An Analysis of Al-Qaida Tradecraft is the 'companion document' to DSSi's Hunting the Sleepers:

http://www.metatempo.com/huntingthesleepers.pdf

This analysis of what is portrayed as Al-Qaida's tradecraft will be largely parenthetical; it is based on the HTML document made possible by John Young's Cryptome effort, and the original (unedited, uncommented, unredacted) is available at:

http://cryptome.org/alq-terr-man.htm

Comments on the text will be contained within brackets and italicized [as such] so they can be distinguished from the original text and Cryptome comments.

The analysis of this tradecraft has, as its primary focus, the identification of 'sleeper' (covert) operators so that they can be neutralized; please see DSSi's Hunting the Sleepers for a less disjointed and referential approach.

Analysis is a complicated matter, and relies heavily upon the skill and experience of the analyst; in this case, the primary analyst has over 20 years of unconventional warfare and intelligence experience. Tradecraft can be defined as the means and methods of intelligence and espionage, the processes used by intelligence officers, operators, and assets (agents) to go about their business. The intelligence community, as well as 'non-State actors' such as Al-Qaida, train personnel in tradecraft dogmatically--a set of rote procedures to accomplish a purpose. This creates inherent weakness in the personnel--without understanding the fundamentals of the tradecraft, they can't "improvise, adapt, and overcome" very well. Any rote procedure creates a vulnerability that can be turned to an opponent's advantage, and in this case, perhaps that advantage can lead to identification and neutralization of Al-Qaida sleeper agents. The killing of innocents, by any side, in any conflict, is reprehensible and should be prevented, but not at the cost of limiting the freedoms, the pursuit of life and liberty that is essential to happiness. It's like going into a knife fight with a dull blade and one hand tied behind your back, but to do otherwise makes the fight, and a victory, meaningless.

MW

[This is the original Cryptome document introduction.]

8 December 2001. Thanks to WM and SA.

Several commentators have observed that this manual appears to be a compilation of material drawn from various military, intelligence and law enforcement manuals for internal security, guerilla and covert operations around the globe, and thus is not unique for its alleged sponsorship by Al Qaeda -- which is not mentioned in the manual. Most of these manuals make use of each other's offerings and are studied and emulated worldwide by internal security, military, intelligence and commercial organizations for offensive and defensive purposes. For more on "terrorism manuals," search Google on the term.

[True. Just as in the hacker community, where details of a technical vulnerability can cross the globe in minutes, and 'exploit' code can become available in hours, the 'tempo' of communication and information sharing among non-State actors is rapid, and a contributing factor in why they are formidable opponents. What one group finds useful quickly propagates to other groups for application, an 'evolution' that is difficult for bureaucratic organizations, such as conventional military and intelligence organizations, to respond to.]

A more comprehensive "Encyclopedia of the Afghan Jihad" was allegedly discovered in September 2001 which was claimed to be so frightening that most of it could not be made public -- not unlike claims made by the Department of Justice for parts of this manual.

It is not yet clear whether any of these manuals are authentic, or are fabrications for disinformation and propaganda, as described in The Creation and Dissemination of All Forms of Information in Support of Psychological Operations (PSYOP) in Time of Military Conflict.

Comments for publication (or not) welcome; send to: jya@pipeline.com

A reader suggests comparing with manuals of the School of the Americas:

http://www.soaw.org/soam.html

Released by the Department of Justice on December 7, 2001.

Source: http://www.justice.gov/ag/trainingmanual.htm

Al Qaeda Training Manual

The attached manual was located by the Manchester (England) Metropolitan Police during a search of an Al Qaeda member's home. The manual was found in a computer file described as "the military series" related to the "Declaration of Jihad." The manual was translated into English and was introduced earlier this year at the embassy bombing trial in New York. The Department is only providing the following selected text from the manual because it does not want to aid in educating terrorists or encourage further acts of terrorism.

Al Qaeda Training Manual

Cover - Lesson 4
Lesson 5 - Lesson 8
Lesson 9 - Lesson 11
Lesson 12 - End

            1.  That on May 10, 2000 the residence of Nazih al
   Wadih Raghie located in Manchester, United Kingdom was
   searched and the following items were seized by the British
   authorities:

            Below that is listed the Government Exhibit numbers
   and the Bates numbers for 1650, 1675, 1676, 1677, 1677-T as
   well as 1678.  It is further stipulated and agreed that the
   other materials produced by the government in discovery
   pertaining to these searches are also authentic photographs or
   other reproductions of films seized or documents copied from
   computers seized from the premises.

Fifteen pages of the training manual not released by DoJ but published by The Smoking Gun have been inserted: pages 69, 153-160, 170-175.

Missing pages 70-74, 99-152 and 161-169 are welcomed. Send to: jya@pipeline.com

Source: http://www.justice.gov/ag/manualpart1_1.pdf  (1.1MB)

The attached manual was located by the Manchester (England) Metropolitan Police during a search of an al Qaeda member’s home. The manual was found in a computer file described as “the military series” related to the “Declaration of Jihad.” The manual was translated into English and was introduced earlier this year at the embassy bombing trial in New York.

Cover

Presentation

Introduction

First Lesson - General Introduction

Second Lesson - Necessary Qualifications and Characteristics for the Organization's Members

Third Lesson - Counterfeit Currency and Forged Documents

Fourth Lesson - Organization Military Bases, "Apartments Places" - Hiding

Fifth Lesson - Means of Communication and Transportation

Sixth Lesson - Training

Seventh Lesson - Weapons: Measure Related to Buying and Transporting Them

Eight Lesson - Member Safety

Ninth Lesson - Security Plan

Tenth Lesson (partial) - Definition of Special Operations

Eleventh Lesson - Espionage (1) Information-Gathering Using Open Methods

Twelfth Lesson - Espionage (2) Information-Gathering Using Covert Methods

13th, 14th and 15th Lessons not available

Sixteenth Lesson (partial) - Assassinations Using Poisons and Cold Steel

Seventeenth Lesson (partial) - Torture Methods

Eighteenth Lesson - Prisons and Detention Centers

                                                [Stamp] GOVERNMENT 
                                                        EXHIBIT 
                                                        1677-T 




                      UK/BM-1 TRANSLATION

          IT IS FORBIDDEN TO REMOVE THIS FROM THE HOUSE  



                      UK/BM-2 TRANSLATION

DECLARATION OF JIHAD [HOLY WAR]
 
AGAINST THE COUNTRY’S TYRANTS

MILITARY SERIES




[Emblem]: A drawing of the globe emphasizing the Middle East and  
Africa with a sword through the globe  

[On the emblem:] Military Studies in the Jihad [Holy War] Against 
the Tyrants  


                      UK/BM-3 TRANSLATION

[E] 19/220

       In the name of Allah, the merciful and compassionate  


                           PRESENTATION  

To those champions who avowed the truth day and night... 
...And wrote with their blood and sufferings these phrases...

-*- The confrontation that we are calling for with the apostate
regimes does not know Socratic debates..., Platonic ideals..., 
nor Aristotelian diplomacy. But it knows the dialogue of
bullets, the ideals of assassination, bombing, and destruction,
and the diplomacy of the cannon and machine-gun.

***...
Islamic governments have never and will never be established
through peaceful solutions and cooperative councils. They are 
established as they [always] have been  

     by pen and gun  

                    by word and bullet  

                                       by tongue and teeth

                      UK/BM-4 TRANSLATION

In the name of Allah, the merciful and compassionate  


Belongs to the guest house  

Please do not remove it from the house except with permission.

[Emblem and signature, illegible]
 

            UK/BM-5 TRANSLATION

                        Pledge,O Sister

To the sister believer whose clothes the criminals have stripped
off.

To the sister believer whose hair the oppressors have shaved.

To the sister believer who's body has been abused by the human
dogs.

To the sister believer whose...
 

                        Pledge, O Sister

Covenant, O Sister ... to make their women widows and their
children orphans.

Covenant, O Sister ... to make them desire death and hate
appointments and prestige.

Covenant, O Sister ... to slaughter them like lambs and let the
Nile, al-Asi, and Euphrates rivers flow with their blood.

Covenant, O Sister ... to be a pick of destruction for every
godless and apostate regime.

Covenant, O Sister ... to retaliate for you against every dog
who touch you even with a bad word.
 

[The language here is worth considering for what it tells us about the mindset and profile of an Al-Qaida operator. First, the language is intentionally chosen, and selected from various areas of the Qur'an. Clothes are given by Allah for protection and beautification ("We have sent down clothes for you so that it covers the private parts of your body and also should be the means of protection and beautification for your body, and the best clothing is the clothing of piety. This is one Sign from the Signs of Allâh; perhaps people may learn lesson from it"); loss of clothing (piety) comes from betrayal of the agreement with Allah (the Covenant with Allah is the Qur'an; "it should not be that Satan involve you again in the mischief the way he had gotten your parents (Adam and Hawwa) out of Paradise and had stripped them off from their clothes in order to uncover their private parts to each other") or by force. Shaving is a sign of non-belief, but also an element of the Hajj ("sacrifice a Hady (animal, i.e. a sheep, a cow, or a camel, etc.) such as you can afford, and do not shave your heads until the Hady reaches the place of sacrifice") with implications regarding what is known of the 11Sept2001 operators (did their shaving indicate that martyrdom was completion of an act of pilgrimage, with themselves as the sacrifice?). The references to the covenant, the agreement with Allah as delivered to the Prophet as the Qur'an, and 'o sister' are calls to fealty and commitment; in the points, it is obviously to martytdom and sacrifice of self in the greater struggle (Dar al-Harb, the House of War).]

            UK/BM-6 TRANSLATION

       In the name of Allah, the merciful and compassionate

Thanks be to Allah. We thank him, turn to him, ask his
forgiveness, and seek refuge in him from our wicked souls and bad
deeds. Whomever Allah enlightens will not be misguided, and the
deceiver will never be guided. I declare that there is no god
but Allah alone; he has no partners. I a l s o declare that
Mohammed is his servant and prophet.

[Koranic verses]:

"O ye who believe! Fear Allah as He should be feared, and die not
except in a state of Islam"

"O mankind! Fear your guardian lord who created you from a single
person. Created, out of it, his mate, and from them twain scattered
[like seeds] countless men and women; fear Allah,through whom ye
demand your mutual [rights], and be heedful of the wombs [that
bore you]: for Allah ever watches over you."

"O ye who believe! Fear Allah, and make your utterance straight
forward: That he may make your conduct whole and sound and
forgive you your sins. He that obeys Allah and his messenger, has
already attained the great victory."

Afterward,

The most truthful saying is the book of Allah and the best
guidance is that of Mohammed, God bless and keep him.
[Therefore,]the worst thing is to introduce something new, for
every novelty is an act of heresy and each heresy is a deception.
 

[This is particularly striking in that it is an expansion of the Prophet's marriage sermon. The introduction is expanded with the 'deceiver' comment. What are identified as 'Koranic verses' are Qur'an 3:102, 4:1, and 33:70-71. The afterward is new, but calls upon the Qur'an's definition of deception as the tool of evil to beguile the believer with the attractions of the world, another call to personal sacrifice to escape from the illusion. Why is this striking? The use of the marriage sermon is probably an element in the initiation into Al-Qaida, part of the enrollment process, and so shows the personal connection between Al-Qaida and its membership.]

            UK/BM-7 TRANSLATION

Introduction

Martyrs were killed, women were widowed, children were orphaned,
men were handcuffed, chaste women's heads were shaved, harlots'
heads were crowned, atrocities were inflicted on the innocent,
gifts were given to the wicked, virgins were raped on the
prostitution alter...

After the fall of our orthodox caliphates on March 3, 1924 and
after expelling the colonialists, our Islamic nation was
afflicted with apostate rulers who took over in the Moslem
nation. These rulers turned out to be more infidel and criminal
than the colonialists themselves. Moslems have endured all kinds
of harm, oppression, and torture at their hands.

[3Mar1924 was Atatürk's abolishment of the Sultanate and Caliphate, and the region plunged into internecine conflict.]

Those apostate rulers threw thousands of the Haraka Al-Islamyia
(Islamic Movement) youth in gloomy jails and detention centers
that were equipped with the most modern torture devices and
[manned with] experts in oppression and torture. Those youth had
refused to move in the rulers' orbit, obscure matters to the
youth, and oppose the idea of rebelling against the rulers. But
they [the rulers] did not stop there; they started to fragment
the essence of the Islamic nation by trying to eradicate its
Moslem identity. Thus, they started spreading godless and
atheistic views among the youth. We found some that claimed that
socialism was from Islam, democracy was the [religious] council,
and the prophet-God bless and keep him-propagandized communism.
Colonialism and its followers, the apostate rulers, then started
to openly erect crusader centers, societies, and organizations
like Masonic Lodges, Lions and Rotary clubs, and foreign schools.
They aimed at producing a wasted generation that pursued
everything that is western and produced rulers, ministers,
leaders, physicians, engineers, businessmen, politicians,
journalists, and information specialists. [Koranic verse:] "And
Allah's enemies plotted and planned, and Allah too planned, and
the best of planners is Allah."

[Note the revulsion, but also the implication of conspiracy (Masonic Lodges, etc.); the neo-Luddite denunciation of learned professions is not supported by Islam, nor by the cultures of the region. 3:54 is the referenced verse from the Qur'an; the implication being that the plans of Al-Qaida are the plans of Allah.]
 

            UK/BM-8 TRANSLATION

They [the rulers] tried, using every means and [kind of]
seduction, to produce a generation of young men that did not know
[anything] except what they [the rulers] want, did not say except
what they [the rulers] think about, did not live except according
to their [the rulers') way, and did not dress except in their
[the rulers'] clothes. However, majestic Allah turned their
deception back on them, as a large group of those young men who
were raised by them [the rulers] woke up from their sleep and
returned to Allah, regretting and repenting.

The young men returning to Allah realized that Islam is not just
performing rituals but a complete system: Religion and
government, worship and Jihad [holy war], ethics and dealing with
people, and the Koran and sword. The bitter situation that the
nation has reached is a result of its divergence from Allah's
course and his righteous law for all places and times. That
[bitter situation] came about as a result of its children's love
for the world, their loathing of death, and their abandonment of
Jihad [holy war].

Unbelief is still the same. It pushed Abou Jahl- may Allah curse
him-and Kureish's valiant infidels to battle the prophet - God
bless and keep him - and to torture his companions - may Allah's
grace be on them. It is the same unbelief that drove Sadat,
Hosni Mubarak, Gadhafi, Hafez Assad, Saleh, Fahed -Allah's curse
be upon the non-believing leaders - and all the apostate Arab
rulers to torture, kill, imprison, and torment Moslems.

These young men realized that an Islamic government would never
be established except by the bomb and rifle. Islam does not
coincide or make a truce with unbelief, but rather confronts it.
The confrontation that Islam calls for with these godless and
apostate regimes, does not know Socratic debates, Platonic ideals
nor Aristotelian diplomacy. But it knows the dialogue of
bullets, the ideals of assassination, bombing, and destruction,
and the diplomacy of the cannon and machine-gun.

The young came to prepare themselves for Jihad [holy war],
commanded by the majestic Allah's order in the holy Koran.
[Koranic verse:] "Against them make ready your strength to the
utmost of your power, including steeds of war, to strike terror
into (the hearts of) the enemies of Allah and your enemies, and
others besides whom ye may not know, but whom Allah doth know."
 

            UK/BM-9 TRANSLATION

I present this humble effort to these young Moslem men who are
pure, believing, and fighting for the cause of Allah. It is my
contribution toward paving the road that leads to majestic Allah
and establishes a caliphate according to the prophecy.

According to Imam Ahmad’s account, the prophet - God bless and
keep him - said,...

         [A few lines of Hadith verses, not translated]
 

            UK/BM-10 TRANSLATION

FIRST LESSON

GENERAL INTRODUCTION
 

            UK/BM-11 TRANSLATION

5- We cannot resist this state of ignorance unless we unite our
ranks, and adhere to our religion. Without that, the establishment
of religion would be a dream or illusion that is
impassible to achieve or even imagine its achievement. Sheik Ibn
Taimia - may Allah have mercy on him - said, "The interests of
all Adam's children would not be realized in the present life,
nor in the next, except through assembly, cooperation, and mutual
assistance. Cooperation is for achieving their interests and
mutual assistance is for overcoming their adversities. That is
why it has been said, 'man is civilized by nature.' Therefore,
if they unite there will be favorable matters that they do, and
corrupting matters to avoid. They will be obedient to the
commandment of those goals and avoidant of those immoralities.
It is necessary that all Adam's children obey."

He [Sheik Inb Taimia] then says, "It should be understood that
governing the people's affairs is one of the greatest religious
obligations. In fact, without it, religion and world [affairs]
could not be established. The interests of Adam's children would
not be achieved except in assembly, because of their mutual need.
When they assemble, it is necessary to [have] a leader. Allah's
prophet - God bless and keep him - even said, 'If three [people]
come together let them pick a leader.' He then necessitated the
rule by one of a small, non-essential travel assembly in order to
draw attention to the remaining types of assembly. Since Allah
has obligated us to do good and avoid the unlawful, that would
not be done except through force and lording. Likewise, the rest
of what he [God] obligated [us with] would not be accomplished
except by force and lordship, be it Jihad [holy war], justice,
pilgrimage, assembly, holidays, support of the oppressed, or
the establishment of boundaries. That is why it has been said,
"the sultan is Allah's shadow on earth.¹"

____________________

1 The book "Tharwat Al-Sinam Fe Al-Ta'at wa Al-Nizam," by
Ibrahim Al-Masri, copying from Al-Fannawi Ibn Taimi's collection,
28-380.
 

            UK/BM-12 TRANSLATION

Principles of Military Organization:

Military Organization has three main principles without which it
cannot be established.

1. Military Organization commander and advisory council

2. The soldiers (individual members)

3. A clearly defined strategy

[A structure--hierarchical--defined by a common purpose. This is characteristic of 'voluntarist' organizations--members are self-selecting, but of varying degrees of dedication. A 'core cadre' comprises the command function, those completely dedicated to the purposes of the organization. A 'clearly defined strategy' is therefore essential in holding the organization together, since the majority of the membership will not be part of the core. One of the critical points necessary in understanding Al-Qaida's organizational structure and decision process is whether cells are under positive (directed, commanded: "go do this") or negative (coordinated, given constraints, told when something is a problem: "don't do that") control. Positive control requires far more communication (C3: command, control, communications) than does negative control (which is much more "fire and forget"--initiate an operation, but leave cells to handle things pretty much on their own). Organizations requiring positive control are more vulnerable in certain respects--more communication, the necessity of communication, etc. Negative control organizations leave operating cells with more autonomy, and they are thus more difficult to disrupt. Cells operating 'on their own' as it were would need a guiding strategy to help problem-solve without resorting to potentially dangerous communication with 'command' (which may betray the identity of sleepers), so the more clearly and simply the strategic parameters can be established, the better for individual members.]

Military Organization Requirements:

The Military Organization dictates a number of requirements to
assist it in confrontation and endurance. These are:

1. Forged documents and counterfeit currency

2. Apartments and hiding places

3. Communication means

4. Transportation means

5. Information

6. Arms and ammunition

7. Transport

[Note the mix of enablers, sanctuary, tools and tradecraft, intelligence, and armament. By no means is this a complete, or even an ordered (most important or greatest priority first), list; see Hunting the Sleepers for applicable rules of thumb for this sort of work.]

Missions Required of the Military Organization:

The main mission for which the Military Organization is
responsible is:

The overthrow of the godless regimes and their replacement with
an Islamic regime. Other missions consist of the following:

[This 'mission statement' for Al-Qaida is clearly directed at 'apostate' States such as Saudi Arabia (a primary focus as the land of the Prophet and location of the two most Holy Cities in Islam). Note that the missions are operationally focused, and again, not in what one would consider an 'order of importance.']

1. Gathering information about the enemy, the land, the
installations, and the neighbors.

[Tactical intelligence, of direct application to operations. This is like casting a large net to catch a certain sort of fish--a wide intelligence program to look for vulnerabilities that can be exploited. 'Local' intelligence is important for sleepers in order to blend in.]

2. Kidnaping enemy personnel, documents, secrets, and arms.

[Kidnapping is directly against the principles of good 'operations security' (opsec) for a sleeper. Capture of documents, secrets, and armaments is higher risk than one would assume for sleepers. In all probability, this is a 'rule' for guerrilla war (where it goes make sense) that sleepers would be told to ignore. Some terrorist groups do consider kidnapping--for profit, for intelligence, for the media, etc.,--so inclusion of these sorts of points are indicators that the manual is a more general primer that requires specific additional training.]

3. Assassinating enemy personnel as well as foreign tourists.

[Again, a function of some terrorist groups--Egyptian, South American, etc. Enemy personnel could be assassinated by sleeper agents, but tourists are too high profile for safety. Tourists are targets because of the economic impact that such casualties cause.]

4. Freeing the brothers who are captured by the enemy.

[An extremely dangerous and high-profile sort of operation. Planning for this sort of operation is incredibly complex, and needs to account for the risk/return factor. Are the numbers of prisoners worth the risk? Has little enough time passed that the information they could provide to the enemy has not yet been acquired (interrogation and torture establish a clock on how long such information can be assumed to be uncompromised--torture in particular is like a downhill bicycle race)? It wasn't surprising that the uprising in the prisoner-of-war camp, where armaments were smuggled to the prisoners, occurred--it's a lower risk solution to the same problem, it makes the job of guarding prisoners more difficult (yes, it encourages killing prisoners, which only stiffens the resolve of those that remain free to not be captured), and prisoners may succeed in freeing themselves.]

5. Spreading rumors and writing statements that instigate
people against the enemy.

[Psychological Operations (PSYOP), which requires operational sophistication to accomplish. Written statements requires a population that can read. Other media require receivers (which require power, of one sort or another). Internal and defensive PSYOP could be handled by 'whisper campaigns' but in many ways, it's better to let the enemy "do themselves in" as the U.S. did in Vietnam. In Afghanistan, for example, the Northern Alliance are going to be their own worst enemy--they're little better than the Taliban in many ways, they enjoy little popular support that will persist over time, and their failings contributed to the rise of the Taliban in the first place. Taliban strategic retreats can be spun in PSYOP terms--they were done to move military attacks away from civilian centers--while letting the issue of governance fall to the Alliance, a PSYOP disaster-in-the-making for the Alliance and its supporters.]

6. Blasting and destroying the places of amusement, immorality,
and sin; not a vital target.

[Not a vital target, but possible points of leverage. Members of the 11Sept2001 sleeper cells visited Las Vegas. Among the many interesting points about Las Vegas are the large numbers of tourists that stay in a very small number of facilities. Anthrax or some other biological warfare (BW) agent delivered to the casino/hotel systems (through air circulation systems, HVAC) would expose tens of thousands at a time; most of those individuals would enter the mass transportation systems (airports, aircraft, trains, buses), spreading the infectious agent/infection, and arriving back at their home destinations before common incubation periods would become an issue. Yes, the CDC is prepared to deliver 'push-packages' to cities in the U.S., but could it handle tens of thousands of possible cases throughout the entire U.S. and the world? Could airports and aircraft be decontaminated effectively? The 'test cases' of anthrax through the U.S. postal system expose the frightening potential of BW agents--the spores persist, travel, and are a trickier problem than thought. Even with few fatalities, the mass transportation systems of the U.S. would come to a crashing halt.]

7. Blasting and destroying the embassies and attacking vital
economic centers.

[The prior attacks of Al-Qaida fell mostly in this category, including the events of 11Sept2001. Attacking economic centers is an interesting evolution in terrorism. Terror attacks could be on leadership (assassination), strategic, or attrition. The strategic implication of economic center attacks is to create a relative weakness--if the U.S. (or Saudi Arabia--this isn't U.S.-centric) feels the economic 'pinch' of the attacks, it cascades throughout the economy (yes, the return of the 'domino' theory, only it does apply in economics while it didn't in geopolitics). Much of the U.S.'s military strength comes from the ability to trade dollars for lives--putting military equipment at risk, rather than soldiers. World War II was largely won by the U.S.'s ability to keep throwing materiel into the fight, while depriving the enemy of their own economic power. Political implications are also critical--failing economies tend to force Americans to look domestically, and have less interest outside the borders. Mass attrition attack remain another possibility--use of some Weapon of Mass Destruction (nuclear, chemical, biological, radiological) to kill large numbers of the population, critical population segments (financial, early responders, etc.), or deny critical locations (Wall Street and other exchanges, Silicon Valley, etc.).]

8. Blasting and destroying bridges leading into and out of the
cities.

[Cities have 3-7 days of 'inertia'--supplies on the shelves necessary to support the population. Some cities are more vulnerable than others (e.g. the California Bay Area), and some cities would be in trouble even more rapidly if additional attacks were staged (water, sanitation, power). While not mentioned, it should be assumed that tunnels and mass transportation 'nexus' points would be considered targets as well.]

[These points are an odd mix of 'sleeper-possible' targets and more conventional guerrilla/terror targets. Sleepers are hoarded--a player only uses such pieces on the board when the sacrifice is worth the move. What a commander is willing to 'spend' sleepers on is indicative of resources (how many sleepers), and the risk/return decision-making process. If the tape of the bin Laden gathering that the U.S. Department of Defense released is accurate, what should be considered 'chilling' is not the scale of death that was achieved, but that the original operational 'battle damage assessment' was predicted to be much lower than actual. At the cost of ~20 lives and $500,000US, the operation would kill the passengers, and a contained number of floors in WTC (as well as the financial consequences--critical to factor in, if Al-Qaida profited by their foreknowledge of the attacks in the financial markets). Either Al-Qaida has more sleepers at their disposal than one would like to imagine, or the cost per casualty in terms of risk/return is very different than is commonly assumed. Complicating the assessment is the certain knowledge of the probable U.S. response to the attacks. Something more is clearly going on than a 'one-off' attack.]
 

            UK/BM-13 TRANSLATION

Importance of the Military Organization:

1. Removal of those personalities that block the call's path.
[A different handwriting:] All types of military and
civilian intellectuals and thinkers for the state.

2. Proper utilization of the individuals' unused capabilities.

3. Precision in performing tasks, and using collective views on
completing a job from all aspects, not just one.

4. Controlling the work and not fragmenting it or deviating
from it.

5. Achieving long-term goals such as the establishment of an
Islamic state and short-term goals such as operations
against enemy individuals and sectors.

6. Establishing the conditions for possible confrontation with
the regressive regimes and their persistence.

7. Achieving discipline in secrecy and through tasks.

[The translation for this section is clearly awkward and leaving much to be desired. Rather than 'importance,' this is probably best thought of as 'purpose' or 'function.' As seems to be the pattern, this is not an ordered list (item 5 would be near the top if it were). Item 1 is a function of expedience--remove obstacles. Item 2 turns to personal empowerment for the betterment of the organization--use the talents and skills of the personnel. Item 3 could almost come from a popular culture management text--do the job right, get the team to provide their input to accomplish the job. Item 4 is more management 'wisdom'--stay on purpose, stay on message; what's interesting is the way this plays off against compartmentalization, where leadership would break a project up into tasks for security purposes. Cells of the organization are clearly directed to be as self-sufficient in operations as possible--a different approach to security. Compartmentalization is useful when team members are security risks, and full knowledge with a cell would compromise the overall operation. Centralization of 'the work' implies a certain degree of trust in the cell members, while not trusting communication channels or other 'support' cells. The 11Sept2001 cells knew the rough parameters of the missions, as well as the fact that they were chosen for 'martyrdom' missions; if the bin Laden tape released by the U.S. Department of Defense is accurate, cell members didn't know the exact target of the mission until shortly before the operation took place. This still implies a great deal of trust in the cell members (the time between selection/training and the operation was considerable); they had little supervision, access to considerable resources, and could have 'defected' at any time, but didn't. Item 5 is the primary focus of Al-Qaida; Saudi Arabia is the essential target, although Afghanistan was an opportunity that Al-Qaida seemed to feel it couldn't pass up. Item 6 facilitates item 5--if you can't establish an Islamic (in their interpretation of Islam) State, then prepare the way through operations, building a support base, laying the ground work. In retrospect, item 6 may explain much of bin Laden's focus during the U.S.-supported Afghan war against the Soviets--the real question is whether his planning horizon was that far out in time. Item 7 is essential in any opposition force--in an ordered list, it would be near the top. Security is safety, the luxury of continued existence, planning, and operations. The fact that Al-Qaida appears not to have suffered a human penetration (HUMINT, or human intelligence), and takes care of their operations security (against signals and technical intelligence, SIGINT and TECHINT), means that discipline is very good indeed.]

            UK/BM-14 TRANSLATION

SECOND LESSON

           NECESSARY QUALIFICATIONS AND CHARACTERISTICS

                  FOR THE ORGANIZATION’S MEMBERS
 

            UK/BM-15 TRANSLATION

Necessary Qualifications for the Organization’s members

1 - Islam:

The member of the Organization must be Moslem. How can an
unbeliever, someone from a revealed religion [Christian,
Jew], a secular person, a communist, etc. protect Islam and
Moslems and defend their goals and secrets when he does not
believe in that religion [Islam]? The Israeli Army requires
that a fighter be of the Jewish religion. Likewise, the
command leadership in the Afghan and Russian armies requires
any one with an officer’s position to be a member of the
communist party.

[The aim of Al-Qaida is, after all, to establish Islamic States (by their interpretation); this can't well be accomplished by non-moslems (nobody has your self-interest at heart quite as much as yourself).]

2 - Commitment to the Organization’s Ideology:

This commitment frees the Organization’smembers from
conceptional problems.

[This is a "leave the thinking to us" sort of argument--accept the interpretation of the leadership, they'll tell you what's right and what's wrong. In Islam, one of the defining points between Shi'a and Sunni is whether a 'middleman' (mullah, ayatollah, cleric, etc.) is interposed between a moslem and Allah. This may be coming from the Wahhabism influence in Al-Qaida, where many moslems are considered in jahiliyya (pre-Islamic barbarism) or apostate. Most interesting is the organizational implication--hierarchical control comes in part from control of interpretation, which is similar to the old Soviet approach (where the definition of a 'good communist' and the 'dialectic' were controlled by the Party).]

3 - Maturity:

The requirements of military work are numerous, and a minor
cannot perform them. The nature of hard and continuous work
in dangerous conditions requires a great deal of
psychological, mental, and intellectual fitness, which are
not usually found in a minor. It is reported that Ibn Omar
- may Allah be pleased with him - said, “During Ahad
[battle] when I was fourteen years of age, I was submitted
[as a volunteer] to the prophet - God bless and keep him.
He refused me and did not throw me in the battle. During
Khandak [trench] Day [battle] when I was fifteen years of
age, I was also submitted to him, and he permitted me [to
fight].

[Contrast this approach with that of many drug distribution networks in the West, where legal minors are chosen for many tasks in the final 'meet the consumer' phase of drug transactions because of the legal benefits and privileges of legal minority in the criminal justice system. Guerrilla warfare certainly utilizes what are considered 'children' in the West, but Al-Qaida needs individuals more capable (and sleepers need the privileges of legal majority).]

4 - Sacrifice:

He [the member] has to be willing to do the work and
undergo martyrdom for the purpose of achieving the goal and
establishing the religion of majestic Allah on earth.

[The argument between interpretation of Qur'an for and against martyrdom is too extensive to enter into here. As referenced earlier, however, regarding shaving and whether the 11Sept2001 operators should be considered as self-'sacrifices.' The Qur'an is not quite as clear on suicide as many make it out to be. 4:29 of the Qur'an says, in one translation: "O ye who believe! Eat not up your property among yourselves in vanities: But let there be amongst you Traffic and trade by mutual good-will: Nor kill (or destroy) yourselves: for verily Allah hath been to you Most Merciful!" This is not the strongest of language against suicide; in Western languages, it seems more like "don't kill yourself, Allah has given you much to live for." Another translation muddies the water further: "O you who believe! do not devour your property among yourselves falsely, except that it be trading by your mutual consent; and do not kill your people; surely Allah is Merciful to you." This translation makes more sense in the context, and refers not to suicide, but the killing of fellow moslems (Dar al-Islam, the House of Islam). If this interpretation is the 'proper' one for Al-Qaida, what of the moslems killed in the 11Sept2001 attacks? Are they jahiliyya or apostate? Or is the 'benefit of the doubt' given that they were indeed true and faithful moslems? The Qur'an states in 2:190: "Fight in the cause of Allah those who fight you, but do not transgress limits; for Allah loveth not transgressors." Al-Qaida wouldn't be in a 'state of Islam' if they killed fellow moslems without making amends. 4:92 of the Qur'an says: "Never should a believer kill a believer; but (If it so happens) by mistake, (Compensation is due): If one (so) kills a believer, it is ordained that he should free a believing slave, and pay compensation to the deceased's family, unless they remit it freely. If the deceased belonged to a people at war with you, and he was a believer, the freeing of a believing slave (Is enough). If he belonged to a people with whom ye have treaty of Mutual alliance, compensation should be paid to his family, and a believing slave be freed. For those who find this beyond their means, (is prescribed) a fast for two months running: by way of repentance to Allah: for Allah hath all knowledge and all wisdom." The events of 11Sept2001 wouldn't qualify as a mistake, but even if interpreted as such, it will be interesting to see how bin Laden and Al-Qaida make compensation. Reluctance on the part of bin Laden to kill Afghans, even allied with the U.S. as part of the 'war on terror,' shows that some interpretation along these lines is probable (was the 'collapse' of the Taliban and Al-Qaida related in some way to this? time may tell). This subject is one of the most fundamental aspects of Al-Qaida members' profiles that needs to be developed.]

5 - Listening and Obedience:

In the military, this is known today as discipline. It is
expressed by how the member obeys the orders given to him.
That is what our religion urges. The Glorious says, “O, ye
who believe! Obey Allah and obey the messenger and those
charged with authority among you.” In the story of Hazifa
Ben Al-Yaman - may Allah have mercy on him - who was
exemplary in his obedience to Allah’s messenger - Allah
bless and keep him. When he [Mohammed] - Allah bless and
keep him - sent him to spy on the Kureish and their allies
during their siege of Madina, Hazifa said, “As he
[Mohammed] called me by name to stand, he said, ‘Go get me
information about those people and do not alarm them about
me.’

[The first quote is 4:59 in the Qur'an: "O ye who believe! Obey Allah, and obey the Messenger, and those charged with authority among you. If ye differ in anything among yourselves, refer it to Allah and His Messenger, if ye do believe in Allah and the Last Day: That is best, and most suitable for final determination." This quote establishes the Qur'an as the final arbiter--which Al-Qaida has already usurped in item 2 above, "commitment to the organization's ideology." The story regarding the Medina attack is interesting because of the Prophet's reinforcement of Hazifa's courage to go among the enemy, telling Hazifa to "fear none." The moslems with the Prophet were in a low state, to say the least, yet circumstances led to victory, and establishment of the Hajj. Such stories have significant meaning for sleepers as well as guerrilla groups--have faith, be obedient, and Allah will deliver final victory.]
 

            UK/BM-16 TRANSLATION

As I departed, I saw Abou Soufian and I placed an arrow in
the bow. I [then] remembered the words of the messenger -Allah
bless and keep him - 'do not alarm them about me.'

If I had shot I would have hit him."

[The implication here for sleeper agents is to not warn or alarm the enemy if at all possible; in guerrilla warfare, this is a critical element of success--strike where attention and preparation are inadequate or absent.]

6- Keeping Secrets and Concealing Information

[This secrecy should be used] even with the closest people,
for deceiving the enemies is not easy. Allah says, "Even
though their plots were such that as to shake the hills!
[Koranic verse]." Allah's messenger - God bless and keep
him - says, "Seek Allah's help in doing your affairs in
secrecy.”

[This is a clear effort at operational security (opsec) against penetration or 'doubling' by members of the organization, or the possibility of 'leaks' to family and friends. The Qur'an quote regarding the plots of enemies is 14:46: "Mighty indeed were the plots which they made, but their plots were (well) within the sight of Allah, even though they were such as to shake the hills!" The second point is taken from two Qur'an quotes, 4:81 and 4:114: "They have 'Obedience' on their lips; but when they leave thee, a section of them Meditate all night on things very different from what thou tellest them. But Allah records their nightly (plots): So keep clear of them, and put thy trust in Allah, and enough is Allah as a disposer of affairs." and "In most of their secret talks there is no good: But if one exhorts to a deed of charity or justice or conciliation between men, (Secrecy is permissible): To him who does this, seeking the good pleasure of Allah, We shall soon give a reward of the highest (value)." The 'just' nature of the organization's purpose justifies the necessity of secrecy in protecting operations.]

It was said in the proverbs, "The hearts of freemen are the
tombs of secrets" and "Moslems' secrecy is faithfulness,
and talking about it is faithlessness." [Mohammed] - God
bless and keep him - used to keep work secrets from the
closest people, even from his wife A'isha- may Allah's
grace be on her.

[This is important because sleepers live among non-moslems, and may develop relationships that would perhaps encourage 'defection' or disclosure of operations.]

7. Free of Illness

The Military Organization's member must fulfill this
important requirement. Allah says, "There is no blame for
those who are infirm, or ill, or who have no resources to
spend.”

[Fitness is essential to physical operations; those that are ill may have greater support costs, less availability, and there's an additional security risk (talking under sedation).]

8. Patience

[The member] should have plenty of patience for
[enduring] afflictions if he is overcome by the enemies.
He should not abandon this great path and sell himself and his
religion to the enemies for his freedom. He should be
patient in performing the work, even if it lasts a long
time.

[An unappreciated characteristic of the best personnel in special operations, patience is essential in developing adequate intelligence, waiting for the opportunity when success has the greatest potential, development of necessary skills, proper planning, etc. Few lasting victories as rapidly achieved--Rome wasn't built in a day, nor did it fall in one.]

9. Tranquility and "Unflappability"

[The member] should have a calm personality that allows him
to endure psychological traumas such as thoseinvolving
bloodshed, murder, arrest, imprisonment, and reverse
psychological traumas such as killing one or all of his
Organization's comrades. [He should be able] to carry out
the work.

[Sleepers need this ability to a great degree--anger, fear, uncertainty, doubt, etc. exhibit in body language, which can betray operations. U.S. Secret Service and other law enforcement train to detect indicators of hostile behavior. Internal security, particularly enforcement of discipline or removal of security risks, would require personnel to 'prune' their own organization, sometimes a very difficult task psychologically (having fought together, lived together, eaten together--the very things that create internal cohesion can be barriers to removal of internal threats).]

10. Intelligence and Insight

When the prophet - Allah bless and keep him - sent Hazifa
Ben Al-Yaman to spy on the polytheist and [Hafiza] sat
among them, Abou Soufian said, "Let each one of you look at
his companion." Hazifa said to his companion, 'Who are
you?" The companion replied, “So-and-so son of so-and-so.”
 

            UK/BM-17 TRANSLATION

In World War I, the German spy, Julius Seelber [PH]managed
to enter Britain and work as a mail examiner due to the
many languages he had mastered. From the letters, he
succeeded in obtaining important information and sent it to
the Germans. One of the letters that he checked was from a
lady who had written to her brother's friend in the fleet.
She mentioned that her brother used to live with her until
he was transferred to a secret project that involved
commercial ships. When Seelber read that letter, he went
to meet that young woman and blamed her for her loose
tongue in talking about military secrets. He, skillfully,
managed to draw out of her that her brother worked in a
secret project for arming old commercial ships. These
ships were to be used as decoys in the submarine war in
such a way that they could come close to the submarines, as
they appeared innocent. Suddenly, cannonballs would be
fired from the ships's hidden cannons on top of the ships,
which would destroy the submarines. 48 hours later that
secret was handed to the Germans.

11.   Caution and Prudence

In his battle against the king of Tomedia [PHI, the Roman
general Speer [PH]sent an emissary to discuss with that
king the matter of truce between the two armies. In
reality, he had sent him to learn about the Tomedians'
ability to fight. The general picked, Lilius [PH], one of
his top commanders, for that task and sent with him some of
his officers, disguised as slaves. During that mission,
one of the king's officers, Sifax [PH]pointed to one of
the [disguised] slaves and yelled, "That slave is a Roman
officer I had met in a neighboring city. He was wearing a
Roman uniform." At that point, Lilius used a clever trick
and managed to divert the attention of the Tomedians from
that by turning to the disguised officer and quickly
slapping him on the face a number of times. He reprimanded
him for wearing a Roman officer'suniform when he was a
slave and for claiming a status that he did not deserve.
 

            UK/BM-18 TRANSLATION

The officer accepted the slaps quietly. He bowed his head
in humility and shame, as slaves do. Thus, Sifax men thought
that officer was really a slave because they could
not imagine that a Roman officer would accept these hits
without defending himself.

King Sifax prepared a big feast for Lilius and his
entourage and placed them in a house far away from his camp
so they could not learn about his fortifications. They
[the Romans] made another clever trick on top of the first
one. They freed one of their horses and started chasing him
in and around the camp. After they learned about the extent
of the fortifications they caught the horse and, as planned,
managed to abort their mission about the truce agreement.
Shortly after their return, the Roman general attacked King
Sifax' camp and burned the fortifications. Sifax was forced
to seek reconciliation.

B. There was a secret agent who disguised himself as an
American fur merchant. As the agent was playing cards aboard
a boat with some passengers, one of the players asked him
about his profession. He replied that he was a "fur merchant."
The women showed interest [in him] and began asking the agent -
the disguised fur merchant - many questions about the types
and prices of fur. He mentioned fur price figures that amazed
the women. They started avoiding and regarding him with
suspicion, as though he were a thief, or crazy.

12.   Truthfulness and Counsel

The Commander of the faithful, Omar Ibn Al-Khattab - may
Allah be pleased with him - asserted that this characteristic
was vital in those who gather information and work as spies
against the Moslems' enemies. He [Omar] sent a letter to Saad
Ibn Abou Wakkas - may Allah be pleased with him - saying,
“If you step foot on your enemies' land, get spies on them.
Choose those whom you count on for their truthfulness and
advice, whether Arabs or inhabitants of that land. Liars'
accounts would not benefit you, even if some of them were
true; the deceiver is a spy against you and not for you.

[Omar Ibn Al-Khattab was the second Caliph, notable for his dramatic spread of Islam. He led a model moslem life (humility when he could have lived lavishly--an interesting model for bin Laden in many ways). His diplomatic moves were an example of tolerance, he kept Islam united under strenuous circumstances, he invented the Islamic calendar, and formed the Islamic judicial system based on the Qur'an. The Waqqas element mentioned was part of Omar's successful campaign into Persia while greatly outnumbered (most accounts converge on a six-to-one ratio).]

[The emphasis is upon penetration, short and long term, for strategic and tactical benefit. Al-Qaida likely has an intelligence network of moles to compliment their network of sleeper agents, if these three items are adhered to.]
 

            UK/BM-19 TRANSLATION

13.   Ability to Observe and Analyze

The Israeli Mossad received news that some Palestinians were
going to attack an Israeli El Al airplane. That plane was
going to Rome with Golda Meir - Allah's curse upon her
- the Prime Minister at the time, on board. The Palestinians
had managed to use a clever trick that allowed them to wait
for the arrival of the plane without being questioned by
anyone. They had beaten a man who sold potatoes, kidnaped
him, and hidden him. They made two holes in the top of that
peddler's cart and placed two tubes next to the chimney
through which two Russian-made "Strella" [PH]missiles could
be launched. The Mossad officers traveled the airport back
and forth looking for that lead them to the Palestinians.
One officer passed the potato cart twice without noticing
anything. On his third time, he noticed three chimneys, but
only one of them was working with spoke coming out of it.
He quickly steered toward the cart and hit it hard. The
cart overturned, and the Palestinians were captured.¹

____________________

1. This story is found in the book A'n Tarik Al-Khida' "By Way of
Deception Methods," by Victor Ostrovsky [PH]. The author claims
that the Mossad wants to kill him for writing that book.
However, I believe that the book was authorized by the Israeli
Mossad.

[Note the study of one of the organization's adversaries, the Mossad, for how they operate as well as lessons to be learned. Such lessons come from publications (which they question--historically, non-State actors that are targeted by the Mossad have eventually been assassinated, thus calling into question the nature of the relationship between Ostrovsky and the Mossad by his on-going existence) rather than the various Palestinian movements, which have little in common with, nor little sympathy for, organizations such as Al-Qaida. Objectivity and observation skills are prized in intelligence work, as are interpretation and decision-making capabilities; recognition of these skills is not unusual, given the history of Al-Qaida.]

14. Ability to Act, Change Positions and Conceal Oneself

a. [An example] is what Noaim Ibn Masoud had done in his
mission to cause agitation among the tribes of Koraish,
those of Ghatfan, and the Jews of Koreitha. He would control
his reactions and managed to skillfully play his role.
Without showing signs of inconsistency, he would show his
interest and zeal towards the Jews one time and show his
concern about the Koraish at another.

b. In 1960, a car driven by an American colonel collided
with a truck. The colonel lost consciousness, and while
unconscious at the hospital, he started speaking Russian
 

            UK/BM-20 TRANSLATION

fluently. It was later discovered that the colonel was a
Soviet spy who was planted in the United States. He had
fought in Korea in order to conceal his true identity and
to gather information and critical secrets. If not for the
collision, no one would have suspected or confronted him.

[Again, the ability to blend in is essential for moles/sleepers, as well as the urban guerrilla, a lesson reinforced often by this manual.]

            UK/BM-21 TRANSLATION

THIRD LESSON

           COUNTERFEIT CURRENCY AND FORGED DOCUMENTS
 

            UK/BM-22 TRANSLATION

Financial Security Precautions:

1. Dividing operational funds into two parts: One part is to
be invested in projects that offer financial return, and
the other is to be saved and not spent except during
operations.

2. Not placing operational funds [all] in one place.

3. Not telling the Organization members about the location of
the funds.

4. Having proper protection while carrying large amounts of
money.

5. Leaving the money with non-members and spending it as
needed.

[Note that none of these items mention counterfeit currency. Item one recommends putting part of the money 'to work'--making more money at the risk of losing the investment, which is why the admonition to save the other part for operational purposes. This indicates that the 'risk profile' of the organization is less risk-averse when it comes to financial resources. It may also be a way to talent-spot--finding organizational members with a knack for making money out of money. The next items are clearly security measures--dispersal of funds, compartmentalization of knowledge about funds (to compartmentalize the investment/banking function, or to prevent 'sleepers' from defecting with the funds?), safety of monetary transportation, and utilization of non-institutional banking mechanisms (hawala networks; keeping cash with contacts not likely to be arrested; keeping deposits made in conventional financial institutions out of the names of members). These mechanisms are probably just the tip of the iceberg for financial controls and the financial network; resiliency of the financial support of Al-Qaida is one of its strengths, and will allow it to outlive the personalities that drive the organization.]

Forged Documents (Identity Cards, Records Books, Passports)

The following security precautions should be taken:

1. Keeping the passport in a safe place so it would not be
ceized by the security apparatus, and the brother it
belongs to would have to negotiate its return (I'll give
you your passport if you give me information)

2. All documents of the undercover brother, such as identity
cards and passport, should be falsified.

3. When the undercover brother is traveling with a certain
identity card or passport, he should know all pertinent
[information] such as the name, profession, and place of
residence.

4. The brother who has special work status (commander,
communication link,...) should have more than one identity
card and passport. He should learn the contents of each,
the nature of the [indicated] profession, and the dialect
of the residence area listed in thedocument.

5. The photograph of the brother in these documents should be
without a beard. It is preferable that the brother's
public photograph [on these documents] be also without a
beard. If he already has one [document] showing a
photograph with a beard, he should replace it.

6. When using an identity document in different names, no more
than one such document should be carried at one time.

            UK/BM-23 TRANSLATION

7. The validity of the falsified travel documents should
always be confirmed.

8. All falsification matters should be carried out through the
command and not haphazardly (procedure control)

9. Married brothers should not add their wives to their
passports.

10. When a brother is carrying the forged passport of a certain
country, he should not travel to that country. It is easy
to detect forgery at the airport, and the dialect of the
brother is different from that of the people from that
country.

[This is a curious mix of precautions. Item 1 is clearly directed at casual law enforcement scrutiny--serious crimes or suspicion of 'terrorist' status is unlikely to lead to the bargain posited parenthetically. Passports are clearly not intended for both travel and normal identification. Item 2 appears to only have been partially adhered to by the 11Sept2001 cells, of which at least a small number used their actual identities. The validity of Saudi Arabian citizenship for the large number of hijackers remains in question--were they really those individuals, or were they cases of assumed identity or identity theft? Assumed identities and identity theft are better than purely fictitious identities, which may raise questions if investigated, and are unlikely to provide the benefits of 'deeper cover' (such as credit ratings that work to the individual's advantage). Item 3 is essential precaution--know the details of all identities, completely. Item 4 gives a brief insight into the organizational structure of Al-Qaida (discussed in more detail in Hunting the Sleepers)--cells have commanders (something assumed, as standard for such organizational approaches), but 'communication link' implies explicit specialization, possible application of network theory, and hints of support structures that lead from command to operational cells. That such individuals may become compromised and need alternative identities to escape is accounted for in advance, a sign of realistic planning. The burden associated with such a position is added to by the necessity of additional memorization; the consolation is that escape is potentially easier because of the precaution. Item 5 is for the benefit of sleepers blending in, not looking like devout moslems and thus raising suspicions. Item 6 is a 'lesson learned' from the colorful history of other non-State actors, where personnel have been 'caught out' by casual police attention finding multiple identity documents (Japanese Red Army, Ilich Ramirez Sanchez, etc.). Item 7 requires either a certain faith in the documents, or a certain amount of risk--the best way to confirm validity is to have legitimate documents (the reason for the 11Sept2001 cell members obtaining U.S. State driver's licenses) or to have them scrutinized by someone capable of telling the difference between false and real documents. Item 8 points again at a support network of dedicated personnel--cells contact command for falsified papers, which are obtained by command from compartmentalized support cells, and transported to the cells through command. Item 9 removes leads post-operation, in the event of apprehension, or that might lead to leverage on a member. Item 10 is obvious and practical--individuals, especially security personnel, will recognize inconsistencies of identity for supposed natives, while most foreigners will not. Assumption of identity or identity theft as a means of acquiring documents certainly requires avoidance of anyone that would recognize the 'switch.' This item also implies forged documents of more remote countries--neighboring countries or those with a common language would have a greater chance of recognizing the inconsistencies as well.]

Security Precautions Related to the Organizations’ Given Names:

1. The name given by the Organization [to the brother] should
not be odd in comparison with other names used around him.
2. A brother should not have more than one name in the area
where he lives {the undercover work place)

[Item 1 is a basic for blending in--look, sound, and act like those you're trying to blend in with, including using appropriate names. Item 2 is personal compartmentalization--strict boundaries for use of different identities.]
 

            UK/BM-24 TRANSLATION

FOURTH LESSON

                  Organization MILITARY BASES

                  "APARTMENTS PLACES" -HIDING
 

            UK/BM-25 TRANSLATION

Definition of Bases:

* These are apartments, hiding places, command centers, etc. in
which secret operations are executed against the enemy.
These bases may be in cities, and are [then] called homes or
apartments. They may be in mountainous, harsh terrain far from
the enemy, and are [then] called hiding places or bases.
During the initial stages, the Military Organization usually
uses apartments in cities as places for launching assigned
missions, such as collecting information, observing members of
the ruling regime, etc.

Hiding places and bases in mountains and harsh terrain are used
at later stages, from which Jihad [holy war] groups are
dispatched to execute assassination operations of enemy
individuals, bomb their centers, and capture their weapons. In
some Arab countries such as Egypt, where there are no mountains
or harsh terrain, all stages of Jihad work would take place in
cities. The opposite was true in Afghanistan, where initially
Jihad work was in the cities, then the warriors shifted to
mountains and harsh terrain. There, they started battling the
Communists.

[Sanctuary, a place providing safety and security, cover and concealment, is considered to be an essential basic element in guerrilla warfare. This situation needs to be redefined for 'urbanized terrain'--developed areas such as camps, towns, and cities. Sleeper or other covert operatives that are 'in place' for extended periods of time need to blend in, act like those around them ("when in Rome, do as the Romans do"), and do nothing that would attract suspicion or attention. One of the strengths of modern non-State actors engaged in resistance operations is 'spot terrorism'--cells members that have normal lives, switch into operators for the very brief period of the operation, and then reintegrate into the society around them. Sanctuary is more than a place, it's a process--how the operator lives as much as where he lives. Most of the attention in the following points is about the location, which is striking given the recent history of non-State operations, which have relied increasingly on 'spot sanctuary' for 'spot terrorism'--temporary locations prepared specifically for operational support by core cadre members or isolated support cells dedicated to this purpose (where 'contact' with the sleepers is non-existent, handled either through 'command' or through pre-arranged dead-drops). Either for security reasons or because dedicated personnel aren't available, cells are responsible for their own sanctuary requirements, and such locations are longer term.]

Security Precautions Related to Apartments:

1. Choosing the apartment carefully as far as the location,
the size for the work necessary (meetings,storage, arms,
fugitives, work preparation).

2. It is preferable to rent apartments on the ground floor to
facilitate escape and digging of trenches.

3. Preparing secret locations in the apartment for securing
documents, records, arms, and other important items.

4. Preparing ways of vacating the apartment in case of a
surprise attack (stands,wooden ladders).
 

            UK/BM-26 TRANSLATION

5. Under no circumstances should any one know about the
apartment except those who use it.

6. Providing the necessary cover for the people who frequent
the apartment (students,workers, employees, etc.)

7. Avoiding seclusion and isolation from the population and
refraining from going to the apartment at suspicious times.

8. It is preferable to rent these apartments using false
names, appropriate cover, and non-Moslem appearance.

9. A single brother should not rent more than one apartment in
the same area, from the same agent, or using the same
rental office.

10. Care should be exercised not to rent apartments that are
known to the security apparatus [such as] those used for
immoral or prior Jihad activities.

11. Avoiding police stations and government buildings.
Apartments should not be rented near those places.

12. When renting these apartments, one should avoid isolated or
deserted locations so the enemy would not be able to catch
those living there easily.

13. It is preferable to rent apartments in newly developed
areas where people do not know one another. Usually, in
older quarters people know one another and strangers are
easily identified, especially since these quarters have
many informers.

14. Ensuring that there is has been no surveillance prior to
the members entering the apartment.

15. Agreement among those living in the apartment on special
ways of knocking on the door and special signs prior to
entry into the building’s main gate to indicate to those
who wish to enter that the place is safe and not being
monitored. Such signs include hanging out a towel, opening
a curtain, placing a cushion in a special way, etc.
 

            UK/BM-27 TRANSLATION

16. If there is a telephone in the apartment, calls should be
answered in an agreed-upon manner among those who use the
apartment. That would prevent mistakes that would,
otherwise, lead to revealing the names and nature of the
occupants.

17. For apartments, replacing the locks and keys with new ones.
As for the other entities (camps,shops, mosques),
appropriate security precautions should be taken depending
on the entity’s importance and role in the work.

18. Apartments used for undercover work should not be visible
from higher apartments in order not to expose the nature of
the work.

19. In a newer apartment, avoid talking loud because
prefabricated ceilings and walls [used in the apartments]
do not have the same thickness as those in old ones.

20. It is necessary to have at hand documents supporting the
undercover [member]. In the case of a physician, there
should be an actual medical diploma, membership in the
[medical] union, the government permit, and the rest of the
routine procedures known in that country.

21. The cover should blend well [with the environment]. For
example, selecting a doctor’s clinic in an area where there
are clinics, or in a location suitable for it.

22. The cover of those who frequent the location should match
the cover of that location. For example, a common laborer
should not enter a fancy hotel because that would be
suspicious and draw attention.

[Item 1 is practical--sleepers don't want to have to keep renting new places and moving, since moving entails risk (exposure of operational materials such as guns, explosives, identity documents, etc.). Advanced knowledge of the rough parameters of the operational requirements are necessary though; the mention of 'fugitives' implies that not all sleeper operations would be martyrdom operations. Item 2 is curious from a U.S. perspective--there isn't a lot of digging related to apartments, so this is a reminder that most of this preparation is non-U.S. oriented, another reason why, for example, the 11Sept2001 cell members kept to themselves, they may have felt inadequately or inappropriately prepared. Escape and evasion is cat-and-mouse in three dimensions; going up during an escape may be more valuable an option than immediate egress on the ground floor. Item 3 best requires a bit of remodeling--placing secure items inside walls (generally behind plumbing, which throws off metal detectors), but in cities with higher crime rates, more obvious security measures would not be considered unusual or attract notice. Item 4 connects with item 2 (another example of how the document wasn't 'rationalized' by a careful author or editor), and demonstrates again that the orientation of the training is decreasingly effective in 'advanced' countries where law enforcement and military tactics prepare for such things. Item 5 is operational security through compartmentalization. Items 6 through 8 connect to a critical trait of sleep agents: pretexting. Plausability is critical in all activities. The location needs to 'match' the cover identity (large, well-furnished, well-located apartments wouldn't fit well with a 'starving student' cover identity). Remote locations make observation of a location more difficult (observers may well be obvious) but also make operating more difficult on the cell members (their activities are also more obvious, there is less 'cover and conceal' to their benefit), so the recommended trade-off is avoiding seclusion. In large urban settings there is rarely a 'suspicious time,' but in circumstances where cover identity is critical, timing is important (it wouldn't do for a day-laborer to be around the house during working hours without a pretext, a reason, an excuse); in non-U.S. countries, there are also curfews imposed and which would need to generally be abided by. Holding the pretext together--appropriate identity corresponding to appropriate location--is reinforced, but again with an admonition to use non-moslem identities. Item 8 would best apply in countries outside the Middle East, particularly where moslem appearance would be less common, and thus a point of profiling for law enforcement. Item 9 is an issue of operational security, because multiple rentals would raise suspicions. Item 10 is another curious point--operational security would be compromised if the 'sanctuary' was known to the local security apparatus, but how would the Al-Qaida cell members know? Avoiding locations of 'prior Jihad activities' by their own organization, or known in the public domain, is certainly a good idea. Avoiding locations of 'immoral' activity is mixed--criminal activities mean that people largely tend to mind their business, there's a high transient population, etc. The downside is that such areas are generally under greater scrutiny by law enforcement, and neighbors may be informers or perhaps be raided for their own criminal activities (where they will generally attempt to bargain away everyone they know to save themselves). It would be interesting to hear the rationale for item 11--is the concern heightened security in the area, the greater numbers of law enforcement available, or the possibility that such a location may suffer collateral damage in an attack by some other cell or non-State group? Item 12 connects to item 7, reinforcement showing how a trade-off was decided--greater risk through higher traffic is better than greater risk through easier observation/apprehension. Sleepers need to blend in, and activity is easier to blend with than isolation. Item 13 is further protection for sleepers--there are fewer questions when everyone is a stranger (and prefer to stay that way). Isolation from neighbors is more common in Westernized countries, while the number of 'informers' relating to the age of an area is distinctly non-Western. Items 14 & 15 are operational security--is the location still safe? Preventing exposure of sanctuary by avoiding surveillance or 'tailing' is the 'external' member's responsibility (anyone outside the location); indicating the security of the location by an indicator is the 'internal' member's responsibility (anyone inside the location). Symbolic interaction (coded knocks, etc.) is the transition period from one concern to another. Note the depth of implied activity (continual observation for security) and commitment (not putting other cell members at risk, even at the expense of one's own safety). Item 16 is adherence to a pretext, maintaining the appearances of cover identities. Item 17 is normal security, even for ordinary individuals, who commonly rekey locks or add locks that others may not have keys for (such as the landlord). Item 18 is operational security; normally interior rooms with no windows are used for sensitive activities (device assembly, etc.), or basements when available. Item 19 is simple caution in a modern world, where construction is accomplished as cheaply as possible. Items 20 & 21 are disturbing in implication--use of medical personnel cover. Physicians have respect and greater privileges in most societies, and are rarely the subject of suspicion; additionally, physicians would have access to substances (pharmaceuticals, radiologicals, etc.), be part of 'early responder' teams, and provide other sorts of advantage to sleeper operations. Both items support the necessities of pretexting--have the supporting documentation, blend in appropriately. Item 22 again reinforces pretexting--the concept is clearly a fundamental element in the sleeper's tradecraft for Al-Qaida.]

Source: http://www.justice.gov/ag/manualpart1_2.pdf  (1.1MB)
 
 

                        UK/BM-28 TRANSLATION  

                            FIFTH LESSON  

              MEANS OF COMMUNICATION AND TRANSPORTATION  



                        UK/BM-29 TRANSLATION  

In the name of Allah, the merciful and compassionate  

                       Means of Transportation  

Introduction:  

It is well known that in undercover operations, communication 
is the mainstay of the movement for rapid accomplishment. However,
it is a double-edged sword: It can be to our advantage if we use 
it well and it can be a knife dug into our back if we do not 
consider and take the necessary security measures.


Communication Means:  

The Military Organization in any Islamic group can, with its  
modest capabilities, use the following means: 1. The telephone, 
2. Meeting in-person, 3. Messenger, 4 . Letters, 5. Some modern 
devices, such as the facsimile and wireless [communication].

Communication may be within the county, state, or even the  
country, in which case it is called local communication. When  
it extends expanded between countries, it is then called  
international communication.

Secret Communication is Limited to the Following Types:

Common, standby, alarm

1. Common Communication: It is a communication between two
members of the Organization without being monitored by the
security apparatus opposing the Organization. The common
communication should be done under a certain cover and after
inspecting the surveillance situation [by the enemy].

2. Standby Communication: This replaces common communication
when one of the two parties is unable to communicate with the
other for some reason.

3. Alarm Communication: This is used when the opposing security
apparatus discovers an undercover activity or some undercover
members. Based on this communication, the activity is stopped
for a while, all matters related to the activity are abandoned,
 

                 UK/BM-30 TRANSLATION

and the Organization's members are hidden from the security
personnel.

[This categorization is functional--normal communication, a fall-back mechanism, and a way to signal that there is trouble. Operations security is an ever-present concern, but the tradecraft is not clarified as to how they maintain OPSEC under increasing pressure across the types. Law enforcement and security apparatus are experienced at forcing 'alarm communication' in order to map networks of sleepers; how this is managed is not addressed through other than 'normal' tradecraft. Alarm communication, if it is to occur, would need to be a symbol that takes no explicit communication channel (party A connecting to party B) and fits in the context and pretext of the sleepers. Modern covert networks have taken this into account using the media cycle--part of pre-arrangement in 'negative control' organizations could be that exposure of any cell members (including voluntary exposure--a member that knows they are 'blown') constitutes a signal to 'hunker down.']

Method of Communication Among Members of the Organization:

1. Communication about undercover activity should be done
using a good cover; it should also be quick, explicit, and
pertinent. That is, just for talking only.
 

[This is reinforcement of the need to maintain the pretext of a cover identity. The duration of a communication is related to probability of exposure--much tradecraft has been developed for 'brush-passes' and 'dead-drops' and other mechanisms for minimizing contact duration. Personal communication is very high-risk, but has the advantage of being 'quick, explicit, and pertinent.' It is also interactive, allowing clarification and (most important) certainty. The direct nature of such communication provides direct and indirect risk--identification of sleepers, the risk that one of the parties has turned, etc. but also that such communication could be under surveillance in such a way that doesn't tip off the sleepers.]

2. Prior to contacting his members, the commander of the cell²
should agree with each of them separately (the cell members
should never meet all in one place and should not know one
another) on a manner and means of communication with each other.
Likewise, the chief of the Organization should [use a similar
technique] with the branch commanders.

____________________

[2] Cell or cluster methods should be adopted by the Organization.
It should be composed of many cells whose members do not know one
another, so that if a cell member is caught the other cells would
not be affected, and work would proceed normally.

[Cell structures are 'standard' for non-State opposition forces, for the reasons mentioned--the operational security that the network topology affords. What is not clear is whether organizational cells are structured in a hierarchical network (positive control) or structured into autonomous, heterarchical networks (negative control) where cells are coordinated rather than ordered. Either mechanism enjoys the benefits of compartmentalization for operational security. The tradecraft here implies that while sleeper cells may be autonomous, a command hierarchy is maintained--ultimately perhaps not the best of all possible approaches, but the worst of all possible approaches. Note that a diversity of communication is not explicitly advocated to improve network resiliency; this may increase complexity on commanders, so the trade-off may have been made in decision in favor of simplicity. This is also an explicit assignment of 'roles' in the network--commanders for cells and branch commanders--that tells us a bit more about the Al-Qaida organizational structure. Similarities to drug distribution networks are not coincidental--lessons learned from such organizations have clearly been adopted, through study as well as direct interaction. The core cadre of Al-Qaida resembles the core of drug trafficking networks, with the associated dedicated support networks and replaceable operational cells (similar to the 'street level' of drug distribution--dealers get arrested or killed regularly, causing 'churn' in the network membership, but the structure itself persists).]

3. A higher-ranking commander determines the type and method
of communication with lower-ranking leaders.
 

[Father, or in this case the commander, knows best. This is clearly a positive control aspect--imposition of an element of tradecraft on a subsidiary, even when the subordinate party/parties may know better (technically, in terms of how it works with the pretext and cover identity, etc.).]

First Means: The Telephone:

Because of significant technological advances, security measures
for monitoring the telephone and broadcasting equipment have
increased. Monitoring may be done by installing a secondary line
or wireless broadcasting device on a telephone that relays the
calls to a remote location...That is why the Organization takes
security measures among its members who use this means of
communication (the telephone).

[There is no good cause to assume, under almost any circumstance, that telephone communication is secure (look up 'semantic forests' on the Internet some time, or U.S. patent 5937422). Message content identification and filtering, traffic analysis, etc. are all highly susceptible to technical means. The tradecraft presented makes an attempt to bring the telephone back into the realm of useful tools.]

1. Communication should be carried out from public places.
One should select telephones that are less suspicious to
the security apparatus and are more difficult to monitor.
It is preferable to use telephones in booths and on main
streets.
 

[Public telephones are no more and no less secure than any other. The rise of mobile telephones (cellular, GSM, etc.) has changed the economics of making public phones available, dramatically reducing the numbers of available phones. Given the high level of criminal activity that is discussed over public phones, the dedication of increasingly powerful technical means to a decreasing number of installed phones is not difficult. The advantage of a 'throw-away' public phone--one use, coordinated only shortly before the time needed (and not by technical means, such as a pager or other compromised communication channels)--is probability-dependent, and decreasingly convincing.]

                 UK/BM-31 TRANSLATION

2. Conversation should be coded or in general terms so as not
to alert the person monitoring [the telephone].

[Cryptography takes a message and performs a transformation that obscures the symbols used to communicate (ciphertext looks like noise until decrypted into 'signal'--reader makes right). Coding takes a message and transforms the symbols to obscure meaning. Ciphered communication stands out (unless steganography is utilized, an issue that is discussed in depth in Hunting the Sleepers) amid other 'clear' communication. Coded communications ("How's the weather?" "I bought a Rottweiler puppy.") can blend into other communication without much notice if structured correctly. The drawback is that codes must be pre-arranged, because the symbol-to-meaning mapping is arbitrarily rearranged, the strength of the coding system. Good coding systems, tailored to the purpose and to the pretext of a sleeper's cover identity, can evade detection as effectively as, or more than steganography/cryptography combinations. Note also the assumption of monitoring--tradecraft oriented at remaining functional even under intense scrutiny appears to be intended.]

3. Periodically examining the telephone wire and the receiver.

[A bit naive, but probably useful in establishing a certain sense of paranoia (or perhaps counterproductive: "nothing appears visible, so it must be safe"). Monitoring equipment can pick up emissions, be installed at a relay or switching center, or any number of ways that remain undetected. Any trust in a telephone is misplaced.]

4. Telephone numbers should be memorized and not recorded. If
the brother has to write them, he should do so using a code
so they do not appear as telephone numbers (figures from a
shopping list, etc.)

[Memorization, particularly of infrequently used numbers, is a difficult proposition. The coding mechanism recommended is unusual to say the least--play with it for a moment and see if you come up with anything satisfactory; even mapping numbers to grocery items becomes problematic with repeated numbers ("apples, oranges, apples, apples...").]

5. The telephone caller and person called should mention some
words or sentences prior to bringing up the intended
subject. The brother who is calling may misdial one of the
digits and actually call someone else. The person ‘called
may claim that the call is for him, and the calling brother
may start telling him work-related issues and reveal many
things because of a minor error.

[A conversational coded boundary--handshaking to authenticate communicating parties prior to message passing. Signs and countersigns must be contextually appropriate. Consistent coding mechanisms such as this are susceptible to analysis with an adequate body of source material.]

6. In telephone conversations about undercover work, the voice
should be changed and distorted.

[Like many elements of the tradecraft in this manual, this one has me shaking my head in wonder and disbelief. If the conversation is not being monitored, this is ridiculous. If the conversation is being monitored 'casually' (not fully aware of the affiliation of the sleepers), then this sort of thing will only attract more intense scrutiny. If the conversation is already under intense scrutiny, most efforts to 'change' or 'distort' a voice fall to technical analysis (whispering can, however, provide some temporary protection), and other technical means (traceback and traffic analysis) will increase network vulnerability. Additionally, there are few good pretexts or cover identities that can justify this behavior, or possession of good technical equipment. If coding fails, cryptography should be the next resort, not this sort of thing.]

7. When feasible, it is preferable to change telephone lines
to allow direct access to local and international calls.
That and proper cover facilitate communications and provide
security protection not available when the central
telephone station in the presence of many employees is
used.

[Clearly a non-U.S.-oriented bit of advice. Use by Al-Qaida leadership of satellite phone systems was obviously an attempt to utilize the best in communications technology and avoid 'local' issues such as these. Note that proper cover, a good pretext, and a well-designed coding system wouldn't require privacy to remain an effective mechanism for communication.]

8. When a telephone [line] is identified [by the security
apparatus], the command and all parties who were using it
should be notified as soon as possible in order to take
appropriate measures.

[The implication here is specific intelligence acquired by some form of penetration of local law enforcement or security. Again, Al-Qaida sleepers may be tasked to penetrate law enforcement, intelligence, military, and political hierarchies of hostile State powers. Such penetrations may also be through technical means, through intelligence sharing with other non-State actors or State sponsors, or various counter-intelligence approaches.]

9. When the command is certain that a particular telephone
[line] is being monitored, it can exploit it by providing
information that misleads the enemy and benefits the work
plan.

[A classic disinformation approach, but such attempts to run deception operations need greater than normal operations security. This approach may also be used to test security of potentially compromised communication paths--give up a small benefit to the enemy that is listening in order to gain certainty regarding compromised communications as well as cell members and those they've been in contact with.]
 

                 UK/BM-32 TRANSLATION

10. If the Organization manages to obtain jamming devices, it
should use them immediately.

[It is unclear what is intended by 'jamming' devices, since jamming would provide little advantage while at the same time exposing a capability, and indicating the hostile nature of organization personnel. As discussed earlier, cryptography (turning 'signal' into 'noise' and back again) would provide potential security, steganography would conceal the fact that some sorts of ciphered traffic was being exchanged (data traffic), but still make traffic analysis an issue (tradecraft that provides an end-to-end approach is discussed in Hunting the Sleepers). What is clear through the language however is that any means or methods that become available to improve communication security will be adopted.]

Second Means: Meeting in-person:

This is direct communication between the commander and a member
of the Organization. During the meeting the following are
accomplished:

1. Information exchange, 2. Giving orders and instructions, 3 .
Financing, 4. Member follow-up

[This sort of meeting is clearly not internal to an operational cell, but instead between the commander of a cell and the 'branch commanders.' Such individuals should have greater training and experience; they also face greater risks, being valuable sources of information if apprehended. Information exchange is bidirectional, while orders and instructions are hierarchically imposed (top-down). Financing would generally mean delivery of information or identification necessary to tap into Al-Qaida's financial network through a cut-out mechanism; while cash provides the greatest flexibility, it also generates suspicion when relied upon too heavily in the conventional economy. Member follow-up implies two organizational functions--review of performance and other issues regarding cell members, and feedback from cell members to the organization. This latter element is unusual, and again distinguishes Al-Qaida from 'normal' non-State actors; hierarchical, top-down networks are generally loath to take operational suggestions or comments from cells, but Al-Qaida has a history of undertaking cell-suggested operations, as well as using cells to acquire or generate new approaches for a learning/evolving organization.]

Stages of the In-Person Meeting:

A. Before the meeting, B. The meeting [itself], C. After the
meeting

[This is an elaborate discussion of operational security tradecraft to protect the safety and security of sleepers participating in a personal meeting. Given the risks, and the potential information such members could provide to law enforcement and security agencies, entering into this level of detail should not be considered unusual. It is, however, quite specific and explicit to the point of losing flexibility.]

A. Before the Meeting:

   The following measures should be taken:

   1. Designating the meeting location, 2. Finding a proper
   cover for the meeting, 3. Specifying the meeting date and
   time, 4. Defining special signals between those who meet.

   1. Identifying the meeting location: If the meeting
   location is stationary, the following matters should be observed:

      i. The location should be far from police
      stations and security centers.

      ii. Ease of transportation to the location.

      iii. Selecting the location prior to the meeting and
      learning all its details.

      iv. If the meeting location is an apartment, it should not
      be the first one, but one somewhere in the middle.

      v. The availability of many roads leading to the meeting
      location. That would provide easy escape in case the
      location ware raided by security personnel.
 

                 UK/BM-33 TRANSLATION

      vi. The location should not be under suspicion (by the
      security [apparatus])

      vii. The apartment where the meeting takes place should be
      on the ground floor, to facilitate escape.

      viii. The ability to detect any surveillance from that
      location.

      ix. When public transportation is used, one should alight
      at some distance from the meeting location and
      continue on foot. In the case of a private vehicle,
      one should park it far away or in a secure place so as
      to be able to maneuver it quickly at any time.

   If the meeting location is not stationary, the following
   matters should be observed:

      i. The meeting location should be at the
      intersection of a large number of main and
      side streets to facilitate entry, exit, and
      escape.

      ii. The meeting location (such as a coffee shop) should
      not have members that might be dealing with the
      security apparatus.

      iii. The meeting should not be held in a crowded place
      because that would allow the security personnel to
      hide and monitor those who meet.

      iv. It is imperative to agree on an alternative location
      for the meeting in case meeting in the first is
      unfeasible. That holds whether the meeting place is
      stationary or not.

   Those who meet in-person should do the following:

      i. Verifying the security situation of the location
      before the meeting.
 

                 UK/BM-34 TRANSLATION

      ii. Ensuring that there are no security personnel behind
      them or at the meeting place.

      iii. Not heading to the location directly.

      iv.  Clothing and appearance should be appropriate for
      the meeting location.

      v. Verifying that private documents carried by the
      brother have appropriate cover.

      vi. Prior to the meeting, designing a security plan that
      specifies what the security personnel would be told in
      case the location were raided by them, and what [the
      brothers] would resort to in dealing with the security
      personnel (fleeing,driving back,...)

   2. Finding a proper cover for the meeting: [The cover]

      i. should blend well with the nature of the location.

      ii. In case they raid the place, the security personnel
      should believe the cover.

      iii. should not arouse the curiosity of those present.

      iv. should match the person's appearance and his financial
      and educational background.

      v. should have documents that support it.

      vi. provide reasons for the two parties' meeting (for
      example, one of the two parties should have proof that
      he is an architect. The other should have documents
      as proof that he is a land owner. The architect has
      produced a construction plan for the land)

   3. Specifying the Meeting Date and Time:

      i. Specifying the hour of the meeting as well as the
      date.
 

                 UK/BM-35 TRANSLATION

      ii. Specifying the time of both parties' arrival ana the
      time of the first party's departure.

      iii. Specifying h o w long the meeting will last.

      iv. Specifying an alternative date and time.

      v. Not allowing a long period of time between making the
      meeting arrangements and the meeting itself.

   4. Designating special signals between those who meet

   If the two individuals meeting know one another's shape and
   appearance, it is sufficient to use a single safety sign.
   [In that case,] the sitting and arriving individuals inform
   each other that there is no enemy surveillance. The sign
   may be keys, beads, a newspaper, or a scarf. The two
   parties would agree on moving it in a special way so as not
   to attract the attention of those present.

   If the two individuals do not know one another, they should
   do the following:

      a. The initial sign for becoming acquainted may be that
      both of them wear a certain type of clothing or carry
      a certain item. These signs should be appropriate for
      the place, easily identified, and meet the purpose.  The
      initial sign for becoming acquainted does not
      [fully] identify one person by another. It does that
      at a rate of 30%.

      b. Safety Signal: It is given by the individual sitting
      in the meeting location to inform the second
      individual that the place is safe. The second person
 

                 UK/BM-36 TRANSLATION

      would reply through signals to inform the first
      that he is not being monitored. The signals are
      agreed upon previously and should not cause
      suspicion.

      c. A second signal for getting acquainted is one in which
      the arriving person uses while sitting down. That
      signal may be a certain clause, a word, a sentence, or
      a gesture agreed upon previously, and should not cause
      suspicion for those who hear it or see it.

[These pre-meeting tradecraft elements could be handled more abstractly by emphasizing: know the location as thoroughly as possible, and have good current intelligence regarding the location; be certain that the location can't be used as a trap, and that multiple escape routes are available; meeting locations should not be suspicious or under observation; personnel should be aware of their security during the approach to the meeting, and not put others at risk; establish a pretext and cover story for the meeting that is plausible, and that is backstopped with documentation and other support; details regarding the meeting should be clear, with a fall-back plan; details should not be communicated with such advance timing that intelligence regarding the location may become dated, or that would allow compromise of the meeting to be achieved; those meeting should follow the tripod of security, and be aware of the other party's arranged "something you are, somthing you have, something you know" (description, something visible as a possession, and signs/counter-signs)--and deviation will be taken as a signal that the situation isn't safe. Note that none of these things guarantees the safety of the meeting, which is why dead-drops have been a preferred method of intelligence tradecraft for decades (at a minimum).]

B. The Stage of the Meeting [itself]: The following measures
should be taken:

   1. Caution during the meeting.

   2. Not acting unnaturally during the meeting in order
   not to raise suspicion.

   3. Not talking with either loud or very low voices
   ([should be] moderate).

   4. Not writing anything that has to do with the meeting.

   5. Agreeing on a security plan in case the enemy raids
   the location.

[While standard points, item 4 is particularly interesting--it means that either organizational control remains local, or that messenger service (by individuals with very good memories) to provide reports to the core cadre are the preferred method of organizational management. This also puts the organizational memory literally in perishable form with the individuals carrying it in their memory--the organization cannot easily get an economy of scale in 'lessons learned' from its own functions. In addition, network segments 'knocked out' for one reason or another either need an alternative communication channel to reestablish contact with the organization, or they are cut off until positive control can be reestablished from the core cadre.]

C. After the Meeting: The following measures should be taken:

   1. Not departing together, but each one separately.

   2. Not heading directly to the main road but through
   secondary ones.

   3. Not leaving anything in the meeting place that might
   indicate the identity or nature of those who met.

[Operational security to minimize the 'back-trail' in the event suspicion is aroused or hostile parties attempt to backtrail.]

Meeting in-person has disadvantages, such as:

   1. Allowing the enemy to capture those who are meeting.

   2. Allowing them [the enemy] to take pictures of those
   who are meeting, record their conversation, and gather
   evidence against them.
 

                 UK/BM-37 TRANSLATION

   3. Revealing the appearance of the commander to the other
   person. However, that may be avoided by taking the
   previously mentioned measures such as disguising
   himself well and changing his appearance (glasses,
   wig, etc.)

[The organization clearly understands the hazards that meetings entail, which is why it is curious that telephone and meetings are the first two elements of communication discussed. Both telephone and in-person meetings afford an immediacy missing in the next communication channels. The trade-off is the opportunity to improve security of communication in exchange for the limitations of asynchronous messaging.]

Third Means: The Messenger:

This is an intermediary between the sender and the receiver.

The messenger should possess all characteristics mentioned in
the first chapter regarding the Military Organization’smember.

These are the security measures that a messenger should take:

   1. Knowledge of the person to whom he will deliver the
   message.

   2. Agreement on special signals, exact date, and specific time.

   3. Selecting a public street or place that does not raise suspicion.

   4. Going through a secondary road that does not have
   check points.

   5. Using public transportation (train,bus,...) and disembarking
   before the main station. Likewise, embarking should not be done
   at the main station either, where there are a lot of security
   personnel and informants.

   6. Complete knowledge of the location to which he is
   going.

[Messengers have explicit roles in these sorts of distributed networks (see more on network analysis in Hunting the Sleepers), and the unique nature of these roles (knowledge of various cells' membership, locations, contact protocols, messages exchanged, etc.) makes these individuals a much greater risk to the organization. Selection for commitment and discipline of these individuals, then giving them the best possible training and cover identities, provides the only possible protection for the organization. The personal nature of the core cadre of Al-Qaida means they trust messengers more than other means for critical communication.]

Fourth Means: Letters:

This means (letters)may be used as a method of communication
 

                 UK/BM-38 TRANSLATION

between members and the Organization provided that the following
security measures are taken:

[Any form of communication with 'permanence' poses a greater risk; verbal communication, without audio recording or note taking, is 'spot' communication--it occurs, and then it's gone. If some sort of preparation isn't taken to 'capture' a spot communication, the ephemeral nature of it provides security for the involved parties. Channels that leave or actually are a persistent record are inherently less secure--relying on 'access control' for security (which doesn't work--penetration or boundary violation is a matter of 'when' and not 'if').]

   1. It is forbidden to write any secret information in
   the letter. If one must do so, the writing should be
   done in general terms.

['General terms' or coded terms? A robustly constructed coded system need not be interactive, it should account for 'stand-alone' communication channels.]

   2. The letter should not be mailed from a post office
   close to the sender's residence, but from a distant
   one.

[The 11Sept2001 cells were known to have driven for hours to accomplish unknown or mundane tasks; distance between sanctuary locations and operational activities improves security for the sanctuary and the operation, but does pose a risk during the travel period (see the extensive tradecraft discussion by Al-Qaida for transportation below, including the highly suspicious activity of obeying local traffic regulations).]

   3. The letter should not be sent directly to the
   receiver's address but to an inconspicuous location
   where there are many workers from your country.
   Afterwards, the letter will be forwarded to the
   intended receiver. (This is regarding the overseas-
   bound letter).

[This use of a cut-out that blends into the context is not unusual, but it does interpose another point of failure into the communication channel. Note the pretext of 'many workers from your country'--foreign labor that repatriates money from 'overseas' is common, and a foundation for many Islamic banks (the 'float' is incredibly useful to the financial institution; BCCI utilized this cultural aspect with good effect). Use of the mobile foreign labor pools (particularly into countries such as Saudi Arabia) for cover is an effective piece of tradecraft--such individuals are common, ubiquitous, essentially faceless, and have access to the nexus points of the political economies. This means of infiltrating assets is a clever 'ontological judo'--using the opponent's strength against themselves. The 'wealthiest' of Islamic countries are the most dependent on imported labor--the regimes most considered corrupt by Al-Qaida are also the ones that make themselves the most vulnerable. This may be an indicator where the 'tens of thousands' trained in Al-Qaida camps have gone to.]

   4. The sender's name and address on the envelope should
   be fictitious. In case the letters and their contents
   are discovered, the security apparatus would not be
   able to determine his [the sender's] name and address.

[Is it worth calling this piece of common sense 'tradecraft'? Would Al-Qaida use individual operators without the good sense to falsify a return address? Breaking tradecraft is considered to be a 'slick, paved road to Hell' in the intelligence community, but even seasoned professionals break the rules, get sloppy, get lazy--this may be a reminder to adhere to tradecraft, even in the smallest of things.]

   5. The envelope should not be transparent so as to reveal
   the letter inside.

[More common sense--even concerned ordinary individuals use 'safety envelopes.']

   6. The enclosed pages should not be many, so as not to
   raise suspicion.

[This would also cause a postage problem, making it necessary to enter a post office for proper postage (leaving a trail) or guessing as to the proper postage and using numerous stamps (raising suspicions about the letter--a key point in the 'profile' of questionable mail now used in screening).]

   7. The receiver's address should be written clearly so
   that the letter would not be returned.

[Returned, if item 4 is adhered to, to a non-existent address--either raising suspicions or leaving the letter in postal limbo.]

   8. Paying the post office box fees should not be
   forgotten.

[Obviously so that one can continue to receive mail. Most mail receiving services (including the U.S. postal service) will notify patrons regarding due box fees, so this may indicate infrequent access to box--a strong possibility if such boxes are located at some distance from the sleeper's sanctuary.]

[These items are worth considering in light of the 'anthrax letters' mailed in the U.S. The letters themselves did not indicate responsibility, origin of the anthrax, or other 'secret' information. It is highly probable that the post office was chosen for its remoteness from the slee