Remote Control

Although there is a lot of gloating going out about how encryption played no part in the Paris attacks, it is too soon to make that assessment. For several reasons we can assume there was contact between the Molenbeek based network and ISIS command. Firstly, a historical analysis of terrorist attacks show that there is very frequently contact between the commanders of the organization and the remote networks/cells. Secondly, a number of strong indications exist from what we know that suggest there was communication and coordination between Europe and Syria.

Officially, they know nothing

The official statement from ISIS claiming responsibility for the attacks gets some key facts wrong. This suggests that the statement was written before the assault happened, i.e. based on the plans, rather than post hoc on news reports.

Here is the official statement (its in French):

Official ISIS claim of responsibility

The key points to take from this are:

  1. Claims of attacks in the 10th, 11th and 18th arrondissement. There was no attack in the 18th.
  2. Claims of 200 dead. This would make sense if the stadium attacks were successful, or the Bataclan attack more successful. This is an over estimation based on pre-operation plans.
“Eight brothers … and other targets in the tenth [10], the eleventh, [11] and the eighteenth [18] county …”

Red Rover, Red Rover send suicide bombers over

At the end of September the two brothers Brahim Abdeslam and Salah Abdeslam sold their bar. The money from this sale was used to finance the attacks. On October 3rd, two ISIS suicide bombers were smuggled into Europe posing as Syrian refugees. This suggests that the plan was prepared earlier, before October, and then set in motion around the end of September.

For the two suicide bombers to be sent over to take part in the attack, the European cell would have had to be in communication with ISIS central command.

Control Freaks

The earlier ISIS attack accompanying the Charlie Hebdo massacre was controlled by someone outside of France. While the handler for that attack might have been Abaaoud, that seems unlikely since he never claimed responsibility for it in his Dabiq interview. This suggests that they are using coordination from central ISIS to manage their attacks in Europe. This occurs via encrypted email. There is reasonable chance that ISIS continue to exert control with the Molenbeek network.

Encryption, Shmencryption. So what?

Although it seems almost certain that there was some level of coordination and communication between the European based network and ISIS central command, there is no reason to believe that encryption is to blame for the failure to detect the planning of the Paris attacks.

The network leader, Abaaoud, was extremely high profile and should have been apprehended immediately in Europe. In addition, his network was composed almost exclusively of people that were already known to the security forces. Also, the sale of the bar (a huge change of life pattern) and the subsequent travel during the deployment phase of the attacks were serious red flags that could have triggered additional scrutiny of the network.

Encryption had nothing to do with the success of the attacks. Targeted surveillance would have been enough to disrupt the plot.