Laptop Bombs and Civil Aviation: Terrorism Potentials and Carry On Travel Bans
This Insight in the TRENDS Terrorism Futures Series focuses on the heightened concerns expressed over the smuggling of explosives hidden in laptops by Al Qaeda, and now Islamic State/Daesh, operatives for civil aviation bombing purposes. It will provide an overview of ongoing radical Islamist airliner explosive device targeting approaches and activities, a red team analysis of the terrorism potentials related to the laptop bombing mode of attack, and a short discussion of the laptop (as well as similar sized electronic device) travel bans that have been enacted and are now being considered.
Civil Aviation Bombings
Passenger airliners have been the targets of terrorist bombing attacks for some decades now with Gulf Air Flight 771 crashing into the desert near Abu Dhabi, UAE in September 1983, Air India Flight 182 breaking up after taking off from Montreal, Canada in June 1985, and Pan Am Flight 103 exploding over Lockerbie, Scotland in December 1988 representing some of the earliest and most catastrophic incidents.
While various terrorist groups have engaged or attempted to engage in these forms of attacks, since the mid-1990s Al Qaeda has made a concerted effort to target airliners. This concerted effort is composed of nine incidents directly linked to that organization along with one incident indirectly linked (via Shamil Basayev’s Chechen group). In addition, a relatively recent incident in October 2015 conducted by Daesh has also taken place. These civil aviation explosive device targeting incidents have been undertaken via one of four approaches: checked baggage (or parcel cargo), close to the body, internal body (animal), or carry on item devices—which have been alternatively utilized over time in an attempt to bypass airport screening technologies and protocols.
The final approach—based on using carry on items to hide the bomb—is a predominant one and has taken place in five incidents found in December 1994, January 1995, August 2006, October 2015, and February 2016. The initial three were all liquid explosive based—the first two of which were components of Ramzi Yousef’s Bojinka plot and the later one an Al Qaeda London cell plot. This TTP (Tactic, Technique, and Procedure) has been subsequently neutralized by carry on liquid bans (over a certain amount) and new liquid explosive detection capabilities. The fourth incident—the Russian Metrojet Flight bombing in October 2015 out of Sharm El Sheikh is still shrouded in mystery. It may have involved an explosive placed in a beverage can, but it would have required the Daesh operative to manually toggle the device which would not normally be possible since such a beverage can should not have been allowed through airport security. The fifth carry on items incident targeted Daallo Airlines Flight 159 out of Mogadishu to Djibouti City. In this incident, Abdullahi Abdisalam Borleh, an Al Shabab operative with likely AQAP technical support, detonated a laptop bomb that resulted in a hull breach that killed him and injured two nearby passengers. The aircraft had not reached cruising altitude which likely saved it from destruction and it was able to safely make an emergency landing.
It is this approach utilizing a laptop bomb in February 2016, along with earlier 2014 intelligence relating to AQAP bomb making TTPs shared with the Al Qaeda ‘Khorasan’ component in Syria and finally now unspecified Daesh heightened interest in civil aviation bombings, that has triggered the recent laptop and similar sized electronic devices travel bans on certain international flights.
The major technical decision points, related to smuggling laptop bombs onto passenger airlines, pertains to bypassing contemporary airport screening measures in the areas of explosives detection and laptop forensics and functionality tests. Soft considerations also exist. They include smuggling bomb laden laptops through lower tier airports with inadequate screening technologies, procedures, and practices and using confederates that share the attacker’s ideology or are simply paid off (e.g. the insider threat) to help allow the laptop through security and onto the targeted airliner.
Explosives detection defeat strategies can be focused on either utilizing new and novel forms of explosives that are not in scanner datasets, or utilizing known threat explosives that have had their residue and off-gassing signatures masked so that common swabbing/patching and machine olfaction techniques are neutralized. For terrorist mission requirements, explosive signature masking and/or elimination is preferable as it relies upon the utilization of known and effective explosives rather than attempting to develop new and unproven ones outside of known explosive chemical groupings presently being screened for. Such signature masking and elimination can be attempted to be accomplished by means of clean room-like techniques and the vacuum sealing of explosives, or by using non-porous device skin materials, with acetone and alcohol baths to mask explosive signatures in bomb designs.
Laptop forensics and functionality test defeat focuses on making sure that x-ray imaging (and potentially decay signature sensing) of a laptop will not result in anomaly detection related to its internal components and, if a laptop is turned on, that it will minimally function during an inspection. The intent is to facilitate a ‘contextual narrative’ for the device that airport screeners will accept and thus allow it to pass through their screening procedures. To effectively bypass the x-ray screening hurdle, a terrorist group would be required to take baseline images of a laptop to provide a comparative standard against IED (Improvised Explosive Device) alterations required to turn the computer artifact into a functioning bomb. Laptop selection criteria would be based on ubiquitous business systems that have reasonable cost so as not to stand out while at the same time possess relative bulkiness so that enough internal space exists for alterations to be made without making the laptops non-functioning. Explosive caching focal points would be internal optical drives, though most newer laptops no longer come with them, hard drives, batteries, and void spaces that can be made to appear as functioning components as well as external USB optical drives and other peripherals. The laptop bomb alterations need to be done in such a way that, if a screener asks for the system to be turned on, it must appear to minimally function.
While such airport screening defeat strategies may represent major obstacles for terrorist groups, Al Qaeda affiliates appear to be making progress with their homebrew lab capabilities. More of a concern is the ability of Daesh, until recently, to command more technical resources than any other previous terrorist organization in existence. That entity has possessed the scientific capacity of a city-state with its over two year control of the University of Mosul, one of the largest research centers in the Middle East, as well as satellite, universities in Raqqa, Deir Ezzor, and al-Hassaka Syria. At a minimum, we know that various university facilities in Mosul, as well as in Raqqa, were put on a war footing and used to research and produce weaponry for Daesh.
Additionally, Daesh has had access to airport screening equipment captured from Mosul International Airport (OSM) and potentially from some smaller airports within their earlier territorial footprint in Iraq and Syria. The Mosul airport security equipment manifest is unclear, with an unknown potential number of x-ray machines, metal detectors and/or explosive residue sensors that may have been seized from it’s sole passenger terminal. As of June 2003, a Heimann Hi-Scann 6040TS screening system (if functioning is unknown) was evident in the departures area but there was “no walk-thru detecting equipment” existing at that time. Later information on the airport’s passenger screening capacity is not readily available so what actual screening machinery was seized is unknown. Still, given such a past technical capacity and possible access to some airport screening equipment, the potentials for the increased threat of laptop and related electronic device bombings of civil aviation have now undoubtedly increased.
These developments go a long way to help explain the proactive laptop and electronic device carry on bans enacted and being considered. Such bans are more typically reactive in nature and immediately implemented only after a specific airliner incident related to them has taken place. This logic pertains to the fact that such a long lag time exists from when the initial Al Qaeda Daallo Airlines Flight 159 laptop bombing took place in February 2016. The timing of the present carry on laptop and electronic device travel ban is thus very unusual coming over a year later and thus likely reflects the fact Daesh also now represents a credible laptop bombing threat to civil aviation.
Carry On Laptop and Electronics Travel Bans
The present laptop (as well as similar sized electronic device) travel ban was enacted on 21 March 2017 by the U.S. Department of Homeland Security (DHS). It focuses on items commonly called “large electronic devices”, including devices such as laptops, e-readers, cameras, and anything larger than a typical smartphone. The current ban focuses on aircraft departing from specific airports, on non-stop flights to the USA. Ten international airports are covered, from eight Middle Eastern and North African countries; Egypt, Jordan, Kuwait, Morocco, Qatar, Saudi Arabia, Turkey, and the United Arab Emirates. These airports are geographically clustered in the primary Daesh areas of regional operation in Iraq, Syria, and Libya. Additionally, AQAP (Al Qaeda in the Arabian Peninsula) and Al Qaeda Khorasan group elements in Syria and Iraq also possess operational capacity potentials in many of the nations that contain these airports. Of additional note is the fact that “There is no impact on domestic flights in the United States or flights departing the United States. Electronic devices will continue to be allowed on all flights originating in the United States”.
The United Kingdom simultaneously followed suit on 21 March 2017 with a similar laptop and electronic device cabin ban from last point of departure airports in Egypt, Jordan, Lebanon, Tunisia, Turkey, and Saudi Arabia. Banned carry on laptops and electronic devices will be allowed in passenger luggage in airliner cargo bays under both the U.S. and UK new travel protocols, reflecting how much more difficult it is to detonate such IED devices by means of a timer, barometric, GPS, or remote texting initiator as opposed to by those devices carried into the cabin by a terrorist operative. Of note is the fact that Western European nations, such as France and Germany, who are actively being targeted for attack by radical Islamists have not acceded to similar computer device travel bans.
Speculation persists that the laptop and electronic device ban may be expanded by DHS to cover additional specific last point of departure airports into the United States or become a blanket ban affecting all flights into the U.S. or even potentially be mandated for all international flights originating from the U.S. and/or domestic U.S. flights themselves. One recent plan now mentioned may extend the ban from the present 10 international last point of departure airports to as many as 71 of them. Such future determinations are still an unknown but will be based on some sort of cost-benefit analysis related to these increased safety requirements. These will be made in the face of actual incidents, plots, and intelligence related to Al Qaeda affiliate and Daesh activity versus lost business productivity for airline passengers and general security screening line slowdowns as well as revenue losses from a) less monies received from passenger inflight laptop and electronic device internet and movie purchases and b) future flight cancellations from business class and other passengers due to these travel carry on restrictions. Given the secretive nature of the intelligence warnings that have promoted the recent and ongoing laptop and electronic device bans, no determination can be presently made of its efficacy. What is known, however, is that radical Islamist terrorist groups are actively targeting civil aviation and the question regarding the next attack will not be a matter of if, but of when.
 The internal body cavity method using secreted bombs in humans has been utilized for VIP (Very Important Person) assassination attempts but not for airliner bombing purposes as of yet. See Robert J. Bunker and Christopher Flaherty (Primary Authors), Body Cavity Bombers: The New Martyrs—A Terrorism Research Center Book. Bloomington: iUniverse, 2013.