Full Report
The New York Police Department's “mosque-raking” program targeted Muslim communities across NYC. Now, as the city's first Muslim mayor takes office, one man is fighting—again—to fully expose it.
Analysis Summary
# Incident Report: NYPD "Mosque-Raking" Surveillance Program Exposure Efforts
## Executive Summary
The New York City Police Department (NYPD) conducted an expansive, targeted surveillance program, dubbed "mosque-raking," against Muslim and Arab communities, including infiltration of organizations like the Rutgers Muslim Student Association, primarily after the September 11, 2001 attacks. Although the program's "demographics unit" was disbanded following negative publicity and a 2018 settlement, lack of full disclosure continues to spur legal action, most recently a new FOIL lawsuit filed in December 2025 by a targeted individual seeking specific intelligence reports from the 2006-2008 period. The program's efficacy is officially noted as having failed to produce any terrorism leads.
## Incident Details
- Discovery Date: Leaked documentation published by Associated Press in 2011.
- Incident Date: Primary surveillance activity occurred between 2006 and 2008 (the focus of the new FOIL request), though the program started post-9/11.
- Affected Organization: New York City Police Department (NYPD) Intelligence Division / Demographics Unit.
- Sector: Government/Law Enforcement (Domestic Security).
- Geography: New York City and surrounding states in the United States.
## Timeline of Events
### Initial Access
- Date/Time: Ongoing activity starting post-9/11, specifically targeting 2006-2008 for the current legal request.
- Vector: Human Intelligence (HUMINT) collection via infiltration.
- Details: Undercover officers and informants were placed within mosques, cafés utilized by the communities, soccer leagues, and student associations (e.g., Rutgers MSA).
### Lateral Movement
- Details: The Intelligence Division acted with the posture and methodology of a national security directorate, mapping out various ethnic enclaves of Muslim and Middle Eastern communities across NYC and surrounding areas.
### Data Exfiltration/Impact
- Details: Collection of intelligence reports, weekly intelligence summaries, and profiles on specific organizations and mosques were generated, although the program yielded zero leads on potential terrorism plots by the NYPD's own admission ($\text{no data exfiltration}$ mentioned, but extensive data collection/storage occurred).
### Detection & Response
- Date/Time: Significant public exposure occurred around 2011 (AP Investigation). A 2018 civil rights suit was settled.
- Vector: Media investigations (AP) and subsequent civil litigation/public scrutiny.
- Details:
- NYPD Demographics Unit was disbanded following negative publicity and a civil rights suit settlement in 2018.
- Current response involves ongoing legal challenges ($\text{FOIL requests}$) by impacted individuals attempting to force disclosure of underlying documents. The NYPD previously used a "Glomar" response to deny confirmation or denial of record existence.
## Attack Methodology
This incident refers to a state-sponsored surveillance program, not a typical adversarial cyberattack. Methodology is adapted for organizational espionage:
- Initial Access: Human Infiltration (Undercover officers/Informants placed in target organizations).
- Persistence: Continued presence of informants within community organizations for years.
- Privilege Escalation: N/A (Internal departmental authority used for surveillance).
- Defense Evasion: Use of clandestine methods (undercover status, informants) to operate without community awareness.
- Credential Access: N/A (Focus was on observation and relationship building, not account compromise).
- Discovery: Proactive mapping and monitoring of entire demographic/religious enclaves.
- Lateral Movement: Expanding surveillance across religious institutions, social venues, and university groups across multiple states.
- Collection: Gathering intelligence summaries, organizational profiles, and reports on specific religious sites.
- Exfiltration: N/A (Internal data centralization within the NYPD Intelligence Division).
- Impact: Extensive surveillance, chilling effect on First Amendment rights, and creation of large sets of personal/religious data focused solely on religious identity.
## Impact Assessment
- Financial: Costs associated with the years-long program operation and subsequent legal settlements (one settled in 2018).
- Data Breach: Extensive records collected on individuals' activities within Muslim/Arab communities from 2006-2008 (weekly summaries, organizational profiles). Not a traditional unauthorized data breach, but an authorized, targeted collection.
- Operational: Failure to meet stated counter-terrorism objectives (i.e., generated zero terrorist leads). Significant internal and external reputational damage to the NYPD.
- Reputational: Infamous reputation regarding the surveillance methods; ongoing public scrutiny and legal challenges, exacerbated by the appointment of a former Intelligence Division member (Jessica Tisch) as the new Police Commissioner.
## Indicators of Compromise
As this involves physical/human intelligence gathering, traditional digital IoCs are largely inapplicable.
- Network indicators: N/A (Unless communication methods used by informants were cataloged).
- File indicators: N/A (Specific Intelligence Reports detailing community activities, $\text{e.g., "Weekly Intelligence Summaries"}$ from that period).
- Behavioral indicators: Documented pattern of surveillance targeting specific religious centers ($\text{"mosques"}$) and student associations based solely on religious affiliation.
## Response Actions
- Containment measures: The NYPD demographics unit was formally disbanded following public outcry and the 2018 settlement.
- Eradication steps: Removal of internal structures known for this type of mass surveillance.
- Recovery actions: Individuals like Samir Hashmi continue recovery efforts through litigation aimed at transparency and full disclosure of the historical surveillance activities.
## Lessons Learned
- Targeted surveillance programs based on religion or ethnicity are highly ineffective at preventing terrorism (NYPD generated zero leads).
- Lack of post-program transparency (e.g., continued use of "Glomar" responses) fuels distrust and necessitates repeated litigation efforts.
- Political context heavily influences the pursuit of historical accountability (new Mayor Mamdani's inauguration and the appointment of Commissioner Tisch are direct catalysts for the new lawsuit).
## Recommendations
- Establish comprehensive, legally mandated external oversight for all large-scale domestic intelligence-gathering operations to prevent the formation of "demographics units."
- Implement automatic declassification or public review procedures for intelligence files pertaining to large-scale, constitutionally questionable surveillance activities after a defined period (e.g., 15 years), unless specific national security mechanisms dictate otherwise.
- Ensure all future law enforcement leadership possesses demonstrable commitment to civil liberties, especially when inheriting operations from controversial prior units.