BY S VENKAT NARAYAN, Courtesy The Island

NEW DELHI, April 27: The three intelligence alerts India had sent to Sri Lanka before the devastating serial bombings that killed over 250 people in the island on Easter Sunday had specific details – names of attackers, locations and the plot being hatched.

In the shadowy world of intelligence-gathering, the ‘alert’ is a much-abused but vital tool that can make the difference between life and death. Every day, agencies deal with dozens of alerts, with the numbers occasionally crossing into three figures, but the toughest job is to act on them, as shown in Colombo.

The Multi-Agency Centre (MAC) within India’s Intelligence Bureau (IB), which is at the heart of intelligence dissemination, has had its share of failures and successes. It has managed to prevent lone-wolf or ISIS-scale attacks within the country. Its failures included the inability to prevent the attack in Pulwama (Jammu and Kashmir) in February this year, and the serial blasts that rocked Mumbai in 1993.

The Multi-Agency Centre, which is referred to as MAC within the system, was revamped in 2009, after the 26/11 attack, to streamline intelligence gathering and is the nodal body at the Centre for sharing intelligence inputs.

The apex body has 24 agencies – from the Research & Analysis Wing (R&AW) and Military Intelligence to the Central Bureau of Investigation (CBI) and the Enforcement Directorate (ED) – that share intelligence on a day-to-day basis.

The intelligence collected is sifted through, classified, collated and shared with law enforcers on the ground. On a typical day, the MAC generates 10-15 alerts. But when a big event takes place or in a packed election season, the number of alerts can go up to 100,000 per year.

For counter-terrorism, MAC classifies threats into five theatres: namely Jammu & Kashmir, Left Wing Extremism (LWE) or Maoism or Naxalism, the North East, Punjab and Hinterland. Its motto is: detect, disrupt, degrade and eventually destroy.

The information shared by agencies is broadly classified into four groups. Category A is considered the “most reliable and credible” and Category B is termed as credible but unable to be corroborated.

Each categorization has further sub-categorizations as well. “There are several factors that come to play during categorization of information. Suppose the source is good and his/her earlier information or sets of information have been found to be genuine and authentic, the value of information or intelligence goes up,” a top Intelligence Bureau sleuth explained.

At the top level is A1 intelligence, where the information is accurate, generated by more than one source and has identifiers that can make it actionable.

In the months prior to the Pulwama suicide bombing on February 14, MAC shared inputs with the military about a spurt in the training of terror cadres across the border on improvised explosive devices.

These inputs ranged from talking about a group of recent recruits that had undergone specialized training to information that attempts were being made locally to produce such explosives. This information was mostly marked in Category B.

However, in December, more specific information came in the ‘next to apex’ A2 level – that Jaish-e-Mohamed’s top bomb maker Abdul Rasheed Ghazi had been sent to train local recruits. While a manhunt was launched, he appears to have succeeded in the mission with the Pulwama strike by a local youth.

Information classified as Category C is unconfirmed, while Category D consists of all sundry and unverified alerts that are processed for future references. Information shared in the B, C and D categories is often used to track a trend or get a lead.

“For any information or intelligence to become actionable, there are five components which are needed. They include: name, place, person, organisation and event,” a Home Ministry official said.

After analysing the five components, the next challenge for intelligence sleuths is to obtain an identifier such as a telephone number, email ID, passport or voice sample to narrow down the search for a person or a definitive lead that can result in an arrest.

This is the most difficult part in sharing of intelligence, when at the ground level, the police is required to leverage the information and finally nab the culprit. This is mostly done at the local or state level, said another official.

Explaining how MAC compiles its alerts, an official added: “Any information/alert received by the MAC control room is immediately filed and followed up with the local authority and SIB (State Intelligence Bureau).

“The IB official handling the MAC desk will not only file his report and action taken on the piece of information but will also create a folder within the system for the person who is coming after him to follow.”

The 24-hour monitoring and recording of threats and alerts are then discussed every morning with top brass from the Ministry of Home Affairs, the National Security Advisor, IB and R&AW, among others. At the state level, there is a subsidiary MAC, which functions in a similar manner.

Although the system has been in place since 2002, it got a completely new look in 2009. MAC meetings to share intelligence are scheduled every working day, with nodal officers of the 24 member-agencies expected to attend.