With the UK threat level raised to the highest level of "critical" — meaning more attacks may be imminent — military personnel are being deployed to protect key sites. Police are investigating whether the bomber behind a Tuesday attack in Manchester, England acted alone.
The attack — which left at least 22 people dead and dozens wounded — took place just after 10:30pm local time outside a arena in Manchester, following a concert by American singer Ariana Grande.
Police said a suicide bomber identified as Salman Abedi, 22, set off a homemade bomb packed with nails and other metal bits intended as shrapnel in the foyer. Abedi's 23-year-old brother was arrested on Tuesday. Five more men have been arrested on Wednesday, including Abedi's father and younger brother in Libya. ISIS is claiming responsibility.
Abedi was born in Manchester in 1994 to Libyan-born parents who lived in the Manchester area for at least a decade. They are now believed to be back in Libya. The investigation is reported to be focusing on Abedi’s associations, communications, and movements.
"I think it's very clear that this is a network that we are investigating," police chief Ian Hopkins told reporters on Wednesday. Earlier, British Home Secretary Amber Rudd said Abedi had recently returned from Libya, while French Interior Minister Gerard Collomb said the bomber had links with Islamic State and had probably visited Syria as well.
Following the attack on Tuesday, British Prime Minister Theresa May described it as "cowardly” and “callous” is how in Manchester. Among those killed, at least 12 were children under the age of 16.
"All acts of terrorism are cowardly," she said. "But this attack stands out for its appalling sickening cowardice, deliberately targeting innocent, defenseless children and young people who should have been enjoying one of the most memorable nights of their lives."
The Manchester attack is the deadliest since 52 people were killed in a series of suicide bombings on London's transport system in 2005.
The Cipher Brief’s Leone Lakhani spoke to Michael Leiter, former Director of the National Counterterrorism Center, about the challenges facing investigators in this attack.
The Cipher Brief: Is there anything notably different or unusual about this attack?
Michael Leiter: I don’t think unusual, but we’re seeing the continuation of a trend, which is a pretty careful and thoughtful consideration of not just going after soft targets, but going after the softest elements of targets after some defenses have been hardened. What I mean by that is, look at what happened in Turkey. Look at the attack in Brussels. It’s the use of improvised explosive devices (IEDs) or firearms, just outside of security perimeters, where you still have the large crowds. I think that just reflects continued maturing of tactics here. You don’t have to get through the metal detectors. You can be just beyond them and find huge crowds.
TCB: How troubling is that?
ML: It’s troubling because they’re getting smarter about how to do things, and no matter how much we would like to, you can’t harden everything, every aspect of society. So, we’re really good at protecting those things that we know are targets. But you can’t protect all of the paths and approaches to major public infrastructure, so there will be vulnerabilities. This is true of stadiums, concerts, an airport – but also, simply normal gatherings of people separate from specific infrastructure, like we saw in Nice or the Christmas market in Berlin. And whereas the old school al Qaeda had a vision for going after the hardest targets because that illustrated their aptitude, ISIS sees it quite differently. No need to go after a hard target. Go after a soft target because the psychological aspects of those sorts of targets are probably more meaningful in the public narrative than are proving how adept an organization you are at subverting security.
TCB: At the same time, there is a level of sophistication to this attack. This was not a man in a car, running people over on the side of the street.
ML: That’s certainly right, and it’s hard to know how sophisticated this device was. The death of so many, the wounding of so many suggests that this was much more than a simple black powder device.
There’s a pretty long history in the UK of hydrogen peroxide based explosives. It’s much more difficult to get commercial-grade explosives in the UK. Investigators will quickly know, if they do not already, what the explosive was that was used and the components of the IED. These are forensics. They are routine and will be determined quickly, and that will point to the level of sophistication.
The challenging fear here is that it used to be – 15 years ago – if we saw sophisticated IEDs, it really might have suggested that there was a degree of engagement with people travelling to a safe haven like Pakistan or Afghanistan. Today you can have that level of sophistication without the travel, and that’s due both to the proliferation of bomb-making materials online and also the relative security of communication with commercial encryption.
Ten years ago, against al Qaeda, if people were communicating back to the al Qaeda base, it was very likely we were going to see it. I fear that’s not the case today. We don’t know if there were communications. We don’t know if this person was acting alone, but that’s just it. It won’t surprise me if there were communications that we never find.
TCB: How would the UK counter-intelligence or counterterror be investigating this attack?
ML: The British are as good as anyone in the world. Much of what we have created in the United States is modelled after the UK. They will approach this using their internal service, the security service, using the police. Manchester has a very sophisticated local police force. They will use their signals intelligence, GCHQ [Government Communications Headquarters], and their foreign intelligence Mi6.
Equally important, all of this will be done absolutely hand-in-glove with our own services. The British security service-FBI relationship is one of the tightest in the world. The GCHQ-NSA [National Security Agency] relationship probably is the tightest in the world. So, the British will be doing everything on their end, and we, in turn, will be looking at everything we have. So, it will start with the forensics taken, the identity of the individual. That will go to all of the emails, phones, financials, in-person connections over the past several months, and then they will daisy chain out from there, each of those individuals. They’ll look at all those individuals, all of their electronic footprints, and start to make sure that A, there are no other people plotting, and B, understand the full network that did or did not support this individual.
TCB: Any other thoughts? Anything we’re missing?
ML: Just one piece. Assuming that this is ISIS, this highlights the three characteristics of ISIS that I think are most important, and what they’ve changed from traditional al Qaeda. One is the path to radicalization. It is online, often not in person and it can be extremely rapid with a very, very diverse audience.
Two, operationally. The operational transition is, “Don’t worry about coming to the safe haven. Stay where you are. Pursue attacks where you are. Communicate as little as possible.” That operational change for ISIS has made it vastly more successful than al Qaeda was. Third, simply because of those two prior pieces – the pace and scale of radicalization, the pace and approach to operations – you have a volume problem.
The volume problem existed, in part, during the al Qaeda days. The UK officials had challenges tracking all their Pakistani populations, their South Asian populations but nothing matches the volume that officials in the UK, France, Belgium, The Netherlands, and to some extent the United States face today. Security services have to make very, very tough choices about who they can continue to follow, because they can’t follow them all. It will be the rare exception, going forward, that any individual involved in an attack has not previously come up on the radar. The problem is you can’t track every target to culmination. You have to make tough calls, and not all those tough calls will prove to be the right one.