One detail about the horrible attack in San Bernadino has caught my attention, the terrorists smashing their hard drives and cel-phones. Counter-forensics has long been an important component of terrorist operations, while cyber-forensics have been an essential tool for counter-terror operations. In the San Bernadino attack, we see terrorists adapting (in a low-tech way) to improved law enforcement capabilities. With than in mind, I’m re-upping this piece I wrote several years ago after the central forensics laboratory in Baghdad was bombed by Islamist insurgents.
Counter-forensics has long been part of the terrorist playbook, so today’s attack on the central forensics lab in Baghdad is by no means unprecedented in the annals of terrorism.
According to Tony Geraghty’s fascinating The Irish War: The Hidden Conflict Between the IRA and British Intelligence the IRA was obsessed with preventing evidence from falling into the hands of British authorities. They developed extensive internal research and development capabilities to counter British forensic science and wrote manuals to train their members how not to leave evidence. The manuals get very detailed, including instructions about the dangers of incriminating particles and fibers in the hair and clothes of operatives.
The IRA had good reason to be concerned. British authorities found clothes and hair to be forensic bingo and actually ran an undercover operation operation disguised as a mobile valet service to gather forensic evidence.
The IRA found that a good offense was the best defense and ambushed the mobile valet unit in October 1972. They also bombed the Northern Ireland Forensic Laboratory — twice. The first time they faked and accident so that a car with a bomb planted inside would be taken into the forensics lab, where it detonated and destroyed substantial quantities of forensic evidence. Later, in September 1992, the IRA set off a 3,000 lb on the lab’s perimeter.
In many cases the most sensitive nodes are people — killing key leaders or specialists can disable a movement or organization. At least some of the victims of the bombing were investigators and they will not be easy to replace. The specialized equipment will also be difficult to replace. But, if the IRA’s history is any example, the accumulated physical evidence could be the greatest loss for Iraq’s counter-terror efforts. In almost any kind of research quality data is everything.
Terrorists in Iraq are clearly ramping up activities, having carried out two terrible deadly attacks in as many days. Breaking clandestine networks requires the careful sifting of evidence, seeking clues and patterns. But now, the evidence is gone and the investigators are back to square one.
Today’s attack was a strategic one, reducing the government’s ability to defeat its enemies both in the short and long-term.
Originally published at terrorwonk.blogspot.com on December 6, 2015.