ABC: Suspected Paris attacker
terrorist Salah Abdeslam allegedly told interrogators he was planning new operations and “was ready to restart something from Brussels,” Belgium’s foreign minister Didier Reynders said today.
At a security conference in Brussels Reynders said Abdeslam’s apparent claim “may be the reality.”
Reynders added that investigators have “found a lot of weapons” and “have seen a new network of people around him [Abdeslam] in Brussels.”
“We have found more than 30 people involved in the terrorist attacks in Paris, but we are sure that there are others,” Reynders said. He is being held in the maximum-security area of the Bruges prison.
NYT: Investigators found crates’ worth of disposable cellphones, meticulously scoured of email data. All around Paris, they found traces of improved bomb-making materials. And they began piecing together a multilayered terrorist attack that evaded detection until much too late.
In the immediate aftermath of the Paris terror attacks on Nov. 13, French investigators came face to face with the reality that they had missed earlier signs that the Islamic State was building the machinery to mount sustained terrorist strikes in Europe.
Now, the arrest in Belgium on Friday of Salah Abdeslam, who officials say was the logistics chief for the
Paris attacks, offers a crucial opportunity to address the many unanswered questions surrounding how they were planned. Mr. Abdeslam, who was transferred to the penitentiary complex in Bruges on Saturday, is believed to be the only direct participant in the attacks who is still alive.
Much of what the authorities already know is in a 55-page report compiled in the weeks after the attack by the French antiterrorism police, presented privately to France’s Interior Ministry; a copy was recently obtained by The New York Times. While much about the Paris attacks has been learned from witnesses and others, the report has offered new perspectives about the plot that had not yet been publicized.
The attackers, sent by the Islamic State’s external operations wing, were well versed in a range of terrorism tactics – including making suicide vests and staging coordinated bombings while others led shooting sprees – to hamper the police response, the report shows. They exploited weaknesses in Europe’s border controls to slip in and out undetected, and worked with a high-quality forger in Belgium to acquire false documents.
The scale of the network that supported the attacks, which killed 130 people, has also surprised officials, as President François Hollande of France acknowledged on Friday. As of Saturday, there are 18 people in detention in six countries on suspicion of assisting the attackers.
French officials have repeatedly warned that more strikes are possible, saying security and intelligence officials cannot track all the Europeans traveling to and from Islamic State strongholds in Syria and Iraq. And Western intelligence officials say their working assumption is that additional Islamic State terrorism networks are already in Europe.
The French police report, together with hundreds of pages of interrogation and court records also obtained by The Times, suggest that there are lingering questions about how many others were involved in the terrorist group’s network, how many bomb makers were trained and sent from Syria, and the precise encryption and security procedures that allowed the attackers to evade detection during the three months before they struck.
Taken as a whole, the documents, combined with interviews with officials and witnesses, show the arc of the Islamic State’s growth from a group that was widely viewed as incapable of carrying out large-scale terror assaults. And they suggest that nearly two years of previous, failed attacks overseen by the leader of the Paris assault, Abdelhamid Abaaoud, served as both test runs and initial shots in a new wave of violence the Islamic State leaders have called for in Western Europe and Britain.
Focus on Explosives
Diners first saw the young man pacing back and forth in front of the bistro’s awning on Rue Voltaire. What drew their attention, they told investigators in accounts summarized in the police report, were the bulky layers of clothing he was wearing: an anorak on top of a coat with fur trim, over a vest that could be spotted through gaps in the clothing – excessive even for a chilly November evening.
Just after 9 p.m., he turned and walked into the bistro, past the covered terrace built around a curved bar.
“He turned and looked at the people with a smile,” the French police report said, offering previously unreleased details. “He apologized for any disturbance he had caused. And then he blew himself up.”
He turned out to be Ibrahim Abdeslam, a brother of the man arrested on Friday in Brussels, and his suicide bombing came near the start of a night of carnage that played out at cafes and restaurants, the national soccer stadium and a concert venue.
When the Anti-Criminal Brigade of France’s National Police arrived at the bistro, the Comptoir Voltaire, it found electrical wires in the bomber’s flesh. The wires were still attached to a white object, which in turn was next to a single alkaline 9-volt battery, elements of a detonation mechanism. Officials involved in the investigation say that the residue from the explosive used in the bistro tested positive for a peroxide-based explosive, triacetone triperoxide, or TATP. It has become the signature explosive for Islamic State operations in Europe, and it can be made with common products – hair bleach and nail polish remover – easily found over the counter across Europe.
The French police found traces of the same explosive formulation at each of the places in Paris where the attackers detonated their vests, including three times outside the Stade de France soccer stadium; once at the Comptoir Voltaire bistro; twice in the Bataclan concert hall; and once in an apartment in a Paris suburb. Traces were also found in a rented apartment in Belgium occupied by the terrorists in the weeks before the assault, according to forensic evidence revealed by the country’s prosecutor.
A French police officer looking for gunmen after a restaurant was targeted in the attacks, which killed 130 people and injured hundreds.
Etienne Laurent / European Pressphoto Agency
The reason the terrorist group uses this particular explosive, experts say, is the availability of the ingredients. But creating an effective bomb can be tricky, and its success in setting off bomb after bomb is indicative of the group’s training and skill.
“Their ingredients, when combined, are highly unstable and can explode easily if mishandled,” Peter Bergen, the director of the National Securities Studies Program at the New America Foundation, said during recent congressional testimony. “To make an effective TATP bomb requires real training, which suggests a relatively skilled bomb-maker was involved in the Paris plot, since the terrorists detonated several bombs. It also suggests that there was some kind of bomb factory that, as yet, appears to be undiscovered, because putting together such bombs requires some kind of dedicated space.”
Since late 2013, records show, Islamic State fighters have been training to make and use TATP in Europe. The first aborted attempt was in February 2014, when Ibrahim Boudina, a French citizen who had trained in Syria with the group that was about to become the Islamic State, was arrested in the resort city of Cannes, according to his sealed court file that was obtained by The Times. In a utility closet on the landing of his family’s apartment block, the police found three Red Bull energy drink cans filled with white TATP powder.
Still, at the time of his arrest he appeared to be struggling with how to set off the charge. In his court file, among several obtained by The New York Times, investigators said he had been conducting Internet searches for phrases like “how to make a detonator.”
Nearly two years later, the police report and officials briefed on the investigation noted the uniformity of the parts in the bombs used by the
ISIS attackers, suggesting a consistent protocol for preparing them.
At the scene of one suicide bombing, at a McDonald’s restaurant about 250 yards from the French national soccer stadium, the police bagged the bomber’s severed arm. The autopsy showed that a piece of string with a flap of adhesive tape at one end, believed to be the detonation cord, was wrapped around the limb. Along with TATP residue, they found electrical wires, a 9-volt battery to drive the detonation, and pieces of metal, including bolts, that had been mounted on the suicide belt as projectiles.Seeking to blend in with the soccer fans, another bomber had been wearing a tracksuit with the logo of the German soccer team Bayern Munich. His severed leg was found still in the tracksuit and, next to him, again, a piece of white string.
A Focus on Carnage
The attacks represented a shift in the Islamic State’s external operations branch that was first publicized in the group’s French-language online magazine, Dar al-Islam, last March.
In the previous small-scale attacks, the Islamic State, much like Al Qaeda before it, had taken aim at symbolic targets, including security installations and establishments with clear links to Israel or Jewish interests, like the Jewish Museum in Brussels. But in an interview published in the online magazine, a senior ISIS operative identified as
Boubaker al-Hakim, described as the godfather of French jihadists, advised his followers to abandon the symbolism: “My advice is to stop looking for specific targets. Hit everyone and everything.”
The attackers in Paris appear to have moved easily between Belgium and France, and in some cases between the Middle East and Europe. At least three were wanted on international arrest warrants before the attacks but were able to travel freely. And security services are constrained by the inability or unwillingness of countries to share intelligence about potential terrorists, for legal, practical and territorial reasons.
“We don’t share information,” said Alain Chouet, a former head of French intelligence. “We even didn’t agree on the translations of people’s names that are in Arabic or Cyrillic, so if someone comes into Europe through Estonia or Denmark, maybe that’s not how we register them in France or Spain.”
All the previous attacks by Islamic State fighters dispatched from Syria had relied on a single mode of operation: a shooting, an explosion or an attempted hostage-taking. In Paris, the attackers set off to do all three, realizing that this way they could overwhelm the country’s emergency response.
That night, the French police were already spread thin by the explosions at the stadium and the beginning of the cafe shootings by the time the terrorists attacked the Bataclan concert hall and took hundreds of people hostage. The police report and new interviews offered extensive details about the siege by survivors.
The headlining band had just started playing to a full house at the Bataclan when witnesses described first noticing a Volkswagen Polo with a Belgian license plate approaching the hall, around 9:40 p.m., the report said.
The lone security guard posted at the concert hall’s main entrance told the police that he had seen people falling around him. He began herding people inside, off the street and directing the panicked concertgoers toward the emergency exits. Before they could get that far, two of the gunmen pushed their way into the main hall, opening fire on the crowd as people hit the ground, lying flat on their stomachs. Those who managed to make it to the emergency exit threw it open, only to come face to face with the third gunman, who was waiting outside. One of the cellphones used by the attackers contained archived images of the Bataclan’s layout, suggesting they had planned their trap carefully, the police report said.
Through the emergency exit, the third and final gunman shot his way in. By then, the report said, people were shoving themselves into every space they could find. One group found refuge in a room used to store sound equipment. Others made it onto the roof. A few sprinted behind the attackers’ backs, managing to slip out.
Spectators were brought on the field at the Stade de France after terrorists detonated explosive vests outside.
Michel Euler / Associated Press
One hostage identified in the police report, David Fritz Goeppinger, who confirmed the account in a telephone interview, described how the gunmen had instructed the captives to sit in front of the closed doors as human shields. “We were their protection in case someone tried to shoot from outside,” he said in the interview.
The attackers seized cellphones from the hostages and tried to use them to get onto the Internet, but data reception was not functioning, Mr. Goeppinger told the police. Their use of hostages’ phones is one of the many details, revealed in the police investigation, pointing to how the Islamic State had refined its tradecraft. Court records and public accounts have detailed how earlier operatives sent to Europe in 2014 and early 2015 made phone calls or sent unencrypted messages that were intercepted, allowing the police to track and disrupt their plots. But the three teams in Paris were comparatively disciplined. They used only new phones that they would then discard, including several activated minutes before the attacks, or phones seized from their victims.
According to the police report and interviews with officials, none of the attackers’ emails or other electronic communications have been found, prompting the authorities to conclude that the group used encryption. What kind of encryption remains unknown, and is among the details that Mr. Abdeslam’s capture could help reveal.
Using their hostages’ phones, the attackers attempted to reach the police, but were initially frustrated by the “Press 1” or “Press 2” menu of options, said a 40-year-old woman whose phone was used by the gunmen, and who was interviewed on Saturday. She spoke on the condition of anonymity because she did not want to draw attention to her ordeal.
After numerous delays, one of the attackers began using a hostage’s cellphone to send text messages to a contact outside. At one point, one of the gunmen turned to a second and said in fluent French, “I haven’t gotten any news yet,” suggesting they were waiting for an update from an accomplice. Then they switched and continued the discussion in Arabic, according to the police report.
At nearly midnight, two hours after they took over the Bataclan, the gunmen began negotiating in earnest with the police.
“We want to talk to someone!” one gunman demanded, then turned to his demands for France to stop military strikes in Syria: “I want you to leave the country. I want you to remove your military. I want a piece of paper signed that proves it!” If not, he threatened, “I’m killing a hostage and throwing him out the window!”
One of the terrorists pulled out a laptop, propping it open against the wall, said the 40-year-old woman. When the laptop powered on, she saw a line of gibberish across the screen: “It was bizarre – he was looking at a bunch of lines, like lines of code. There was no image, no Internet,” she said. Her description matches the look of certain encryption software, which ISIS claims to have used during the Paris attacks.
The tallest of the three attackers was 6 feet 2 inches tall. He had an explosive belt strapped to his body and held a detonator in his hand. At one point, he stepped into the orchestra pit and started playing the xylophone, the whole time “laughing sadistically,” according to witnesses quoted in the report.
They would identity him later from his mug shot: He was Samy Amimour, a former bus driver.
France’s Anti-Criminal Brigade was the first law enforcement team to break through the Bataclan’s doors. The division commander, Guillaume Cardy, and a colleague got in through the main doors and managed to shoot one of the attackers, who was on the stage. Wounded, he detonated his vest, the report said.
The two remaining gunmen returned fire, forcing Commander Cardy to take cover. Members of another Paris police division tried to reach the wounded hostages, but were also forced to take cover, the report said.
Together the police charged the two surviving gunmen, and after a heavy barrage of fire, they killed the second before he could detonate his vest. The third gunman then blew himself up. In the end, it took four elite brigades to stop three gunmen, the report said.
Disposable Phones
As the bodies of the dead were being bagged, the police found a white Samsung phone in a trash can outside the Bataclan.
It had Belgian SIM card that had been in use only since the day before the attack. The phone had called just one other number – belonging to an unidentified user in Belgium. Another new detail from the report showed that the phone’s photo album police found images of the concert hall’s layout, as well as Internet searches for “
fnacspectacles.com,” a website that sells concert tickets; “
bataclan.fr“; and the phrase “Eagles of Death at the Bataclan.”
The phone’s GPS data led investigators eight miles south of the concert hall to the Paris suburb of Alfortville. The address was that of a hotel known as
Appart’City. Two studios were reserved in the name of Salah Abdeslam, the suspect who was arrested on Friday. Along with his brother Ibrahim Abdeslam, investigators say, he appears to have been in charge of logistics for the group.
A still image from a video of the Belgian police arresting Salah Abdeslam, believed to be the logistics chief of the Paris attacks, in Brussels on Friday.
Vtm, via Reuters Tv / Reuters
Everywhere they went, the attackers left behind their throwaway phones, including in Bobigny, at a villa rented in the name of Ibrahim Abdeslam. When the brigade charged with sweeping the location arrived, it found two unused cellphones still inside their boxes.
New phones linked to the assailants at the stadium and the restaurant also showed calls to Belgium in the hours and minutes before the attacks, suggesting a rear base manned by a web of still unidentified accomplices.
Security camera footage showed Bilal Hadfi, the youngest of the assailants, as he paced outside the stadium, talking on a cellphone. The phone was activated less than an hour before he detonated his vest. From 8:41 p.m. until just before he died at 9:28 p.m., the phone was in constant touch with a phone inside the rental car being driven by Mr. Abaaoud. It also repeatedly called a cellphone in Belgium.
Most striking is what was not found on the phones: Not a single email or online chat from the attackers has surfaced so far.
Even though one of the disposable phones was found to have had a Gmail account with the username “yjeanyves1,” the police discovered it was empty, with no messages in the sent or draft folders. It had been created on the afternoon of the attacks from inside the Appart’City budget hotel.
DNA swabs taken at the villa, including on a crouton left behind, helped the authorities determine that at least one of the soccer stadium bombers had stayed there, as had Salah Abdeslam. The other objects the report describes being found there suggest it may have been one of the places where bombs were assembled, including a piece of cloth identical to one found on the remains of one of the bombers, a roll of the same kind of adhesive tape used on the devices, and two pyrotechnic detonators.
Attacker’s Last Stand
As France was plunged into a state of emergency on the night of the attack, the Islamic State’s external operations branch could claim that it had achieved all its goals. Mr. Abaaoud and Salah Abdeslam were still alive. But perhaps that was not part of the plan, because it was then that mistakes appeared, the police report shows.
Mr. Abaaoud’s rental car was last spotted leaving Paris for an industrial area in an eastern suburb. The car was abandoned near the Croix de Chavaux station about 10 p.m. Ten minutes later, a security camera captured footage of two men walking nearby, including one in orange sneakers. During the attacks, the report showed, witnesses and video cameras again and again described orange shoes on an attacker who was identifiable as Mr. Abbaaoud. Starting around that time, police records show that a 26-year-old woman, Hasna Aitboulahcen, began receiving phone calls on her Paris number from callers in Belgium. She was Mr. Abaaoud’s first cousin, according to a close friend who was later questioned by the police and who later talked to French news outlets. Ms. Aitboulahcen was described as being smitten with him for years.
On Nov. 15, she and a friend drove out to a remote spot along the freeway, where Mr. Abaaoud came out of the bushes and joined them, the report said, quoting the account of the friend.
According to the friend’s account to the police, Mr. Abaaoud regaled them with stories about how he had made it to Europe by inserting himself in the stream of migrants fleeing across the Mediterranean. He explained that he was among 90 terrorists who had made it back and who had gone to ground in the French countryside. the friend told the police.
“Abaaoud clearly presented himself as the commander of these 90 kamikazes-in-waiting, and that he had come directly to France in order to avoid the failures they had experienced in the past,” the police said the friend had told them.
Mr. Abaaoud would spend four days and three nights camped in the bushes, while his cousin returned with cake and water. By the friend’s account, Mr. Abaaoud told Ms. Aitboulahcen that he and an associate would carry out further attacks. Ms. Aitboulahcen was sent to buy the men new suits and dress shoes, the report said, bought with the nearly 5,000 euros the Islamic State’s network had sent via Western Union and an informal money exchange network
known as a hawala.
On the night of Nov. 17, Ms. Aitboulahcen secured an apartment in the Saint-Denis suburb of Paris, chosen because the landlord did not require receipts.
The police raided it early the next morning, with Mr. Abaadoud and his cousin inside. The thundering boom of an explosive vest was recorded by television news crews outside.
Inside, the police again found the components used to make the TATP bombs. In addition to other weapons, they found a Herstal pistol with an empty clip, smeared with Mr. Abaaoud’s DNA, suggesting that he had fought to the end.
His body was found on the building’s third floor, and mixed in with his flesh were ball bearings and fragments of plastic. His feet were still in the orange sneakers.
Inside the ruins, the police found several dozen boxes of unused cellphones still in their wrappers. The phones were found throughout the rubble, including in the rooms and stairwell. Others had been ejected during the blast and fell onto the street below.
