Why Hasn't ISIS Successfully Attacked The US? Effective Intelligence Sharing, But Lone Wolf Attacks Remain A Threat

The terrorist attacks in Paris Friday night put the Western world on high alert, but it also raised a critical question: Why France again? The U.S. is the highest-profile target for the Islamic State group, and the most frequent target of its threats. So why haven't we seen a full-scale attack anywhere in the U.S. like the one perpetrated on Paris?

In January, the extremist group made a direct threat to the people of America: “Soon we will be in direct confrontation, and the sons of Islam have prepared for such a day. So watch, for we are with you, watching.” On Monday, the group repeated its threat -- this time even more explicitly: "As we struck France in the center of its abode in Paris, then we swear that we will strike America at its center in Washington.”

And yet, despite all the rhetoric, the threat of a major attack on U.S. soil remains unfulfilled.

The U.S. has no intelligence secret weapon that France lacks, particularly since that country enacted some of the most draconian surveillance laws of any Western country after the Charlie Hebdo attacks in January, just blocks from the Bataclan concert hall where most of the recent Paris slaughters happened. Rather, experts said, it has managed to effectively share information among national security and law enforcement agencies, something that their European counterparts are not yet doing effectively.

According to Paul Kurtz, CEO of cybersecurity company TruStar and a former member of the White House’s Homeland Security Council, it would be “wrongheaded” to simply say the U.S. has more powerful tools than the French, and following the direct threat made by ISIS against Washington, D.C., on Monday, Kurtz warns about overconfidence. “I don’t think anybody should get cocky about what they have in place,” he told International Business Times.

What the U.S. does have in place is the National Counterterrorism Center, which was born out of the last full-scale terror attack to hit the U.S. “In the wake of 9/11, the U.S. government put in place a very good information-sharing apparatus, to make sure information flowed to all government agencies and down to the local level and local police departments,” Kurtz said.

As the French government has already admitted, the attack succeeded largely because of an “intelligence failure” from European intelligence agencies simply not speaking to each other, a shortcoming highlighted by the German security services failure to flag up a car they'd stopped in Bavaria a week before that was destined for Paris and full of the types of weapons used in Friday’s shootings. Turkey, too, claims it told French authorities not once but twice -- in December and again in June -- about Ismaël Omar Mostefaï, the 29-year-old French citizen who was identified Sunday as one of the attackers at the Bataclan.

The Challenge Of 'Quieter Networks'

Kurtz agrees, however, that monitoring threats has become more difficult: “I do think the challenges become significant in the ways the bad guys can coordinate and work via social media networks or quieter networks on the Internet.” (Quieter networks is another way of saying encrypted networks.) With French and U.S. authorities claiming that the eight terrorists in Paris communicated with a command-and-control structure in Syria, there's renewed debate over the use of encryption and whether it should be outlawed.

But this debate is somewhat pointless as uncrackable encryption has been with us since the invention of PGP over 20 years ago and cannot simply be reversed. “Encryption exists, it has been invented, it is public knowledge, nothing is going to change that, and if we have uncrackable encryption -- which we do -- it can be used by good people and bad people,” Mikko Hypponen, security expert with F-Secure, told IBT. “And there is nothing you can do to limit that.”

Kurtz described the ever-changing suite of communication tools and channels being utilized by ISIS to coordinate their operations as a game of “whack-a-mole” where as soon as one channel is closed, another one opens up, and the whole cycle begins again with the security services attempting to crack the latest platform of choice for terrorists.

But gaining access to these encrypted channels is not a complete solution. “[Even] if we could have much better insight into encrypted channels, let’s not pretend they are going to say 'We’re going to attack the stadium at 7 p.m. in Paris’, the bad guys still use code words, even in encrypted chat they use code words, we saw that around 9/11,” Kurtz added.

There is also a growing campaign to renew the Patriot Act’s Section 215 which allows for sweeping new surveillance powers for the NSA. “I think we need to restore the metadata program, which was part of the Patriot Act,” Republican presidential candidate Jeb Bush said Monday on “Morning Joe” on MSNBC. “I think that was a useful tool to keep us safe and also to protect civil liberties.” Section 215 of the Patriot Act runs out in just under two weeks and the attacks in Paris could see a late effort to get it extended.

Lone Wolves

One of the reasons those seeking to keep Section 215 in place is that despite no major ISIS attack on U.S. soil, there have been attacks carried out by "lone wolves", individuals operating independently of the command structure in the Middle East, and in the U.S. the intelligence service has shown that it has been much more capable of stopping similar efforts by ISIS.

We've seen a number of these “lone wolf”-style attacks against targets in the U.S. in the last six months. They began last May when Elton Simpson and Nadir Soofi launched the first ISIS-inspired attack inside the country, injuring a security guard at the American Freedom Defense Initiative’s “Muhammad Art Exhibit and Cartoon Contest” in Garland, Texas, before turning their guns on themselves.

Counterintuitively, the failure of that attack “inspired people,” according to Karen Greenberg, the director of the Center on National Security at Fordham University. In the weeks after the Garland attack, other young men took up the challenge and plotted to strike in Boston, New York and New Jersey, but police arrested them for allegedly planning ISIS-inspired terror attacks -- and in one case shot one young man dead when he allegedly lunged at a police officer with a knife.

These attacks, or attempted attacks, were amateurish when compared to the highly effective and well-planned operation in Paris on Friday night and owe more to the group’s undoubted skill at spreading its message by manipulating social media than a concerted effort to “strike America.” Many believe that the power of the NSA and the U.S. government’s intelligence infrastructure is what's protecting the country from such an attack, just as David Cameron’s security service has prevented seven terror attacks against the country in the last six months.

But is ISIS really trying to launch a major terrorist attack against the U.S., or is it simply fearmongering. “I don’t think [ISIS attacks] will be a global thing, because unlike other terrorist groups like al Qaeda, Islamic State actually has its own geographical territory,” Nikita Malik, a senior researcher at Quilliam, the London-based think tank that focuses on counter-extremism told IBT. “We need to keep in mind they have created a state which -- in terms of size -- is as big as the United Kingdom."

While the latest attacks may have used encrypted channels for communications, the group is also very active and vocal on more open platforms, particularly Twitter which it used to devastating effect to the radicalize and motivate people around the world, particularly impressionable young men. Monitoring and analyzing the huge amount of this content will be the biggest challenge for the U.S. security apparatus in the coming months and years.

“These are people who are lost souls, who can be converted and radicalized into groups or into lone wolf attacks,” Kurtz warns.