The Paris Attacks Were En Clair

This Wall Street Journal article gets the title wrong: “Paris Attacks Plot Was Hatched in Plain Sight”. What is described in the article is execution of the plan, which was done in the clear. We still do not know how the plan was plotted or what communications existed between ISIS and the European based attackers.

Some things we do know: the attackers were very bad at security. They made some basic mistakes that allows the remaining cell members to be rolled up rapidly, exposing their safe houses and logistics members. The French have stated that the cell planned on conducting further attacks, since they had additional weapons and police uniforms stockpiled in their safe house. Given that they planned to live and conduct further attacks, their operational security was poor.

Friends and Family are not compartmented cells

The array of car rentals, cellphones and online lodging reservations allowed Mr. Abaaoud to organize his militants as separate cells to ensure the plot wouldn’t unravel if one of the teams was compromised.

This is not true. The cells were heavily compromised because they were built using existing strong links. The only compartmented cell members were the two, as yet unidentified, suicide bombers destined for the Stade de France. Everyone else was connected via very clear social ties. If the cells were compromised, investigators would rapidly find the other members and the attack would collapse. This “compartmented on paper”-only style cell structure is very common for amateur cells. Recruiting friends and family is the normal approach for illicit organisations.

Most underground networks just grow along the messy lines of pre-existing strong ties, unless some people have enough resources to control this growth and force it into a more hierarchical outcome.”

Source: http://www.insna.org/PDF/Keynote/1996.pdf

Only 80s kids will remember this: Fake IDs

In addition to a Seat-brand car, Salah Abdeslam rented a Volkswagen and a Renault from two different rental agencies in Brussels. Rental companies in Belgium don’t vet clients as long as their driver’s license, government identification and credit cards are valid. (Emphasis added)

This is exactly why amateurs and terrorists need to use their real IDs. In the modern day it is quite hard to operate without a full set of government ID and credit cards. These require a serious investment to get convincing fakes for which there is still always a risk of being caught. Being caught during the logistics phase would be enough to scupper the attack, for as I mentioned above, these cells were poorly compartmented. Only professional intelligence agencies have easy access to good fake IDs these days. The cost for others is prohibitive.

Renting three cars from three agencies is not the same as sneaking into a bar. The level of scrutiny is higher and the checks more thorough. Plus the consequence for failure are catastrophic.

Interestingly, there was at least one convincing fake passport in the cell. One of the unidentified suicide bombers had a fake Syrian passport which could have been used (possibly) to rent the cars in Belgium. He wouldn’t have a driving license or a credit card though, so possibly it wouldn’t have been possible to register. He lacked the full identity set.

It is worth noting that even Russian intelligence operatives don’t always get false identities. In early 2015 Russian SVR agents were recorded complaining:

“Of course, I wouldn’t fly helicopters, but pretend to be somebody else at a minimum,” he said.
Sporyshev seemed to concur, lamenting, “I also thought that at least I would go abroad with a different passport.”

Millennial Terrorism

Given the low funds available to this network, and the high tempo at which they planned and executed their attack, it is not surprising that much of their logistics work was conducted in the clear. To do it otherwise would be expensive and risky. Operating in the clear allows for low risk pre-attack, and high risk during the investigation. Since many attackers were planning on suicide operations, their post-attack concerns seem to have been negligible.