Threat Intelligence Blog

Last week, we talked about “soft targets” – ones that are easy to exploit and can guarantee higher operational success. Soft targets, including hotels, nightclubs, airport terminals, and sporting events, are more frequently targeted for terror attacks because of their accessibility and lack of security.

What is the underlying thought process behind attacking soft targets and what measures can the private sector take to detect and prevent future mass casualty attacks?

Soft Targets Selection is Driven by Strategic Objectives and Ideological Motivations

The first stage in the terrorist attack cycle, commonly referred to as the target selection process, is often driven by strategic and ideological objectives. Targets are also selected in response to what security measures exist in the operational environment. Terrorists calculate the costs and benefits when selecting a target. If a high profile and symbolic target such as a foreign embassy or high-level meeting are well-protected or “hardened”, a threat actor with limited capabilities can substitute the hardened target with a softer target that offers a higher level of operational success.

Terrorists choose soft targets because they are easy to attack and do not require a long planning cycle, which is ideal for terrorist groups that are under pressure and seek quick retaliatory attacks to settle the score and demonstrate their resolve and resiliency for enemies and supporters.

Attacks against soft targets with high civilian losses can generate global media attention that magnifies the terrorist groups’ cause, satisfies their constituency, and attracts new recruits. In particular, attackers take hostages because it prolongs the drama and results in live media coverage rather than after the fact coverage.

Terrorist groups also attack soft targets to dissuade foreign investments and undermine industry sectors of an economy in an effort to weaken the adversary. For example, the Turkish tourism sector is currently under pressure and heading towards a 35-40 percent drop in tourism income[1] for the rest of 2016 due to continuous attacks by the Kurdistan Worker’s Party and ISIS.

Lastly, attacks against soft targets causing mass causalities are also motivated by ideology and worldview. Threat actors that subscribe to religious or apocalyptic causes are generally predisposed to attack soft targets with a high concentration of civilians. They may seek to purify a corrupt religion, expel foreigners, eradicate societal structures, or hasten the end of the world. Moral codes are absent and enemies are de-humanized, which eliminates any moral barriers towards committing mass killing of civilians, including women and children.

Measures to Detect and Prevent Pre-Operational Surveillance and Attacks on Soft Targets

The private sector can detect and prevent future attacks by paying close attention to pre-operational activities or the surveillance/reconnaissance aspect of the attack cycle. The surveillance/reconnaissance stage is conducted to gain a profile of the target, determine the most suitable attack approach, and determine the best time to attack. Threat actors may visit their intended target a few times[2] before initiating an attack. Therefore, employees and private entities utilizing security guards can play an important role by being observant to detect any suspicious behavior that could indicate an upcoming attack, such as:

  • Be cognizant of any unusual interest or questions about security procedures, including access controls, delivery gates, security badges, alarms, doors, gates, cameras, locks, and security reaction drills. Threat actors can conduct surveillance by using a variety of equipment, including cameras, binoculars, zoom lenses, and global positioning systems (GPS).
  • Be aware of unusual incidents such as multiple fire alarms or fictitious emergency calls to the same location. Such actions could indicate a test of security to gather information on security responses, behavior, and response times.
  • Be conscious of any vehicle parked in the same area or location over multiple days and efforts to avoid surveillance cameras. Prolonged static surveillance can indicate hostile reconnaissance.
  • Be alert to an unusual interest in egress and ingress points, peak days, hours of operation, site plans, security guards, and other employees.
  • Increase security awareness among staff (security guards, cleaning staff, maintenance and contractors) and encourage suspicious activity reporting.
  • Private venues with security guards can perform active and unpredictable patrolling in internal and external areas, particularly before and during special events and holidays.
  • Conduct pre-employment screening of new personnel and existing staff to identify any derogatory information.
  • Install and utilize closed-circuit television (CCTV) systems to help identify planning activity.

By Hans Mathias Moeller, Senior Analyst, SIU

Connect with us on Twitter, Facebook, and LinkedIn if you would like to discuss any of our blogs in more detail!


You May Also Be Interested In…


[1] http://www.bloomberg.com/news/articles/2016-06-29/terror-hits-turkey-tourism-industry-when-it-s-down-three-charts
[2] http://www.cnn.com/2016/06/14/us/orlando-shooter-omar-mateen/

Additional Posts

Weekly Phishing Activity: September 6, 2016

Phishing Activity: TOP TARGETS Week of August 28 – September 3, 2016 In this week’s phishing ...

Weekly Threat Intelligence Brief: August 30, 2016

This weekly brief highlights the latest threat intelligence news to provide insight into the latest ...