On 21 April, suicide bombers attacked luxury hotels and churches in three locations in Sri Lanka, namely Colombo, Negombo and Batticaloa, killing more than 250 people and injuring 500. Members of National Thowheeth Jama’ath (NTJ), a local Islamist group, pledged allegiance to Islamic State (IS) leader Abu Bakr al-Baghdadi in a propaganda video before carrying out the suicide bombings. Another local Islamist group, Jammiyathul Millathu Ibrahim (JMI), was also purportedly involved. Two days after the attack, IS took credit for orchestrating the bombings. IS had not previously perpetrated a terrorist attack in Sri Lanka.

Prior to this, on 18 April, IS claimed responsibility for killing two Congolese soldiers and a civilian in a firefight near the town of Beni, North Kivu Province in the Democratic Republic of Congo (DRC). Through its Amaq propaganda agency IS declared the DRC the “Central African Province” of the caliphate following the attack. IS’s responsibility has not been independently verified, but it would mark the group’s first attack in the DRC as well

Islamic State Dead but not Buried

Despite the claim of responsibility, IS’s links to the Beni attack are tenuous. There are more than a dozen active armed groups in the area of the DRC where the attack took place, and at least initially, IS claimed to have inflicted higher casualties than were actually reported. In Sri Lanka, even locally neither the NTJ nor the JMI are well-known organisations. While authorities have linked the groups to the attacks, neither group has itself indicated it participated in the bombings. IS’s belated claim of responsibility suggests the group may not have been in direct operational command of the attacks, nor aware the attacks would take place when they did. 

For terrorist attacks, the burden of proof typically lies with national authorities rather than the group claiming responsibility. Whoever speaks first takes control of the story and claims a victory of sorts. Even if a group has little or nothing to do with an attack, claiming responsibility can act as a demonstration of strength or influence, and in this way activate new supporters or participants to their cause. In 2017, for example, IS spuriously claimed to have directed the shooting attack in Las Vegas in which 59 people were killed. In claiming the DRC and Sri Lanka attacks in its name, IS demonstrated that despite losing its caliphate in the Levant, it still has active and independently functioning groups and supporters overseas. 

Shortly after the Sri Lanka bombings, and for the first time in five years, IS released a video of its leader Abu Bakr al- Baghdadi on 29 April. Al-Baghdadi praised the perpetrators of the Sri Lanka attack in an audio portion of the video, saying the bombings were revenge for the fall of IS’s last strongholds in Syria. Releasing the video was a calculated risk: it gives intelligence agencies new information to work with in tracking down al-Baghdadi, who has a USD 25 million bounty on his head. At the same time, it also sends out a strong message to (would-be) IS supporters: the group, its global community and its leader are still active.

Sri Lanka Authorities Pre-Warned

The complexity, scale and execution of the Sri Lanka bombings suggested a degree of sophistication that excludes the NTJ and JMI from having masterminded the attack. While IS was slow in claiming the attack, there is mounting evidence that it had at least some role in the bombings, and that there are verifiable connections between the attackers and IS. For example, some of the attackers are believed to have trained with IS. 

Shortly after the bombings, it became clear that the Sri Lankan authorities had intelligence indicating that a terror attack was being planned. But despite receiving information on an imminent attack from foreign intelligence services, Sri Lankan authorities failed to implement security countermeasures, reportedly due to internal political tensions between the presidency and the prime minister’s office. 

The sheer scale of the attack can be interpreted as a mark of strength for the IS: surely it must be a formidable organisation given that it can successfully execute such a complex attack? But, whatever the reasons behind it, the Sri Lankan authorities’ lack of preparation for an attack it had strong indications was going to happen extends undue credit to IS. The attack was devastating not because IS’s capabilities have expanded, but because Sri Lankan authorities failed to prevent it.

The territorial manifestation of IS’s caliphate has ceased to exist, but these recent attacks demonstrate that the IS global community remains in place. The attack in Sri Lanka may have been prevented by a better response from security forces, but the IS has nonetheless demonstrated that the members of its global community retain the intent to pursue its extremist Islamist agenda. The decline of the caliphate is likely to result in less predictability in IS actions, as groups within IS global community mobilise to demonstrate their continued relevance.