The dreadful attack in Vienna last month has yet again brought the shadow of terrorism down upon Europe. The shooting, which followed two further terrorist atrocities in France in October speaks to the changing nature of the terrorist threat, and the inherent vulnerability of society from violent extremists intent on spreading fear, and their message of hatred.
Shortly after 8pm on the 2nd of November 2020, on the eve of another necessary curfew to stem the spread of COVID-19, the attacker began shooting at those enjoying a few final drinks before a new lockdown began. Heavily armed with an automatic rifle, pistol and machete, and wearing a mock suicide vest, the attacker Kujtim Fejzulai was known to authorities; he had previously been jailed for 22 months in April 2019 after trying to travel to join the Islamic State or Daesh fighters in Syria, but was freed after just 8 months in December after convincing authorities he no longer held extremist views. Before he could be stopped by armed police, he had killed 4 and injured 23 victims.
This parallels the attack at London Bridge a year ago where another extremist, Usman Khan – who had previously been released from prison for terror offenses – attempted a mass stabbing at an event designed to promote rehabilitation, killing 2 and injuring 3 before armed police intervened.
Fejzulai however, had raised a further red flag earlier this year. In July, Slovakian police been made aware of an Austrian national trying to buy ammunition for an AK-47 assault rifle without a licence – despite passing this intelligence on to the BVT (the Austrian equivalent of MI5), leads were not followed and no further action had been taken.
Assessing the Risk
When attacks are conducted by individuals known to authorities it often feels like a failure, either in the assessment of the individual and the threat they pose, or in the situational awareness of the authorities in understanding the pre-cursor behaviours of an attack.
Law enforcement, intelligence agencies and other bodies designed to protect society are not gifted with the power of prediction, let alone clairvoyance. Our expectations are that they are able to understand risk from data that they are able to lawfully collect and interpret that data correctly to inform assessments and decision making. When tragically lives are taken by terrorist actors, it is vital to revisit these assessments and review if the necessary risk management was in place.
These attacks continue the trend, particularly since the collapse of the Islamic State, towards more improvised attacks and weapons and those that involve smaller groups of people working in comparative isolation (if not single individuals with intent known only to themselves). Therefore, understanding the risk and recidivism of extremists can be extremely difficult, even for those who are extremely close to them, such as probation officers or covert intelligence sources. Further, the scale and diversity of these threats is increasing, with other extreme ideologies like those of the far-right contributing to an individuals grievance and desire for political violence.
Spotting Red Flags – Opportunities to widen the net
However, even the most atomic of terror plots must coexist within the services and functions of society. Just as the Slovakian gun licencing programme flagged and even temporarily thwarted Vienna attacker Fejzulai’s attempts to buy ammunition months before the attack took place, control frameworks around key infrastructure can give society an early warning sign for risk.
Unlike traditional police work though, these control frameworks must exist within wider institutions to be effective in their goals, often within the private sector. For example, one of the most fundamental capabilities for terrorists to act is having access to money and finance. Establishing a flow of money to be able to buy the necessary supplies and make preparations for an attack is essential and banks are duty bound to make provisions to detect and report suspicious financial flows to authorities.
The constantly evolving terrorist threat though means this regulation and associated downstream capability are targeted mainly at complex, multi-national terror plots, and prone to constant false positives when flagging known terrorists from watchlists when on-boarding a new client or when transferring funds between accounts. False positives plague attempts to tackle the scale of the threat.
False negatives may also be on the rise. As attacks increasingly rely on low cost improvisations – more subtle indicators within financial flows may also be red flags; for instance, warning signs may be present from the intent to just hiring a vehicle. In 2017, Khalid Masood carried out an attack on pedestrians on Westminster Bridge using a rented vehicle and in 2016 in a horrific attack attributed to the Islamic State, Mohamed Lahouaiej-Bouhlel used a rented truck to kill more than 80 people in Nice, France.
Other areas for potential alerts may also be easily missed. The brothers behind the Manchester Bombing in 2017 Salman Abedi and Hashem Abedi, purchased the quantities of chemicals necessary for building the explosive device that targeted young people enjoying an Ariana Grande concert from online retailer Amazon, via an intermediary. This perhaps highlights the difficulty when providing screening technology – to use additional analysis and context to screen transactions and shipments – particularly for chemicals such as hydrogen peroxide and alert authorities appropriately.
Artificial Intelligence – At the heart of automation and monitoring
The UK’s strategy of prevent, protect, pursue and prepare and the international regime around countering terrorist financing governed by the FATF, has been subject to much scrutiny since the events of 9/11 and the last two decades of innovation in counter terrorism and anti-money laundering (AML) departments all around the world. With the changing terrorist threat must come changing ways that the risk is managed; technology and processes must be adapted if we are to maintain a safe and prosperous society.
These changes are greatly enhanced by advances in technology. At Ripjar, we are developing AI-powered software that is now able to support both private and public sector institutions in automating, monitoring and investigating the threat from any data source.
One of the breakthroughs we have made is to dramatically improve the performance of watchlist monitoring and name matching. Even at its most basic, this can be a challenge for existing technology. Names are not unique, they can be abbreviated, mis-spelt, or rendered in different alphabets. Tamerlan Tsnarnev, who, with his brother Dzhokhar, became one of the 2013 Boston Marathon Bombers, had already been flagged; in a rare collaboration, the Russian intelligence agency the FSB had warned US authorities that Tsnarnev posed a potential security risk. While the FBI did not have any further intelligence to act, his name was put on international watchlists at every airport and border control point to alert on foreign travel. The technology to flag this however, did not use even the most basic fuzzy matching, and by the time that Tamerlan Tsarnaev returned from Dagestan, the spelling on his passport “Tsarnayev” did not alert on the watchlist record for “Tsarnaev”. A year later two pressure cooker bombs went off at the finish line of the Boston marathon, killing three people and severely injuring more than 260.
AI-based entity resolution offers a solution to addressing this problem, increasing the effectiveness of these searches by more than 90%. Using data-driven approaches to learn and understand how names, their permutations and their likely matches are used, we can reduce both the false positives that mean security and compliance professionals are swamped with irrelevant data and increase the chances that those that seek to harm by accessing infrastructure such as finance, travel or products and services do not slip through the net.
Name screening though, is only as effective as a risk management control as the quality of the data and the places it is deployed. Automation provides a further benefit as it can be more easily integrated into any transaction or on-boarding system, with fewer overheads than manual approaches. This type of automation and monitoring capability can be readily deployed in banks, retailers, border control or any of the vital areas discussed above that might provide the early signs of a terrorist plot.
The Future of Counter Terrorism
Public institutions and commercial businesses play vital roles in the protection of society; this is not just a matter for law enforcement and the hidden world of the intelligence services. As terrorist plots adapt and grow into the next decade, we must embed resilience into the wider fabric of our collective services.
This will require a careful balance between regulators and commercial businesses, it will require these controls to be both effective and largely invisible to the public, and will require innovations behind the scenes as terrorists learn and adapt to new measures. However, these requirements are essential if we are to keep pace with terrorists but also provide commercially desirable, seamless customer experiences and low-friction services.
The sharing of intelligence has long been posited as the holy grail for defending lives and protecting against future attacks. However, what good can come from sharing intelligence if it is not easy to make use of, or it is not deployed in the right places for action? A new generation of intelligence sharing capabilities will be combined with a new generation of intelligence enabling capabilities, specifically those that combine advances in artificial intelligence to screen known entities and hidden patterns of behaviour when acquiring financial services, bank accounts, or when buying ammunition, or chemicals, buying or renting vehicles, or travelling in and out of high risk countries.
We believe that Ripjar has a significant role to play in supporting both financial organisations and government institutions change the way they monitor for terrorist threats using AI, please do get in touch if you’d like to find out more.
David Balson
Director of Intelligence