Introduction
On 15 April 2013, two pressure cooker bombs exploded near the finish line of the Boston Marathon, killing three people and injuring more than two hundred others (Unclassified Summary, 2014, p. 1). The bombings were a pivotal event that tested the capabilities of federal, state, and local authorities in responding to terrorist attacks. Open-source intelligence (OSINT) and crowd-sourced information played significant roles in the aftermath, revealing strengths and weaknesses in crisis communication and intelligence gathering.
While the After Action Report for the Response to the 2013 Boston Marathon Bombings primarily focused on the failures associated with OSINT and public communication, it is crucial to recognize the positives and lessons learned from the incident (Boston Project Management Team, 2014, p. 7). This paper argues that while open-source and crowd-sourced OSINT presented significant opportunities for intelligence gathering and public communication during the Boston Marathon bombings, the incident highlighted critical challenges and ethical considerations that must be addressed to improve future responses. The analysis explores whether the bombings were avoidable, examines failures in intelligence processes, evaluates the adequacy of security measures, and assesses the effectiveness of law enforcement agencies’ response. The focus is on the role of open-source and crowd-sourced OSINT, aiming to provide insights for improving intelligence sharing and crisis response in future events.
Were the Bombings Avoidable?
The 2013 Boston Marathon bombings raised critical questions about whether the attacks could have been prevented through more effective intelligence practices and interagency collaboration. In 2011, the FBI received a letter from the Russian Federal Security Service (FSB) expressing concern about Tamerlan Tsarnaev’s potential radicalization and intentions to join extremist groups (Majority Staff of the Committee on Homeland Security, 2014, p. 11). The letter contained detailed biographic information, including Tsarnaev’s physical addresses, online social media profiles, and his history as a boxer. It also noted that Tsarnaev had previously hoped to travel to the Palestinian territories to wage jihad but decided not to go because he did not speak Arabic (Majority Staff of the Committee on Homeland Security, 2014, p. 11).
Despite this detailed information, the FBI’s assessment concluded that Tsarnaev did not pose a threat, and the case was closed without thorough follow-up. Critically, the FBI did not share this information with local authorities or other federal agencies (Unclassified Summary, 2014, p. 2; Boston Project Management Team, 2014, p. 16). The Unclassified Summary of Information Handling and Sharing notes, “Tsarnaev’s travel to Russia did not prompt additional investigative steps to determine whether he posed a threat to national security” (Unclassified Summary, 2014, p. 2). Moreover, the Department of Homeland Security (DHS) did not alert Tsarnaev, which could have prompted further scrutiny upon his return from Russia (Majority Staff of the Committee on Homeland Security, 2014, p. 27).
The lack of interagency communication and collaboration significantly contributed to missed opportunities to prevent the bombings. The FBI did not share critical intelligence with the Boston Police Department (BPD) or the Massachusetts State Police (MSP), which are integral partners in the Joint Terrorism Task Force (JTTF) (Majority Staff of the Committee on Homeland Security, 2014, p. 29). As a result, local authorities were unaware of Tsarnaev’s potential threat and could not monitor his activities effectively. The Boston Project Management Team (2014) observed that “the review process did not include an assessment of activities related to the investigation of crimes associated with these events, nor did it include intelligence sharing activities before, during, or after the events” (p. 16).
Furthermore, the FBI did not reopen the investigation after Tsarnaev returned from Russia, despite his increased online activity involving extremist content. A YouTube account under his name showed that he viewed multiple Russian-language videos on Islam and compiled playlists of jihadi videos (Majority Staff of the Committee on Homeland Security, 2014, p. 15). This online activity could have been a red flag if shared and analyzed collaboratively across agencies.
Failures in Intelligence
The attack exemplified failures across the intelligence cycle—collection, analysis, and dissemination. The FBI’s initial investigation did not uncover significant derogatory information, leading to the closure of the assessment (Majority Staff of the Committee on Homeland Security, 2014, p. 31). However, Tsarnaev’s online activities were not thoroughly examined. A YouTube account under his name “showed that he viewed multiple Russian-language videos on Islam and even compiled playlists of jihadi videos” (Majority Staff of the Committee on Homeland Security, 2014, p. 15). This account was created shortly after his return from Russia, “possibly indicating some degree of radicalization had taken place while he was in Russia” (Majority Staff of the Committee on Homeland Security, 2014, p. 15). One of the videos, titled “The Emergence of Prophecy: The Black Flags of Khorasan,” detailed a jihadi prophecy about a holy army rising from a region associated with Afghanistan (Majority Staff of the Committee on Homeland Security, 2014, p. 15).
The analysis of available information failed to connect Tsarnaev’s radicalization indicators, such as his six-month trip to Russia and disruptive behavior at his mosque upon return (Majority Staff of the Committee on Homeland Security, 2014, p. 31). Moreover, the FBI did not share critical information with local law enforcement agencies. The Boston Project Management Team (2014) noted that “the review process did not include an assessment of activities related to the investigation of crimes associated with these events, nor did it include intelligence sharing activities before, during, or after the events” (p. 16). This inadequate dissemination of intelligence limited local authorities’ ability to monitor Tsarnaev’s activities and potentially prevent the attack.
The root causes of these intelligence failures can be attributed to systemic issues within interagency communication and protocols. There was an apparent lack of standardized procedures for information sharing between federal and local agencies. Jurisdictional boundaries and concerns over protecting sources and methods may have contributed to the reluctance to share information (Majority Staff of the Committee on Homeland Security, 2014, p. 30). Additionally, the intelligence community’s databases and information systems were not adequately integrated, leading to siloed information inaccessible to all relevant parties.
The Dangers of Crowdsourcing Intelligence
However, the events also highlighted significant dangers associated with crowd-sourced intelligence—the uncoordinated and unverified dissemination of information led to misinformation and harm to innocent individuals.
One of the most prominent issues was the misidentification of suspects by online communities and media outlets. Sunil Tripathi, a missing Brown University student, was wrongly accused on social media platforms of being one of the bombers (Gayomali, 2015, p. 1). The confusion escalated when the hacker group Anonymous tweeted: “Police on scanner identify the names of #BostonMarathon suspects in a gunfight, Suspect 1: Mike Mulugeta. Suspect 2: Sunil Tripathi” (@YourAnonNews, 2013). This tweet was retweeted nearly 3,200 times, spreading false information rapidly (Gayomali, 2015, p. 1). This false accusation not only diverted law enforcement resources but also caused distress to Tripathi’s family.
The New York Post further contributed to misinformation by publishing a front-page photo misidentifying two innocent individuals as “Bag Men” suspected in the bombings (The New York Post, 2013, p. 1). Reddit users also engaged in amateur sleuthing, leading to false identifications and causing harm. As one Reddit user acknowledged, “A lot of the media is saying that Reddit’s amateur vigilante efforts were more damaging than helpful” (therimgreaper, 2013).
The lack of a Joint Information Center (JIC) exacerbated these problems. The Boston Project Management Team (2014) observed, “Messages provided through various organizations’ social media platforms were at times erroneous and in contrast to one another” (p. 7). Without a centralized source for information verification, conflicting messages spread rapidly, leading to public confusion and fear. This was evident when inaccurate reports of a “dark-skinned” suspect being arrested circulated, causing unnecessary panic and racial profiling (Bindley, 2013, p. 1; Kondabolu, 2013).
What Went Right
Despite the challenges, intelligence agencies effectively utilized open-source and crowd-sourced OSINT in several ways during the Boston Marathon bombings. The Boston Police Department (BPD) demonstrated exemplary use of social media for communication and intelligence gathering.
The BPD’s Twitter account became a critical tool for disseminating accurate information and requesting public assistance. As Bindley (2013) notes, “The police department’s stream of tweets ended up being the best defense against misinformation and Bostonians’ lifeline for communication about the men terrorizing their city” (p. 1). The department’s timely updates helped counteract false reports circulating in the media.
Moreover, the BPD successfully harnessed crowd-sourced intelligence by requesting photos and videos from the public. According to Sherman (2023), “When the Boston Police Department tweeted on 15 April that it was seeking camera footage from the finish line to help find the bombers, marathon bystanders and businesses did not disappoint: In total, they sent in more than 133,000 personal photos and videos that local law enforcement and the FBI painstakingly combed through.” This massive influx of data provided crucial evidence that aided in identifying the suspects.
The collaborative efforts between law enforcement and the community exemplify the potential of crowd-sourced OSINT when properly directed and managed.
Lessons Learned
From the analysis of the Boston Marathon bombings, three critical lessons emerge:
The Necessity of a Joint Information Center (JIC)
Establishing a Joint Information Center (JIC) is vital for ensuring the accuracy and consistency of public messaging during large-scale incidents. The After Action Report recommends implementing a JIC to coordinate and validate all communications, including those disseminated via social media (Boston Project Management Team, 2014, p. 107, p.11). During the Boston Marathon bombings, the absence of a JIC allowed misinformation to spread unchecked, such as the false identification of suspects and inaccurate reports of arrests. By centralizing the validation process, a JIC would have streamlined information flow, reduced public confusion, and ensured that law enforcement agencies and media outlets disseminated reliable updates. Successful examples of JIC implementation during later crises, such as Hurricane Harvey in 2017, underscore its effectiveness in managing public communications and mitigating panic (hhpsd 2019).
Ethical Use of OSINT
The need for ethical frameworks in collecting and disseminating OSINT is critical to ensuring responsible intelligence practices. According to the Public-Private Analytic Exchange Program (2022), ethical considerations should encompass legal rights, privacy expectations, and the societal impacts of intelligence gathering (p. 9). Clear guidelines are necessary to prevent harm caused by misinformation or misuse, as demonstrated by the misidentification of suspects during the Boston Marathon bombings. For instance, the false association of Sunil Tripathi with the bombings not only caused emotional distress to his family but also diverted critical law enforcement resources. Establishing rigorous validation protocols and training programs can help mitigate these risks while maintaining public trust in open-source intelligence.
Community Engagement and Education
Public awareness programs are critical for fostering responsible engagement in intelligence activities and mitigating the spread of misinformation. The Majority Staff of the Committee on Homeland Security (2014) highlights the importance of educating the public on terrorist threats and their role in assisting law enforcement (p. 7). Campaigns such as DHS’s “If You See Something, Say Something” could be expanded to include specific guidelines for responsibly sharing photos or videos during crises. Public education efforts should also address the risks of misinformation and promote critical thinking skills to reduce the amplification of false narratives. Empowering the public with these tools would enhance the overall effectiveness of community collaboration in intelligence efforts. (Majority Staff of the Committee on Homeland Security, 2014, p. 36).
Conclusion
The 2013 Boston Marathon bombings serve as a case study of the dual nature of open-source and crowd-sourced intelligence. While the effective use of social media by the Boston Police Department showcased the benefits of real-time communication and public collaboration, the incident also exposed the risks of misinformation and the harm it can cause. The BPD’s strategic use of Twitter kept the public informed and solicited valuable assistance, demonstrating how law enforcement can leverage OSINT effectively (Bindley, 2013; Sherman, 2023). Conversely, the uncoordinated efforts of online communities led to false accusations and fear, underscoring the need for ethical guidelines and centralized information dissemination (Gayomali, 2015; Boston Project Management Team, 2014).
Addressing these challenges requires robust frameworks for validating information and ensuring ethical practices. Key lessons from the bombings include establishing Joint Information Centers to centralize and verify public messaging, developing clear ethical guidelines to govern open-source data, and engaging communities through targeted education programs. By building on these lessons, intelligence agencies can refine their strategies to leverage OSINT effectively while minimizing its risks, ultimately improving their capacity to respond to future crises.
References
Anonymous [@YourAnonNews]. (19 April 2013). Police on scanner identify the names of #BostonMarathon suspects in a gunfight; suspect 1: Mike Mulugeta. Suspect 2: Sunil Tripathi [Tweet]. Twitter. x.com
Bindley, K. (2013). Boston Police Twitter: How Cop Team Tweets Led City From Terror To Joy. HuffPost. Boston Police Twitter: How Cop Team Tweets Led City From Terror To Joy | HuffPost Life
Boston Police Dept. [@bostonpolice]. (2013a, April 15). Boston Police confirming explosion at marathon finish line with injuries. #tweetfromthebeat via @CherylFiandaca [Tweet]. Twitter. https://twitter.com/bostonpolice/status/323883302899564544
Boston Police Dept. [@bostonpolice]. (2013b, April 15). Boston Police looking for video of the finish line #tweetfromthebeat via @CherylFiandaca [Tweet]. Twitter. x.com
Boston Project Management Team. (2014). After Action Report for the Response to the 2013 Boston Marathon Bombings. https://www.mass.gov/doc/after-action-report-for-the-response-to-the-2013-boston-marathon-bombings/download
Gayomali, C. (2015). 4 Innocent People Wrongly Accused of Being Boston Marathon Bombing Suspects. The Week. 4 innocent people wrongly accused of being Boston Marathon bombing suspects | The Week
hhpsd. 2019. “Effective Emergency Response Begins Long Before a Storm Hits.” Hilton Head Public Service District. https://hhpsd.com/effective-emergency-response-begins-long-before-a-storm-hits
Kondabolu, H. [@harikondabolu]. (15 April 2013). I’m a brown dude in New York City & I’m nervous to walk around alone today. This is how racism works [Tweet]. Twitter. x.com
Majority Staff of the Committee on Homeland Security. (2014). The Road to Boston: Counterterrorism Challenges and Lessons from the Marathon Bombings (Declassified). https://irp.fas.org/congress/2014_rpt/boston.pdf
Public-Private Analytic Exchange Program. (2022). Ethical Frameworks in OSINT Final. https://www.dhs.gov/sites/default/files/2022-09/Ethical%20Frameworks%20in%20OSINT%20Final.pdf
Sherman, A. (2023). How the Marathon Bombings Kickstarted Crime Crowdsourcing. Boston Magazine. How the Marathon Bombings Kickstarted Crime Crowdsourcing
The New York Post. (18 April 2013). Bag Men [Newspaper front page]. https://nypost.com/2013/04/18/bag-men-feds-seek-these-two-suspects/
therimgreaper. (2013). How close were we to finding the Boston bombers? Reddit. https://www.reddit.com/r/misc/comments/1cuj7p/how_close_were_we_to_finding_the_boston_bombers/
Unclassified Summary of Information Handling and Sharing Prior to the 15 April 2013 Boston Marathon Bombings. (2014). https://oig.justice.gov/reports/2014/s1404.pdf