The Limits Of Intelligence Gathering: Kenyan Govt. Warned A Year Before Attack That Terrorists Were Targeting Westgate Mall

from the too-much-data,-too-little-response dept

The narrative in place is that national intelligence agencies need tons of intrusive surveillance programs in order to detect terrorist threats and respond accordingly. Unfortunately, the narrative fails to hold up to scrutiny, prompting these intelligence agencies to ask for some credit to be given for all of their hard work, post-tragedy.

The Boston Marathon bombing is just one example. The head of the NSA, Gen. Alexander, has played up his agency's extraordinary hindsight, which allowed it to rule out the chance of another bombing. This occurred at roughly the same time that the only surviving perp was being taken into custody. Plaudits and such but one would think tapping the backbone of damn near everything would result in more prevention, which Americans would unanimously agree to be the preferable to crystal clear hindsight.

This problem isn't limited to just the NSA. Reports from Kenyan intelligence officials obtained by Al Jazeera (but hosted at Public Intelligence) indicate that government and intelligence agencies had almost a year's advance notice that such an attack would take place.

The documents start with the intelligence agency (NIS - National Intelligence Service) noting it had performed a "security survey" that had identified "key installations and shopping malls" as potential terrorist targets. This was performed in 2011 and the findings passed on to government agencies, along with the security agencies guarding prospective targets. From that point, it details the intelligence it had gathered that indicated an attack was not only imminent, but very specifically targeted.

After detailing the movements of two armed terrorists (and their support personnel shuttling them across borders), the report notes that gathered intelligence suggested more attacks, thanks to recent deterrence efforts by Kenya's military. Following this, the report points out, on Sept. 21, 2012 -- one year exactly before the Westgate Mall attack -- that an attack on that very location was very likely.

Meanwhile, the following suspected Al Shabaab operatives are in Nairobi and are planning to mount suicide attacks on undisclosed date, targeting Westgate Mall and Holy Family Basilica; Sheikh Abdiwelli Mohamed, Sheikh Hussein and Sheikh Hassan. They are believed to be in possession of two suicide vests, twelve (12) hand grenades and two (2) AK 47 rifles, and have already surveyed the two targets. They are being assisted by Sheikh Hassan alias Blackie of Majengo and Omar Ahmed Ali alias Jerry who are currently staying near Mamba Petrol Station and Huruma Mosque along Juja Road.
The report presciently notes (in bold red, no less) that it expects the attack to adhere to the blueprint created by a previous, high-profile terrorist attack.
The envisaged modus operandi include, but is not exclusive to, Mumbai-attack style, where the operatives storm into a building with guns and grenades and probably hold hostages.
Additionally, the report points out that Al Shabaab had deployed two teams of 10 Mandax Jibshe ("head breakers") to attack unspecified targets in Garissa and Nairobi. (Statements from government officials have put the number of perpetrators of the Westgate attack at between 10 and 15.) The report also details a warning sent by Israeli intelligence on Sep. 13, 2013, that also suggested a terrorist attack was imminent.
The Israeli Embassy in Nairobi has raised concern with Ministry of Foreign Affairs of Kenya over possible terrorist attacks on their citizens during the Jewish Holidays period between 4th to 28th September 2013, by Iran and the Hezbollah whom they accused of collecting operational intelligence and open interests in Israeli and Jewish targets around the World including Kenya.
While the Israeli report may have been off on the background of the attackers, the date range was correct. All of this info (more than 25 pages) was turned over to a long list of government officials as it was collected, including the Chief of Defense Forces, the Secretary of Foreign Affairs, Secretary of Defense and Secretary of the Interior.

Granted, Kenya's situation is more tenuous than the USA's in terms of impending terrorist attacks. The report details several suspicious incidents and tries to ascertain the ultimate aim of personnel movements and weapons purchases. The amount of data collected makes it difficult to pinpoint the next terrorist attack, much less allow for any concentration of deterrence to one specific area.

But the report also points out that while warnings were given to various security forces, these seldom resulted in heightened awareness or responsive activity. Scattered throughout the report are discussions of possible targets, many of which would be targeted because of lax security or habitual patterns. The information reported here adds credibility to the claims that the attackers were able to secure space to stow weapons and ammunition in the mall itself before the attack.

So, what good is collecting a ton of intelligence if it's not going to be implemented? The intelligence agency in Kenya may have been stymied by government inaction, but the comprehensive report itself could have easily contributed to this paralysis. With so much potentially harmful activity listed, the unanswerable question may have been, "Where do we start?" With no clear indication given as to what should be prioritized, the info dump almost boils down to pinpointing the next attack to "anywhere, at any time."

The Kenyan government originally blamed the National Intelligence Service for not adequately warning of this attack, although these documents will certainly see those claims walked back. There are also indications the NIS received another warning about the attack one day before its occurrence, but that warning wasn't passed along to the public, either due to a lack of response time, or worse, that issuing the warning would have revealed operational details.

We've discussed before how gathering intelligence rarely prevents terrorist activity, thanks to a number of factors. Collecting too much seems to be roughly as useless as collecting too little. When numerous possible events are detailed with no indication of which might be more likely, the reaction will be haphazard at best.

Intelligence agencies are tasked with providing national security, but seldom seem to know how to actually accomplish this aim. All the information gathering is wasted if there's no focused response plan. Sifting this data through various layers of bureaucracy only results in less focus and delayed responses.

But when confronted with this reality, these agencies seem to feel the real problem is that not enough data is being collected. The evidence suggesting that intelligence agencies had advance notice of the 9/11 attacks has been greeted by FBI Director Robert Mueller as an indication that the agencies' access to data is too limited. As he has opined more than once, the bulk phone metadata collections would have allowed the agency to track one of the hijackers, thus allowing it to "prevent" the attack.

This is post-hoc justification for a controversial program. There are too many variables in place for anyone, much less someone that (should) know the system (including the other government agencies tasked with approving action on such data), to make that claim with any credibility. Likewise, in Kenya's case, the information was there, but any number of factors contributed to the failure to prevent the attack. More data isn't the answer. Better, smarter, focused gathering and responses are.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: intelligence gathering, kenya, surveillance, terrorism, warnings, westgate mall

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    Ninja (profile), 2 Oct 2013 @ 5:58am

    Better, smarter, focused gathering and responses are.

    Monitoring weapons purchases or transportation, infiltrating criminal networks to produce intelligence from the inside, wiretapping persons involved with crime and clearly illegal activity (with focused warrants)... This is the investigative job that should be done by the intelligence agencies and outfits. You don't need to violate the privacy of millions "just in case" this is either some lousy excuse for an inept outfit OR just business as always for the Stasi and a repressive Government. Which one is the NSA?

    reply to this | link to this | view in thread ]

  2. icon
    TasMot (profile), 2 Oct 2013 @ 8:19am

    A Threat Assessment

    That document (from the description not my actually reading it) sounds like a "threat assessment", not a prediction of the future. Much as IT folks look at what types of threats could happen to their IT systems, action is only taken on the "most likely" ones. For example, how likely is it really that someone would put a tap on their internet connection. It could happen but is not likely. This report by an intelligence agency is like mapping out the possible moves in a game of chess. If my rook is taken, I'll do this, if my bishop is taken, I'll do that, if my queen is taken, I'll do something else. The next step is for the politicians to make a decision (OK, stop laughing, I'm serious) about which likely threats will develop into reality and put effective countermeasures in place to stop the attack (I said stop laughing at the politicians making decisions).
    The problem seems to be that the 20-20 hindsight of the intelligence agencies reports would be good at tracking down the perpetrators since they "kind of - sort of" identify who most likely did it. But, if the leaders in charge were to "jump" too many times at false alerts it would look bad and so they don't jump at all and instead point fingers at somebody else as not doing their job. If they start "jumping at shadows", then we would just end up with more security theater.
    To be more useful, those intelligence reports would also need to include some predictions into what would need to happen to indicate that something bad is immenent. Like in chess, when a certain set of moves start to happen, then most likely the opponent is trying to implement a certain strategy. As a bad example, "when the nuclear device shows up at the door to the mall, something bad is going to happen soon.
    Unfortunately, the real world is not as open and visible as all the pieces on a chess board. Let's face it, even with perfect visibility of the pieces and moves on a chess board. Somebody always loses (almost-draws are very rare). The rules in chess and the movements of the pieces are all clearly laid out and visible. In real life, the rules are frequently ignored and the movements are hidden. Still, intelligency agencies seem to be able to "see" some of the clues and predict what will happen. But, also accurately forseeing enough clues of the pre-activities to accurately predict what and when would happen in time to stop the "bad thing" is still in the future.

    reply to this | link to this | view in thread ]

  3. identicon
    Anonymous Coward, 2 Oct 2013 @ 8:27am

    Starting to wonder why they gather the intelligence

    Perhaps the real reason they gather this intelligence isn't to thwart or prevent the actions from occurring, but rather to be ready to capitalize on them and use them for their own political agendas.

    Just think, if you know precisely where and when a huge travesty will occur - you have a far better chance of finding ways to profit or build your agenda on the result of the attack.

    reply to this | link to this | view in thread ]

  4. identicon
    Crusty the Ex-Clown, 2 Oct 2013 @ 8:54am

    I'm just a broken record, asking the same questions over and over:

    Did the NSA catch the LIBOR rigging by the big banks?

    Did the NSA catch HSBC laundering drug money?

    Did the NSA notice HSBC's transactions with proscribed countries?

    Inquiring minds want to know.....

    reply to this | link to this | view in thread ]

  5. identicon
    Anonymous Coward, 2 Oct 2013 @ 9:11am

    Fortune Tellers

    Like fortune tellers and other seers, the intelligence community make many 'predictions'. Hind sight allows the accurate to be identified after the event, and most of the inaccurate ones are forgotten. Gathering more information allows more 'predictions' to be made, making it more difficult to decide which if any are worth acting on.

    reply to this | link to this | view in thread ]

  6. identicon
    Anonymous Coward, 2 Oct 2013 @ 9:19am

    having a foreign policy that involves not being selfish assholes is a good place to start.

    reply to this | link to this | view in thread ]

  7. identicon
    Anonymous Coward, 2 Oct 2013 @ 11:12am

    "Sifting this data through various layers of bureaucracy only results in less focus and delayed responses."

    Seriously? Are you saying that there should be less oversight? That the intelligence community shouldn't have to use the proper channels?

    reply to this | link to this | view in thread ]

  8. icon
    TheLastCzarnian (profile), 2 Oct 2013 @ 11:47am

    Hindsight is 20/20

    Saying this is great, but if the "intelligence" agencies can't identify which threats are real, then what good are they?
    In other words, rather than trying to blame them for failures, I'm saying that the current strategies employed are flawed, and this is the evidence.
    If you can't tell the difference between a needle and a straw of hay, stop building haystacks!

    reply to this | link to this | view in thread ]

  9. identicon
    Anonymous Coward, 2 Oct 2013 @ 12:15pm

    basically, it makes absolutely no difference at all how much surveillance etc, etc, is done. if no one takes any notice of what is found out, regardless of how ridiculous it may seem, you might just as well not do any spying in the first place!

    it reminds me of an event that happened on Hawaii, on the morning of December 7, 1941. that was predicted a long time before it happened but as usual, the ones with the biggest mouths and higher ranking positions, both in and out of the military, ignored the warnings. look what that led to!!

    reply to this | link to this | view in thread ]

  10. icon
    Internet Zen Master (profile), 2 Oct 2013 @ 1:07pm

    Ya know

    Perhaps our government agencies (FBI, NSA) should ACT on intelligence WHEN they get it instead of waiting around and letting it gather dust until the shit hits the fan.

    Maybe we might actually get some of that so-called "security" they keep telling us we have now.

    As the Zen Master says, "We'll see."

    reply to this | link to this | view in thread ]

  11. identicon
    Anonymous Coward, 2 Oct 2013 @ 3:12pm

    Governments receive tons of intelligence warnings, daily. With so many warning floating around and not enough resources to pursue even half of these warnings, the inevitable happens. The vast majority of these warnings get put on the back burner.

    While the unconstitutional spy programs fail to prevent most terrorist attacks. These programs excel in their other missions.

    Missions such as industrial espionage, political blackmail, and suppression of ordinary citizen's rights and freedoms.

    In the end, these unconstitutional spy programs will mainly be used to pursue the latter three missions. These latter missions will become the agencies main spying objectives The unconstitutional spy program is simply more effective at them, and not so effective at stopping terrorism.

    reply to this | link to this | view in thread ]

  12. identicon
    Anonymous Coward, 2 Oct 2013 @ 5:55pm

    Re: A Threat Assessment

    from an agency perspective Assigning probabilities to threats is dangerous, mistakes would be used to Justify Budget Cuts which all government departments avoid if possible

    reply to this | link to this | view in thread ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)


Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.