JMB conduit for ISIS in Bangladesh - september, 2016 (ISS RISK)

Intelligent Security Solutions Holding Limited

Room 501, 5/f, Chung Ying Building

20 Connaught Road West

Sheung Wan

Hong Kong Phone: +852 5619 7008

China Phone: +861 3910 9907 39

www.issrisk.com

Copyright Intelligent Security Solutions Limited. All rights reserved. Neither this publication nor any part of it may be reproduced, photocopied, stored in a retrieval system, or transmitted without the express prior consent of Intelligent Security Solutions Limited.

ISS RISK Special Report - The Emergence and Growth of ISIS in Bangladesh:

How the JMB acted as the conduit for the establishment of ISIS in

the South Asian nation and how the model and structures

potentially impact Asia and beyond September, 2016

http://www.issrisk.com/

Intelligent Security Solutions Limited Frontier & Emerging Markets Analysis

Page | 1

Table of Contents

Introduction.............................................................................................................................................. 2

Research methodology ........................................................................................................................... 3

Research findings ................................................................................................................................... 3

Relationship mapping .............................................................................................................................. 5

Observations ........................................................................................................................................... 6

Summary ............................................................................................................................................... 17

Introduction to the Pool Matrix System ................................................................................................. 18

Overview of the command structure ..................................................................................................... 19

Overview of the intelligence structure ................................................................................................... 22


Page | 2

Introduction

Bangladesh has seen a steady increase in radical Islamic terrorism over the past few years,

culminating in several large coordinated attacks in the summer of this year, the Holey Artisan

Bakery attack in Dhaka, Sholakia Eid Day attack and the police raid in Kalyanpur, Dhaka

were larger scale incidents. The attacks resulted in multiple deaths and casualties

demonstrating a patently upward threat trajectory, a trajectory that should have been

acknowledged as evidence that the local groups were no longer simply operating under the

same modus operandi as before.

The government position has been to label the attacks as local or from indigenous groups,

and not ISIS’ and AQ’s despite their claiming of the attacks. So is the government position

accurate, or one of deflection? It would be simpler to merely argue that the government is in

denial and that by laying the blame at the feet of local militant groups they are trying to steer

consensus away from the existence of external terrorism in the country. Is this political folly

or is there something to the government claims?

Both yes and no are the answer, but this is not a sit on the fence answer. The government

technically are correct in claiming that these are actions of home grown groups, however,

they are without question in denial that these groups have no affiliation or relationship with

external global jihadists. Consequently, this report is an examination of the growth of terrorist

groupings in Bangladesh, an attempt to unravel who they are, where they come from and

what the state of play is now and moving forward. The security services have, to date,

achieved a fairly significant degree of success in neutralising ‘some of the cells’ involved.

However, this is where contemporary thinking on organisational structure needs to be

challenged. Understanding the difference to this organisational structure is seminal if one is

to truly understand the current challenge presented by such terrorist groups. A cellular based

approach to understanding the growing threat of Islamic fundamentalism is no longer

adequate. ISS Risk will be challenging this concept within this report and presenting the

model of organisational structure that is emerging and representative of the growing

sophistication of regional, trans-regional and aspiring globalised terrorist groupings: the

‘Pool Matrix’ structure.

The evidence presented in this report, although focused on the events and developments in

Bangladesh, is indicative of the evolution of terrorism networks globally and attempts to

create a different discourse on how to approach and evaluate the organic nature of these

ever morphing and transcendent groups.


Page | 3

Research methodology

We began the project and collation process with the three recent terrorist incidents in

Bangladesh – Holey Artisan Bakery attack in Dhaka, Sholakia Eid Day attack and the police

raid in Kalyanpur, Dhaka. Our initial research identified around 20 terrorists who were found

to be directly involved with these terrorist incidents and most of them were already dead.

We then undertook a thorough open source research on each of these terrorists and

identified their background and most importantly, their terrorist connections. A terrorist X is

assumed to be connected to terrorist Y if our research indicated that X knows Y or vice versa

in a terrorism context. The different scenarios of a terrorist connection are outlined below:

1. Terrorist X and Y have undergone training at the same location or

2. Were known to have been involved in the same terrorist operation or

3. Were residing at the same location prior to a terrorist attack or

4. Were arrested in a single counter-terrorism raid or

5. Were killed during a single counter-terrorism operation or

6. Were indoctrinated in jihadist ideology by the same recruiter at the same location

or

7. Were together involved in terrorist activities like propaganda, recruitment,

terrorist funding etc.

Every new name identified as a terrorist revealed further connections to the initial list of 20

terrorists and were in turn further investigated, their additional terrorist connections once

identified were then added and yet further new terrorist or associates names were identified

and added to the network. In this endeavour, we mostly relied on Bengali language reports

published by Bangladeshi media houses.

The correlation between the various targets lead to the identification of a significant network

which is also clearly identifiably interconnected, and on occasion, isolated ‘pools’. Each shall

be explained in the proceeding sections.

Research findings

After executing this process multiple times for each subject, we were able to identify 223

terrorists and / or suspects who were involved with JMB and / or ISIS in the Bangladeshi

context and were directly or indirectly related to different terrorist attacks in Bangladesh, that


Page | 4

were claimed by ISIS, during the last 12 months. Our research identified suspected terrorists

who were involved in some form or shape with the following incidents:

1. Japanese murder: Murder of Japanese national Kunio Hashi in Rangpur district on 3

October, 2015. Claimed by ISIS. Three terrorists were found to be directly linked to this

incident.

2. Khadem murder: Murder of the caretaker of a shrine in Kaunia upazilla, Rangpur

district on 10 Nov, 2015. Claimed by ISIS. One terrorist was found to be directly linked

to this incident.

3. Shibganj Shia mosque attack: Attack on Shibganj Shia mosque on 27 Nov, 2015.

Claimed by ISIS. Six terrorists were found to be directly linked to this incident.

4. Dhaka attack: Terrorist attack at Holey Artisan bakery in Dhaka on 1 – 2 July, 2016.

Claimed by ISIS. 26 terrorists were found to be directly linked to this incident.

5. Sholakia attack: Attack at Sholakia during Eid Day on 7 July. Blamed on JMB. 15

terrorists were found to be directly linked to this incident.

6. Kalyanpur raid: Police raid at a building in Kalyanpur area of Dhaka on 26 July. The

cell was believed to be a part of JMB/ISIS. 12 terrorists were found to be directly linked

to this incident.

7. Ansar Rajshahi: Police arrested three militants belonging to a new group Ansar

Rajshahi from northern Bangladesh on 14 August. Four terrorists were found to be

directly linked to this incident.

8. Tongi arrest: Police arrested five JMB militants from Tongi on 26 August, including

Canadian national Rasheduzzaman Rose. Five terrorists were found to be directly

linked to this incident.

9. Additional suspects: A further 159 terrorists who were not directly involved in any of

the above terrorist incidents were identified in our research.

Our research also identified 553 connections between the 223 terrorists identified, which

means that of the 223 terrorists, there were at least 553 pairs who knew each other

personally in a terrorism context. Additionally, we identified each terrorist based on his / her

status, as described below:

1. Absconding: The individual is considered a terror suspect and has voluntarily

absconded to avoid the security forces. We identified 64 suspects in this category.


Page | 5

2. Arrested (culpability unknown): The suspect has been arrested, but his / her

culpability in terrorist activities could not be determined from available information. We

identified 12 such individuals.

3. Arrested (direct suspect): The suspect has been arrested by the police and is believed

to be directly involved in terrorist activities. We identified 60 suspects in this category.

4. Arrested (indirect suspect): The suspect is arrested by the police, but his / her

involvement in terrorist activities remains unclear. Eleven such suspects were identified.

5. Killed: Killed during terrorist attack or police raid - 26 such dead terrorists have been

identified.

6. Missing (indirect suspect): The suspect has gone missing, but the police believe that

the suspect is involved in terrorist activities. We identified 19 such suspects.

7. Unknown: The status of the suspect remains unverifiable - 30 such individuals have

been identified.

Relationship mapping

After identifying the above data, we used the information to visually establish connections

between terrorists and involvement of a terrorist to a certain terrorist incident through

network mapping software. We followed the convention outlined below while undertaking the

mapping exercise:

1. Curved edge rectangle: Representing a terrorist, with the name of the terrorist written

over the rectangle. The rectangles are colour-coded based on the status of the

respective terrorist, e.g. red for ‘Killed’, orange for ‘Absconding’ and so on.

2. Diamond: Representing a terrorist incident, with the name of the incident written over

the diamond. The diamonds are colour-coded for each incident, e.g. green for ‘Dhaka

attack’, purple for ‘Sholakia attack’ and so on.

3. Black line: Used between two rectangles (i.e. terrorists) signifying a terrorist connection

between them.

4. Green line: Used between an incident (diamond) and a terrorist (rectangle), signifying

the direct involvement of the terrorist in the incident.

The different terrorist relationship infographics, thus generated, are shown in the subsequent

sections of this report.

The terrorist suspects awarded the status ‘Unknown’, as described in the previous section,

have been given alphanumeric codes from S1 to S30 in the maps, instead of their real


Page | 6

names.

We also geo-located the incidents by plotting the location of each incident on the map of

Bangladesh.

Observations

The various relationship maps thus created are shown below:

Map 1: Basic pool composition

Map 2: Complex pool composition

Map 3: Connections between terrorist

Map 4: Direct involvement of terrorists to incidents

Map 5: Connections between all terrorists and incidents

Map 6: Location of pools


Page | 7

Map 1: Basic pool composition


Page | 8

Map 2: Complex pool composition


Page | 9

Map 3: Connections between terrorist


Page | 10

Around 45 terrorists were found to be isolated from the main network, while four small and

isolated networks of terrorists were also identified. Finally, the remaining, around 160

terrorists, were found to be interlinked to each other through a complex web of

intermediaries.

Key Observations

1. The red [Killed] and blue [Arrested – direct suspect] rectangles have the most number of

connections (as demonstrated by black lines) to other terrorists. So, we can assume that

the Bangladeshi security agencies have been successful in neutralising most of the

highly connected terrorists – from the known network.

2. However, the large number of orange [Absconding] and yellow [Missing – indirect

suspect] isolated rectangles also demonstrate that the security agencies are facing a

very serious intelligence gap in terms of knowing the actual strength and spread of the

terrorist network.

3. We are not claiming that the terrorist network data we are providing represents the entire

terrorism landscape of JMBs’ / ISISs’ supporters in the nation; rather we believe it is only

a small section of the entire network, which is patently more complex, larger and

intertwined. As such, it is safe to assume that the Bangladeshi security agencies have

only ‘touched the tip of the terrorism iceberg’ within their nation and a large number of

jihadists are still roaming free, with the capabilities and the intention of carrying out acts

of terror.

4. The map also shows that Tamim Ahmed Chowdhury (Mr TAC1), the now deceased emir

of ISIS in Bangladesh, was a highly connected person in the Bangladeshi jihadist

landscape. In fact, most of the red rectangles (Killed) are found to be connected to a

large number of other terrorists. A possible explanation of this observation is that the

potential jihadists in Bangladesh have to pass through a lengthy vetting process, during

which they need to prove their ideological commitment. Only the candidates who pass

this screening process are given access to the internal secret activities of the

organisation, including training and operational planning as well as recruitment and

network development. The individuals who take part in any terrorist attacks are quite

senior figures in the organisation (despite some of them being quite young), having been

part of the organisation for a significant period of time, have proved their credibility to the

1 As identified in ISS Risk’s January 2016 Special Report on Bangladesh


Page | 11

cause and in the entire process became acquainted to several other terrorists from the

organisation. The fact that most of the killed terrorists had remained missing for several

months before their respective terrorist incidents, also validate this vetting process

discussed above.


Page | 12

Map 4: Direct involvement of terrorists to incidents


Page | 13

The incidents map above shows a significant degree of compartmentalisation in the sense

that most of the incidents/cells were totally isolated from one another. This is not something

which happened by chance and it is our assessment that the cells were intentionally kept

isolated for operational security, secrecy and to avoid potential infiltration by the security

agencies. Quite a few terrorists were common to the Dhaka and Sholakia attack cells, which

makes it highly likely that both the incidents were carried out by the same terrorist cell.

Mr TAC is found to be directly linked with Dhaka, Sholakia and Kalyanpur incidents. This

signifies that the emir was directly involved in the operational planning of the group in

Bangladesh and as a formally appointed emir of ISIS in Bangladesh, it is highly likely that he

was receiving instructions from the ISIS external operations department in Raqaa, Syria. So,

it is our assessment that the activities carried out in Bangladesh had direct approval from the

ISIS HQ.

Although the previous map demonstrated that most of the incidents / cells are isolated; the

map below also shows that seven out of the eight incidents were actually interconnected

through different terrorist intermediaries. By this, we mean that a network of around 160

terrorists were in common to seven of the eight incidents. It is our assessment that this large

network of 160 terrorists served as the common terrorist pool, which provided the required

support base to all the incidents. While a few members of the pool directly participated in

certain incidents; the other maintained a passive yet significant role in the survival and

operations of the overall terrorist network.


Page | 14

Map 5: Connections between all terrorists and incidents


Page | 15

Map 6: Location of cells

The above map demonstrates the operational presence of the terrorist network in and around the capital Dhaka as well as the

northern and western part of the country. Interestingly, we identified this TAOR of the terrorist group in a report we published in July

2016, where we published the following map, which clearly identifies the three different TAORs of the group.


Page | 16


Page | 17

Summary

The foundations for the infiltration and growth of ISIS in Bangladesh have clearly been laid

for some time. This organisational structure did not just suddenly appear recently. Evidently

significant planning and preparation led to this escalation in the threat trajectory. However,

why so many combat indicators, intelligence indicators and warning signs were either

missed entirely or misread by the authorities and the intelligence and security services is a

central question.

Given the scale of the network and its exponential growth since seemingly 2012 / 13, the red

flags should have been hoisted long ago. One explanation is that the security services and

intelligence agencies were looking in the wrong direction, which is not a criticism, more an

observation and acknowledgement that the complex nature of the network would be difficult

to identify regardless.

The security forces have had a degree of success as stated earlier in neutralising elements

of the pool, however, a significant element remain intact and in play and pose a real and

current risk. One need look no further than the network behind the Paris attacks, the

authorities believed within a matter of weeks they had neutralised that entire group.

Remnants of that same group were behind the Brussels attacks, and ten months following

the Paris attack there are still elements of that group or pool at large, being gradually

rounded up. However it is right to point out at this juncture that in parallel with the capture of

these ‘original’ pool members, with the passage of time one can logically assume that new

elements have been deployed to replenish the depleted ranks. Bangladesh is no different in

this respect; on the contrary, entire pools in Bangladesh seem to still be intact.

The scale of the risk is the unknown quantity here. The network that is slowly being

degraded and dismantled in Bangladesh was and still is extensive. Access to sophisticated

weapons and explosives has been cited as a detriment to their capabilities. We would

counter that by pointing out that they have still managed to inflict mass casualties with even

rudimentary explosives, basic firearms and common everyday implements such as

machetes and knives. If the network identified so far has only been degraded by some 50%

it still leaves a formidable and resilient pool in place. Losing the leader, or Emir, is likely only

a temporary setback for the network, as he will be replaced fairly quickly and one can expect

to see a vigorous escalation of activities again.

Understanding the nature of the structures, command and control, intelligence, modus

operandi will assist in comprehending the scale of the threat and the potential growth and

trajectory of that threat.


Page | 18

Introduction to the Pool Matrix System

The foundations of this structure and modus operandi have been derived from the

application of consilient thinking, essentially, why re-invent the wheel when you can improve

on what you know already works. Thus, a combination of tried and tested structures over

decades stretching across continents, ranging from the cell system, the column system, the

pool system and conventional structures have been meshed together to create a new

resilient and effective structure. This structure is a Pool Matrix System.

In order to escape detection, ‘sleeper pools’ are a significant element of the structure, which

operate independently from their parent organisations, unless involved in a larger operation

requiring greater human and physical resources. Such a system allows for greater covert

activity, particularly given no one except members of a particular pool would be aware of the

chosen target.

In basic terms individual pools can consist of approximately anywhere between 20 - 35

people, however, this will vary from pool to pool due to many factors ranging from local

nuances and geographical location through to the strategic directions and objectives

emanating from the central command and control. In short, each pool will comprise a support

element and an active element. The individual members of each pool, regardless of role, are

commanded at local level. Consequently, although the strategic direction will come from

higher up in the system, the pools effectively have autonomy.

This benefits the terrorists in several ways. Firstly, the requirement for a detectable

communications channel is greatly limited. Secondly, logistical support is an internal

consideration and responsibility of the pool, therefore movement and transportation and

acquisition of materials is strictly controlled to effectively reduce combat indicators and

minimise potential traces. Thirdly, the possibility of infiltration is greatly reduced and made

much more difficult.

On a command level it is very simple to replace the current commander, for whatever

reason, with another member of the active element. Likewise, it is very easy to replace an

active member with a support member should the need arise. These are just some examples

of primary strengths on a local level that combine to give added strength to the overall

structure and modus operandi.


Page | 19

Overview of the command structure

Localised pool commands

As outlined, the local pool consists of a variable number of members, one of whom is drawn

as the commander with the remainder subordinate to him. The pool is further sub-divided

into active and support. The pool will operate and conduct operations within its area of

existence. The operations will be compatible to the size of the pool and human and logistical

resources at its disposal. This makes the ‘pools’ existence manageable and very controlled

on a primary level and accountable on a higher level, or levels.

Regional pool commands

This comprises the local, individual pools within a given or predetermined geographical

region. The command element will consist of the commanders of the local pools drawn

together. One local commander will assume the role of commander of the regional pool.


Page | 20

Subsequently he has greatly increased powers of command and access to significantly

enhanced human and logistical resources. This is similar to the concept of ‘Step Up

Command’ employed by conventional armies.

Combined regional pool commands

This element comprises the integration and ‘Pooling’ of several regional pools within a given

or predetermined geographical locality. Again, the same principle as above applies in

respect of command allocation and ‘Step Up’. It should be highlighted that the entire

command element do not need to be fully involved in planning and preparation of attacks at

this level, only those to whom it is relevant or required from the operational areas or target

area. Moreover, geographically a much greater area of operation is now created; obviously

the human and logistical resources are greatly increased. Perhaps most importantly

information about the nature of an operation is greatly controlled and even traceable.


Page | 21

Combined inter-regional pool commands

The next level comprises the command and control elements representative of a ‘pooling’ of

combined regional pools. The scope of the combined inter-regional pool command could

effectively encompass an entire country or province / state / county. Evidently it goes without

saying that all resources are maximised to their fullest capacity. Again only the necessary

command elements are pooled for specific operations with a single regional commander

taking control and all others remaining subordinate to him.


Page | 22

Overview of the intelligence structure

Localised pool intelligence

Gathering and collation of information is tasked to the support element. This is done on an

individual basis and specific in nature, i.e. one support member tasked to gather information

on security procedures at an airport within a specific time bracket. A second person can be

instructed to gather the same information for a different time bracket. The fact that many of

the support elements will not be either known or even suspected greatly enhances security

by reducing combat indicators.

Moreover, the knowledge of the nature of the task is restricted to the person, commander,

issuing the instructions. He has the resources to detail as many support members as he

determines is necessary to gather ‘bits’ of information without them knowing what is being

planned or who else is gathering information and for what purpose. This also considerably

reduces possible security compromises and leakages. Furthermore, should information be

leaked, then given the specific nature of the individual tasking’s then it is quite easily

traceable to a specific person, thereby further increasing security.

For smaller, localised operations this method is ideal as local knowledge can be exploited on

top of new information gathered. However, at the ‘inter pool’ and ‘regional pool’ and

‘combined regional pool’ levels intelligence liaison becomes much more complex when

operations are more ambitious and involve more in-depth planning, intelligence gathering

and numerical increments of active participants.

Regional pool intelligence

As previously outlined an increase in scale of operations requires an increase in active

participants and support elements. This is coordinated and directed at a regional level. The

effect is to enhance operational capabilities and by default an increase in security is

effectively achieved. This is done through the same principle of individual tasking and the

use of double or multiple tasking. The spread of the member base now effectively means

that the degree of information required to be collected by an individual can be minimised,

thereby decreasing an individual’s possible knowledge of the nature of the operation and

enhancing security but at the same time hugely increasing the scale of information that can

be gathered due to increased human resources available.

The information / intelligence gathering can now be spread thinly amongst a larger number

of support elements through the existing command and control chains with the same

principles of bite sized tasking being passed through the pools. This is akin to each person


Page | 23

having only one piece of the ‘jigsaw puzzle’. The commander doing the tasking at regional

level will effectively be the only person with all the pieces of information and each individual

piece of information can be traced to a given support member should there be a security

breach or leak.

Combined regional pool intelligence

This operates on the same, but very much expanded, principle as the combined local pool

structure. Although liaison and co-ordination are now more complex, the increase in the

complexity of co-ordination is largely negated through vastly increased human and logistical

resources.

Delegation of intelligence gathering becomes much more effective, as above, the spread of

the member base now effectively means that the degree of information required to be


Page | 24

collected by an individual can be minimised, thereby decreasing an individual’s possible

knowledge of the nature of the operation and enhancing security. At the same time,

however, hugely increasing the scale of information that can be gathered, due to increased

human resources available, is achieved. The system now becomes even more difficult to

scrutinize and analyse at a counter terrorist / intelligence level.

Combined inter-regional pool intelligence

Yet again, this operates on the same, but very much expanded, principle as the combined

regional pool structure. Liaison and co-ordination are now even more complex, although as

previously the increase in complexity of co-ordination is largely negated through vastly

increased human and logistical resources.

Delegation of intelligence gathering becomes much more effective, as above, the spread of

the support base now effectively means that the degree of information required to be

collected by an individual can be further minimised, thereby decreasing, yet further, an

individual’s possible knowledge of the nature of the operation and enhancing security but at

the same time hugely increasing the scale of information that can be gathered due to

increased human resources available. Combat indicators are now virtually non-existent and

the system now becomes even more difficult to examine and analyse at a counter terrorist /

intelligence level.

News & Politics

JMB conduit for ISIS in Bangladesh - september, 2016 (ISS RISK)