Terrorists, Lies and Missed Opportunities
The attack on the Crocus City Hall Concert venue in Moscow, Russia is playing out in newscasts, political statements, and terrorist media sites around the world. As a former Intelligence Officer who focussed a large portion of his career in counter terrorism investigations, I wanted to look at what has happened, what claims have been made and what we can expect going forward.
On March 23, 2024, while waiting to hear a rock band in a concert hall in Moscow, over 133 people were killed and over 100 were injured when gunmen armed with explosive devices opened fire and started shooting automatic weapons indiscriminately at the seated attendees.
Unfortunately, I am entirely too familiar with this type of carnage and its aftermath as I have had to go over similar information in great detail as a regular part of my former career. As an intelligence officer, counterterrorism investigations were part of the day to day. I was required to look at an attack like this from all angles to try and gain some reasoning behind the horrific carnage. Destruction that was perpetrated by a small number of terrorists on innocent bystanders. While doing this, it is difficult to not constantly be reminded that these victims were looking for no more than to listen to some live music and enjoy a night out with friends and family.
Although most of us in the western world can agree that the actions of the Russian Government and Vladimir Putin regarding Ukraine, political dissidents, and continuous acts of cyberattacks against the west are disgraceful and vile, the terrorist acts that wounded many, took the lives of many more, and destroyed the concert hall are no less justifiable.
Did ISIS-K conduct this attack?
Inspired vs Co-ordinated
To answer this question, we first need to look at Islamic State of Iraq and Syria – K and their Modus Operandi regarding claiming responsibility for terrorist attacks. There have been several instances when ISIS has falsely claimed responsibility for horrendous attacks and mass casualties:
- The Resorts World Manila Complex in the Philippines was attacked in the tragic events of June 2, 2017. 38 lives were lost, and 70 individuals were injured. Chaos erupted as a gunman set fire to casino tables and slot machine chairs, triggering a stampede among patrons. Later investigations revealed that the assailant sought to steal casino chips from the venue before ultimately taking his own life during a confrontation with law enforcement.
ISIS claimed that “Islamic State fighters carried out” the attack in a statement on its Amaq (ISIS’ pseudo news agency) and later followed-up with a statement from the group’s east Asia division referred to only one attacker – whom it named as Abou al-Kheir al-Arkhebieli – and boasted about the number of “Christians killed or wounded” before he “took his life.”
In reality, the “attack” was a casino robbery gone wrong, perpetrated by a disgraced former employee of the Philippine department of finance who resided in Santa Cruz, Manila.
2 On October 1st 2017, a long gunman shot and killed over 58 people, and his actions resulted in over 500 more being injured, when he began shooting into a crowd in Las Vegas, Nevada.
Again, ISIS claimed responsibility in a pair of statements released on Amaq citing anonymous sources, that the gunman, later identified by police as 64-year-old Stephen Paddock, converted to Islam several months ago and carried out the attack, “in response to calls to target states of the coalition” battling ISIS. The claims were easily disproved as the man had no affiliation with Islam or any terrorist organization.
Although these are simply two examples, there are many more historical examples of false claims by ISIS, but for the sake of brevity, I feel I have made my point. The bigger question is why lay claim to attacks if they weren’t coordinated by your terrorist group? The answer is both simple and complex. The simple answer is that ISIS is a propaganda machine that is constantly looking to remain relevant in a modern era.
With Al Qaida for example, every planned terrorist attack was required to go up the ranks for approval before it was signed off and paid for. ISIS on the other hand, used the internet and propaganda to its advantage telling anyone who was willing to listen to conduct an attack in any fashion they choose, and they (ISIS) would lay claim to it after its success as an “inspirational attack” as opposed to an actual coordinated one.
Recent still images by Amaq shows 4 individuals standing in front of an ISIS black flag, wearing baseball caps, with their faces covered except for the eyes and holding up one finger. The only visible part of their faces is blurred. ISIS-K claims they are the men who perpetrated the Moscow attack.
This leads to question of why would the pixilate the eyes of the attackers if they have already been apprehended by Russian authorities?
The four men from Tajikistan, Saidakram Rajabalioda, Dalerjon Mirzoev, Muhammadsobir Faizov and Faridun Shamsiddin have all been seen in recent news footage looking bloody and beaten as they make their appearances in court. According to some news articles, the men confessed that they were offered thousands of dollars to perpetrate the attack, which does not sound like an ISIS martyrdom attack to me. They were subsequently captured as they fled and were apparently heading to the Ukraine to meet up with others.
Coordinated ISIS attacks usually have pre attack video of the extremists to allow for the ISIS propaganda machine to take full advantage of the horrific acts for further recruitment and credibility as a terrorist organization. This, so far, does not appear to be the case in this instance.
This leads us to the next concern in this interwoven web of politics, terrorism, and intelligence.
Never let the opportunity of a crisis pass you by
Soon after the attack, Putin stated that, despite intelligence information from the US that an attack by extremist elements on large public venue gatherings was imminent, he tried to connect the attack to Ukraine.
This type of political hyperbole is not unheard of after a terrorist attack. Putin, like many political leaders before him, made accusations that he likely believed would align with his own political aspirations. In this specific case, to help unit the Russian people against Ukraine and further justify his “military actions” and constant bombarding of the Ukrainian people.
After the 3/11 Madrid bombings in Spain, which claimed 190 lives and resulted in 1,800 injured. The Spanish government initially attributed the attack to the Basque separatist group, ETA. However, evidence pointed to a different reality.
The simultaneous detonation of ten bombs across commuter lines indicated the involvement of Islamic jihadist terrorists and subsequent investigations revealed the attack had been orchestrated by Moroccan immigrants affiliated with al-Qaeda not the enemy of the state that Spanish Government was concerned about, the Basque party.
Enemies Lie, But Not Always
Putin’s disregard for the US intelligence on an upcoming attack prior to the assault on the Crocus City Hall by extremist elements is seen as an intelligence failure by some and par for the course by others.
In no way do I justify the disregard for threat related intelligence, but a deeper dive may help to explain Putin’s thinking surrounding this situation. Information shared between enemy states is circumspect to say the least. Espionage is a game of deceit, half-truths, and falsifications to throw your enemy off and keep them guessing. Additionally, there is the consideration of the specificity of information. From open news sources, it appears that earlier this month the US had provided Russia with intelligence that an extremist related attack was imminent and likely to be targeted against a large group or gathering.
Unfortunately, this type of information is difficult to follow up on, and even if the Russian Intelligence Community took the information as credible the likelihood on them following up with the US or the US being able to provide any more specific information was low.
In an ironic example of the shoe being on the other foot, the FSB reportedly warned the FBI in 2011 about Tamerlan Tsarnaev, one of the suspects in the Boston Marathon bombings, highlighting his association with militant Islamists. Despite these warnings, U.S. authorities missed opportunities to detain Tsarnaev.
Tsarnaev subsequently took a trip to Dagestan, a region suspected to have influenced his radicalization, and on his return to the United States was not detained, ultimately culminated in the tragic Boston Marathon bombings on April 15, 2013.
Both the Boston Marathon bombings and the Crocus City Hall attacks serve as stark reminders of the potential consequences when intelligence information is disregarded emphasizing the critical need for effective collaboration and information sharing between even adversarial intelligence agencies, especially in cases involving terrorist threats.
What can we expect next?
The aftermath of the Crocus City Hall attack in Moscow and the subsequent revelations regarding intelligence sharing and missed opportunities suggest several potential developments moving forward.
Firstly, there may be increased scrutiny and reforms within intelligence agencies both in Russia and abroad. The failure to act on credible intelligence warnings underscores the need for improved collaboration and responsiveness to potential threats.
Secondly, there may be geopolitical repercussions, particularly in the case of Russia’s response to the attack. President Putin’s attempt to link the attack to Ukraine highlights the potential for further escalation of tensions in the region.
Additionally, there may be renewed calls for international cooperation in combating terrorism. The parallels between the Crocus City Hall attack and previous incidents, such as the Boston Marathon bombings, underscore the importance of sharing information and coordinating efforts to prevent future atrocities.
Overall, while the future remains uncertain, it is imperative that lessons are learned from this tragic event to enhance security measures and mitigate the risk of similar attacks in the future.