“If you are in the [Major City] arena please be careful! This guy is making claims of a mass shooting!”
— Actual post from November 12, 2023.
If you’re a venue’s chief security officer, security manager, or security director, wouldn’t you want to know about this post?
The threat to large events, and the venues that house them, is all too real.
In April 2013, two brothers planted two homemade bombs, hidden in backpacks, near the finish line of the 117th annual Boston Marathon. The bombing, motivated by United States involvement in Iraq and Afghanistan, killed three people. Hundreds more were injured, including 17 people who lost limbs.[1] It was the first instance of a terrorist attack on a sporting event held on United States soil.[2] Four years later, an extremist Islamic suicide bomber murdered 22 people and injured more than 1,000 in England’s Manchester Arena, immediately following a pop concert.[3]
These attacks vanquished the belief that event protection and venue protection should consist of nothing more than bag checks, pat downs, and strolls through metal detectors. Instead, event security and venue protection processes and measures must quickly adapt to meet evolving threats. Development of holistic security plans can help in this effort.
Open-source intelligence (OSINT) — or intelligence derived from publicly available information and commercially available information — is a vital component of these plans. It can help security professionals better identify threats. Considered a best practice for event security and venue security, its use may become law in some regions. In the United Kingdom, for example, Parliament is now discussing the Terrorism (Protection of Premises) Bill[4], also known as Martyn’s Law. If passed, the bill would require those responsible for securing locations where the public gathers to implement measures designed to mitigate the threat of terrorist attacks. Applying to venues with a capacity as low as 100 persons, the bill would apply more stringent requirements to venues accommodating 800 people or more.[5] These venues include museums, shopping malls, nightclubs, amusement parks, movie theaters, concert halls, stadiums, conference centers, and other spots.
Let’s take a closer look at holistic security plans and the role OSINT plays in them.
Protecting crowds from the most serious threats
Experts say that the most significant threats to large gatherings are those posed by active shooters, and by terrorists — domestic or foreign — planting explosives.[6] These explosives may be carried into or near a venue via an automobile, or they may be carried in by a person.[7] Those committing ideological crimes often target government buildings and gatherings, and, as illustrated by the incidents in Boston and Manchester, large-scale happenings such as concerts or sporting events.
To protect patrons and improve venue safety and security, security professionals should develop a holistic program consisting of:
Risk assessments
Security leaders should conduct risk assessments identifying potential threats and vulnerabilities — considering factors such as crowd size, venue layout, and any history of past incidents. These assessments pinpoint security gaps and ways to overcome them. The political environment — and the role a venue or event may play in it — must also be considered.
What does this mean? Imagine that two 1,000-person events are planned for a mid-size city. One is the state caucus of a major political party. The second is a performance of Vivaldi’s The Four Seasons. The caucus is more likely to attract political extremists than the concert.
Security planning and coordination
Security leadership should establish a multidisciplinary planning team, consisting of security experts, event organizers, local law enforcement, and other stakeholders. Security planning should cover each group’s responsibilities. It should also chart channels of communication for disseminating information among leadership, staff, stakeholders, and attendees.
Emergency response is a significant component of security planning and coordination. Security leaders should establish emergency response protocols for scenarios including medical emergencies, natural disasters, mass shootings, and terrorism. They should conduct drills and exercises to test the effectiveness of emergency procedures and coordinate with local emergency services to ensure proper response.
Physical security
A comprehensive security plan should address the safety of staff, players, entertainers, and patrons, as well as the security of the venue. Access control measures such as perimeter fencing, entry check points, bag checks, and/or clear-bag policies should be implemented. Security personnel should be placed strategically throughout the venue. These personnel should include officers wearing uniforms and/or badges, along with plainclothes security officers and crowd-management teams. The use of K9 dogs trained to find the scent of explosives may be warranted. Surveillance cameras and metal detectors should be used to detect threats and deter bad actors.
Cybersecurity
Cybersecurity protocols should be implemented to protect the venue’s digital infrastructure and information systems from data breaches, ransomware attacks, and other crimes. Network security measures should include firewalls, encryption, and intrusion detection systems. IT staff should be trained in cybersecurity best practices.
Crowd management
Security leadership should develop a crowd-management plan to ensure the safe movement of attendees into the venue, during the event, and when leaving the venue. Signage and barriers should help direct crowd movement and prevent congestion. Security staff should undergo training in crowd control and conflict de-escalation.
Situational awareness
OSINT is critical for the situational awareness needed to protect venues and patrons. It can help identify and analyze the threat environment in near-real time, empowering security personnel to act accordingly.
Learn the basics
Watch our webinar:
From Physical to Digital Security: Take a Holistic Approach to Securing Your Venue
Read our case study
How Babel Street Helps Ensure Safety at Formula 1 Event
Visit our web page:
OSINT and Threat Intelligence Solutions
Read our blog:
Martyn’s Law: Using Babel Street Insights for Threat Awareness and Preparedness
See our customer success story:
Rapid Response Neutralizes Threat to Sporting Event
Using OSINT for situational awareness
The right OSINT solutions can help security professionals identify potential threats in near-real time by monitoring social media, online forums, and news outlets for indications of planned attacks or disruptive behavior targeting specific events or venues.
Take mass shooters as an example. We know that these criminals tend to announce their intentions online.[8] Before murdering 10 Black people at a Tops Friendly supermarket in Buffalo, N.Y, the white supremacist shooter announced his plans in his Discord journal.[9] Before killing 23 people at a Texas Walmart in 2019, the murderer declared his intentions in a manifesto posted to social media.[10] Mass shooters even interact with social media during commission of their crimes. In 2019, a gunman in Christchurch, New Zealand, murdered 50 people as they prayed in their mosques. He wore a head-mounted camera to live-stream the shootings to Facebook, pausing at times to narrate the horrors.[11]
These posts are blunt, unmistakable in their intent. OSINT solutions can detect them. But social media monitoring can also help venue security personnel find more subtle indications of the potential for violence. Online, a forger may advertise fake credentials for sale, such as those that give legitimate staff backstage access. Certainly, those interested in buying these credentials may be over-zealous fans intent on meeting their musical idols. They may also be criminals who’d like the notoriety of murdering an entertainer, or terrorists seeking the ability to place bombs near building supports for maximum carnage.
Mass casualties are every venue’s worst fear. However, OSINT threat detection capabilities can also help spot and stop lesser crimes. As the COVID crisis was ebbing but mask and vaccine requirements were still in effect at large venues, OSINT was used to spot sales of counterfeit vaccination certificates. Today, OSINT helps venues spot ticket scalpers. It also helps them find people offering counterfeit tickets or merchandise or using a large event as an opportunity to sell drugs.
Other OSINT capabilities include:
Crowd monitoring
Monitoring social media can provide insights into the mood of attendees, who often post during events. This information can help security teams anticipate crowd management challenges, and adjust security and response strategies accordingly.
Background checks
OSINT can aid in conducting background checks on individuals involved in organizing or attending events.
Geospatial analysis
OSINT-powered geospatial analyses can help security experts analyze the surrounding environment, and plan accordingly. For example, it can help security experts plan patron escape routes if a serious event occurs and the venue needs to be evacuated. It can support law enforcement in mapping crime that has occurred in and around certain venues and take steps to ensure those crimes are not repeated.
Finding the right OSINT solution
A number of OSINT solutions are now on the market. How do you find the one that best suits your needs? For venue and event protection, security leaders should look for solutions that scan a huge variety of publicly available information and commercially available information; that enable smarter searches; and that provide AI-enabled semantic understanding of social media to look beyond the words used in posts to the intent of those words.
Sources scanned should include established and emerging social media sites: not just Facebook, LinkedIn, and Instagram, but platforms such as Truth Social, Kick, and Bluesky; not just mainstream message boards like Reddit, but niche, often distasteful boards such as 4Chan and 8kun. They should examine sites that host varying types of media, including video sites such as TikTok, YouTube, Vimeo, and streaming communities. Along with reputable news sources, your solution should search blogs hosted on WordPress and similar sites.
Smarter searching makes sure you find the information you need from the sources examined. Two capabilities to look for are persistent search and translation. Persistent search is a technology that keeps a search operation running regardless of whether someone is actively using it, appending newly found information to existing search terms.
All the OSINT in the world does security professionals no good if they can’t understand the language in which it is written. Therefore, your OSINT solution must be capable of finding information published in a broad variety of languages, then translating it into your language of choice.
As mentioned above, threats aren’t always easy to spot. Certainly, OSINT solutions maintain lists of threat words to search. (Words such as “annihilate,” “bloodbath,” and “bleed out” tend not to appear in everyday Facebook updates.) But similar words and phrases can indicate very different intents. That’s why semantic understanding is so important. A comic posting, “I tore up The Club last night. Shout out to the audience for making it happen! ? ? ?” is different from a disturbed individual posting “I’m going to shoot up The Club tonight. I can’t wait to hear the audience shout out?.”
Semantic understanding can also help organizations understand new representations of words. It can search for emojis meant to evoke violence: skulls, bombs, swords, and others. It can detect codes and symbols used to denote drug sales: “Aunt Hazel” is heroin, a snowflake emoji can represent cocaine. Finally, it can help detect coded hate speech — a significant benefit to venues hosting events geared toward populations that are often subjected to bigotry.
How Babel Street can help
Babel Street Insights is an AI-powered OSINT solution that provides persistent searches of thousands of sources of publicly available information and commercially available information. To provide security professionals and law enforcement with the insight needed to secure venues and events, our technology scours data sources published in more than 200 languages and translates results into the user’s language of choice. Information sources include more than a billion top-level domains; commercially available sources; and real-world interactions generated on chats, social media posts, online comments, and message boards.
Insights further enhances security through searches of the dark web — or web sites that are inaccessible by standard search engines. Because the nature of the tools used to access the dark web ensure anonymity, it is a hotbed of illegal activity. Dark web search capabilities enable investigators to scan posts and other information they wouldn’t otherwise be able to see.
Situational awareness is a vital component of any holistic security program. Babel Street can help security professionals better analyze PAI, CAI, and dark web data for insights into the type of information that indicates potential criminal activity aimed at a venue or event. In doing so, they can better secure venues, and protect event patrons.
Endnotes
1. Wikipedia, “Boston Marathon bombing,” accessed April 2024, https://en.wikipedia.org/wiki/Boston_Marathon_bombing#:~:text=During%20questioning%2C%20Dzhokhar%20said%20that,was%20following%20his%20brother's%20lead.
2. Babel Street webinar, “From Physical to Digital Security: Take a Holistic Approach to Securing Your Venue,” accessed April 2024, https://www.babelstreet.com/landing/how-to-protect-your-event-before-it-starts
3. Wikipedia, “Manchester Arena bombing,” accessed April 2024, https://en.wikipedia.org/wiki/Manchester_Arena_bombing
4. UK Parliament, “Terrorism (Protection of Premises) Bill: Public Consultation. Volume 745: debated on Monday 5 February 2024,” February 2024, https://hansard.parliament.uk/Commons/2024-02-05/debates/2402056000010/Terrorism(ProtectionOfPremises)BillPublicConsultation#:~:text=Through%20the%20Bill%2C%20those%20responsible,the%20Bill%20in%20December%202022.
5. Mongan, Kelly, “Martyn’s Law: Using Babel Street Insights for Threat Awareness and Preparedness,” Babel Street, accessed April 2024, https://www.babelstreet.com/blog/martyns-law-using-babel-street-insights-for-threat-awareness-and-preparedness
6. Babel Street webinar, “From Physical to Digital Security: Take a Holistic Approach to Securing Your Venue,” accessed April 2024, https://www.babelstreet.com/landing/how-to-protect-your-event-before-it-starts
7. Ibid
8. Peterson, J., Densley, J., Spaulding, J., & Higgins, S., “How Mass Public Shooters Use Social Media: Exploring Themes and Future Direction,” Social Media + Society, accessed April 2024, https://doi.org/10.1177/20563051231155101
9. Suciu, Peter, “Social Media Increasingly Linked to Mass Shootings,” Forbes.com, May 2022, https://www.forbes.com/sites/petersuciu/2022/05/25/social-media-increasingly-linked-with-mass-shootings/?sh=45b045aa3c73
10. Lee, Morgan and Weber, Paul J., “The Texas Shooter in a Racist Walmart Attack is Going to Prison: Here’s What You Need to Know About the Case,” Associated Press, July 2023, https://apnews.com/article/el-paso-walmart-texas-crusius-bf7d25f3567959ee8b121deabcf1d9a1
11. Peterson, J., Densley, J., Spaulding, J., & Higgins, S., “How Mass Public Shooters Use Social Media: Exploring Themes and Future Direction,” Social Media + Society, accessed April 2024, https://doi.org/10.1177/20563051231155101
Disclaimer:
All names, companies, and incidents portrayed in this document are fictitious. No identification with actual persons (living or deceased), places, companies, and products are intended or should be inferred.
