The ‘intelligence alert’: Many hits, some misses and how the system works

The ‘intelligence alert’: Many hits, some misses and how the system works


Before the devastating serial bombings that killed over 250 people in Sri Lanka on Easter, Indian agencies sent as many as three intelligence alerts to Colombo. These had specific details – names of attackers, locations and the plot being hatched – but they were not acted upon.

In the shadowy world of intelligence gathering, the ‘alert’ is a much-abused but vital tool that can make the difference between life and death. Every day, agencies deal with dozens of alerts, with the numbers occasionally crossing into three figures, but the toughest job is to act on them, as shown in Colombo.

India’s multiple intelligence failures include the Pulwama suicide bombing and Mumbai 26/11, but the Multi-Agency Centre within the Intelligence Bureau, which is at the heart of intelligence dissemination, has also had its share of success and has managed to prevent lone-wolf or ISIS-scale attacks within the country.

The Multi-Agency Centre, which is referred to as MAC within the system, was revamped in 2009, after the 26/11 attack, to streamline intelligence gathering and is the nodal body at the Centre for sharing intelligence inputs. The apex body has 24 agencies – from the Research & Analysis Wing (R&AW) and Military Intelligence to the Central Bureau of Investigation and the Enforcement Directorate – that share intelligence on a day-to-day basis.

The intelligence collected is sifted through, classified, collated and shared with law enforcers on the ground. On a typical day, the MAC generates 10-15 alerts but when a big event takes place or in a packed election season, the number of alerts can go up to 100,000 per year.

For counter-terrorism, MAC classifies threats into five theatres – namely Jammu & Kashmir, LWE, North East, Punjab and Hinterland. Its motto is: detect, disrupt, degrade and eventually destroy.

The information shared by agencies is broadly classified into four groups – Category A is considered the “most reliable and credible” and Category B is termed as credible but unable to be corroborated. Each categorisation has further sub-categorisations as well.

“There are several factors that come to play during categorisation of information. Suppose the source is good and his/her earlier information or sets of information have been found to be genuine and authentic, the value of information or intelligence goes up,” a top Intelligence Bureau sleuth explained. At the top level is A1 intelligence, where the information is accurate, generated by more than one source and has identifiers that can make it actionable.

In the months prior to the Pulwama suicide bombing on February 14, MAC shared inputs with the military about a spurt in the training of terror cadres across the border on improvised explosive devices. These inputs ranged from talking about a group of recent recruits that had undergone specialised training to information that attempts were being made locally to produce such explosives. This information was mostly marked in Category B.

However, in December, more specific information came in the ‘next to apex’ A2 level – that Jaish-e-Mohamed’s top bomb maker Abdul Rasheed Ghazi had been sent to train local recruits. While a manhunt was launched, he appears to have succeeded in the mission with the Pulwama strike by a local youth.

Information classified as Category C is unconfirmed, while Category D consists of all sundry and unverified alerts that are processed for future references. Information shared in the B, C and D categories is often used to track a trend or get a lead.

“For any information or intelligence to become actionable, there are five components which are needed. They include: name, place, person, organisation and event,” a home ministry official said.

After analysing the five components, the next challenge for intelligence sleuths is to obtain an identifier such as a telephone number, email ID, passport or voice sample to narrow down the search for a person or a definitive lead that can result in an arrest. This is the most difficult part in sharing of intelligence, when at the ground level, the police is required to leverage the information and finally nab the culprit. This is mostly done at the local or state level, said another official.

Explaining how MAC compiles its alerts, an official added, “Any information/alert received by the MAC control room is immediately filed and followed up with the local authority and SIB. The IB official handling the MAC desk will not only file his report and action taken on the piece of information but will also create a folder within the system for the person who is coming after him to follow.”

The 24-hour monitoring and recording of threats and alerts are then discussed every morning with top brass from the Ministry of Home Affairs, the National Security Advisor, IB and R&AW, among others.

At the state level, there is a subsidiary MAC, which functions in a similar manner. Although the system has been in place since 2002, it got a completely new look in 2009.

MAC meetings to share intelligence are scheduled every working day, with nodal officers of the 24 member-agencies expected to attend.