• Honoring The Fallen
  • Publications
  • Subscribe
  • Advertise
  • Forums
  • Contact Us
    1. Investigations

    The would-be bombing

    July 1, 2010
    How info-sharing methods might have singled out the purported Times Square terrorist

       Had the bomb exploded, one former counter-terrorism law enforcement agent says there would have been several fatalities, a large fireball and shrapnel spread for several blocks in Times Square. But on May 1 the explosive elements that were on board the SUV parked on Broadway in New York City did not detonate, preventing mass injuries and possible deaths.

       Though there isn't a body count to tally against the alleged terrorist act, by avoiding suspicion in his or her actions pre-incident, analysts say the perpetrator who built the failed bomb may have still won half the battle.

       Former law enforcement and counter-terrorism personnel say the value in an incident such as this can serve as a lesson in identifying these criminals before they set the timers on their bombs. The coverage on the purported Times Square terrorist has focused on the swift response to the suspicious vehicle and capture of a suspect; but one area that has been overlooked is the method behind identifying precursor activity as a prevention strategy. "The thing I think that's important here is the pre-incident real-time information sharing," Former Bureau Chief of the New Jersey Counter-Terrorism Bureau Stephen Serrao says. "Nobody's really talking about that."

       How do intelligence analysts connect the dots to interdict a would-be bomber prior to finding an explosive device -- inert or active -- and what kinds of information and data-sharing technologies could make this success possible?

    The attempt

       In mid-June, Pakistani-born Faisal Shahzad was accused of attempting to set off the vehicle bomb in Times Square on May 1. The alleged bomber was taken into custody after his getaway car was identified in an airport parking lot. It was two days after the bomb in the Pathfinder was discovered and the suspect was trying to leave the country on a flight from New York to Dubai (United Arab Emirates). According to the federal indictment, Shahzad learned how to build an explosive in Pakistan in December 2009, and returned to the United States to purchase a gun, the 1993 Nissan Pathfinder and components to build the three-part bomb. Though according to news reports Shahzad made statements at his hearing that he intended to blow up the device, it failed to detonate. In addition, Shahzad stated in court he rented a place in Bridgeport, Conn. where he "built the bomb, put it in the Pathfinder and drove it to Times Square," according to a report by CNN.

       The information sharing methods used to follow the clues once the green SUV was discovered were at their best: evidence was obtained at the scene and info was gleaned from the vehicle and its contents that led investigators to query databases and track down data on the sale, owner and purchaser of the vehicle. Data-sharing also helped collect information about the contents of the bomb components and where they were purchased. "Real-time information sharing worked perfectly here," Serrao emphasizes. "But that's all post-incident."

    Raising suspicion

       There are several examples in this case that could have utilized info-sharing pre-incident to help identify suspicious activity before it took place.

       Jeff Beatty, a national expert in counter-intelligence gathering and analysis and Serrao both indicate suspicious behavior that Shahzad purportedly carried out prior to the day the explosive-rigged Pathfinder was parked in NYC, might have placed him on authorities' radar before the folks on West 45th Street and Broadway were ever in danger.

       Beatty's interest in prevention was rooted decades ago. In the mid-'80s he left Delta Force, the elite DoD special ops team, to begin work with the Central Intelligence Agency's Counter-terrorism Center to switch gears from the reactive duties with Delta to proactive activity with the CIA, to try and prevent bad things instead of responding to them. After a slight detour through the FBI, about 15 years ago he started a critical infrastructure protection company, Total Security Services International Inc., which specializes in security planning, operations, intelligence and disaster response. Beatty says that by uniting focused training, fusion centers, info-sharing and analysis, prevention of future terrorist acts may be possible.

       A national counter-terrorism expert who is regularly consulted on national security issues, Beatty is also the national director of training for the First Observer program, a national anti-terrorism and security awareness program for the transportation industry that includes a law enforcement training element and supports the National Preparedness Guidelines of the U.S. Department of Homeland Security's Presidential Directive 7. HSPD 7 charges those responsible for helping secure America's critical infrastructure by planning, deploying technologies and enhancing human capabilities to detect suspicious behavior. "First Observer enhances those human capabilities," Beatty says. "We're training personnel in every domain of surface transportation to observe, assess and report. [If] it's out of the ordinary or it just doesn't look right, they are asked to report it. The idea is we want to pick up on things we missed before 9/11."

       The would-be bombing at Times Square is a perfect illustration of how bystanders can identify something out of the ordinary, even for NYC. When an alert street vendor noticed the smoking Pathfinder unattended, he alerted police.

       "He observed, he assessed it and he reported it," Beatty says. "Now, had that been a functioning bomb, would that have made a difference? I don't know." But observers like that vendor who acted can make a difference. In the last year, Beatty says the First Observer program has received a "significant number of good leads" and those leads are shared with law enforcement. "Without giving away ongoing investigations, I can tell you that I believe this type of training in the United States post 9/11 has prevented terrorist incidents, and in several cases has turned the hunter into the hunted," Beatty adds.

       Another program, the Nationwide SAR Initiative (NSI), enables municipal and state law enforcement agencies to share suspicious activity reports. Any agency can participate in the program as a means to keep an inclusive record of suspicious goings-on for activity pattern linking and future investigations.

       Serrao, now an expert consultant to Memex, which provides information management solutions to law enforcement, homeland security and private sectors, supports NSI. The suspect charged with the attempted bombing is believed to have engaged in several activities that may have alerted authorities prior to the SUV discovery.

       "Had some of the other activity he engaged in been known -- the purchasing of the bomb component, the chemicals, propane tanks, fireworks, even the gun," it might have raised suspicion. However, Serrao says from his experience, it's unlikely that information was shared with anyone in any measure, whether in "real time, fake time, slow time [or] no time." One example is that Shahzad was allegedly on a student visa in the United States but was also bringing in large quantities of cash. "That never raised anyone's suspicion," Serrao says. "No one who had access to that information ever sat back and said, 'Hmm, what's up with this?' and shared that information with state, local or other federal authorities." Serrao's solution to disparate data-keeping includes removing limits on what constitutes suspicious activity reports and relevant data collection.

       "If the threshold is set too high, people, investigators, analysts at fusion centers, we don't get access to the important information because it's seen as not really of a suspicious nature," Serrao explains. "My point is all information needs to be shared. Someone can't filter it. Filtering the information prevents the real exchange of the minutia-type of information that would be the so-called dots that need to get connected."

    Dots and haystacks

       Initiatives to share info on suspicious activity and real-time data can be put into play by agencies at all levels to keep track of red flags. It's hard to concretely ID what should have raised eyebrows in the would-be bomber case, as any ideas are hypothetical, but by collecting all data, investigators and agents create scores of info haystacks that could, when cross referenced or pattern searched, link up otherwise unconnected dots and buried needles.

       Editor's note: For more on the Nationwide SAR Initiative or First Observer's free training program, visit http://nsi.ncirc.gov and www.firstobserver.com, respectively.

    Continue Reading

    Sponsored Recommendations

    Build Your Real-Time Crime Center

    March 19, 2024
    A checklist for success

    Whitepaper: A New Paradigm in Digital Investigations

    July 28, 2023
    Modernize your agency’s approach to get ahead of the digital evidence challenge

    A New Paradigm in Digital Investigations

    June 6, 2023
    Modernize your agency’s approach to get ahead of the digital evidence challenge.

    Listen to Real-Time Emergency 911 Calls in the Field

    Feb. 8, 2023
    Discover advanced technology that allows officers in the field to listen to emergency calls from their vehicles in real time and immediately identify the precise location of the...

    Voice your opinion!

    To join the conversation, and become an exclusive member of Officer, create an account today!