Boston Marathon Bombing (2013) As a Case Study and Possible Insight Regarding...

Boston Marathon Bombing (2013) As a Case Study and Possible Insight Regarding Planning and Deploying Security Technologies

Image provided by pixabay

This post is also available in: heעברית (Hebrew)

By: Or Shalom, HLS expert

A decade has gone by since the Boston marathon bombing, and there is much insight that can be learnt by analyzing and studying how to characterize and adapt technological abilities and advanced security applications as part of the preparations for terror attack prevention. The embedded abilities in smart city technology, AI and ML can improve performance when working against terror attacks, even in multi-participant events such as marathons, sport Olympics, festivals, etc.

The basic assumptions in this analysis, are based on the possible complexity in detecting and dealing with terror cells or lone suicide bombers. However, an additional assumption is that there are abnormal patterns and deviation from normal and expected behavior vis digital means and OSINT, as well as possible anomalies in detecting on field and in the arena itself. The finding of the many investigations done on this terror attack, carried out by the brothers Tamerlan and Dzhokhar Tsarnaev, showed that the attack was carried out on Boylston street at the finish line, using two bombs that were placed approximately 170 meters apart, killing three people and injuring close to 264 others. This piece of data strengthens the claim that there are irregular pattens of behavior which can be collected and examined via analytics, and in this case set an anomaly in place concerning the connection and divergence of the two elements to two differing directions. Similarly, placing and leaving a bag with no supervision is a deviation from normal behavior, as one of the brothers was seen leaving the event without the bag which he was previously documented carrying. 1

Forensic efforts and evidence collection following the bombing were concluded in four days, as there is quite a few pieces of information and data that could be retrospectively analyzed online. This data, allowed for researchers to led law enforcement to the suspects and their connection to the attack.  As long as analytical capabilities are employed to monitor similarly possible suspicious behavioral patterns, the abilities of the security systems to support the decision making of security teams will improve and lead to better foiling of such events. For example, embracing possible characteristics, as insight from this event and additional similar events, to detect irregular patterns as follows:

  • Cumbersome leg movements that can be seen in security footage where the weight influences movement
  • Opposite flow of movement when compared to the crowd
  • Irregular patterns between connected individuals, such as the separation of the Tsarnaev brothers
  • Loitering around side streets as a possible indication of suspicious behavior
  • Passing of an object between two elements, similarly to the terror attack at Mogadishu Airport in 2016 where a rigged computer was passed between two internal airport workers and led to an explosion of an airplane during flight, etc. 2
  • Demarcation for the purpose of detecting movement in sensitive or problematic areas.

The fact that todays technologies are capable of converting information to text improves analysis capabilities and allows for fast extraction of information using textual queries. This way, the information yielded from a photograph is translated to text (image to text) and allows for further examination of the queries. These abilities improve the speed of information analysis yielded from camera as it is gathered into a few minutes as opposed to watching back all available security footage. That way law enforcement can carry out queries based on colors (apparel and hair color), movement trajectory, hours, license plates, ages, and more.

Furthermore, there is significant advantage to deploy analytical information collecting applications in the OSINT space, routinely, prior to a possible terror attack, during and following. These advanced collection abilities allow for the collection of valuable information yielded from the online meta data which can help point out possible suspects. These processed are not only based on the content of a conversation or a particular action but also on connecting different pieces of information regarding time, location, articles and online posts on social media, cross referencing names throughout different databases in connection to terror activity, terror attacks, etc. These abilities depend on being able to cover vast amounts of information and databases throughout the internet (and commonly the dark web), in collaboration with nations, intelligence agencies and law enforcement, quite the complicated task. This method of action allowed for the retrospective collection of posts and tweets indicating levels of radical thinking following the Boston bombing. These, when cross referenced with a visit of one of the brothers (Tamerlan) in Czechia, was a possible indication for radicalism that could have led the brothers to plan the attack, since the aforementioned visit lasted for approximately six months. An additional significant point of indicative information was that previously in 2011, the Russians turned to the FBI with a request to receive information on Tamerlan as there were existing suspicions of his affiliation with radical Islam and his enlistment into underground forces.

Although there are ethical and legislative limitation (in accordance with the different regulations around the world), there are operative capabilities that allow for the use of queries and cross reference between possible suspects and geographical data. This type of activity can provide additional value during preparations by utilizing advanced technological means (many solutions and abilities are offered today in the HLS market). This information can also be used in supportive roles such as random checkpoints while attempting to create additional venues of security to not depend on technological monitoring alone.

Controlling the crowd during an event and afterwards is also critical. In video footage showcasing the aftermath of the Boston terror attack, you can see the ensuing chaos caused by panic. Today, there are many technological developments based on drone cameras, optic detectors and AI that allow for better crowd control, alert levels of crowd density in real time and direct crowd via indoor and outdoor digital signs. 3

Between all the challenges added during the last few years, there is also a rising demand in dealing with drone operators. We have seen drones being used for nefarious means such as intelligence collection, harassment and defiance such as was the case with the Angela Merkel case. Preparations to deal with these threats must be based on tactical and technological solutions accordingly to the characteristics of the field, communication methods, all while considering safety, etc. During the last few years, technological concepts and research have been tested to improve detection abilities regarding drone operators in close proximity. 4

There are still gaps in commercial performances of available UAV manufactures, the need for close proximity for detection and limitations regarding encryption of communication. Research conducted by the Ben Gurion University, Israel, has suggested an interesting method to collect information of the operator by analyzing the aerial course of the UAV (accordingly to the research, with accuracy of 72%). 5

During the last decade, many technological security abilities were enhanced in light of new vast information processing capabilities, combining AI and ML capabilities allows for better adaption to different situations and analytical abilities. Therefore, examining requirements, environments and threats can provide a better security solution for spot events, infrastructure and critical sites, airports and more.

Or Shalom – Security and cyber expert and consultant to government ministries and defense industries, international business development consultant for companies in the fields of HLS and cyber and leads centers of excellence and advanced training programs in Cyber and HLS for various organizations in the civilian, security, industry, and academic sectors. He holds a master’s degree, as well as civil and national qualifications in the realm of HLS and Cyber Security. He has experience in security, innovation, planning, and characterization of technological security systems, HLS, and Cyber preparedness.

Prepared to dive into the world of futuristic technology? Attend INNOTECH 2023, the international convention and exhibition for cyber, HLS and innovation at Expo, Tel Aviv, on March 29th-30th

Interested in sponsoring / a display booth at the 2023 INNOTECH exhibition? Click here for details!