Research A Quantitative Assessment on 26/11 Mumbai Attack using Social Network Analysis

This paper analyses, the terror attacks in Mumbai on November 26, 2008, popularly known as 26/11 terror attacks, as per a mathematical technique known as Social Network Analysis (SNA). This analysis of the behaviour of the ten attackers and their telephonic communications with their handlers in Pakistan even as the attacks were in progress is based on the open source information. Using the SNA technique, we identify the key members, sub-groups, and the interaction among the various members of the group. The analysis gives useful insights into the modus operandi of the terrorists. We have found that a star-type structure of hierarchy prevailed during the attack which means terrorists were well connected through a central node.


Introduction
Over the past few decades, terrorism has become a major threat to international security [1]. In recent years, there have been frequent terrorist attacks around the world. One of the most high profile terror attacks executed by the cadres of the terror group Lashkar-e-Taiba (LeT) on November 26, 2008 in Mumbai, (India), was meticulously planned. It began on November 26 th and ended on November 29 th after an intense operation lasting over sixty hours. The attack was carried out by 10 militants armed with advanced weapons at five prime locations in Mumbai, India's financial capital. Nearly 260 persons, from ten countries, were killed in the attack. The modus operandi of this attack is explicitly described in various reports [2][3][4], and in the report shared by the Indian government [5] with the government of Pakistan. According to the analysis by Raman (2009) [6], the Mumbai terror attack had an anti-India, anti-Israel, anti-Jewish, anti-US and anti-NATO agenda.
A terrorist organisation can be represented as a network using a technique known as Social Network Analysis (SNA) which studies social relationships amongst nodes and ties. In case of a terrorist network, the members are considered as the nodes, and the ties describe the interactive

Journal of Terrorism Research
Volume 2, Issue 2 or collaborative relationships between the pairs of node. There was an increasing interest in the application of SNA for the study of terrorism shortly after the 9/11 attacks on the World Trade Center twin towers in New York [7,8]. In the past few years the techniques of SNA have brought about a paradigm shift in counter terrorism planning and strategies [9,10]. The descriptive and visualisation potential of SNA helps to explain group activities, target selection and motives. Also, new analytical techniques and innovative means to conjoin available data in the network make it a powerful tool for research and ultimately to give inputs for policy makers.
Network analysis is an efficient tool for unravelling the complexities of systems that comprise many interacting elements. SNA helps to answer the following questions [11]: • Who is central node in the network?
• What sub-groups exist in the network?
• What are the patterns of interaction between sub-groups?
• What is the overall structure of the network?
• How does information flow in the network?
The objective of this paper is to present a mathematical assessment of the 26/11 Mumbai terror attack using SNA technique. The paper relies on the information provided by the government of India in their report [5]. The paper is organised as follows: Section 2 gives the background of Mumbai terror attack. Section 3 describes the various social networks that are generally used for terrorism analysis. Also, a description of the parameters of social network analysis is provided. Section 4 discusses the terrorist networking during the Mumbai attack at different levels of occurrence and the information available at the time of incident. The structural organisation of the Mumbai terror attack and the details of planners and trainers behind the attack are given. We use graphical software UCINET to obtain a network for the attack. Section 5 is a summary of the conclusions

The Mumbai Terror Attack: A Brief History
The Mumbai terror attack was executed by the Lashkar-e-Taiba (LeT), a terrorist group based in Pakistan. The LeT was founded in 1987 with the express aim of helping the Mujahideen in Afghanistan and liberating Kashmir from India. The attack was planned well in advance and a Pakistani American David Headley was employed to gather critical information about Mumbaiwhich was later confirmed by Headley's confession in the Chicago case. It has now been revealed that Headley had played a central role in preparing the operation. He visited India many times to scout out targets. Based on the connections we have found in the report [16], the  Ismail Khan was the leader of the group. During the period of the attack the terrorists were in constant touch with their handlers in Pakistan. The Indian intelligence agencies were able to intercept their conversations on mobile and satellite phones as the attacks were in progress.
While the contents of the intercepts are not known, the government of India has revealed the details of who was talking to whom. The attackers killed nearly 260 persons including several foreigners. While the Indian security forces killed 9 out of the 10 attackers, one by the name of

Journal of Terrorism Research
Volume 2, Issue 2 Ajmal Amir Kasab was taken alive and is now awaiting death sentence in a Mumbai jail. His testimony and that of Pakistani American David Headley in the US have been extremely valuable in reconstructing the entire sequence of events and have revealed now just how well planned the attack was. It turns out that the mastermind of the attack, LeT commander Lakhvi, was in Pakistan. During the entire operation lasting over 60 hours, the attackers were in touch with their handlers in Pakistan. Lakhvi and others are being tried in Pakistani courts.

Background of the different kinds of networks
Terrorist network analysis is a difficult undertaking because of the clandestine nature of terrorist groups [12]. These are covert networks where secrecy is the prime concern during the operation. Such networks are structured in such a way as to ensure efficient communication between members without being detected. Explicit theoretical studies have been undertaken on the predictive structure of the covert networks [13][14][15]. These networks are reported to have different formations such as ring, star and path in which the degree of covertness and communication efficiency depend on the connections between the nodes (Fig. 1). The star graph (Fig. 1b) is known as centralised network where all the nodes are connected only through one central node.
On the other hand, the path graph (Fig.1a) is a network with one to one connections. The network shown in Fig 1 (c) is a complete network where all-to-all communication exists. It has maximum density and hence 100 per cent connectivity. The theoretical studies reveal that the path type is optimum in the lower order while star type network is best for balancing efficiency and covertness.

Journal of Terrorism Research
Volume 2, Issue 2 The network for the 9/11 attack was structured using social network analysis [8]. The network was drawn based on information gathered about the 19 hijackers and yields a number of interesting properties. Using measures of centrality, Krebs elucidated the dynamics of the network. The 9/11 network has a path-like structure (Fig. 1a), which is an open and most decentralised network. Interestingly, this is an Al-Qaeda modus operandi, which was confirmed from a Bin Laden video.

An adjacency matrix
The adjacency matrix {aij} in social network analysis is a square matrix with as many rows and columns as there are nodes in the data set. The "elements" or scores in the cells of the matrix record information about the ties between each pair of nodes. If a "tie" is present, i.e. if one node can talk to the other, '1' is entered in a cell; if there is no tie, a zero is entered. The matrix contains the information about the existence or non-existence of a link. Therefore, the adjacency matrix can be defined as a set of numbers, where we assume that there are four nodes in the network and the ties between them are binary numbers. Note that there are no diagonal entries in the matrix as the tie of a node from itself is not considerable.

2 Centrality
Centrality deals with the role of individuals in a network. Several measures of centrality such as 'degree', 'betweenness', 'closeness', and 'eigenvector' can suggest the importance of a node in a network. The degree of a particular node is its number of links; its betweenness is the number of 'geodesics' (shortest paths between any two nodes) passing through it; and its 'closeness' is the sum of all the geodesics between the particular node and every other node in the network. An individual with a high 'degree', for instance, may imply that he is a leader; whereas an individual

Journal of Terrorism Research
Volume 2, Issue 2 with a high 'betweenness' may be a gatekeeper in the network. An eigenvector centrality is the measure of how much a participant interacts with the other "connected" or highly interactive members of the group. This can be useful in providing a snapshot of how group members interact, as the eigenvector scores of different members or subgroups may indicate the degree to which they have formed strong relationships with other influential or active members in the group.

Analysing the Mumbai Attack using Social Network Analysis
It is now known, from various reports available, that 10 ten terrorists were present at the time of incident, whereas three others were simultaneously handling the operation from Pakistan. The names and the locations of these attackers and the handlers are listed in Table 1 and 2.  As mentioned earlier, techniques like SNA can help in the visualisation of a network by using a two-dimension graph, which helps to understand the overall structure of the network. The software we use for the construction of 26/11 network is UCINET which represents, analyses, visualises, and simulates nodes (attackers) and ties (relationships) from the input data. The network thus obtained can help to better understand the whole incident and can shed light on the pattern of interaction.
To start with, we first form the adjacency matrix as defined in section 3.1. From the government of India's report [5], we found that the attackers reportedly used satellite phones and were in frequent contact with their handlers in Pakistan. They received calls from the handlers during the siege to discuss their plans and routes. The phone conversations between these attackers and remote handlers in Pakistan were intercepted by Indian government and are given in the report [5]. The adjacency matrix in Table 3 represents the binary relationships between the attackers and the handlers determined through the contextual background. If we find a conversation was established between the two people, value one is assigned in the matrix, for no conversation the value remains zero (Table 3). Table 3: Connections established between attackers and handlers at the time of incident.
Source: Adapted from information provided by Government of India in Dossier, 2008 [5].
From the collected information it is found that during the attack, 13 terrorists played the major role (as listed in Table 1, 2). Their network is drawn on the basis of their telephonic conversations using software UCINET and depicted in Fig.3. Such graphs are commonly used to visualise which nodes (terrorists) are highly connected. Terrorists are located at equal distances, and nodes that are highly connected are very easy to locate because of the density of lines. The

Journal of Terrorism Research
Volume 2, Issue 2 overall structure looks like a centralised star-type network (Fig. 1b) where Wassi, a handler from Pakistan is the most centrally placed terrorist. The attackers Ismail Khan and Ajmal Kasab are isolated in the network. The density of the network, which is an indicator of connectedness of the network, is found to be 0.22. The limiting value of density is one when all the nodes are connected with each other and zero when all nodes are not connected. In the present study, the value for density is 0.2 attributed to the open structure of this terrorist network. Further, this network (Fig. 3) is divided into three sub-groups, which are coloured to identify which terrorist is a member of which group. Our network analysis reveals that the following sub-groups operated at the time of incident:

4.
Although Ismail Khan was reportedly the leader of the entire group, he got killed at CST and his partner was taken into custody.
To further study the interaction between individuals, degree, closeness, betweenness and eigenvector are evaluated and given in Table 4. These indices are a measure of the centrality of the network and indicate hierarchal prestige, importance and power of individuals. It reveals patterns of interactions and associations and can be helpful for revealing the overall structure of terrorist networks under study. It is found that Wassi with highest value of eigenvector, betweenness , closeness, and degree can be identified to be the most important person in Pakistan who was handling the entire operation. Other important persons were Abu Umer, Hafiz Arshad, Abu Shoaib and Javed.

Journal of Terrorism Research
Volume 2, Issue 2

Summary and Conclusions
SNA can be a powerful tool for understanding the complex nature of terrorist organisations. Even the limited information available from open sources has helped create a fairly clear picture of the details of the terrorist group and its sub-groups. The security agencies, which routinely intercept phone conversations, emails etc. can use SNA techniques to identify the nodes in a complex network and evaluate their importance in the hierarchy. The identification of type of terror networks would provide useful inputs to strengthen counter-terrorism efforts.
However, it must be mentioned that SNA alone would not suffice for unravelling the modus operandi of terrorist networks. Inputs from the traditional methods of analysing terror networks will be required. SNA can help in providing additional insights that may not be available from other methods.