Identifying Attacker Psychologies and Behaviors in Protective Intelligence and Threat Assessment Investigations

Identifying Attacker Psychologies and Behaviors in Protective Intelligence and Threat Assessment Investigations

Human psychology is complex. It’s a dynamic and sometimes contradictory system. Compounding this problem is the rapid progress of technology and social media, toppling boundaries like never before. In this complicated and fast-evolving setting, how prepared is the intelligence community to identify, assess, and mitigate possible threats before they become realities?

Fortunately, the other side of the coin involves positive aspects. As our scientific understanding of human psychology evolves, so does the intelligence community’s understanding of motives and threat factors previously not accounted for. As technological tools evolve, so do the effectiveness and accuracy of protective intelligence and threat assessment investigations.

To predict specific future violence, a protective intelligence investigation must determine:

Whether an individual has the motive and means to develop or act on an opportunity to attack a protected person. A primary task of the investigator is to gather information, some of which may later be used as evidence, that can be used to determine whether the individual poses a threat to a protected person.”
Protective Intelligence and Threat Assessment Investigations: A Guide for State and Local Law Enforcement Officials, U.S. Department of Justice

In gathering such information, history has repeatedly shown that creating a demographic assessment of the potential attacker would, in most situations, prove to be reductionist. It would be inadequate in understanding the complexities of people’s motivations. Among attackers and attempters are both men and women – some young, some middle-aged, some old, some more educated than others.

When it comes to emotional assessment, U.S. data show that while these threat actors often have histories of social isolation, depression, harassing others, or angry behavior, few were incarcerated in prison before their attack or attempt. Some have turned to suicidal ideation or even a suicide attempt; others had interests in militant or radical ideas. There isn’t a single psychological aspect that fits all.

One should not speak of terrorist psychology in the singular, but rather of terrorist psychologies.”
Jerrold Post, founder of the CIA’s Center for the Analysis of Personality and Political Behavior.

In addition, it would be simplistic – and in most cases, wrong – to assume attackers and attempters are mentally ill. To plan an assassination requires a certain level of rational thinking and organization. While these individuals might not be the model of emotional health, data suggests only a few suffered from clinical mental illnesses that led them to attack.

All that said, potential attackers often resort to similar attack-related behaviors and actions before their attacks. To attack a prominent figure requires one or more of the following steps: research, logistical planning, obtaining weapon(s), studying the security situation, an attack plan, and an escape plan. These are breadcrumbs that can be identified and followed.

Creating a Database and Sharing Information

All across the world, especially in the west, security intelligence services, law enforcement, and counter-terrorism units have greatly expanded their use of technology to be able to “follow the breadcrumbs” and predict specific future attacks. Many agencies now proactively deploy dual-use technologies to ensure local, national, international security and law enforcement. In many countries, there are now separately established government technology centers that support border control and national security.

These centers create databases and share information internally, and externally with one another as needed. This can be crucial in preventing a potential attack, assassination, or kidnap attempt. But sharing information can save lives only if the quality of the information given is good enough and actionable.

This is where advanced technologies such as AI-powered internet monitoring software and computer investigation software can make an impact on the success of the investigation. By continually crawling the endless internet, identifying suspiciously behaving users, and offering location based investigation information, these automated intelligence solutions help identify those breadcrumbs that were seemingly too small, unrelated, or unimportant.

A Systems Approach Can Support the Use of Technology

An attacker rarely operates in full isolation. There’s always a wider context and interactions with others such as friends and family, and other social circles. In some cases, potential attackers interact with community organizations, social services organizations, healthcare facilities, mental care providers, and even the criminal justice system.

Thus, there is, more often than not, a trail of specific interactions such as cyber threats on social media or something as simple as telling a friend. Monitoring the open, deep, and dark web, day in and day out is humanly not possible. This is why many agencies turn to OSINT and SOCMINT tools to identify a potential attacker, their motivations, and attack plan before it’s too late.

Attackers come from all types of backgrounds and have a wide variety of psychologies and motives. It’s their behavioral breadcrumb trail that, when proactively identified by a web investigation platform such as Cobwebs Technologies, can make or break an investigation.