RT @ByRobDavies: Whatever you say about Road Dahl, the man had work-life balance absolutely nailed. Ooh, tough 90 minutes work this morning… 10 hours ago
RT @calebquinley: 10 days ago, Myanmar’s junta massacred at least 22 civilians (monks, children among them) in a monastery. An unthinkably… 11 hours ago
Another piece from late last year, this time for RUSI looking at the threat assessment provided of the current threat picture to the UK and the work of his Service by MI5’s chief in November. It digs into what he said, and tries to draw on wider data to build up a more detailed picture of what is going on with the picture he painted.
As the government conducts a review of its counterterrorism strategy, a speech by the head of MI5 offered some pointers about the changing nature of the threat.
Main Image Credit Big picture: Director General of MI5 Ken McCallum gives a speech on threats to the UK on 16 November 2022. Image: PA / Alamy
In mid-November, MI5 Director General Ken McCallum gave his annual threat assessment speech, outlining the threats to the UK that his service was monitoring. Much of the focus of the subsequent media reporting was on the state-based threats that he covered (emanating from China, Russia and Iran), but he also highlighted that since his last presentation in July 2021 his service had disrupted eight ‘late-stage attack plots’. Only briefly mentioned was that during this same reporting period, the UK had suffered three terrorist attacks – leading to the death of one attacker and Sir David Amess MP. A close examination of all of this plotting suggests that some important tweaks are necessary to the UK’s CONTEST counterterror strategy to ensure it is able to deal with the complicated threat the UK continues to face.
In his speech, McCallum outlined that the plots the MI5 had detected emanated from ‘a mix of Islamist and extreme right-wing terrorism’ and that the ‘lines demarcating what is and is not terrorism’ were increasingly hard to draw. The focus was largely on lone actor plots (or self-initiated attackers), which his service found across ideologies. He also mentioned the continuing aspiration by groups to launch something more substantial, though this has become much harder for them. All of this may seem a fairly clear assessment, but it is in fact quite difficult to dig into in much detail given current levels of reporting around terrorist plots in the UK.
Security Service reporting around attack plots is increasingly opaque. The habit currently is to refer to disrupting ‘late-stage attack plots’, in which the investigators think that the individual was going down a path of trying to launch an attack rather than conduct some other form of terrorist activity (for example, dissemination of extremist material, radicalisation of others or fundraising in some way). Yet what exactly this looks like has not been clearly defined, and an examination of reporting around terrorism arrests in the UK since July 2021 (when he last gave the speech) reveals only six cases can in which some form of identifiable attack was reportedly being planned.
Many of these are still being managed through the courts, and consequently specific mention needs to be done carefully, but drawing on open source reporting, the following trends are visible in the caseload.
In ideological terms, half appear to have Islamic State inspiration, while the other half have elements of extreme right-wing (XRW) thinking in their make-up. In two of the XRW cases, the ultimate target was a 5G mast, suggesting the influence of conspiracy theories. Both of these cases had deep anger against the government also present in reporting, and both plots involved older individuals (38, 59 and 59). The 59-year-olds were a male and female pair who were reportedly in contact online.
All of the other cases are made up of teenagers, with two cases involving pairs (one two boys of 15 and 19, and the other a male/female 17/18-year-old pair). Of the Islamic State-inspired ones, only one case involves someone with a name of likely Muslim origin, while the others all appear to be non-Muslim origin names, with no reference to conversion in their cases. The targets are all quite general, but it appears that anger against the police or security state is high on their priority list, with two accused of conducting hostile reconnaissance of security establishments (one from each ideology).
They are scattered around the country, and were all active on various online platforms – from large established Telegram groups to gaming platforms and Discord. At least two of the younger boys are identified as being diagnosed with autism spectrum disorders.
When held up against the three attacks that took place during the reporting period which McCallum mentioned only briefly in his speech (Sir David Amess’s murder, the Liverpool Hospital bomber and the Dover migrant centre firebomb), the most obvious similarity is the older nature of the XRW terrorist who attacked the Dover migrant centre. A 66-year-old, his profile fit that of the last four older male XRW terrorists in the UK who launched lone actor plots (Jo Cox MP’s murderer; the Finsbury Park mosque attacker; a man seeking to kill Muslims who stabbed a person in Surrey in 2019; and a Britain First supporter who drove into a curry house owner in Harrow in June 2017). The previously mentioned two disrupted cases seeking to strike 5G masts also somewhat fit this profile.
The other two do not. The ideology of the Liverpool bomber remains unclear, and while he was a younger man, neither he nor Sir David Amess’s murderer were teenagers. Sir David’s attacker appears to have a been a residual case from the cohort of young men radicalised by Islamic State who waited years to launch his attack. This stands in contrast to the confused Islamic State-inspired teenagers in the arrested cohort.
It is hard to know what to draw from this. The most obvious point is the continuation of the previously identified trend of older men (for the most part) being those interested in launching XRW attacks. The fact that 5G masts are a desirable target highlights how the conspiracy theory-driven ideologies that thrived during the pandemic have taken hold among parts of this community. It does suggest a possible new profile of offender that security forces might need to focus on (as general as it might seem). On the violent Islamist side, the Sir David Amess case highlights that there are still residual concerns around the Islamic State-linked cohort, highlighting the long tail this problem can have.
The other side to the age question is the seeming lack of attacks involving teenagers. It is clear from other reporting that the volume of teenagers being arrested is up, but not many are actually launching attacks. Among the XRW community, there have not been any teenagers involved in attacks, and one has to go back to September 2017 and the attempted bombing of an underground train at Parsons Green to find a teenager inspired by Islamic State launching an attack. This is not to discount the potential threat posed by this group, or to suggest that security forces only need to respond to the threat they observe, but it is likely worth considering the extent of the menace actually posed by this young cohort. Jonathan Hall QC, the Independent Reviewer of Terrorism, has raised similar questions, identifying parts of this alarmingly young cohort as ‘keyboard warriors’.
It is also notable that in three of the cases, pairs of individuals were arrested, and in two others there is evidence that the individual was plotting with others online. Only one appears from reporting to be an isolated actor (though this may of course be untrue). This hammers home the oft-repeated point that lone actor terrorists are never really alone. It also raises questions around the three successful attackers – all of whom appear thus far to have been identified as isolated.
This picture is, of course, incomplete and the dataset too small to draw any scientifically satisfactory conclusions. McCallum referred to eight plots, while this author was only able to locate six. But taking this group alone, it is notable how there is a balance between the XRW and violent Islamist groups. The actual danger posed by all of them in national security strategic terms is questionable, though any threat to life clearly needs to have substantial resources dedicated towards countering it. Another aspect McCallum touched upon which is increasingly obvious in XRW plots is the desire to own or use 3D printers to manufacture weapons. Whether this is just for collection or for actual use is unclear, but it helps overcome one of the major hurdles faced by terrorist cells in the UK, which is sourcing weaponry that they can use to cause mass carnage. Guns are hard to obtain in the UK, while bombs require practice to make. Bladed weapons will always limit capability.
Bigger potential terrorist threats were hinted at in other ways. In his speech, McCallum also referred to at least 10 incidents since January of threat to life or kidnapping in the UK involving Iranian actors. This is not new behaviour for Tehran, but the volume when compared to the indigenous domestic threat is notable. It will be interesting to see how much he identifies similar threats from China and Russia, the two other adversaries highlighted, in the future – Russia of course already has form for such action in the UK – and how (or if) the counterterror strategy might seek to address this threat.
There are aspects of the threat beyond the speech which also bear noting. Earlier in November, a 20-year-old and a 17-year-old were arrested in Birmingham for planning to join Islamic State Khorasan Province. This followed earlier reporting of Taliban officials detaining a pair of Britons crossing over from Uzbekistan who were trying to join the group, and a video that emerged from Pakistan which showed an individual identifying himself as Asadullah from England calling for people to come and join the jihad in Pakistan in a strong British-sounding accent. There is a longstanding connection between the UK and jihadist groups in South Asia, and it appears to still be active.
Looking further afield, Syria continues to host a number of potentially threatening groups and UK-linked individuals in Kurdish custody, while Africa has been repeatedly identified as an area where a growing volume of terrorist groups affiliated with al-Qa’ida and Islamic State continue to gather and plot. While it is not clear how much of a threat any of this poses directly to the UK, it illustrates that the threat picture remains fairly constant across much of the globe.
But focusing back on the UK and McCallum’s speech, the most important thing is to try to unpick which aspects of the threat require additional consideration and engagement as the government goes through a review of the CONTEST counterterrorism strategy, and the long-awaited review of PREVENT is released. The threat has clearly changed; it remains to be seen in what way the response will.
Another edited interview with a senior security official for the excellent CTC Sentinel. I realize that it has been quite a while since I wrote an actual researched article for them. Been working on one for a long time which I really need to get finished. Huge thanks to Paul and his excellent team for their work.
Robert Hannigan was Director of GCHQ, the United Kingdom’s largest intelligence and security agency and NSA equivalent, between 2014 and 2017. He established the United Kingdom’s National Cyber Security Centre (NCSC) and was responsible with military colleagues for the United Kingdom’s national offensive cyber program.
He was Prime Minister’s Security Adviser from 2007-2010, giving advice on counterterrorism and intelligence matters. Prior to that, he worked as principal adviser to Prime Minister Tony Blair on the Northern Ireland peace process. He was awarded the U.S. Intelligence Distinguished Public Service Medal in 2017 and honored by Queen Elizabeth for services to U.K. national security in 2013.
Robert is currently Warden of Wadham College, Oxford, and European Chairman of the cyber security company BlueVoyant. He is a Senior Fellow at the Belfer Center, Harvard; Fellow of the Institution of Engineering & Technology; and Distinguished Fellow of the Royal United Services Institute.
CTC: Shortly after you were appointed the director of GCHQ (Government Communications Headquarters) in 2014, the Islamic State declared a caliphate after taking control of large swaths of Iraq and Syria. When you retired as director in 2017, the group was well on the path to territorial defeat in Syria and Iraq. How would you describe the contribution GCHQ made to the global campaign against the Islamic State and protecting the United Kingdom from the group’s terrorism? How did GCHQ evolve to focus on the Islamic State threat, and what were the lessons learned?
Hannigan: There were two things in particular about ISIS that made it different. One was obviously the geographical hold: the fact that it had territory in northern Syria and northern Iraq—whether you want to call it a caliphate or not—which made it almost inaccessible from the ground in practice.
The other thing that made it different was generational. This was a group that understood the power of media, and particularly new media, in a way that previous Islamist extremist groups had not. Those were two big challenges. From GCHQ’s point of view, counterterrorism was at that stage the biggest single mission. There were, of course, lots of other missions, too, but [CT] was a huge investment of resources, for obvious reasons. To some extent, GCHQ was using the lessons it had learnt in Afghanistan, which had been a very strong counterinsurgency/counterterrorism effort where GCHQ had been embedded with the military. It was building on those lessons, but of course the SIGINT environment in Syria and Iraq was very different.
In Afghanistan, essentially the Allies owned the communications space, just as they owned the air space. That wasn’t the case in northern Syria, so it was a different kind of challenge. But a lot of the techniques and international cooperation had been well exercised in Afghanistan. To some extent, the first part was a traditional mission of ‘how do you disrupt and destroy a terrorist organization from its leadership downwards,’ but the second bit was genuinely new in the sense that ISIS was obviously trying to project attacks back, as well as recruit heavily from the West to travel into the caliphate. Both of those ISIS objectives, which were interconnected, were things which we needed to disrupt, and so a lot of the task was about understanding how ISIS media worked and trying to disrupt that. I cannot say how this was done from a U.K. perspective, but there is a great deal of media reporting and academic work on this available in the U.S.
ISIS were doing two things through their media campaigns. One was inspiring people and then actively grooming those they had inspired to either come to join the group or launch attacks. And both of the stages really needed disrupting. Disrupting global ISIS media was a much broader challenge, of course, but trying to prevent individual grooming and attack planning was traditional MI5 territory, supported by GCHQ. It would not be right to go into the details of how it was done, but I do not think there was anything conceptually different about how we went about doing that from disrupting traditional recruitment and attack planning. The big difference was that it was all at one remove.
I think there were two advantages [for ISIS] to having territory: one was the propaganda value and the fact that you can present, as you saw endlessly in Dabiq and the other glossy publications, what life in the caliphate was like. That gave them a romantic propaganda advantage to be able to say, ‘Here we have built this wonderful land for you, where you can live a religiously pure life.’ But it also gave them a safe place from which to mount operations, and all they needed apart from connectivity was the understanding of how to do that: How do you inspire, radicalize, and then manipulate people? So in a sense, it was a psychological campaign as much as a physical one.
CTC: How would you describe the counterterrorism cooperation between GCHQ and U.S. agencies such as the NSA as well as other members of the Five Eyesa and European allies?
Hannigan: It is incredibly close and always has been, in particular with the NSA. But I think what happened over the ISIS campaign was that counterterrorism really drove the cooperation between SIGINT agencies in Europe. Cooperation amongst European partners has always been good on particular cases, but I think the pressures of terrorism really drove that in a very constructive way. So now the SIGINT agencies are [working] closer together, probably more than they have ever been as a result of terrorism, and there was very active cooperation right through the attacks in Europe and beyond, as well as cooperation with other services around the world.
Fortunately, with European partners, Brexit did not make much of a difference in terms of maintaining cooperation, partly because of the threat of terrorism; these joint efforts were too important to be damaged. Different Five Eyes partners will have slightly different relationships with different European countries. But for the U.K., the French and German relationships, for example, were very important. And the U.K.’s traditional military and intelligence relationships with the Scandinavian countries have remained very strong and strengthened in the context of Russia.
CTC: What for you have been the key lessons learned in balancing democratic liberties with intelligence gathering in counterterrorism in the 21 years since 9/11?
Hannigan: It’s always been a balance. Access to data is the key for SIGINT in particular, but probably for all the agencies, and what’s changed is that there’s been an exponential rise in the amount of data being produced by the private sector on citizens. This gives undemocratic states new possibilities to do surveillance, and it’s right that in a democratic society you need to have an active and constant debate about whether you’ve got the balance right. In the U.K., the [2016] Investigatory Powers Act was an attempt to do that after the revelations by Edward Snowden, though I think the legislation was coming anyway at the time, probably accelerated a bit by Snowden. In the U.K. context, that legislation seems to strike a balance that people are comfortable with.
It’s quite interesting that very quickly after the Snowden revelations, the debate moved on, because terrorism, then the resurgence of Russian aggression, and what the tech companies were doing with data really made what governments had access to seem quite secondary. Of course, it is very important that government should be held to a higher standard, and I think that it is a debate that needs to be had all the time, particularly as data processing and data holding in the private sector changes. But it does feel like the public debate has moved on, moved on to what companies like Facebook/Meta and the other tech companies are doing.
So I think the lesson for the intelligence community is not to be afraid of the public debate. Probably one of the mistakes made towards the end of the last century, and at the beginning of this one as the internet became available widely, was not to have that debate openly enough. Because consent is crucial to intelligence operations in democratic countries, and I think there was probably an assumption that everyone understood what was happening within this context and I am not sure people did. So one of the lessons is to get better at having that debate more often, especially as it is not a static thing and you are never going to come to a conclusion on the issue, rather it has to be a dynamic debate. Ultimately, we want the minimum necessary powers for agencies. But as the technology evolves, you have to evolve in response.
CTC: If we could pull on a few threads there, what was the impact of Edward Snowden’s revelations on counterterrorism capability, and how responsible do you think the social media platforms have been in keeping terrorists and extremist content off their platforms?
Hannigan: There was a clear reaction from terrorist groups and hostile states in particular, to the revelations, and yes, there were specific counterterrorism consequences, which at the time my predecessor Iain Lobban and his counterpart at the NSA Keith Alexander talked about.b There were things going dark that probably wouldn’t have gone dark otherwise.
With the tech companies, things have changed, but when I came into the job in 2014 I had a go at the companies1 (something that was unusual at the time). I thought they were at that point being irresponsible, and we were in a slightly ridiculous position where the agencies were having to ask a company’s permission effectively to help on particular operations. The companies would decide whether this met their threshold for what constituted terrorism, and there seemed to be something completely anti-democratic about that. For all their failings, governments at least get elected. Tech companies are not, and they do not have any expertise in this, so it is quite weird to be expecting a bunch of probably well-meaning people in Silicon Valley to make decisions about what is and what is not terrorism in a far-flung part of London.
And, to be fair to the companies, I think they felt deeply uncomfortable, too. They are money-making enterprises. Most of them are effectively advertising companies, if we are honest; Meta is a massive advertising company, and so was part of Google. That is their business, and they did not really want to be drawn into CT, which is where the narrative about them being neutral conduits and just platforms with no editorial control came from. I think they actually believed that narrative, and they really did not think they were enabling terrorist activity.
I think over the years—under public pressure but also as a result of terrorism and other serious crime—they have realized that they are not neutral and they have to take some kind of position on this, and they have to find a better way of doing it. Every major country is now looking at legislating on this; in the U.K., through the Online Safety Bill.c The manipulation of democratic institutions and elections has accelerated the feeling that we have to do something and put even more pressure on the tech companies.
So it does look very different now from when I said those things about ‘big tech.’ It was unfashionable to have a go at tech companies back in 2014; now everybody piles in and, if anything, it is a little one-sided. I think they are, on the whole, trying to address the problems, with varying degrees of success. But nobody quite has the answer. We know in the West that we do not want state control of these things, but neither do we want an unregulated private sector-driven landscape.
CTC: GCHQ has long been associated with signals intelligence. But in recent decades, there has been an information revolution with deep implications for intelligence gathering and analysis. Not only is there vastly more information (and dis- and mis-information) to sift through than ever before but open-source intelligence has become much more important and “the government’s ability to collect and analyze information is nowhere near dominant compared to what it used to be.”2 How have and should agencies like GCHQ be adapting? How important is AI and machine learning (ML) in this new era? Given “secret agencies will always favor secrets,” and given the calls for an open-source agency to be set up in the United States,3 does the United Kingdom now need a dedicated open-source agency, a new sort of BBC Monitoring?
Hannigan: Well, it’s interesting you mentioned BBC Monitoring as the Americans had the Open Source Center, which was a much larger version of that. It has now changed and become the Open Source Enterprise.d It was taken very seriously by the U.S. and did a great job. As does BBC Monitoring, though it has gradually been pared down over the years, and in any case was traditionally more focused on broadcast media than on new media or social media.
[Dis/mis-information] is a huge challenge but is highlighted not so much by terrorism but by the attempts to subvert democratic processes by Russia. The U.K. and lots of countries were really caught napping here because there wasn’t any structural part of government whose responsibility was to monitor this. There were two reasons for this, I think. One is that the secret agencies have a lot of other things to do—countering terrorism, for example—and have limited resources. But secondly, it’s very uncomfortable for intelligence agencies to be doing open-source monitoring, particularly where social media is concerned. There is something instinctively difficult about secret agencies looking at mass social media use. The idea [of having] GCHQ or MI5 all over everybody’s Facebook accounts smacks too much of a surveillance state and would be unacceptable in a democratic society.
As a result, for both those reasons, lots of governments, including the U.K., have shied away from looking at this and attempted to do it in a tactical, well-meaning but arguably ineffective way in the Cabinet Officee or somewhere like that, where they are trying to get a small group of people to have a look at this information flow.
To me, the answer has to be a better use of the private sector. Most of this open-source material is being generated by the private sector. Look at Ukraine and the low-orbit satellite imagery that is being generated; it’s absolutely phenomenal, better in many cases than the military equivalent and available in theory to everybody. [The same applies to] the monitoring of social media trends. So I think the answer has to be government agencies using [private sector-generated data and analytics] better.
There are still lots of datasets that are secret, of course, and there are statutory-based accesses to data, which other people don’t have outside government. Focusing on that and what is genuinely secret and hidden is a much better use of agency time.
The real advantage comes from washing the secret and the open-source data together. In other words, you are, as a secret agency, doing your secret thing but you’re also washing that against the results of open source, and that’s where you get something particularly valuable and that’s where you ought to be able to spot some of the things we failed to spot: for example, Russian intervention in elections. But if I am honest, I do not know how much progress Western governments have made on this. The U.S. probably comes the closest because they have invested in it, but I think most governments have just danced around it, partly for resource reasons, but also because it is politically and ethically a very difficult area.
The answer is probably to use the private sector mechanisms that are there already and that are quite open; there are NGOs like Bellingcat that are already doing some extraordinary work in the public domain. They are not the only ones; there are plenty of academic NGOs and journalistic organizations who are doing really interesting work here and it is every bit as good as what governments do. So I do not think we need some huge new bureaucracy in government to look at open-source material; rather, we should synthesize what is already out there and use it intelligently with the secret insights that agencies generate to deliver some more effective results.
CTC: Another key part of this, which brings in the private sector, is encryption, and you regularly hear from politicians and serving security officials that end-to-end encryption is a danger that protects, among others, terrorists. What is your sense of the counterterrorism concerns around this?
Hannigan: The GCHQ view on this has always been slightly unusual because GCHQ is an agency that delivers strong encryption and, indeed, in the 1970s was involved in inventing some of the strongest encryption that is currently in use. So we think encryption is a good thing. It protects everybody—protects governments and protects business. I have always resisted the temptation to say encryption is bad somehow, and law enforcement and government should be given the key to everything, partly because I do not think that would be healthy and partly because it’s not practical. You cannot uninvent end-to-end encryption. It is a mathematical invention; it’s not something you can suddenly say is not going to be there.
What you have to do is keep it in proportion. Yes, it is misused by criminals and terrorists, but it is predominantly used by honest citizens and businesses who are protecting themselves, so we shouldn’t let the security tail wag the dog. As always, criminals and terrorists will use good technology for bad purposes. There are some ways around this. One is to work with the companies, as they themselves have offered to different degrees to do things that are short of decryption because, of course, they cannot decrypt it themselves if it’s genuinely end-to-end, but there are things they can do to help with the data around it. It is probably not helpful to go into the details here, but they themselves have said it is not all about the content.
Better relations between the companies and governments help. And there are some macro proposals that have been put out there but so far they have not found favor with the privacy lobby in the United States. And whatever you do, you will always have criminals who will use something else, move away from the big platforms and use something different, so you might just end up pushing the problem elsewhere. You already see a bit of that now, with, for example, a lot now coalescing around Telegram and away from some of the traditional Western platforms.
The short answer is that there is not an easy answer. And efforts should be focused on particular targets rather than trying to do anything at scale. I know some law enforcement people still hanker after large-scale solutions, but there is, frankly, no way that companies are going to give any kind of blanket access to law enforcement or governments in the future. And I cannot see any legislation that would actually compel them to do it. Of course, there are some countries that ban end-to-end services, for this reason. But I cannot see democracies agreeing to that, and I think it would be disproportionate. The task for the agencies in cooperation with the companies is to go after specific targets and help each other do that, where there’s general agreement that these are legitimate targets.
CTC: In July, FBI Director Chris Wray and MI5 Director Ken McCallum did a series of events in London in which, among other things, they identified the lone-actor threat as the heart of the terrorist threat both faced.4 Would you agree with this assessment, and how do you characterize the journey of how we got here?
Hannigan: They are much more current than I am on this, but it has been a trend for a while. In fact, it was ISIS and [Abu Bakr] al-Baghdadi himself that promoted the lone-wolf idea and propagandized it through their various channels, so it’s not unexpected. It was a perfectly logical response to better intelligence and law enforcement disruption because it’s extremely difficult to spot, disrupt, and prevent genuine lone actors. The thinking of the al-Baghdadi model was ‘we don’t need to control this. We do not even need necessarily to know who you are; if you go out and do something for ISIS, then you are part of the struggle.’ That’s quite a new departure for terrorist groups. They have always tended to be control freaks: The study of terrorist bureaucracy and leadership is instructive. By contrast, ISIS was crowdsourcing in quite an innovative way. The demise of the ‘caliphate’ made the lone wolf approach even more compelling for ISIS.
I would not write off organized terrorism in the future; I think there’s plenty of evidence that it has not gone away, but lone-actor terrorism does seem to be the trend at the moment and the thing that is hardest for agencies to spot. All I would say is, if you look at the lone wolves who have been successful or mounted successful attacks in a number of countries, they are very rarely completely ‘lone’ or completely unknown to their government agencies. And so it comes back to the age-old problem of prioritization. Most of them appear amongst the ranks of the many thousands of people of interest to police and law enforcement and intelligence agencies, and probably the task is to use data better to prioritize better.
Some of the criticisms around, for example, the London Bridge attacksf were about failures to do that and failures to use data better to understand where the priorities are and where the tipping points are. But all of this is very easy to say and very difficult to do, and it is never going to be [got] completely right. It is a constant struggle for MI5 in particular, but for all agencies to prioritize out of the thousands of people who might be a worry, who are the ones that you need to focus on now, and deploy your very, very limited surveillance resources on, because we all know how much it costs and how difficult it is to do.
But the reality is that even lone wolves usually display behavior and patterns of life [notwithstanding encrypted communications and the end-to-end problem] that says something about them; they are in touch with other people, even if they’re not involved in joint attack planning. The challenge has to be to use data to try to work out when they have reached a tipping point. You will never be successful 100 percent of the time, but it’s about trying to raise the percentage of success.
CTC: Not only does the West currently face the challenge of Russian aggression in Ukraine, but Directors Wray and McCallum identified China as the biggest long-term national security threat.5 Given the shift in resources on both sides of the Atlantic to great power competition, is there a danger of counterterrorism being underfunded? Where do you see the intersections between great power competition and counterterrorism?
Hannigan: It is a perennial problem of governments that you veer from one crisis to another, and [then] something has to be deprioritized. We have seen what happened after we deprioritized Russia after the Cold War. The ambition should be to try to reduce investment in particular areas without giving up your core capability and eroding the skills and knowledge that you have had on that subject. This applies to counterterrorism, too, because the threat hasn’t gone away.
It is clearly right to focus on China and Russia. When I started at GCHQ, I said I thought the two big challenges for the next 50 years in the West were managing a declining Russia and a rising China. We are seeing the declining Russia problem in the lashing out, and the nationalism, and the economic failure to reform, and the kleptocracy that has emerged as a result. We are experiencing that in Ukraine, and it’s a big challenge to confront and contain it, but I think it is a much easier challenge than a rising China, which is a complex mixture of opportunity and challenge. But there is a lot of threat there as well, as Wray and McCallum rightly said. So we should be focusing on that, and it is the right top priority, but that doesn’t mean we can neglect CT. There will have to be a difficult discussion about to balance resources. Quite a lot of the great power strategy is outside the remit of agencies. A lot of it is about industrial policy, investment decisions, and regulation. Regulating Chinese tech and Chinese tech ambition is not core intelligence work, so it doesn’t all fall on the agencies.
On the question of crossover, that is a potential worry because states obviously have used all sorts of proxies in the past. In the cyber world, they use criminal groups. And they have also used terrorist groups as proxies. It is not hard to imagine that in the future, they will do the same again to put pressure on Western countries either by using terrorist groups in whichever part of the world the conflict might be taking place, or even to target us at home. I do not know that we’re seeing a sudden upsurge in that yet, but it is certainly a concern for the future, and the more desperate a country like Russia gets, the more likely it is to be happy to foment that.
CTC: You led the creation of the United Kingdom’s National Cyber Security Centre (NCSC), oversaw the country’s pioneering Active Cyber Defense Program, and helped create the United Kingdom’s first cyber security strategy.6 When it comes to cyber, much of the concern has focused on state actors such as China as well as criminal groups and the threat to critical infrastructure. How would you characterize the cyber threat posed by terror groups, including jihadi terror groups? Have we yet seen a cyber terror attack?
Hannigan: There have always been great scare stories about this, partly because the media loves the idea of cyber terrorism and terrorists being able to take down an entire infrastructure or electricity grid or something. Whether we have seen it or not depends on how you define it. You could say Hezbollah [cyber] attacks against Israel are cyber terrorist attacks.g You could say that Iranian attacks on water treatment plants in Israelh are a potential attack by a nation-state designed to instill terror.
So, it is certainly not unimaginable, but cyber is not necessarily the best weapon for terrorists to use. Firstly, it does require quite a degree of long-term commitment and knowledge. And terrorists in the past have been rather traditional in wanting spectaculars of one sort or another, so their mindset may not be geared towards it. This may change with the new generation. We certainly saw that with [their ability to exploit] social media, so there is a logic to saying, ‘Well, they might get good at this in the future.’ It has also got much cheaper and easier to do because [the technology] is something you can now buy as a service or commodity and use it. So, the trajectory suggests that it ought to be easier to do cyber terrorism in the future.
The other point, though, is that while you can disrupt things and you can make people’s lives difficult [through cyber-attacks], it is quite difficult to do destructive activity that is really long lasting. Having said that, I did notice that one of the American consultancies on tech that issues reports every so often, and is usually quite a cautious organization, projected that by 2025 operational technology would be weaponized to cause death.7 They were certainly thinking of nation-states rather than terrorists, but the fact that they were saying this is interesting.
These kinds of destructive cyber effects will be accidental for the most part. The first cyber homicide that I can think of is the case in Germany two years ago where a woman was being transferred to a hospital that had been paralyzed by ransomware and so she was diverted to another hospital and died on the way. German police decided to treat this as cyber homicide.8 Those sorts of things—ransomware out of control—might well cause people’s deaths, either through interfering with operational technology that is running power, water, or healthcare, or just by accident. But all of that is more likely than a planned cyber-terrorist event. But it is not unimaginable, and it is not unimaginable for the nation-state to find it convenient to false flag something [it has perpetrated against an adversary], to mask a cyber attack as a terrorist attack. We have, of course, seen the Russians doing that in their [2015] attack on [the French television station] TV5,i which they flagged as a terrorist attack.9 So cyber terrorism is not unimaginable but probably not top of the list of worries at the moment.
CTC: In the September 2021 issue of CTC Sentinel, former acting CIA Director Michael Morell assessed that following the Taliban takeover of Afghanistan, “the reconstruction of al-Qa`ida’s homeland attack capability will happen quickly, in less than a year, if the U.S. does not collect the intelligence and take the military action to prevent it.”10 It’s been a year since the Taliban assumed power. How do you assess the international terror threat from jihadi groups operating on its soil?
Hannigan: My biggest concerns are, do we know what the threat is and how would we know if it is growing? We have lost most of our insight into what’s going on in Afghanistan, for all the obvious reasons, and the biggest worry is we simply won’t see a problem—from ISIS in particular but also al-Qa`ida—until it’s well formed and mature. Now, I may be wrong; maybe we have great insight. But I have not seen it, and I doubt it is actually there. The successful U.S. attack on al-Zawahiri this summer seems to me to be about a determined long-term manhunt: It does not imply great understanding of Afghanistan in general. In addition, there are so many other things going on in the world that even if we had some insight, I doubt it’s top of the list for most governments. So I think it is a real concern from an intelligence point of view as to who actually knows what the CT threat emerging or growing in Afghanistan is, and how much of it might be projected outwards. Most of it is currently focused internally, but these things have a tendency to get externally directed over time.
CTC: According to the 2021 U.K. government integrated review, “It is likely that a terrorist group will launch a successful CBRN attack by 2030.”11 In the wake of the COVID-19 pandemic, what is your assessment of the CBRN terror threat?
Hannigan: It is a bigger worry to me than cyber terrorism by a long way. Partly because organizations have seen the chaos you can cause through CBRN, and whether it’s pandemics, chemical weapons in Syria, or the near disasters in Ukraine through radiological mismanagement during the war, there must be people thinking, ‘Well, if I want to cause an enormous amount of suffering and disable a country, this is a better route to go.’ A key problem is that the global instability tends to make the control of the substances more difficult. We have been pretty effective [in past decades] in having organizations like the OPCW [Organisation for the Prohibition of Chemical Weapons] that could control and monitor the materials you need to conduct such an attack. However, in a world of chaotic great power relationships, that gets much harder, and so the opportunity to get hold of this material, or to manufacture it, becomes easier. Afghanistan is one of those places where we have seen in the past, and could certainly see in the future, terrorist programs to this end. It is certainly a bigger worry to me than cyber terrorism.
CTC: Given the strong nexus to far-right extremism of Russian paramilitary groups involved in the fighting in Ukraine and given the history of such ties also on the Ukrainian side,12 do you see any terrorist or foreign fighter threat emanating from the war in Ukraine?
Hannigan: One of the lessons we should learn from ISIS is relevant to this discussion. One of the reasons the lone wolves or more often the small groups who were effective in launching attacks—for example, in [Paris in November] 2015—were so effective was that they were battle-hardened and they knew what to do. They knew how to withstand firefights. They were not just ideologically hardened; they actually had battlefield experience. You have to assume that the same could be true of other kinds of extremists returning from any conflict. We have seen similar things emerging from Chechnya in the past as well. It seems plausible that the many current theaters of conflict may produce battle-hardened and radicalized individuals.
CTC: What is your assessment of the current security outlook in Northern Ireland?
Hannigan: We obviously underestimated, in around 2007, the resilience of dissident Republicanism, and I think that was partly because nobody foresaw the economic downturn. People assumed that there would be a great tidal wave of economic benefits and a peace dividend for lots of communities that did not materialize. But you cannot just pin it all on economics. There is a cyclical side to Republican violence in Irish history that is unlikely to ever go completely away, but the problem now is that the politics can get destabilized relatively quickly. I do not foresee a sudden return to violence, but I think the more the politics frays, the more instability there is, and the more you tinker with what was a political settlement that everybody could just about buy into, the more you run the risk of the fringes becoming violent again. And all of this might start successfully radicalizing young people. It was never a particular concern that the older generation of dissidents were still there—diehards who never signed up to the peace process and were never going to change their minds—but what was concerning was young people being recruited in their teens and 20s into dissident activity. That’s much more worrying. It is the key thing you have to guard against for the future. And clearly, the best way to do that is through political stability and political progress.
CTC: What were you most proud of in your work in counterterrorism? From a CT perspective, what worries you most today?
Hannigan: I am very proud of what GCHQ did in preventing attacks in the U.K., with MI5 and others. Most of those are not seen because they are prevented, but that was great work that I do not take any personal credit for, but was done exceptionally well. Personally, the thing I found most rewarding in counterterrorism was in Northern Ireland because this was a domestic threat where pretty much all the levers were in the U.K.’s hands—security and intelligence, economic and political. It was probably the last time that the U.K.’s top national security threat, as it was then, was a domestic one. It taught me a lot about terrorism, not least through talking to members of the Provisional IRA and other organizations, which gave me a greater understanding of how terrorist organizations think and work, and how individuals are motivated. In the end, it was, over a 30- to 40-year period, a successful process. There were, of course, mistakes, but it was a good marriage of security policy and political process, that addressed the underlying causes of the Troubles and, partly through good CT work, created space for politics to work.
I do not think Islamist extremism has gone away and the rise of the extreme-right is clearly a concern, but terrorism will continue to bubble up in all sorts of areas that may not yet have been predicted: where people feel either disenfranchised or disadvantaged, or feel that their identity is threatened. In a chaotic international environment, where outrage can be generated and manipulated on a larger scale than ever before, not least through technology, there will be more of this, and it will be more unpredictable. Right-wing extremism is just the latest [threat to gain prominence], but in reality, it has been around a long time. I suspect there may be all sorts of new causes, and people may resort to violence more quickly than they did in the past. CTC
Substantive Notes [a] The Five Eyes (FVEY) is an intelligence alliance of Australia, Canada, New Zealand, the United Kingdom, and the United States.
[b] Editor’s Note: In a November 2013 hearing before the UK Parliament’s Intelligence and Security Committee (that provides oversight of the UK’s intelligence agencies), Sir Iain Lobban revealed “we have actually seen chat around specific terrorist groups, including close to home, discussing how to avoid what they now perceive to be vulnerable communications methods or how to select communications which they now perceive not to be exploitable.” “Uncorrected Transcript of Evidence Given By, Sir Iain Lobban, Mr Andrew Parker, Sir John Sawers,” November 7, 2013.
[d] Editor’s Note: In October 2015, the Open Source Center (OSC) was “redesignated the Open Source Enterprise and incorporated in CIA’s new Directorate of Digital Innovation. The Open Source Center, established in 2005, was tasked to collect and analyze open source information of intelligence value across all media – – print, broadcast and online. The OSC was the successor to the Foreign Broadcast Information Service (FBIS), which gathered and translated world news coverage and other open source information for half a century.” Steven Aftergood, “Open Source Center (OSC) Becomes Open Source Enterprise (OSE),” Federation of American Scientists Blog, October 28, 2015.
[e] Editor’s Note: The Cabinet Office is a central U.K. government function that supports the Prime Minister and his Cabinet, drawing on input from across government to help deliver on policy goals.
[f] Editor’s Note: On June 3, 2017, three terrorists launched a knife and van ramming attack on London Bridge and in the nearby area of Borough Market, murdering eight before dying themselves. On November 29, 2019, Usman Khan, a formerly incarcerated terrorist attacked and murdered two people at an event at Fishmonger’s Hall, before being shot by police on the nearby London Bridge. In both attacks, subsequent investigations revealed that authorities were aware of the individuals and may have failed to prioritize the level of threat that they posed. For more on the 2017 attack, see the inquest page at https://londonbridgeinquests.independent.gov.uk/ and the 2019 attacks, its own inquest page at https://fishmongershallinquests.independent.gov.uk/
[i] Editor’s Note: In April 2015, TV5 Monde was taken off air in an attack carried out by a group of Russian hackers. It was reported that they “used highly targeted malicious software to destroy the TV network’s systems.” An Islamic State-linked group going by the name the Cyber Caliphate had first claimed responsibility. Gordon Corera, “How France’s TV5 was almost destroyed by ‘Russian hackers,’” BBC, October 10, 2016.
A longer report I have been working on for some time which builds on work about the terrorist threat in the UK as part of a series run by the German foundation the Konrad Adenauer Stiftung looking at the state of the terrorist threat in Europe in general. Have another big piece on this have been working on forever, just need to find time to finish. The entire report is available free online as a good looking PDF, so am not going to re-post in its entirety here, but will put the executive summary to give you a taste.
The UK’s jihadist terror threat picture has evolved compared to the 2000s, when the UK was a key target of al-Qaeda, and even more since the collapse of ISIS’s caliphate in 2017. That year, in fact, marked something of a recent apex which has heralded a period of regular lone actor plots – some of which demonstrate an inspiration from ISIS, but others where it is unclear. This paper seeks to better understand this transformation and the evolution of the threat in the UK, as part of the “Jihadist Terrorism in Europe” series published by the Konrad Adenauer Stiftung in which renowned experts analyse the current state of the jihadist threat in various countries, as well as the related counter-terrorism strategies and political debates.
In the present study, Raffaello Pantucci looks at the UK, which most recently in January 2022 saw a radicalised British national launch an attack against a synagogue in Texas in advance of the attempted liberation of Dr Aafia Siddiqui, the long-jailed female al-Qaeda member serving a lengthy sentence in a nearby jail.
› Although the UK jihadist threat has not produced any large-scale attacks recently, it has consistently produced lone actor plots.
› The paper outlines how the current threat links back to the past, and in particular the dangers posed to the UK by the reemergence of a Taliban-controlled Afghanistan.
› The UK also still has a lingering problem of foreign fighters who went to Syria and Iraq. Passport deprivation – a preferred Home Office method of dealing with such cases – has not eliminated the problem but simply displaced it. Some individuals are still trying to return home, while others remain in Turkish or insecure Levantine jails.
› Authorities in the UK have consistently focused on trying to manage the threat through greater internal coordination.
› Larger problems around extremism continue to fester, though the degree to which they are linked to the jihadist threat remains unclear.
› The biggest problem for the UK is managing a problem which never seems to be entirely resolved, but only seems to grow in unpredictable and confusing ways, creating new cohorts of problems for authorities to manage. This, along with the growing problem of the extreme right wing, as well as sectarianism amongst South Asian communities points to a set of issues which will continue to trouble the UK.
Another catch up piece, this time in the wake of the Sir David Amess murder for the Telegraph, looking at the incident through the lens of how COVID-19 has complicated counter-terrorism. A question that I have looked at a lot through various lenses, including a substantive assessment of the one-year impact of COVID-19 on terrorism and extremism for my institutional home in Singapore ICPVTR.
The system relies on human contact, and people noticing those who might be going in the wrong direction
Countering radicalisation is a social activity. Most anti-extremism programmes are based on engagement with individuals, seeking to steer them back onto a path away from extremist ideas. This also applies to the efforts to get people to the attention of authorities.
The system relies on contacts and people noticing those who might be going in the wrong direction. So if human contact falls, the number of opportunities to notice radicalisation also declines. In the first months of lockdown, counter-terrorism police raised the alarm, noting that Prevent referrals had dropped by as much as 50 per cent. There seems little question that the pandemic and lockdown have made the fight against terror and extremism that much harder.
Prevent referrals are a random bunch, but the majority (according to the Home Office for the last available year) were either from police or the education sector. This is police officers, teachers or others who, in the course of their work, come across people who are exhibiting some sort of behaviour which might be indicative of radicalisation. Having noticed this, they flag it up and then an investigation is done to understand if the concern merits further attention. In the last year of reported data, 6,287 referrals were made, 1,424 merited deeper engagement, and 697 were adopted as part of a programme called Channel.
We have no idea where the suspect in the murder of Sir David Amess may have come on this spectrum after his Prevent referral five years ago. But we can be sure that many of the other societal contact points which are usually relied upon to generate these referrals disappeared during the pandemic. Repeated lockdowns, school and youth centre closures, and other restrictions will have made it harder for those watching out for these potential problems to come into contact with those veering in the wrong direction.
We also have no idea how many more people may have been radicalised while sitting at home, isolated, over the past two years. Those who were stuck on their computers and seeking answers while living in abusive environments at home may have been particularly vulnerable. Officials have warned of the threat the country faces from “lone actor” terrorists who may have been radicalised online during lockdown.
A number of horrible murders over the past year suggest distressed minds seemingly pushed to the brink. We will have to see how many will ultimately be linked to violent ideologies, though it seems clear that most extremist ones have received something of an uplift in online supporters during this strange period. On the extreme Right, for example, hundreds of anti-Semitic incidents have been reported, while at least 90 telephone mast burnings have been linked to anti-5G conspiracy theorists.
We have also seen a number of cases over the past few years where individuals with mental disorders or other social dysfunctions have launched attacks in the names of a violent Islamist ideology they barely comprehend. And it seems likely that the strangeness of the Covid-19 period has accelerated this trend.
The world may have stopped for Covid, but sadly extremist ideas did not.
Raffaello Pantucci is a senior associate fellow at Rusi
Have a lot of catching up to do. Been dealing with a lot of late, so as ever slow here. First up, a brief note from last month for Prospect which sought to show the importance of Afghanistan to the story of British jihadism. Lots more stories like this in my first book, and more to come on the lone actor side of the problem.
Since 9/11, British citizens have continued to travel to Afghanistan to fight western forces. Now the Taliban are back in charge, the authorities fear more terrorist plots could be hatched in the country
In 2018, Khalid Ali was convicted of planning a terrorist attack in London and of making bombs for the Taliban. Credit: Met Police handout
In the wake of the September 11, 2001 attacks and the US-led invasion of Afghanistan, Britons were shocked to discover that some of their own were fighting for the Taliban. Broadcasting to the world from a safehouse in Lahore, Hassan Butt, the British spokesman for radical group al-Muhajiroun, reported that a group of Britons had been executed by Northern Alliance fighters in Afghanistan for “being pro-Taliban.” Posing in front of shelves of books he had likely never read, Butt spoke with a Mancunian twang as he celebrated his fellow Britons’ deaths: “we’re very envious and we would like to be like them because to live and die and walk and talk Islam is every Muslim’s role in life.” As journalist Shiv Malik has revealed, Butt’s story later turned out to be more complicated than it first seemed. But it is true to say Butt and others like him exposed a reality that still haunts Britain.
A number of Britons who were in Afghanistan after 9/11 ended up being sent to Guantanamo Bay, like the famous Tipton Taliban. The trio of West Midlanders claimed to have set off for a friend’s wedding in Pakistan and wandered into Afghanistan out of curiosity, only to get caught by the Northern Alliance. Their story was dramatised in a somewhat forgiving 2006 film called The Road to Guantanamo, which focused on their torture at the detention camp. The backstory they appear to have confessed to US interrogators (admittedly an account made under duress) showed, in contrast, a path peppered with extremist preachers, radical communities in northern England and a stop at al-Qaeda’s al-Faruq camp in Afghanistan. Though they were not convicted of anything on their return to the UK after being freed from Guantanamo, the group seemed to fit the profile of other Brits who did go to train and fight in Afghanistan.
The US-led invasion did not seem to deter British nationals or residents from fighting alongside the Taliban—if anything, it encouraged some. RAF Nimrod operators regularly reported overhearing Taliban fighters in Helmand talking to each other with “broad Midlands and Yorkshire accents.” One Taliban corpse was reportedly found with an Aston Villa tattoo. In 2010, the Guardian interviewed an East London cabbie in Dhani-Ghorri, northern Afghanistan, who claimed to return to Afghanistan for a few months each year to fight western forces. In June 2011, Atiqullah Mangal died during a brazen attack on the Afghan Defence Ministry. Subsequent investigation revealed he had been radicalised in a British prison, where he was jailed for violent assault in Aston after being smuggled into the UK in 2001 from Afghanistan. Following deportation, he had joined the insurgency and recruited others.
In November 2012, a video emerged which included images of “Umar the British,” a Taliban fighter in Pakistan who was, reportedly, one of the planners of the 2009 attack on Camp Chapman in Afghanistan, which led to the deaths of seven CIA agents. In the video he spoke with a London accent. He is now believed to be a long-missing British jihadist from East London, who was reported to have been killed in a US drone strike in 2010.
While these worrying stories continued to appear over the years, the actual depth of support in the UK for the Taliban was never clear. The UK is home to a population of around 100,000 Pashtuns with ancestry in Pakistan, rather than Afghanistan. According to the ONS there were some 33,000 people in the UK from Afghanistan as of June 2020 (the number will have increased since then.) Support for the Taliban, however, tended to come from a wider pool than just the Pashtun or Afghan communities.
Key to the connection is the Deobandi movement, a conservative religious strain that emerged in India in the late 19th century, that helped in part give birth to the Taliban. The Deobandi creed is followed by around half of the mosques in the UK. Aimen Dean, a former member of al-Qaeda who worked undercover for MI5 and MI6, told the BBC that “pre-9/11 there was no question that the Deobandis supported the Taliban of Afghanistan and the regime of Mullah Mohammed Omar to the hilt, because it was a purely Deobandi regime… even after 9/11 there were many mosques still stubborn in their support of the Taliban because of the Deobandi solidarity.”
While it is unfair to tarnish all Deobandis with the Taliban brush, there is little doubt there are ideological crossovers. Writing in 1999, Taliban expert Ahmed Rashid described the group as having emerged from Deobandi madrassahs in Pakistan. As he put it in Foreign Affairs, “The Taliban’s anomalous interpretation of Islam emerged from an extreme and perverse interpretation of Deobandism, preached by Pakistani mullahs (clerics) in Afghan refugee camps.” Former Taliban leader Mullah Omar wrote to the sect’s leadership in Pakistan asking for guidance, though he does not seem to have gotten a direct response.
It is hard to know in absolute terms how much Taliban support there is in the UK. And it is impossible to know with any certainty for how many people this translated into travelling to Afghanistan to fight alongside the Taliban. But there have been a few other high-profile cases. Omar Khyam, the brains behind the 2004 fertiliser bomb plot, had been home to Afghanistan in 2001 and reported finding the Taliban highly hospitable. In 2006, Parviz Khan was arrested for plotting to kidnap a Muslim British soldier in Birmingham, and then planning to video his decapitation. He had previously been running a regular supply line for Taliban militants in Pakistan, sending money and equipment. He was jailed for life.
Taliban-linked plots have continued until relatively recently. In April 2017, police made a dramatic arrest in Whitehall of a smiling young man with three large knives suspected of planning an assault on police officers. Khalid Ali was a sometime plumber who disappeared from his home in Edmonton, north London, in 2011, only to reappear in 2016 at the British Consulate in Istanbul trying to get temporary travel documents to get home. When he landed back in the UK police found 42 matches with an FBI database of prints found on explosives in Afghanistan. Under questioning, he stated he was a Taliban soldier and that he had pressed the button detonating bombs in Afghanistan “more than 300 times.” On the stand later he changed his story, but his phones were not all recovered and the prosecution speculated that he appeared to be planning to launch his attack concurrent with the Taliban’s Spring offensive. He was convicted of planning a terror attack and making bombs for the Taliban, and jailed for 40 years.
The plot was a strange one that took place in a year in which the UK saw four successful violent Islamist plots and around a dozen disrupted ones. But it distinguished itself with its links to the Taliban and Afghanistan—in contrast to the Islamic State links that had by then become the norm.
This all returned to the headlines again after the recent fall of Kabul, when military intelligence sources leaked to the Sunthat they had “received some intercepts of two British men, probably below 30, talking openly on mobiles… One had a London accent, what you might call a street accent.” This kind of intelligence leak about homegrown militants appears to be one British authorities enjoy doing—so the timing of its appearance now (in a tabloid) must of course raise eyebrows. But it is not surprising that British nationals might be fighting or be present in Afghanistan.
Yet the bigger danger for the UK is the Pakistan connection. The 7th July, 2005 cell started off interested in jihad in Kashmir, only to get re-directed to train in Afghanistan where (after some time) they were directed by al-Qaeda to murder 52 Londoners.
While the danger from terrorist networks in Pakistan striking the UK appears to have reduced, extremism originating in Pakistan has grown in different ways in the UK. In February 2016, Jalal Uddin, a 71-year-old imam, was bludgeoned to death with a hammer by an extremist who then fled to Syria to join Islamic State. (Another man was found guilty in the UK.) Uddin was accused of spreading witchcraft through taweez faith healing and had stirred the anger of fundamentalists in Rochdale. A month later, a Bradford cabbie drove up to Glasgow and murdered Asad Shah, an Ahmadiyya shopkeeper who had posted videos online which the fundamentalist cabbie found blasphemous.
The Ahmadiyya are a widely persecuted minority Muslim sect (in Pakistan they are officially considered non-Muslims). Numerous investigations by the BBC and others found cases around the UK of anti-Ahmadiyya sentiment or openly sectarian Pakistani groups in the UK. Even from jail Asad Shah’s killer has maintained his connection with extremists, finding ways of releasing audio recordings encouraging people to attend events linked to his sect in Pakistan. He has, in fact, become something of a folk hero amongst the Sufi Barelvi community in Kashmir.
The support network for such extremist sentiment in the UK is clearly already present. A stridently sectarian political organisation called Tehreek-e-Labbaik Pakistan (TLP) made an appearance in the streets outside the Pakistani High Commission in London in April 2021, protesting the government’s refusal to eject the French Ambassador in the wake of President Macron’s calls for new laws to control extremism after the murder of schoolteacher Samuel Paty. Notwithstanding being banned in Pakistan, the group appears an irritant that the authorities in the UK cannot dismiss.
Colonial history ties South Asia and the UK together in a way that is unique. It is a rich connection that generates a huge amount of good for both sides. Unfortunately, it also has a darker edge: for the UK a regular stream of support for the Taliban and associated extremist groups in Pakistan, as well as radicalised young men and terrorist plots. Now we have a Taliban government in power, some of the more covert aspects of this connection are likely to become more prominent. And as MI5 chief Ken McCallum put it recently, this time “we will have neither the advantages nor the risks of having our own forces on the ground.”
Another piece linked to the September 11 anniversary, this time another interview of the series that I have been doing for CTC Sentinel. There are a few more recent pieces to publish, and some bigger research pieces for CTC in the pipeline. The interview was done initially before the fall of Kabul and then we revisited some of the questions afterwards.
Sir Alex Younger was a career intelligence officer in Britain’s Secret Intelligence Service, MI6, for 30 years. He served in Europe, the Middle East, and Afghanistan. He was appointed as Director of Counter Terrorism in 2009, and as Chief from 2014 to 2020. Prior to SIS, he served in the British Army as an infantry officer.
Editor’s Note: The following is the transcript of an oral interview conducted ahead of the 20th anniversary of 9/11. It has been lightly edited by CTC Sentinel.
CTC: Take us back to 9/11. You were already working in SIS (the Secret Intelligence Service, MI6) at the time. How much of a shock was the attack to SIS and to U.K. intelligence more broadly?
Younger: Clearly, it was a shock, and it was designed to shock. Visually, it was an extraordinarily traumatic and shocking sight, and that was the point. The attack was designed to be the ultimate provocation, and that was the effect that it had. It also engendered huge uncertainty because at the time we had none of the knowledge we now have with hindsight, and it seemed eminently probable that this was the first of a number of such attacks. To this day, I am pleasantly surprised that it did not lead to a series of similar outrages. In fact, on that day, I remember thinking that the very building I was sitting in could be on the list. So it also had a very personal effect. And it was clear that it did change everything.
CTC: How did 9/11 change the work and thinking at SIS? Did change occur immediately after the attack itself, or did it take some time for it to filter through the organization?
Younger: No, it was pretty quick. I think if you looked at the situation on the day before September 11, by and large terrorism was still treated as a discrete set of regional but probably even national phenomena rather than something strategic. When you looked at our version of terrorism in the U.K., for example, it felt very different to what was being faced in France. By and large, it was our domestic colleagues [at MI5] who were in the lead on all of this in the U.K. International partnership was less important. Secondly, and this may have been a failure of imagination as much as anything else, people did not conceive of things going on in far off places, like in failed states like Afghanistan, as actively threatening their homelands. That connection wasn’t considered adequately. It was obviously there theoretically, but I do not think it was properly internalized.
Bear in mind that we, as the U.K., were somewhat ahead of the pack in many respects for the very sad reason that we had dealt with terrorism for decades generated by the IRA [Irish Republican Army]. That was a quintessential domestic, politically orientated problem—all the things that the attack of September 11 was not.
So the main changes were two-fold. One, a pretty instant ovenight understanding that what happened in Afghanistan obviously mattered to the security of our people, and that, of course, put my service properly into the fight. And then secondly, an understanding of the premium on partnership. We realized that, by and large, we all had the same problem and it was coming from similar places. The days where you could take a not-my-problem or, worse, beggar my neighbour approach to terrorism were well and truly over.
CTC: You are one of many SIS officers who served in Afghanistan. You’ve stated that after 9/11, you and your colleagues had a “profound impulse to step forward into the line of danger” and that you felt that your organization was “one of the few that could make a difference, faced with a wholly new, and open-ended, threat from international terrorism.”1 Talk us through the role SIS played in going after al-Qa`ida in Afghanistan and has played in detecting and [working to thwart] jihadi terrorist plotting around the world.
Younger: It’s an odd thing to say, but in some ways, we were the lucky ones; terrorist attacks are awful things, but we are in a position to do something about them. I think one of the most difficult experiences after something like 9/11 or 7/7 [the al-Qa`ida attack of July 2005 on London’s transport system] must have been a sense of helplessness in the face of this hidden menace, set against [the] very human wish and need to get involved and do something. In SIS, we had the privilege, if you can call it that, to be in a position to do something about attacks in however small a way. That also, of course, conferred a frightening responsibility, which I would not pretend was a light burden for anyone. Our mission intensified in this new and difficult context. But it was our traditional mission. Put simply, we discovered that groups of people in far-off lands, predominantly in failed states which constituted a permissive environment for terrorists, were organizing to kill our citizens. It was our job specifically to get inside those groups, to reveal what was going on, and to work in partnership to stop it—a task, albeit in different contexts, that is as old as SIS.
CTC: How shocking was it to discover that there were British nationals involved in these networks? The July 7 attacks of 2005 were the archetypal example of this link, but there were also many other plots, as well as Brits fighting with the Taliban when the Americans went into Afghanistan. How much did that particular community become a focus of work?
Younger: It was not a shock in the sense that we had already seen al-Qa`ida rather successfully—the ideology, that is—appear within communities that should otherwise call the United Kingdom home. People born here and who nonetheless conceive for various complex reasons to be in a state of war with their own country. So, it was not intellectually out of kilter, but speaking as a British citizen, someone who lives here and cherishes the values the U.K. espouses, it still remains a profoundly shocking fact. I am a huge beneficiary of all of the things that are good about this country, and I make it a principle of life to try to put myself in other people’s positions to try to understand their choices. But I nonetheless find it extraordinary that a country that has provided succor to people is turned upon in this way.
But what I think is not the important thing. The important thing is for us to properly understand the thought processes and conditions that lead to people making these choices. To deal with this problem in the longer term, we have to understand these underlying issues and deal with them. We in the CT [counterterrorism] community working in the Pursue strand of our strategya are not the solution here. What we are is the means for buying time and a way to suppress the problem, to provide space so that the political, psychological, social, and cultural aspects that lie at the heart of this problem can be fully addressed.
CTC: Beyond Afghanistan, were there any parts of the world SIS was particularly focused on when it was going after the threat?
Younger: I always thought we had two jobs. One was to join the community of nations in bearing down on the networked jihadi threat; be part of a networked solution to a networked threat. Additionally, I was very conscious of our need to play our part as a globally engaged power across the globe in dealing with these problems. Things that happened in far-off countries affected us and others. It was very difficult to isolate the terrorist problem to a specific geography, and it was our job to be making a contribution to counter the problem.
But I also felt that we are a medium-sized power, and it would be a huge mistake to set ourselves up as a global policeman. We are just not suited for that, and I do not think there is a particular appetite within the U.K. to play that role. It simply is not practical. So our priority needed to be to bear down on places and people that were generating a direct threat, either to the U.K. or to our citizens and allies. The most forbidding and essential aspect to a successful counterterrorism campaign is to prioritize. You naturally prioritize on the threats to the lives of our citizens and those of our allies. So that takes you to places where we have a contiguous geography in all senses of the word, not just physical but human and societal, and so in particular South Asia: India, Pakistan, and Afghanistan. Our links to that whole region are profoundly enriching for our country, but sadly, there is a negative aspect. These links are exploited by extremists.
CTC: How did SIS change its practices of working with other agencies and allies in the United States and elsewhere as a result of 9/11? What were the most significant changes you observed in its wake?
Younger: To extend my recipe about effective CT, I would say it is one percent inspiration and 99 percent teamwork. Suddenly, and bear in mind intelligence services are broadly configured around the need-to-know principle, counterterrorism forced us to rapidly shift to a dare-to-share principle. It became evident that the risks of not sharing frequently in counterterrorism were far more forbidding than the risks of sharing. It was a complete inversion of our normal paradigm.
We embarked—it has to be said, led by the United States—in an aggressive pursuit of effective partnership with the countries where the threat was coming from. Which, of course, immediately generated a set of really serious ethical and legal considerations because normally you are partnering with a country that’s very different from a prototypical Western liberal democracy, and this brings a whole set of challenges with it. And that was the thing that hit us pretty quickly. There was a lot that was familiar about the task, which for SIS since 1909 has been about finding out what is going on and doing something about it. But there is something about counterterrorism and the need to share to be effective, and the need to do something with what you find while remaining consistent with your laws and values, that brought with it a set of really new and very difficult disciplines into play almost overnight. That was tough because it was matched with the impulse I described in the speech you mentioned earlier, which is to do stuff. And our absolute impulse, which I’m still proud of, was to get out there and be shoulder to shoulder with the United States, which had suffered the most grievous attack.
CTC: 9/11 happened as we were on the cusp of the current information revolution. Al-Qa`ida was quite an early adopter of the internet. Could you talk us through the complexities of adopting to this new world and how it might have impacted intelligence collection and counterterrorism in particular?
Younger: I think it was most important on the CT capability side: information sharing, data discovery, recognizing that huge holdings of data would very rarely make any sense unless they were compared with other huge holdings of data. That was the really big issue and change. It was actually on our side of the fence rather than the terrorists’ where the data and technology was most important. When it comes to our adversaries, it is worth remembering this was 2002. The internet as a means of propagating ideas was still pretty nascent. You have to fast forward to Daesh [the Islamic State] before you get to the profoundly internet-enabled terrorist phenomenon that is such a major preoccupation today. And there wasn’t any cyber component to the threat; I think there were a couple of small attempts at cyber-terrorism, but I don’t think anyone seriously attempted that with any great effort or impact.
Predominantly for me, the bigger change was the astonishing revolution that took place in the latter part of my career where we had access to abundant information, technical data, and other things, and struggled to figure out how to manage and decipher it all. The real issue was, again ensuring it was done in a manner that was lawful and consistent with our values, using that information to get the right answer before terrorists acted.
CTC: With the Arab Spring and the death of Usama bin Ladin, there was a sense 10 years ago that the global jihadi terror threat was waning. But within just a few years, the Islamic State had taken control of vast swaths of Syria and Iraq and embarked on a global terror campaign. Was SIS surprised by the speed and extent of the rise of the Islamic State? What for you are the lessons learned for the future when it comes to identifying and confronting such gathering threats as early as possible?
Younger: I don’t think the phenomenon of Daesh itself was a surprise insofar as you could see in the situation in Iraq a sort of textbook environment for radicalization. The speed of it was absolutely a surprise, and the asymmetric success that Daesh enjoyed in 2014 was pretty stunning. I am sure you will remember those images. That was a shock. However, a significant galvanizing factor was quite particular to that time and place. Essentially, hardline elements of Saddam’s former intelligence apparatus rapidly changed sides and brought a pretty hardcore level of security expertise to what I think otherwise would have been quite a disparate insurgency. It was a really evil combination of a rapidly intensifying and mutating jihadist ideology galvanized in a pretty cynical way by a lot of former Soviet-trained Iraqi operatives. And that produced what we subsequently saw, which was an incredibly intractable and difficult security problem. Allied to this was the more modern phenomenon that we have just been talking about, which is their realization and capacity to conduct a digital campaign and propagate the jihadist single narrative in a far more sophisticated way than had been possible hitherto.
It was also profoundly worrying to see the caliphate set up as a working example of the jihadist ideology on earth, operating and to the extent that it did. And that success, while it lasted, pulled people in, which was a significant source of threat to us as those people were pulled from their host communities, including here in the U.K., and retained links back home alongside the capacity to use those links. I remember thinking at the time that this was an open-ended, toxic, and extraordinarily dangerous situation. One of the things I am most proud of is the role we played in removing the caliphate from Syria. It remains in many important ways an unfinished and very open situation, but if I cast my mind back to, say, 2014 and you had told me we would ultimately prevail over the caliphate, that would have been, in my mind, a very good outcome. Not least because specific British operators within Daesh were very prominent in the group’s campaign and a source of extreme national shame and embarrassment.
CTC: Could you tell us a bit more about the indicators you saw for the rise of the Islamic State? Looking at that experience, are there any other parts of the world where you could envision something similar happening?
Younger: I remember at the time being very concerned about the way that [Syrian leader Bashar al-] Assad was behaving towards his own people and the brutality he was meting out. I think this in large part was what would feed the Daesh phenomenon. But even with hindsight, we can’t beat ourselves up for failing to see the speed and scale with which it happened, because it is quite a dramatic butterfly effect, in the sense that small changes to the inputs made a large difference to the outputs. There were several different, unrelated factors that coincided to put Daesh’s development at the worse end of anybody’s expectations of what might happen. In large part, this surprise is why they were so militarily successful, because they were just moving so much faster than anyone’s understanding of the threat.
CTC: What is interesting looking back is that in the end, the United Kingdom did not face the same sort of threat as continental Europe from the Islamic State terrorist organization in Syria and Iraq. What plots we did see were of a much smaller magnitude than, for example, the November 2015 Paris attacks. It could be that you and your colleagues were just doing a fantastic job and that’s what kept the threat away, but I wonder was there anything else to it. Was there anything about the way the United Kingdom was connected to the battlefield that seemed different to the earlier wave of al-Qa`ida-linked threats from South Asia? Can you tell us why you think the United Kingdom did not end up with the same sort of threat?
Younger: Well, I think we had a head start in terms of doing counterterrorism for decades and learning some very hard lessons in part through mistakes. We learned early the importance of being joined up within our various security services, which placed us ahead of the pack. We therefore likely did pose a more difficult environment for terrorists to operate in than the average in Europe. But I would not want to exaggerate that lead. The reality is that we were all vulnerable and we all faced this phenomenon together.
Looking back, however, the role of charismatic and prominent individuals should not be underestimated, so part of the reason that brought the particular intensity of threat to both France and Belgium was that their nationals happened to be in influential and capable positions within the caliphate. And so in that sense, for them it was really a case of bad luck. But that’s how it was. And if you take that reality alongside the fact that those countries are not islands and that firearms are therefore more accessible than they are in the U.K., then you have some part of the answer to the question. We will not ever, of course, absolutely know the answer, but I would also highlight that European counterterrorism capabilities at that time were growing much more effective and continued to [do] so.
CTC: Twenty years on from 9/11, there is again this sense that the global jihadi threat is in retreat. What is your assessment? Have you been surprised by the growth of the Islamic State in Africa in particular? Where do you think we may see jihadi threats coming from next?
Younger: It is really difficult to speculate. Broadly speaking, I would say that the threat is less than it was, and I would link that to the successes we have had in terms of suppressing the networks in Syria and Afghanistan. This is combined with a much more effective counterterrorism machine across the technical, foreign, and domestic spaces that are much better integrated than they were. Our counterterrorism capability is an order of magnitude more effective and capable than it was in the past.
Set against this reality are two issues. One, as the Manchester attack illustrated,b a spontaneous, non-directed attack is just as devastating as networked plots. Terrorism is now more spontaneous and delegated, but that does not mean it is less dangerous, something the Manchester attack sadly showed. But terrorism of this sort is a different type of problem, and in some ways, it has now reverted to being much more conditioned or sensitive to the domestic conditions in the target country, rather than being primarily something that is directed from abroad (in the U.K. at least). It is still fundamentally underpinned by a single narrative, which is very effectively propagated online by groups like Daesh and al-Qa`ida.
Yet, at the same time, it is also at the moment pleasing to see that international terrorist networks, both al-Qa`ida and Daesh, are to some extent in abeyance because we have been successful against them. There is no real cause to pause and celebrate that fact because Africa and the Sahel are looking dangerous and difficult. In addition, there is, of course, Afghanistan.
CTC: MI5 Director General Ken McCallum recently warned that terrorists will seek to take advantage from the U.S. and NATO withdrawal from Afghanistan.2 In the wake of the fall of Kabul, how concerned are you by this, and what needs to be done to ensure that Western intelligence is best placed to detect and thwart any future international attack plotting from the country?
Younger: The sudden collapse of the Afghan government was brought on by [a] set of unforgivable unforced errors. Trump’s inexplicable decision to abandon any political conditionality in his withdrawal “negotiations,” his immoral pact with the Taliban that essentially made it OK to attack Afghans, if Americans were left alone, creating a dynamic that led directly to the collapse of the Afghan Army. And the Biden administration’s tactical missteps: the abrupt removal of all enablers, and the decision to do this in the middle of the fighting season. All without any meaningful allied consultation.
The consequences are [evident]: harrowing scenes at the airport; Afghans who chose to support us left behind; and the loved ones of our fallen soldiers asking what it was all for.
And they are strategic: this sends a damaging message. It is a humiliation for the “West” and represents encouragement for despots and autocrats everywhere who know they can simply wait for Western democratic resolve to weaken with the passage of time. I was in Afghanistan in the period after the Soviets left. Najibullah’s government proved to have far more staying power [than] the one we chose to underpin at vastly higher cost. What does that say?
Even in these circumstances, though, it is important to retain some balance. The idea that this somehow represents the end of American power is grossly overdone. When it comes to counterterrorism, we would be wise to remember that U.S. agencies, particularly the CIA, have been at the forefront of developing the most powerful global CT network ever known; there are people alive in all of our countries who would not be, were it not for their efforts. Their work, capability, and partnership will become more important, not less.
Most importantly, however crass U.S. policy might appear, it does represent a welcome if belated realization that there is rarely a pure military solution to a terrorist problem. The causes are ultimately political, and so must be the end game. It became obvious a number of years ago that nation building, Western style, was either wholly impracticable or beyond the resources allied nations were prepared to commit. A way had to be found to integrate politically the powerful Pashtun nationalist faction represented by the Taliban. But the leadership to do this, including in Afghanistan, was not there. I do believe that the comparatively light Western military presence could have been maintained much longer and used much more effectively as a bargaining chip. But it was not the solution.
What does this mean for the threat? That depends on what the Taliban do next. They have sought to project a reassuring message, but history teaches us to approach this with caution. We discussed earlier what it was like in 2001/2002: how stunning it was to discover the degree of terrorist infrastructure that existed in Afghanistan, specifically in the Tora Bora complex. There had been a wholesale state capture by al-Qa`ida of Afghanistan, to a degree that none of us could have really imagined. Right there you have a worked example of what happens when Afghanistan is left unsupported and to its own devices. The Taliban took over and were wholly permissive to al-Qa`ida, who, in turn, organized at almost military-scale capability to attack our countries. You have to ask yourself why that wouldn’t happen again, because obviously it could as it has happened before. There are a few factors that make the current situation different. Clearly the Taliban are not stupid and will have noticed what happens to them when they allow people to operate out of their territory in the manner that al-Qa`ida did before 2001. So while they might be conflicted, I imagine this will weigh on their considerations. Afghanistan itself is also a very different place and the population has very different expectations than they would have had in the 1990s. So not everything is the same, making a clean comparison complicated.
My main plea is that we remain engaged across the intelligence, defense, security, diplomatic, humanitarian piece. That’s much more difficult if you do not have a security or even diplomatic presence on the ground, but history shows us what happens when you turn your back on Afghanistan.
Above all, we need an approach by regional states that rises above their narrow struggle to assert sectoral interests that it has been Afghanistan’s tragedy to host.
CTC: With the U.S. and NATO militarily withdrawal from Afghanistan and the resulting Taliban takeover of the country, how do you think regional powers like China, Russia, Iran, and of course Pakistan will react going forward? What is their long-term view of Afghanistan and the terrorist threats there, and how do you think they will try to mitigate them?
Younger: I think this is a very good example of ‘be careful what you wish for.’ All of those powers in their different guises have been campaigning for NATO to leave for some time, and we are now where we are. They will undoubtedly enjoy the reputational damage that this causes the Western coalition, but beyond that, I cannot see how this is going to improve their security situation in any way. Most obviously, China has a border with Afghanistan. We do not have any physical border there. We are a long way away, and yet we have been the ones essentially being custodians of security. Clearly, there is going to be a lot of thought going on in Beijing about how what is now an open flank is going to be dealt with. There has been a lot of speculation about how Belt and Road [Initiative] can be used to exploit what at one level is a new opportunity in Afghanistan, but the reality is that this is a highly unstable and radicalized place that borders one of China’s most sensitive regions.
With Russia and Iran, it is a pretty similar story. With Pakistan, we have just seen exactly the successful, radicalized, Pashtun Islamist takeover [in Afghanistan], that much of their security apparatus has facilitated and worked for over years, seeing, as they did, a stable Afghanistan as a source of strength to India. Wiser heads have pointed out that Pakistan’s stability depends on successful control of its own radicalized Pashtun elements, a task that will be rendered close to impossible with a radicalized Islamist takeover of their western neighbor.
CTC: In this era of great power competition, there is concern that countries might start to use (or increase their use of) terrorist groups as proxies to strike against each other, especially in a situation with an asymmetrically powerful United States. How do you see this issue? To what degree might shifting prioritization away from counterterrorism to great power competition impact counterterrorism capability?
Younger: I think states and terrorism have always been intertwined to some degree because terrorism happens in geographies. You could also argue that the al-Qa`ida phenomenon distorted all of our longer-term security priorities, but most specifically those of the United States. When the history is written, you will probably see that the U.S. response to a rising China was more muted because it was prioritizing the terrorist threat posed by al-Qa`ida. I think we’re still a bit too close to that to be able to really judge this balance. But what is certain is that great power competition introduces a potential existential threat in a way that counterterrorism does not. What terrorism does, which is almost as difficult and certainly as pernicious, is undermine the social fabric of our countries. This is why governments take it so seriously and why there is so little tolerance of it. But clearly when it comes to conventional destructive power, an international conflict is a far more significant issue.
To look at the question of use of terrorist proxies: With the advent of hybrid warfare, states, and most prominently non-democratic states, have become adept at integrating all aspects of national power into their security toolkit. Relationships with militant groups can and have become another of those tools. You cannot rule out the possibility of these things being used to attack us. Look at the way Russia has used militant groups in the Ukraine.
CTC: The recent U.K. Integrated Review stated that “It is likely that a terrorist group will launch a successful CBRN attack by 2030.”3 According to a May 2021 report by an U.N. investigative team looking at Islamic State activity in Syria and Iraq, “evidence already secured indicates that ISIL tested biological and chemical agents and conducted experiments on prisoners as part of [a biological and chemicals weapons] programme, causing death.”4 Given the intelligence you saw come out of Syria and Iraq, how concerned are you about this threat vector?
Younger: These are difficult attacks to mount, so I would say they are unlikely, but they are very high impact. So it is a classic example of low-likelihood, high-impact threat, which is the sort of problem that is very difficult to deal with. That is, however, our life in the intelligence business. Particularly the issue of how you prioritize your effort against that specifically is hard. My way of getting out of that conundrum is to observe that, broadly speaking, it is the same individuals who are involved in the broad range of all terrorist activity. So insofar as your strategy needs to, and I believe it does need to, be focusing on key individuals and networks and key geographies, I do not think that this approach is invalidated by any expectation of the CBRN threat being more or less likely. You could, if it got sufficiently serious, take the completely opposite view and start going after it as a particular category of problem and look at it in those terms, but I think my advice would still, broadly speaking, be it is the same thing and the same people coming to attack us, just in a very wide variety of different ways, which will include CBRN. Clearly, they are hankering after the most spectacular impact they possibly can achieve.
CTC: In the wake of the COVID-19 pandemic, there has been renewed concern that terrorists or other bad actors could obtain or engineer and then deploy a more dangerous virus than even SARS-CoV-2. As the 2018 U.S. Strategy for Countering WMD Terrorism noted, “advances in biotechnology could theoretically allow even a single individual working in a laboratory to engineer pathogens that could have catastrophic effects.”5 What is your assessment of the biological threat landscape and what role can intelligence agencies play in preventing an engineered pandemic from materializing?
Younger: Clearly you have got a worked example in front of us. I have no idea if terrorist leaders noticed and wanted to do something similar, but I would be very surprised if that thought has not occurred to them. I would have thought, though, that the same logic applied as we were just discussing about CBRN threats more broadly. Having said that, we clearly do not want to suffer from a lack of imagination about what might happen, as arguably was the case before 9/11. We need to conceive that something like that could happen, but sadly, that is all too easy to do. I hope that as our intelligence services are collecting throughout the world, they are staying highly sensitized to this possibility, but what the signatures of that activity would be and if they would essentially be different to all the stuff that we ordinary do, I do not know.
CTC: In the wake of the events of January 6, there has been growing concern around the world about the threat posed by far-right extremism and its increasing transnational interconnectivity. According to MI5 Director General McCallum, “Of the 29 late-stage attack plots disrupted [in the United Kingdom] over the last four years, fully 10 have been Extreme Right Wing.”6 To what extent has going after violent extreme far-right networks been a priority for SIS, and do you think it will be a priority in the future?
Younger: I think it is incredibly serious. The concerns I have about terrorism writ large, but hitherto Islamist terrorism, are the effect that they have in degrading trust between citizens. It is trust that underpins our democracy and our social cohesion. So it is nothing to be taken lightly. In some ways, maybe the rising extreme right is the reaction that terrorists have sought to precipitate, but I actually think it is much broader than that and a function of a whole set of phenomena that we see in the modern age—most specifically, the internet.
The extreme right would become an issue for people like me while I was working for SIS if it was predominantly organized overseas and was done in an organized way, and unless those two facts are true, frankly there is not a lot we can bring to the party. My view is that it probably is not the situation at the moment. So in that sense, and you will have heard it from what Ken said, it remains a really significant and rising domestic preoccupation.
CTC: The lack of much external direction and links makes it less of a focus and role for SIS?
Younger: Were we to see a replica of the scenario we saw in 2001, when a group of terrorists that were organizing in a failed state, successfully radicalizing people within the U.K. to carry out attacks here, that would change things undoubtedly and bring it front and center for SIS. But that’s not how I would characterize it at the moment. There have been some individuals going to foreign battlefields like Ukraine, and we saw the same thing happen with elements of the Yugoslavia civil war. I am not ruling it out as a possibility, but I do not think at the moment we see that. CTC
Substantive Notes [a] Editor’s Note: The United Kingdom’s counterterrorism strategy (called Contest) has four pillars: Prevent: to stop people becoming terrorists or supporting terrorism Pursue: to stop terrorist attacks Protect: to strengthen protection against a terrorist attack Prepare: to mitigate the impact of a terrorist attack
A new piece which I recognize has a certain level of irony imbued within it – making the point that an extremist leader is best starved of the oxygen of publicity by writing about him in a national newspaper. But still, it felt a significant point to make. I noted during his press conference announcing the end of his restrictions apparently someone walked past and shouted at him. As quoted in the Telegraph, “one passerby, of South Asian origin, shouted: “You don’t speak for us”.” So maybe he is finally on his way out. But I suspect this is not the last we have heard from Anjem Choudary I am afraid. In any case, here is my short comment for the Times Red Box column.
As the rest of the UK celebrated the end of Covid restrictions, Anjem Choudary celebrated his return to free speech. Having been jailed for inviting people to support Islamic State, he was freed in 2018 and had been living under restrictive licence conditions until now.
But being able to speak is not the same as a return to influence. This is not something that will be entirely determined by the restrictions he is living under. The real determinant is the degree to which he is welcomed back into the public debate as a figure representing a part of society.
This is something we can all determine around him and something he will struggle to control.
There is no denying the damage his organisation, al Muhajiroun, has done. The last two violent Islamist terrorist attacks in this country to kill innocent people were conducted by individuals that had some contact with the organisation.
This is the latest chapter in an almost three-decade history for the group. Go back to before September 11, 2001 and the group and its people are a regular feature of most terrorist investigations.
Yet it is also the case that it is not clear how much the organisation has managed to grow and develop further in the past few years. Choudary was the most prominent leader of an organisation that struggles to mobilise in the same way as it used to.
One of its more prominent remaining leaders, Shakil Chopra, was jailed a couple of weeks ago for sharing extremist videos. Others are living under restrictive conditions that are designed to consume their time and constrain their ability to meet with others or radicalise further.
Of course no system is perfect, but these restrictive measures do have a corrosive effect on capability.
It has been some time since we have seen a large-scale terrorist plot prosecuted in our courts of a scale comparable to those that were being disrupted in the mid-2000s when al Qaeda used a pipeline of followers that al Muhajiroun had helped build to direct a series of attacks towards the UK.
Rather we have seen atrocities that have been sporadic and occasional with no clarity about the role of terrorist groups or al Muhajiroun. It is not clear how many new followers the group is generating in the same way as it did before.
Security services continue to worry about violent Islamists, but it is not clear how much of this threat is still linked to al Muhajiroun in the same way as before.
The residual parts of the network continue to exist, but are under continual scrutiny. Choudary’s release provides a moment at which it could try to regenerate, but he will be watched closely and will struggle to mobilise people in the same way as before.
And anyway, in some ways the world has moved on. Al Muhajiroun’s narrative does not work in the same way as it used to. They used to shout about an Islamic State — it was built by Isis and there was considerable criticism for those in the organisation who did not go and join it.
Those being drawn towards extremist narratives today have not always heard of Choudary in the same way. Some in extremist communities ridicule his ilk as “microphone jihadis” who are all talk.
A key to him not getting back to the position he was in before is to starve him of his microphone and ensure that he is not the dominating news figure that he was. While this will not get rid of him, it will reduce his attractiveness.
His provocative interviews would draw people to him and create an aura of influence and power, which he was adept at manipulating to open up people to ideas that in some cases would lead them down a path towards violence.
There is of course a certain irony in writing this in an article about him for a major national website, but it is worth stating nonetheless: starving Anjem Choudary of his microphone will reduce his power and influence. Without it, he will simply become another aging ideologue whose followers are jailed, dead or drifting away.
Raffaello Pantucci is senior associate fellow at Royal United Services Institute
My final piece in this most recent blast, this time for my London base RUSI looking at UK terrorist threats and matching up what the UK threat picture looks like with the growing focus the UK is placing on counter-terrorism deployments in parts of Africa. The point was really to raise questions about whether these deployments are going in the right places. Am aware the balance is always a complicated one between threats, capabilities and cost, but it does seem an odd set of choices to make at the moment. I think this is a set of questions I want to explore in more detail going forwards, but at the moment a bit overcommitted with other pieces which should be landing over the next few months.
The UK is shifting its counterterrorism capability to Africa. Yet while the threat picture in Africa appears to be worsening, it remains unclear how outwardly menacing it actually is. The key question Whitehall needs to ask is whether the new deployments to Mali and Somalia appropriately reflect the global terrorist threat picture the UK faces.
For the ninth or tenth time, the leader of the Boko Haram terrorist group, Abubakar Shekau, has been reported killed. His death comes at a moment of growing attention towards terrorism in Africa. While last year saw a broader fall in terrorist violence around the world, in Africa it actually rose.
All of this comes as the UK appears to be increasing its counterterrorism focus on the continent. The prime minister has announced a deployment to Somalia to help address terrorist threats there, and the UK’s force in Mali has started to conduct operations on the ground. This suggests a shift in where the UK judges its main foreign terrorist threats to be coming from, as it follows the US out of the door in Afghanistan. The key question is whether this accurately reflects the threat picture to the UK and its interests.
Ironically enough, having been the target of authorities for many years, Shekau’s ultimate demise is reported to have come at his own hand while fighting the local Islamic State affiliate. An exceptionally violent man, Shekau led a brutal fighting force whose indiscriminate violence was considered too much even for Islamic State, leading to infighting among the jihadist groups on the ground. During his final stand, reports on the ground suggest that large numbers of his followers joined Islamic State rather than fight alongside him.
The death of terrorist leaders can often lead to fragmentation and greater levels of violence. However, Shekau’s death may actually accelerate a process of unification among the various violent groups in Nigeria under the Islamic State banner. This in turn could make the specific threat from Islamic State in the region worse.
What is less likely is that his death will particularly change the threat picture to the UK. As a global power with interests across Africa, the UK has an interest in stability in the region. But when looking at this region through a rigid counterterrorism lens, the threat appears far more local than international. And this is where questions might be asked about the current UK deployments to Mali and Somalia.
The threat picture in Somalia is one that has had direct links to the UK. We have just marked the eight-year anniversary of the death of Fusilier Lee Rigby. His murder was undertaken by individuals with links to terrorist networks in Somalia and their allies across the Gulf on the Arabian Peninsula. The current leader of Islamic State in Somalia is a former longstanding UK resident. There are fewer links to Mali, and no active plots that have been uncovered. Moreover, it has been a while since an active plot was prosecuted in the UK that had links to Somalia. Terrorism with links to networks in Africa that has affected the UK has tended to be connected to Libya – as we are discovering in some detail through the Manchester Arena bombing inquiry – as well as Tunisia, where some 30 UK holidaymakers were massacred in 2015.
There is no doubt that terrorist groups in Africa do have some connections to international networks, but they are not necessarily all connected in the same way. Nor is it entirely clear that they are all a threat to the UK or its interests equally – or that they pose the same level of menace as the groups that will continue to exist in Afghanistan.
But the UK is following the US’s decision on Afghanistan, and while some residual UK force will likely remain to support the more limited NATO mission on the ground, this is clearly not going to be a UK military focus. The key question, then, is whether the new UK mini-deployments to Africa are being targeted in the right places, and whether they are large enough to actually effect some change on the ground. So far, the reported numbers in both Somalia and Mali are in the low hundreds – certainly not enough to overturn longstanding jihadist threats or insurgencies that have been going on in some cases for generations.
This suggests the deployments are more demonstrative or focused on supporting limited kinetic counterterrorism goals rather than the long-term efforts that are needed to materially change the situation on the ground. This in turn highlights how the core of the UK’s security approach towards Africa in this regard still relies heavily on local forces.
Yet this has repeatedly been shown to be a fragile policy. One need only look at the fact that, at the same time as Shekau was dying fighting Islamic State, the Nigerian Army Chief died in a helicopter crash – or that just a month earlier, Chadian President Idriss Déby died fighting insurgents in his country – in order to see how fleeting African security arrangements can be. And this is before one factors in the latest coup d’état in Mali.
There is a growing terrorist threat in Africa. As the coronavirus pandemic afflicted the world last year, Africa was among the only places where violence associated with terrorist groups went up. And events in Mozambique earlier this year highlighted what a terrorist crisis in Africa could look like at its worst. Shekau’s death is likely to precipitate more violence in Nigeria. But it is not clear what kind of an outward-facing aspect these threats currently have.
By deploying small numbers of troops to Mali and Somalia, the UK is playing its part in tackling the broader regional issue. But the problems around terrorism in Africa are infinitely more complicated than these deployments suggest, and come at the same time as cuts in aid budgets to the same regions. If this light footprint reflects the fact that the threat picture to the UK is seen as limited, then questions should be asked as to whether scarce resources are being deployed optimally. The potential terrorist threat to the UK is still more likely to emanate from Libya, the Middle East or South Asia.
The views expressed in this Commentary are the author’s, and do not represent those of RUSI or any other institution.
BANNER IMAGE: UK forces in Mali. Courtesy of Ministry of Defence/OGLv3.0
Back on my one of my more traditional topics which has become a lot less newsworthy of late in a new short piece for UK’s The Times Red Box about the never ending Shamima Begum case. Am sure this is not the last we will hear of this case, and my sense is that the subsequent problems that might emerge from the case are only likely to get longer the more she is left out in Syria. Hard to see how this is going to end well sadly.
As she has for almost three years, Shamima Begum continues to sit in a dusty camp in Syria waiting for some resolution to her stage in life. Having made a catastrophically bad decision at 15, she is bound in a limbo to which there likely seems no end. The problems around her case, however, have not been resolved by the Supreme Court’s decision that simply prolongs her stasis.
There are numerous questions around her case, but three in particular distinguish themselves as needing immediate attention. First is the problem of her age. When she ran away to Syria at 15, she was committing a criminal terrorist act at an age younger than an anonymous Cornwall boy who pleaded guilty a few weeks ago to being a key UK figure of the online extreme right-wing group Feuerkrieg Division.
As a key organiser for the group online, he helped recruit others, vet members, and pushed followers online to move forwards to committing online acts of terrorism. Having pleaded guilty, he was given a two-year youth rehabilitation order, while a 17-year-old he had recruited and stirred into action was given a five-year custodial sentence for planning a terrorist attack.
It is difficult to compare the cases of course in part as we do not know what Begum did while she was in Syria. However, it does seem odd that our criminal justice system is able to handle teenage terrorists with relatively light custodial sentences while this young woman who started down a path when younger than them is on the receiving end of a literal life sentence.
We seem able to handle murderers, rapists, and other serious criminals through our ordinary criminal justice system, but we are incapable of managing a fanatical young woman.
Putting this to one side, it is also important to realise how utterly porous and unstable the situation in which Begum finds herself is. The camps in Syria are managed by a Kurdish fighting group that is ill-suited to keeping them and is far more pre-occupied with its own survival than the fate of those sitting in the camps. From their perspective, the foreigners are useful in that they keep the world’s attention on them, but they do not much care what actually happens to them.
The result has been regular escapes and clear evidence of support from networks back in the homes where they came from. In February, Turkish authorities detained French, Russian and New Zealand Isis women who had managed to sneak out of Syria. Investigations by UK newspapers have shown how online funding networks exist with links to the UK to raise money to help Isis women in these camps.
The point is that as static as the camps are, the people within them are not. This means that the method of simply leaving people over there and hoping the problem will go away is not an answer. And far more dangerous than leaving them in the camp is the prospect of them escaping unfettered and unobserved.
There is a final American angle to this dilemma. While President Biden is doubtless going to be focused on other things for the time being, it is a source of continued irritation in Washington that Europe has not found a way of managing its nationals in these camps.
While under Trump this complaint joined a long list of irritants with an administration that most wanted to try to avoid having to deal with, under Biden, the question will become more pressing and harder to ignore. Europeans spent a lot of time telling Washington off for Guantanamo Bay. How long before some in Washington start to draw similar comparisons?
There is no doubt that managing the return of Begum and the many others who joined Isis will be complicated. But the answer to this problem is to deal with it head on and on a case by case basis, rather than uniformly strip passports and dump on someone else people who are British responsibilities. Doubtless some of these individuals are hardened and irredeemable criminals who should serve long sentences for their crimes, but it is equally likely that some may be people who can be rehabilitated after some punishment. In this way they are similar to the many of thousands of others who have been through the British criminal justice system.
The answer to terrorism is to treat it like an ordinary criminal act rather than an extraordinary behaviour. We seem able to do that with teenage terrorists at home, it is not clear why we cannot with Begum.
Raffaello Pantucci is a senior associate fellow at the Royal United Services Institute
Happy holidays to everyone out there who is celebrating! Have a few pieces that have landed during this period and will post them over the next few days. A few longer pieces due out in January which with hope will set the pace for what will be a busy and interesting year. As ever, appreciate comments, criticisms, or whatever else you feel the need to share (though abuse is never particularly pleasant). This is a short policy recommendation piece for RUSI in London which joins the flood of material being pumped in the general direction of the incoming administration in Washington, this time focusing on the extreme right wing.
Europe and the Biden administration in the US should be ready to expand their cooperation on combating right-wing violent movements.
Recent international counterterrorism cooperation has for the most part focused on dealing with threats from violent Islamist groups such as the Islamic State or Al-Qa’ida. And this will likely remain a priority for security officials on both sides of the Atlantic. Looking forward, however, the transatlantic alliance should focus in a more considered way on the growing menace from the extreme right wing. This threat has been rising on both sides of the Atlantic for the past few years, has growing international connections and is a problem which was difficult to address during the Trump administration, as the president often appeared to prevaricate on far-right extremist activity in the US and re-tweeted Britain First (a UK extreme right group) material. Focusing on it in a Biden administration would provide an excellent springboard into cooperation in an area of clear joint concern and help to strengthen security bonds that may have weakened during the turbulent Trump years.
Different Roots
The roots of extreme right-wing ideologies in Europe and North America are traditionally different. The extreme right in the US is a mix of classic white supremacists and neo-Nazis, alongside survivalists and extreme libertarians with a deep resentment directed towards the Federal government. In Europe, the movement is characterised by deep xenophobia and anti-immigrant feeling, which has most recently coalesced around the idea of Muslim ‘hordes’ replacing settled European white communities. The exact interpretation of this supposedly apocalyptic shift varies depending on where you are in Europe. The modern extreme right (reflecting a pattern visible across extremist ideologies – from the far left, to violent Islamists, and others, ideologies are increasingly fusions which draw on multiple different sources) is a confusing kaleidoscope of ideas, including anti-globalists, misogynists, societal rejectionists, and conspiracy theorists. Yet what broadly unifies the extreme right on both sides of the Atlantic is a sense that their supposed (and often racially defined) ‘supremacy’ in their country is being challenged.
This is reflected in an increasingly shared ideology, networks and activity across the Atlantic and around Europe. The UK has already seen extreme right-wing incidents with links to Poland and Ukraine, while some Americans (as well as numerous individuals from around Europe) have gone and fought in Ukraine. Imagery, ideas and texts are widely shared on chat groups that are run from around Europe or the US with members from across the transatlantic community and beyond. Groups like The Base or the Order of the Nine Angels cast a net with members across Europe and North America, online groups like Feuerkrieg or Atomwaffen Division boast members around the world. Meanwhile, organisations like the Russian Imperial Movement (RIM) have provided physical training camps for extreme right adherents from across Europe and even North America.
Links to Russia
The repeated appearance of links to Russia are a notable feature of the growing contemporary extreme right wing. Earlier this year the US proscribed the RIM for its links to active terrorist networks, while the leader of The Base is reportedly an American living in St Petersburg. And the number of foreigners that went to fight in Ukraine provides another point of connection with Russian-supported groups on the ground. Exact numbers and volume of flow are unclear, but the expulsion from Ukraine in October of two American members of Atomwaffen Division shows it is ongoing. Finally, Russian interference campaigns have regularly focused on seeking to exacerbate societal tensions in the West – including focusing on racial tensions, feeding an underlying rhetoric that sustains the extreme right wing.
Transatlantic Cooperation
All of this points to a common problem that would benefit from greater transatlantic cooperation. Furthermore, the shared networks and ideologies and the implications of the links to Russia add a further dimension to the already challenging relationship with Moscow.
This aspect in particular is something that a Biden administration will find easier to address than a Trump one. President Trump’s hesitant relationship towards Russia, his retweeting of UK far right ideologues’ material, and his refusal during presidential debates (and before) to bluntly condemn white supremacist groups and, when pressured, his ambivalent corrections, made him an awkward partner in such a fight.
However, his departure from office will not address the broader issue of ideological overlap between the extreme right and narratives that are often raised by mainstream politicians in both Europe and North America. In some parts of Europe, for example, the anti-immigrant rhetoric used by mainstream politicians is not far off the same narratives advanced by extreme right groups in others. This ideological overspill is visible in other ways as well. Both the UK and Germany, for instance, have recently undertaken major investigations after uncovering adherents of extreme right ideologies within the ranks of their security forces.
None of this will be easy to unpick, but it is clearly a subject of growing importance on both sides of the Atlantic which should provide a basis for closer security cooperation. The growing networking of the different parts of the movement and individuals across the Atlantic provides a direct point of engagement for intelligence and security officials at every level, while the links to Russia tie into a broader threat narrative of confrontation with state actors.
Finally, the larger problem of trying to deal with the overlap between the extreme right, far right and mainstream politics is going to be very difficult to address. Managing rhetoric in this space will immediately start to tread on issues of freedom of speech. The issues and where the ideological bleed takes place, are clearly different on both sides of the Atlantic, but the complex mix of legislation and enforcement that will be needed to deal with it would benefit from transatlantic coordination and engagement. Disrupting these networks provides a platform to rebuild a transatlantic security relationship and reverse some of the damage of the Trump years.
The views expressed in this Commentary are the author’s, and do not represent those of RUSI or any other institution.
BANNER IMAGE: A neo-nazi rally. Courtesy of ARNO BURGI/DPA/PA Images
Raffaello Pantucci 