have
him fired from his employment.
6. Threatening to cause a permanent physical disability or
life imprisonment.
7. Offer the brother certain enticements (apartment, car,
passport, scholarship, etc.).
8. Using harsh treatment, insults, and curses to defeat
his morale.
UK/BM-172 TRANSLATION
9. Controlling everything the brother does, even in
private, whether he is awake or asleep, to convince him
that they are in charge. They would force him to bow
his head and look down while talking with the guards.
Further, let no one think that the aforementioned techniques are
fabrications of our imagination, or that we copied them from spy
stories. On the contrary, these are factual incidents in the
prisons of Egypt, Syria, Jordan, Saudi Arabid, and all other Arab
countries. Those who follow daily events and read the newspapers
and,journals would be amazed to learn that:
security personnel totally undressed veiled women in public.
The security personnel arrested a brother's mother, a
brother's sister, and a brother's wife and raped them.
the wife of brother Saffout AbdulGhani - may Allah have
him
released - had a miscarriage when the government's dogs
(i.e. cronies) beat and tortured her in front of her
husband.
the security personnel captured brother Hassan Al-Gharbawilas
mother, who is older than 60 years, and hanged her by
her
feet [upside down). The security personnel shaved the
head
of the wife of a barother who participated in the murder
of
Rif'at Al-Kahjoub [Egypt's former parliament speaker].
The stories are numerous and there is intense torture while
Muslims are in deep sleep.
O young men waging a holy war for the sake of Allah, there is
stil1 hope in you. Your country awaits you, your brothers await
you, your wives wait you, the Muslim hostages await you.
[Note the emphasis on countries that Al-Qaida seeks to gain politial control in--the implication being that Al-Qaida is righteous, an essential aspect of Al-Qaida's profile.]
UK/BM-173 TRANSLATION
Advice Taken from the book "Mothakkarat Fida'i Aire8"
[Memoirs of
a Captured Commando]: Concerning interrogation and questioning,
paraphrased.
____________________
8 This book is the memoirs of an Iranian Communist. All
brothers should read it.
1. While being taken to the interrogation and torture areas,
one should concentrate heavily on the route and try to
memorize any signs in order to benefit operations and plan
development.
2. In the beginning of the interrogation, a security officer
(interrogator) would come to you with fatherly advice,
deceitful phrases, and "crocodile tears" so you might
confess and tell them everything.
3. It is necessary to secretly discard any document related to
the work or anything else considered criminal evidence
against you. Better, do not carry any documents concerning
the work.
4. From the first moment in captivity, the brother should
proudly take a firm and opposing position against the enemy
and not obey the orders. The more firm and opposing the
reaction, the more beneficial it is. These reactions will
not 1ead to harsher treatment. Do not give the enemy an
opportunity or an opening.
5. During the torture process, pretend that the pain is severe
by bending over and crying loudly.
6. As torture intensifies, its end nears.
7. Between torture sessions, the officers bargain with
brother and entice him with ending the torture if he
supplies them with any information.
UK/BM-174 TRANSLATION
8. During the torture session, the counseling preacher may
become a vicious beast.
9. The one who gives one piece of information to avoid the
lashes of whips is deluding himself because the torture
would intensify.
10. It is necessary that each brother plan for his interrogation
and discuss it with his commander. He may be captured one
day.
11. When I talk while under torture, I do not mention unknown
dates and places to the security personnel, but well known
ones.
12. When I mention dates or names, it is important to memorize
them because they will ask about them again to know if I was
truthful.
13. Pretending to be naive and ignorant during the questioning
may lead to diverging from the plan, because all factors are
against the brother: The place, the people, the situation.
That leads to some or all the outcomes desired by the enemy.
That is, it is important to remain psychologically and
mentally calm and to maintain alertness and foresight.
14. Detailing events during the questioning, whether verbally or
in writing, directly increases the crime. That person's
situation is just like someone who falls in a swamp [quick
sand]: the more he tries to save himself, the deeper he
sinks.
15. The less information supplied during the torture, the
lighter the judgement will be.
16. A devastating mistake that results in harsh judgement is
that of a brother revealing information to others in his
cell
UK/BM-175 TRANSLATION
not revealed during the torture. This is especially true when
the interrogation is still going on, his fate has been
determined, and the case has not been closed.
17. Relating experiences should not take place prior to the
judgement, but after it.
18. The interrogators may resort to planting suspicion and
mistrust among the brothers. They may pretend that they
have a friendly relationship with one of the brothers. It
is necessary to think well of one another.
19. Do not accept humiliation and disgrace. Disobey orders and
oppose them.
20. It is immortant to coordinate with your brothers before
executing any operation (security plan).
21. The security personnel may leave you for long periods of
time without asking you any questions in order to break your
will and determination.
22. During the interrogation, say only the things that you
agreed upon with your commander. Do not be concerned about
other brothers.
[The 'advice' is fairly standard: learn what you can that may assist in escape, interrogation is largely a psychological game (even if physical torture is involved), the less information the 'enemy' has in advance the easier it will be to deceive them, weakness is a 'slippery slope' (contrast this with the U.S. experience, notably from prisoners of war in Vietnam), pain is part of the game (with both sides trying to tell reality from perception), 'hard and soft' (good cop and bad cop, someone going rough and someone being nice) remains a significant element of interrogation, stick to the deception plan, remember the 'rule of the hole' (first rule of the hole: when you realize you're in one, stop digging), trust no one (particularly 'fellow prisoners'), don't cooperate, isolation is part of the game, and hold out as long as possible. Some of this is pure garbage with modern techniques (item 6 is particularly absurd).]
[Continuation of DoJ file.]
UK/BM-176 TO UK/BM-180 TRANSLATION
PRISONS AND DETENTION CENTERS
IF AN INDICTMENT IS ISSUED AND THE TRIAL, BEGINS, THE BROTHER
HAS TO PAY ATTENTION TO THE FOLLOWING:
1. At the beginning of the trial, once more the brothers must
insist on proving that torture was inflicted on them by State
Security [investigators] before the judge.
2. Complain [to the court] of mistreatment while in prison.
3. Make arrangements for the brother’s defense with the attorney,
whether he was retained by the brother’s family or court-appointed.
4. The brother has to do his best to know the names of the state
security officers, who participated in his torture and mention
their names to the judge. [These names may be obtained from
brothers who had to deal with those officers in previous cases.]
5. Some brothers may tell and may be lured by the state security
investigators to testify against the brothers [i.e. affirmation
witness], either by not keeping them together in the same prison
during the trials, or by letting them talk to the media. In this
case,they have to be treated gently, and should be offered good
advice, good treatment, and pray that God may guide them.
6. During the trial, the court has to be notified of any
mistreatment of the brothers inside the prison.
7. It is possible to resort to a hunger strike, but it is a tactic
that can either succeed or fail.
8. Take advantage of visits to communicate with brothers outside
prison and exchange information that may be helpful to them in
their work outside prison [according to what occurred during the
investigations]. The importance of mastering the art of hiding
messages is self evident here.
- When the brothers are transported from and to the prison [on
their way to the court] they should shout Islamic slogans out
loud from inside the prison cars to impress upon the people
and their family the need to support Islam.
- Inside the prison, the brother should not accept any work that
may belittle or demean him or his brothers, such as the cleaning
of the prison bathrooms or hallways.
- The brothers should create an Islamic program for themselves
inside the prison, as well as recreational and educational ones,
etc.
- The brother in prison should be a role model in selflessness.
Brothers should also pay attention to each others needs and should
help each other and unite vis a vis the prison officers.
- The brothers must take advantage of their presence in prison for
obeying and worshiping [God] and memorizing the Qora’an, etc. This
is in addition to all guidelines and procedures that were contained
in the lesson on interrogation and investigation. Lastly, each of
us has to understand that we don’t achieve victory against our
enemies through these actions and security procedures. Rather,
victory is achieved by obeying Almighty and Glorious God and
because of their many sins. Every brother has to be careful so as
not to commit sins and everyone of us has to do his best in obeying
Almighty God, Who said in his Holy Book: “We will, without doubt,
help Our messengers and those who believe (both) in this world’s
life and the one Day when the Witnesses will stand forth.”
May God guide us.
[Note the assumption of 'due process' and Western judicial procedures. Items 1, 2, 4, and 6 are intended to derail legal proceedings or obtain improved circumstances in incarceration. Item 3 means launching a defense--generally a justification of operations while simultaneously questioning the authority of the court. Item 7 recognizes that hunger strikes only attract attention when the prisoner has some sort of moral position or moral authority (and why a successful hunger strike is the exception rather than the rule). Item 8 is particularly useful--operationally significant information (particularly from commanders) may still be relayed, but again in code. Coding mechanisms are obviously well-considered by Al-Qaida. Note the unnumbered bullets (likely additions) are oriented at Islamification of the issue, including building up potential support and recruits inside the prison system. The quote is the Qur'an 40:51, the Yusufali translation except for the curious change in wording. The original: "We will, without doubt, help our messengers and those who believe, (both) in this world's life and on the Day when the Witnesses will stand forth," which also continues "The Day when no profit will it be to Wrong-doers to present their excuses, but they will (only) have the Curse and the Home of Misery."]
[Dedication)
To this pure Muslim youth, the believer, the mujahid (fighter) for
God’s sake. I present this modest effort as a contribution from me
to pave the way that will lead to Almighty God and to establish a
caliphate along the lines of the prophet.
The prophet, peace be upon him, said according to what was related
by Imam Ahmed: “Let the prophecy that God wants be in you, yet God
may remove it if He so wills, and then there will be a Caliphate
according to the prophet’s path [instruction], if God so wills it.
He will also remove that [the Caliphate] if He so wills, and you
will have a disobedient king if God so wills it. Once again, if
God so wills, He will remove him [the disobedient king], and you
will have an oppressive lung. [Finally], if God so wills, He will
remove him [the oppressive king], and you will have a Caliphate
according to the prophet’s path [instruction]. He then became
silent.”
[This refers to Ahmed bin Muhammad Hanbal (ibn Hanbal) again, one of those vigorously supported in the Wahhabi interpretation of Islam.]
THE IMPORTANCE OF TEAM WORK:
1. Team work is the only translation of God’s command, as well as
that of the prophet, to unite and not to disunite. Almighty God
says, “And hold fast, all together, by the Rope which Allah
(stretches out for you), and be not divided among yourselves.”
In “Sahih Muslim,” it was reported by Abu Horairah, may Allah
look kindly upon him, that the prophet, may Allah’s peace and
greetings be upon him, said: “Allah approves three [things] for
you and disapproves three [things]: He approves that you worship
him, that you do not disbelieve in Him, and that you hold fast,
all together, by the Rope which Allah, and be not divided among
yourselves. He disapproves of three: gossip, asking too much
[for help], and squandering money.”
[The first quote is Qur'an 3:103: "And hold fast, all together, by the rope which Allah (stretches out for you), and be not divided among yourselves; and remember with gratitude Allah's favour on you; for ye were enemies and He joined your hearts in love, so that by His Grace, ye became brethren; and ye were on the brink of the pit of Fire, and He saved you from it. Thus doth Allah make His Signs clear to you: That ye may be guided." The Sahih Muslim quote is from 18:4255 (the Book Pertaining to Judicial Decisions) which reads: "Abu Huraira reported Allah's Messenger (may peace be upon him) as saying: Verily Allah likes three things for you and He disapproves three things for you. He is pleased with you that you worship Him and associate nor anything with Him, that you hold fast the rope of Allah, and be not scattered; and He disapproves for you irrelevant talk, persistent questioning and the wasting of wealth."]
2. Abandoning “team work” for individual and haphazard work means
disobeying that orders of God and the prophet and falling victim
to disunity.
3. Team work is conducive to cooperation in righteousness and piety.
4. Upholding religion, which God has ordered us by His saying,
“Uphold religion,” will necessarily require an all out confrontation
against all our enemies, who want to recreate darkness. In addition,
it is imperative to stand against darkness in all arenas: the media,
education, [religious] guidance, and counseling, as well as others.
This will make it necessary for us to move on numerous fields so as
to enable the Islamic movement to confront ignorance and achieve
victory against it in the battle to uphold religion. All these vital
goals can not be adequately achieved without organized team work.
Therefore, team work becomes a necessity, in accordance with the
fundamental rule, “Duty cannot be accomplished without it, and it
is a requirement.” This way, team work is achieved through
mustering and organizing the ranks, while putting the Amir (the
Prince) before them, and the right man in the right place, making
plans for action, organizing work, and obtaining facets of
power......
["Together we stand, divided we fall." Curious that obtaining power
is of such importance to the pious.]
Transcription and HTML by Cryptome.
[This concludes the analysis. Please refer to Hunting the Sleepers for areas in which Al-Qaida tradecraft itself, and what it tells us about the organization, can be used to pursue their covert operatives.]
Analysis by Decision Support Systems, Inc.