Stratfor's Fred Burton and Scott Stewart analysing the latest Hyderabad terror bombings opines that the terrorists are learning fast but still have a lot to learn to be really deadly. As for me, after reading their analysis, I am of the opinion that Stratfor has some more to learn about India, her Society and her Muslims.
An explosion ripped through a crowd watching a laser show at an outdoor amphitheater in the Indian city of Hyderabad on the evening of Aug. 25. At about the same time, a second device detonated in a popular outdoor restaurant in the city. The twin blasts killed at least 42 people and injured about 80.
Following the bombings in Lumbini Park and the Gokul Chat Bhandar restaurant in the Koti market, Indian police reportedly recovered as many as 19 unexploded devices in the city, though Stratfor has confirmed the recovery of only two devices, one under a footbridge in the Dilsukhnagar commercial area and a second in a movie theater in the Narayanaguda district. Regardless of the number of bombs planted, it appears the attack was intended to be more wide-ranging -- and deadlier -- than it was. The targets selected and the unexploded devices not only provide insight into the attackers' intent but also serve as a gauge of their level of competence. The unexploded devices will also provide investigators with a treasure trove of forensic evidence.
While the number of malfunctioning devices points to an inexperienced bombmaker, the fact that the devices were planted without detection indicates the organization responsible for the attack is practicing fairly good operational security. No arrests have been made in connection with the case, meaning the cell members involved -- including the all-important bombmaker -- remain at large. Indian investigators, therefore, are racing against the clock to locate and apprehend the attackers before they can learn from their mistakes and launch another, more devastating attack.
Dissecting the Attack
The choice of targets in this attack says a great deal about the cell that staged it. Because the cell attacked soft Indian targets, rather than some of the many soft Western targets in and around the city -- Hyderabad is a high-tech hub for Indian and Western corporations -- it clearly is focused on striking what jihadists term the "near enemy" (India) and not the "far enemy" of the United States and other Western powers. Additionally, the targets were clearly civilian, rather than the type of targets normally selected by the Maoist Naxalites, such as infrastructure or government sites. The Naxalites normally seek to avoid indiscriminate civilian causalities, since they believe such attacks will undercut their popular support. This, then, does not appear to be the work of either Naxalites or those jihadists who adhere to al Qaeda's targeting philosophy.
Therefore, based on the target selection, this attack appears to have been conducted by Kashmiri-type Islamist militants seeking specifically to kill Hindus in order to stoke intercommunal Hindu/Muslim violence. Furthermore, the intent of this attack appears similar to that of an Islamist militant attack in May against the Mecca Mosque in Hyderabad. That attack, though, revealed a strategy to strike at Muslim targets in order to incite communal riots between Hindus and Muslims. However, Hyderabad's Muslim community failed to take the bait and instead turned increasingly hostile toward these militant groups, further threatening their support.
The backlash experienced following the Mecca Mosque bombing likely encouraged the Islamist militants to shift their focus toward Hindu targets in their effort to stir up communal animosity. Furthermore, the choice of soft targets suggests the attackers did not consider themselves capable of hitting any of the city's many symbolic -- and therefore more highly protected -- Indian/Hindu sites.
Following the June 29-30 attempted bombings in London and Glasgow, Scotland, -- plots that involved militants born in India -- Indian authorities asked information technology companies in Hyderabad and other places to step up security. In addition, although the threats that surfaced Aug. 21 involved Chandigarh, the warning served to keep security high at India's high-tech companies in places such as Bangalore and Hyderabad. Following the May 18 bombings at the Mecca Mosque, security at religious sites in the city also was increased.
In addition to the type of target selected, the type of attack conducted can provide insight into those behind it. In this latest attack, the perpetrators left improvised explosive devices (IEDs) in unsecured public places -- the modus operandi (MO) also employed in the Mecca Mosque attack. While using this common MO does not necessarily mean the same group is behind both attacks, it does signify that the groups that conducted the two attacks are operating at roughly the same level of operational sophistication. This type of attack against a soft target does not incur much risk and requires few resources. Additionally, it does not require the intense dedication/indoctrination required for successful suicide bombings, and it does not consume human resources as quickly; the operatives who planned and conducted this attack are still at large.
The selection of soft, vulnerable targets and the fact that at least half the IEDs deployed did not function as designed points to a low level of professionalism. However, it is significant that the cell obtained the explosives and components necessary for the devices, constructed them and deployed them without detection. This is not a small feat, which indicates the organization practices an acceptable level of operational security. It also seems to highlight the shortcomings of street-level Indian intelligence officers. The weaknesses of this militant cell appear to be in bombmaking and lack of imaginative operational planning -- the kind of planning that could allow the attackers to use their devices to target more high-profile figures or sites. However, these are areas in which militants traditionally improve with experience.
The Importance of Bombmakers
One of the key positions in any militant organization is that of the bombmaker, since his work can literally make or break an operation. This was dramatically reflected in the difference between the impacts of the July 7 and July 21, 2005, London attacks. Because of the mistakes made by the July 21 bombmaker, that attack is now only a footnote to the successful July 7 attack.
In spite of popular wisdom, a person does not become a proficient bombmaker by reading a few Internet sites that offer instructions on bomb construction. Indeed, as demonstrated by the would-be London and Glasgow bomber, Bangalore-born Kafeel Ahmed, even an advanced engineering degree does not provide the practical skills required for a person to become an effective bombmaker. This skill is even more critical when the bombmaker is working in an environment such as the United States or United Kingdom, where strict controls on explosives require that a bombmaker construct his own improvised detonators and explosive mixtures, a dangerous process in which one mistake can result in a serious injury or death. When making improvised explosive mixtures, even experienced bombmakers, including militant mastermind Abdel Basit, occasionally catch themselves on fire.
However, even when commercial or military explosives are available, designing an effective and reliable firing chain can be difficult. Inexperienced bombmakers often will take shortcuts when constructing their devices (especially when they have been ordered to construct multiple devices) and, in addition to making other mistakes, will not take the care to thoroughly test each of their firing chains for functionality. However, through trial and error, bombmakers tend to learn from past mistakes and improve their devices to make them increasingly reliable and deadly.
Although a remarkable amount of forensic evidence can be recovered from any blast site, the unexploded devices picked up in Hyderabad will provide invaluable forensic evidence for Indian investigators. It obviously is far quicker and easier to work with intact devices than to try to recover and piece together a device after it detonates. One of the first items examined will be the IEDs' main explosive charge, which in this case appears to have consisted of cartridges of commercial explosives. These cartridges should have lot numbers on them that will allow authorities to trace them from the manufacturer to the last legitimate purchaser. Although explosives are frequently stolen from quarries and construction company warehouses (even by unscrupulous employees), tracking the explosives used in an attack to a specific robbery or theft could help authorities locate the cell.
In addition to the main charge, the devices could contain detonators (blasting caps) or booster charges that also might be marked with lot numbers or other traceable manufacturer markings. Other components used to construct the devices, such as the clocks used for the timers, the wires, the batteries and the containers, will be carefully studied and efforts will be made to trace them. The components also will be checked for fingerprint and DNA evidence, while evidence such as the marks made by the pliers or wire cutters likely will be studied and databased. It must be remembered, however, that CSI: Hyderabad is not the same as CSI: Miami -- and even Miami's real crime scene investigators are nowhere near as advanced as their fictional counterparts.
In addition, investigators will study myriad small details pertaining to the way the device was designed and constructed -- little touches referred to as the bombmaker's "signature" -- in an attempt to tie this specific bombmaker to previous plots. The signature can include unique items used in fashioning the firing chain; the way wire was stripped, cut, twisted and soldered; and the use of electrical tape and shrink tubing. In this case, it will be interesting to compare the signature of the person who made the two unexploded devices with that of the person who made the two unexploded devices recovered from the Mecca Mosque attack.
As we said after the Mecca Mosque bombing, the attackers' MO, the placement of the devices and the number of unexploded devices indicate the organization behind that attack was not very sophisticated. The group behind this latest attack has exhibited many of the same characteristics. It does not appear to be overly advanced at this time -- though its ability to obtain explosives and deploy devices without detection is troubling for Indian authorities.
While some sources in India say they believe Pakistan's Inter-Services Intelligence (ISI) agency was involved in this latest attack, the simplicity of the attack and the lack of skill on the part of the bombmaker suggest there was no ISI connection. The operatives trained and directed by the ISI tend to be more professional than those behind this latest attack. Also, commercial explosives were used in this latest attack, which is not without precedent, but an ISI-connected operation likely would have involved military explosives, such as RDX, which seem ubiquitous among militant groups on the subcontinent.
Although the Mecca Mosque bombing involved military explosives and targeted a different side of the communal line, there are many similarities between these attacks -- including intent, MO and level of professionalism. The Mecca Mosque bombing killed five people, while this latest twin bombing killed more than 40. If the same group is behind both attacks, it appears to be improving -- and getting deadlier. This learning curve will place additional pressure on Indian authorities to identify and capture the perpetrators before they can improve their tradecraft enough to stage larger, mass-casualty attacks or begin to attack harder, more secure targets, such government buildings, Indian high-tech companies or Western companies doing business in the country.[Stratfor]