Lockerbie 30 Years On: Libya, laptops, and luggage

Lockerbie 30 Years On: Libya, laptops, and luggage

2018 marks the 30th anniversary of the bombing of Pan Am flight 103 over Lockerbie, Scotland, which killed 270 people. The tragedy remains the deadliest terror attack in the United Kingdom’s history and had a profound impact on aviation security around the world. Max Leitschuh examines the ways that three key components of the attack have changed, or not changed, in the 30 years since that fateful night in Lockerbie.

On 21 December 1988, an improvised explosive device (IED) disguised in a portable radio exploded in the forward luggage hold of a Boeing 747 operating Pan Am flight 103. The subsequent crash killed all 259 people aboard the aircraft and a further 11 on the ground in Lockerbie, Scotland. A Scottish court eventually found Libyan intelligence agent and Libyan Arab Airlines’ head of security, Abdelbaset al-Megrahi, guilty of carrying out the bombing, allegedly on the orders of Libyan leader Muammar Qadaffi.

30 years later, Megrahi and Qadaffi are dead, and both Pan Am and Qadaffi’s regime are consigned to the history books. Yet the issues of terrorism emanating from Libya, IEDs disguised in electronic devices, and malicious actors with insider access, remain at the forefront of aviation security concerns. These three issues provide enlightening case studies of how threats to commercial aviation can change over time, with some threats being replaced, others evolving, and others being as hard to tackle today as they were 30 years ago.

“…Qadaffi’s Libyan regime was the international poster child for a state-sponsor of terrorism…”

Libya: Old Threat Replaced by New Threat

The recent history of Libya is a case study of how non-state actors have replaced state-sponsored groups as the main players in international terrorism. The United States and United Kingdom governments held Libyan leader Muammar Qadaffi responsible for the bombing of Pan Am Flight 103 and the United Nations placed heavy sanctions on his government for its state support of terrorism. Yet the fall of Qadaffi’s regime in 2011 did not bring an end to the threat of terrorism emanating from Libya, as terrorist groups seized on the power vacuum that followed Qadaffi’s ousting to establish operations in Libya. Indeed, the threat of Libyan-borne terrorism is likely greater now than it was in the final years of Qadaffi’s regime.

Muammar Qadaffi (Credit: US Navy)
Muammar Qadaffi (Credit: US Navy)

30 years ago, Muammar Qadaffi’s Libyan regime was the international poster child for a state-sponsor of terrorism. Qadaffi’s government provided large amounts of funding for militant and terrorist groups through the 1970s and was one of the first four countries that the US officially designated as a state sponsor of terrorism. In the 1980s, the Qadaffi regime turned to direct participation in terrorism. According to US and European courts, Libyan agents carried out several attacks in the late 1980s, including a bomb attack targeting US soldiers in Berlin in 1986, the bombing of UTA flight 772 over Niger in 1989, and the bombing of Pan Am flight 103. US and European countries, and eventually the UN, responded to Qadaffi’s state support of terrorism by placing heavy sanctions on Libya until Qadaffi allowed the two alleged perpetrators of the Pan Am flight 103 bombing to be extradited to face trial.

Both Qadaffi and his regime came to abrupt ends in 2011, but Libya has since become an example of how unstable or failed states can become havens for terrorist groups. The fall of the Qadaffi regime created a power vacuum in Libya and allowed both international and domestic terrorist groups to establish a presence in the country. These groups mostly staged attacks inside Libya or in neighbouring Tunisia, but their activities have reached Europe as well; the perpetrator of the Manchester Arena bombing in 2017 had fought with militant groups in Libya and had allegedly received training from the Islamic State (IS) terrorist group in Libya shortly before he carried out the attack. One of the perpetrators of the November 2015 attacks in Paris had also collaborated with IS terrorists in Libya. While terrorist groups have largely been driven out of the Libyan cities they controlled, there is an ongoing threat from foreign fighters who have returned to their home countries after fighting and training with terrorist groups in Libya.

The case of Libya demonstrates how removing an established leader can be counterproductive from a terrorism perspective, even if that leader has previously engaged in terrorism. By the mid-2000s, US and European leaders had found ways to neutralise the threat of terrorism from Libya. While Qadaffi’s public behaviour and rhetoric remained erratic throughout his final decade in power, his underlying interests and motives (not to mention his substantial ego) remained known quantities that foreign powers could deal with and manipulate. Purely from the perspective of international security, Qadaffi was, at worst, a contained threat. Qadaffi’s fall replaced the contained threat with a new, less predictable threat that could only be destroyed through force.

Laptops: The Evolving Threat

30 years after Pan Am flight 103 was downed by an IED hidden in a portable radio, terrorists are still in an arms race with security services over IEDs disguised in large electronic devices. Today’s security screening procedures and equipment would almost certainly detect the device that brought down flight 103, but the 2017 electronic device security scare that led to the US and UK’s so-called ‘laptop ban’ demonstrated that terrorist groups have developed far more sophisticated methods for concealing IEDs in large electronic devices.

Pan Am 103
Pan Am 103

“…the suitcase that carried the IED that downed flight 103 was screened by a conventional X-ray machine at both Frankfurt and London Heathrow; the X-ray machines at both airports failed to detect the device…”

Security services have greatly enhanced their ability to detect IEDs in checked luggage since the 1980s, including IEDs hidden in electronic devices. The suitcase that carried the IED that downed flight 103 was screened by a conventional X-ray machine at both Frankfurt and London Heathrow; the X-ray machines at both airports failed to detect the device. There is no evidence that the suitcase was ever subjected to explosives detection screening. Three years earlier, however, the suitcase containing the electronic device-borne IED that downed Air India flight 182 was almost certainly screened with an explosives detection device; the device in use at the time did not detect the IED, although this may have been due to operator error. The CT scanners now used to screen checked luggage, together with modern explosives detection devices, would almost certainly detect the devices used to down both flights, absent operator error.

As security services have enhanced their ability to detect IEDs, terrorist groups have developed new methods for concealing IEDs, especially within large electronic devices, and for getting such devices past airport security checks. According to media reports, the devices that triggered the 2017 ‘laptop ban’ were disguised as batteries in large electronic devices and may have been capable of getting past the security screening methods in place for carry-on luggage at the time. Some unconfirmed media reports suggested that the devices were sophisticated enough to allow the person carrying the device to briefly turn the device on to convince a security officer that the device was genuine. The use of such devices was also part of a recent terrorist trend to try and smuggle IEDs on board aircraft in carry-on luggage instead of checked luggage. In addition to the ‘laptop ban’ threat, the failed plot to bomb an Etihad Airways flight departing from Melbourne in July 2017 and the attack on a Daallo Airlines flight from Mogadishu, Somalia in February 2016 also relied upon IEDs disguised in large electronic devices and placed in carry-on luggage.

Electronic devices are likely to remain a key feature of the perpetual arms race between terrorists and airport security officials for the foreseeable future. Large electronic devices offer several advantages as a vehicle for an IED. The batteries on such devices are large and dense, so creating an IED that is large enough to down an airliner and looks like a battery on an X-ray image is likely within the capabilities of some terrorist groups. The internal complexity of electronic devices helps to hide certain features of an IED such as a detonator or timing device. Large electronic devices are also very common in carry-on luggage, so an attacker bringing such a device through a security checkpoint will not attract extra attention.

On a larger scale, the evolution of IEDs hidden in large electronic devices demonstrates the importance of foresight and progress in aviation security. Simply finding ways to defeat prior attacks is not enough. A screening regime solely designed to prevent a repeat of the methods used to down Pan Am flight 103 would have almost certainly been defeated by the rumoured devices that triggered the ‘laptop ban.’ The aviation security community must use a combination of ingenuity, intelligence, and foresight to find and eliminate vulnerabilities in aviation security measures before terrorist groups find them.

Luggage: The Threat That Won’t Go Away

The plot to bomb Pan Am flight 103 allegedly relied upon a malicious actor with insider access to passengers’ luggage at an airport, a vulnerability that continues to vex aviation security officials 30 years later. Recent terrorist attacks and criminal activity demonstrate that officials have still not resolved this vulnerability, and there are no signs that such a resolution is imminent.

The exact method that the Libyan attackers used to get the suitcase containing their IED into the luggage system has never been officially determined, but most theories accept that an attacker used insider access to passengers’ luggage at an airport to do so. British prosecutors alleged that Lamin Khalifah Fhimah, Libyan Arab Airlines’ station manager at Malta’s Luqa Airport used his insider access at the airport to carry the suitcase containing the IED past security and customs checks at the airport, and to obtain the luggage tags used to interline the bag onto Pan Am flight 103. The Scottish court found Fhimah not guilty due to a lack of evidence, but the verdict did not disprove the theory that an insider aided the attack. Indeed, the defendants’ lawyers also raised the possibility that an airport employee with access to checked luggage planted the device, but suggested that the insider was at London Heathrow, not Malta. The court accepted that a malicious insider could have planted the device at Heathrow’s luggage facility given the security measures in place at the time, but ultimately discounted the theory for other reasons.

Lamen Khalifa Fhimah (Credit: FBI)
Lamen Khalifa Fhimah (Credit: FBI)

“…British prosecutors alleged that Lamin Khalifah Fhimah, Libyan Arab Airlines’ station manager at Malta’s Luqa Airport used his insider access at the airport to carry the suitcase containing the IED past security and customs checks at the airport…”

30 years later, the malicious insider remains a key vulnerability in the aviation security network. As Rodrigo Magno discussed in the June/July issue of ASI, criminal groups in multiple countries use compromised airport employees with access to passengers’ luggage to carry out their smuggling and theft activities at airports. Such groups have demonstrated the capability to use airport insiders to get illicit items to the airside undetected and, in some cases, onboard aircraft. Terrorists have also demonstrated this capability, including in the IED attack on Daallo Airlines flight 159 shortly after it took off from Mogadishu, Somalia in February 2016. Security camera footage showed individuals dressed in airport uniforms carrying a bag containing the IED past a security checkpoint and handing it to the attacker. 10 airport employees were later found guilty of aiding the attack, which fortunately did not destroy the aircraft and only killed the attacker. An insider is strongly suspected to have aided in the October 2015 attack on Metrojet flight 9268 over the Sinai Peninsula in Egypt; various sources have focused blame on an aircraft mechanic or a baggage handler working at Sharm El Sheikh International Airport, although Egyptian officials have not announced any arrests in the case.

Malicious groups’ continued successful use of individuals with insider access to luggage demonstrates that the aviation security community’s attempts to address the issue have not yet been completely successful. There has been progress in the past 30 years; stronger restrictions on airside access mean that the specific methods that both the British prosecutors and the defendants’ lawyers suggested were used to plant the Pan Am flight 103 IED would likely not be effective today. Background checks are also a positive development, but criminals’ continued infiltration of airports through compromised insiders demonstrates that such checks are not always effective. Background checks are also largely ineffective at detecting insiders who suddenly snap with little visible warning, such as the airport employee who stole and crashed a Horizon Air aircraft near Seattle in August 2018, or at detecting insiders who become compromised after they are hired. Behaviour detection training can be effective in some cases, but can also create a sense of suspicion and paranoia that may make some individuals more likely to carry out malicious acts.

The most effective solution for preventing malicious groups from using airport and airline insiders to carry out their activities is also the most disruptive – full security screening for every person and item entering the airside. Several major airports, including Atlanta’s Hartsfield-Jackson International Airport, have implemented mandatory security screening for all employees, but others have balked at the cost, complexity, and disruption of such a programme. While Atlanta’s programme is to be lauded, such screening will not be fully effective until it is in place at all airports around the world, as most malicious groups are adaptable enough to route their activities through airports that do not have such screening. Until the day comes when such screening is universal, at least some of the gaps that the Pan Am flight 103 attackers exploited will remain.


Max Leitschuh is a senior transportation intelligence analyst at WorldAware, a worldwide integrated risk management and intelligence firm. He is based in St. Paul, Minnesota and can be contacted at: leitschuhm@worldaware.com.