On Wednesday 31 July 2019, a number of US media outlets cited unnamed sources in reporting that Hamza bin Laden (HbL) had been killed at some point within the last two years. HbL was the son of Osama bin Laden (ObL), the founder and prominent former leader of Al-Qaeda (AQ). Whilst full details are unavailable at the time of reporting, the unnamed officials suggested that the action that led to the death of HbL was carried out before the US State Department offered a USD 1 million reward for information regarding the whereabouts of HbL in February 2019. The US government is described as having played a role in the operation, though were unable to confirm HbL’s death before the reward was offered.

US government officials have not confirmed the reports publicly, and US President Donald Trump refused to comment when asked about the subject by reporters.

On 28 February 2019, the United Nations Security Council (UNSC) officially listed HbL as being associated with AQ. Such association is attributed when an individual is believed to have participated in the planning, financing or facilitation of actions carried out for or on behalf of AQ; including recruiting or otherwise supporting the organisation’s cause. The UNSC narrative cites AQ senior leader Aiman al-Zawahiri as having officially declared HbL as an official member of the group, whilst referring to a number of statements issued by HbL that called for the Saudi monarchy to be overthrown and revolution in the Arabian Peninsula. These statements were issued through AQ’s propaganda outlet (As Sahab) in 2018, though a number of messages released between 2015-2017 were attributed to HbL and called for attacks to be conducted against US, French and Israeli targets in the name of AQ.

Analyst Comment

AQ traditionally seek to capitalise on the death of prominent members in order to celebrate them as a martyr for their cause. As such, any analysis is contingent on the confirmation of reports. However, if these reports are confirmed, HbL would be the third of ObL’s sons to have been killed. It is of note that he was also the son-in-law of Abu Muhammed al-Masri, an Egyptian AQ veteran who remains wanted and at large for his role in the 1998 bombing of US embassies in Dar es Salaam, Tanzania and Nairobi, Kenya. Reports suggest that the HbL’s marriage to al-Masri’s daughter formed part of a deliberate process of grooming HbL for leadership in the wake of his father’s death in 2011.

Forced to flee Afghanistan at a young age, HbL’s last known location was Iran. Whilst media reports do not provide a location for the operation that led to his death, it is unlikely that the US would have conducted such action in Iranian territory without details having emerged sooner. Reports suggest that he may recently have been based in the vicinity of the Pakistan-Afghanistan border, though not in an operational role. The possibility that a strike targeting HbL may have been conducted inside Pakistani territory can not be ruled out.

Despite a relative lack of operational experience, HbL’s pedigree and marital links provided a gravitas to his released statements and he was widely regarded as a figure who was being groomed for a prominent leadership role in AQ. Whilst his family name provided a certain degree of credibility, his statements released through AQ propaganda channels were reportedly accepted by followers as capable and insightful. This contrasts with AQ’s current leader, al-Zawahiri, who is widely regarded as lacking charisma; prone to reciting lengthy religious sermons in lieu of inspirational or motivational addresses that might serve to recruit a younger generation of fighters to AQ’s cause.

With the rise to prominence of Islamic State (IS) in 2014, AQ has struggled with recruitment. Despite initial links between the two groups, the methods employed by IS (including the utilisation of savagery as a means of communication to allies and enemies alike) alienated many members of the AQ hierarchy, including al-Zawahiri. It is of note that HbL refrained from criticising IS in his official statements. Allied with a polished and capable propaganda process, this management of savagery enabled IS to entice thousands of foreign fighters to fight in Syria; whilst AQ’s Syrian wing, the al-Nusra Front, struggled to recruit. Lacking the charisma HbL was credited with, al-Zawahiri has often struggled to assert effective command and control over regional affiliates, prompting local commanders to conduct actions without his oversight. This growing disparity between strategic and tactical elements of AQ, combined with a series of territorial defeats suffered by IS in recent years, prompted speculation that HbL would be ideally placed to regenerate AQ and unify the global Jihad.

The increasing tempo of statements released by HbL and the USD 1 million bounty placed on his head provide weight to this speculation. His loss, if confirmed, will likely impact on AQs ability to recruit and potentially create a power vacuum within the group. It is likely that members of AQs old guard will seek to fill the role of successor to Zawahiri. Prominent amongst these is Saif al-Adel, a battle-hardened veteran who is also wanted for his involvement in the 1998 east Africa Embassy bombings. Despite a notable career with AQ dating back to the group’s founding in the 1980s, however, al-Adel is unlikely to energise the cause in the way that HbL would have been able to, given time.

Whilst AQ’s intent to carry out attacks remains extant, the group traditionally favours transnational spectacular actions, the likes of which have been conspicuous in their absence in recent years. The group’s capability has been affected by an inability to recruit from a younger generation who were drawn to the polished propaganda of IS. If confirmed, HbL’s death will serve as a symbolic and operational hinderance to capability as the higher echelons reconfigure. There remains the potential, however, for regional commanders to utilise the reports as a motivator and rallying call for action. The potential for lone wolf or franchised pack attacks inspired by the reports, though traditionally favoured by IS supporters, can also not be ruled out.

Want to take this report with you?

Subscribe to our mailing list below to unlock access to the PDF report.

Subscribe to our mailing list to unlock this content.
SI Risk Ltd collect data about individuals, usually within a business context. SI Risk Ltd treats all data which identifies an individual, or when combined with any other information which identifies an individual, as ‘Personal Data’.

As SI Risk Ltd is registered in the United Kingdom (UK), the decision has been taken to nominate the UK Information Commissioners Office (ICO) as their Lead Data Protection Supervisory Authority. As such, all practices will comply with guidance issued by the ICO.

Unless otherwise stated, SI Risk Ltd will be known as the Controller of any personal data which is provided to them by users. This means we control what happens to the data in our possession. We will treat user information with the same care and attention as SI Risk Ltd would expect their own personal data to be treated. This will include taking appropriate organisational and technical measures to protect your information while we are holding and processing it.

SI Risk Ltd collect personal data which may include (but is not limited to) name, physical address, email address, telephone number, age, IP address, organisation name, job title, dietary requirements, allergies, qualifications, interests, and other information which helps them provide their services. In some cases, this may include (but is not limited to) travel itinerary, as well as live and historical GPS tracking data.

SI Risk Ltd need to collect this personal data to provide users with Safety and Security Risk Management Services and uphold contracts agreed with entities which may include (but is not limited to) individuals, organisations, or other third parties. SI Risk Ltd will only collect personal data from users when required for the delivery of Safety and Security Risk Management Services and when there is a legal basis for doing so.

Data is processed by SI Risk Ltd and the client which is subscribing to the Safety and Security Risk Management Services provided by SI Risk Ltd. Data processing will take place in the UK, but also in the jurisdiction of the entity (which includes, but is not limited to, a partner, client, or user) which SI Risk Ltd is providing services to resides in. SI Risk Ltd will endeavour to provide details of the processing locations (where possible) at the point at which data is collected. This will not always be possible when delivering some services, such as live tracking, due to the nature of mobile data connections. Data may be processed via Asana, Dropbox, Microsoft Office 365, Lead Forensics, Google Analytics, and other similar platforms which may include the transmission of data into the United States of America (USA). Data may be shared with other entities if it is prerequisite for the delivery of Safety and Security Risk Management Services by SI Risk Ltd or for contractual agreements between which includes, but is not limited to, a partner, client, or user and the entity (which includes, but is not limited to, a partner, client, or user) to be upheld. This may include which include providing information to travel providers (e.g. airlines and hotels) and other service providers. It may not be possible to confirm these providers in advance of collecting data from the user, but SI Risk Ltd will endeavour to inform you of all data sharing that takes place.
Data processed directly by SI Risk Ltd is located on services in the UK and USA. Newsletter (and other mailing list data) is managed via third-party software (Zoho). In conjunction with this third-party software, SI Risk Ltd use analytics packages to track engagement with the information sent via email to entities which have voluntarily opted into receiving communications from SI Risk Ltd. This information may include (but is not limited to) the email address of the user and whether the user opened the communication sent from SI Risk Ltd.

Users are required to provide explicit consent that they would like to receive communications via email from SI Risk Ltd. If consent is provided by a user, we will continue to contact you for up to 10 years from the date you initially consented to receive communications from SI Risk Ltd (unless the user withdraws their consent at any time, at which point the user will cease to receive emails from SI Risk Ltd.

No other 3rd parties have access to a user’s personal data unless specifically agreed in advance of the data being collected by SI Risk Ltd, or in circumstances detailed in this Privacy Statement.

SI Risk Ltd have a Data Protection Regime in place which oversees the effective and secure processing of your personal data, which can be provided on request by contacting the Data Protection Officer.

All details provided to SI Risk Ltd will be held according to the legal and contractual requirements which SI Risk Ltd is subject to – which is detailed below.

- SI Risk’s public liability insurance requires that all the details of all events are maintained for a period of 3 years following an event or service provision provided by SI Risk Ltd.
- UK Revenue and Customs require that all payment information which is subject to VAT be kept for a period of at least 6 years following receipt of payment for services provided by SI Risk Ltd.

In accordance with this, all personal details of attendees for events and services provided by SI Risk Ltd will be retained by SI Risk Ltd for a period of 5 years following the end of our contract (unless otherwise indicated). This information may include (but is not limited to) the user’s name, physical address, email address, telephone number, age, IP address, organisation name, job title, dietary requirements, allergies, qualifications, interests, and other information which helps them provide their services. In some cases, this may include (but is not limited to) travel itinerary, as well as live and historical GPS tracking data.

In addition, billing information, which includes any personal data contained within invoices and accounting records, will be retained for a period of 6 years following the receipt of payment for services provided by SI Risk Ltd.

SI Risk Ltd endeavor to respond to all contact, including enquiries, in a timely and professional manner. Any contact which contains personal data will be retained for a period no more than 18 months from the date of receipt and response by SI Risk Ltd. This data is held by SI Risk Ltd under the legal basis of legitimate interest as it may be required to respond to future queries, both internally and externally, within this period.

No data retained by SI Risk Ltd will be used for any purpose other than that which is agreed at the time of contact between the user and SI Risk Ltd. This information will never be shared with third-parties without the user’s knowledge and will not be used to contact the user in future without the user’s express consent unless we believe it is relevant to your original enquiry.

If at any point a user believes that the information SI Risk Ltd possess is incorrect, or should the user wish to withdraw their consent, or exercise their statutory rights (which includes, but is not limited to, your right to erasure, right to access, right to rectification, and right to be informed) they can request to see this information, have it corrected, or have it deleted.

If a user wishes to raise a complaint on how SI Risk Ltd have handled their personal data, they can contact SI Risk Ltd’s Data Protection Officer, Nathan Monshin (, who will investigate the matter and take all necessary actions to address the complaint.

If the user is not fully satisfied with the response provided by SI Risk Ltd (or believe SI Risk Ltd are not processing data in accordance with the law) you can complain to the Information Commissioner’s Office (ICO) – which is the Lead Data Protection Supervisory Authority of SI Risk Ltd.

SI Risk Ltd will never request consent from, or market to, anybody under the age of 16.

SI Risk Ltd employ cookie technology to help log visitors to their website and facilitate the full and proper functionality of web services (such as but not limited to, logging in to secure areas and processing registrations). Cookies are pieces of data that are often created when someone visits a website, and which are stored in the cookie directory of a computer. Numerous cookies may be created when you visit a website controlled by SI Risk Ltd.

Up-to-date browsers give users the option to accept or decline cookies. This is a global setting that applies to every website a user visits. If a user does switch off cookies at a browser level, their device won't be able to accept cookies from any website. This means the user will struggle to access the secure area of any website they use and won't enjoy the best browsing experience when you are online. AboutCookies ( contains comprehensive information on how to disable cookies on a wide variety of browsers, details how to delete cookies from your computer as well, and more general information about them.

Cookies may be persistent, or session based. Persistent cookies are stored by a web browser and remain valid until the defined expiry date (unless deleted by the user before the expiry date). A session cookie will expire when a user ends their session (which occurs when the web browser is closed).

The type of cookies used on most websites, including those controlled by SI Risk Ltd, can be categorised in four ways (Strictly Necessary, Performance, Functionality and Targeting) according to the International Chamber of Commerce guide to cookie categories.

These cookies are essential, as they enable users to move around the website and use its features (such as accessing secure areas). Without these cookies, services you've asked for can't be provided. These cookies don’t gather information about you that is used for marketing or remembering where you've been on the internet.

These cookies collect information about how users use a website, including which pages you go to most often and if you get error messages from certain pages. These cookies don’t gather any information that identifies the user. All information these cookies collect is anonymous and is only used to improve how a website works. These cookies are not used to target users with online marketing. Without these cookies, SI Risk Ltd can’t learn how their website is performing and make relevant improvements that could better the user’s browsing experience.

These cookies allow a website to remember choices a user makes (such as user name, language, or the region you're in) and tailor the website to provide enhanced features and content for the user. For instance, a website may be able to provide a user with local weather reports or traffic news. These cookies can also be used to remember changes a user has made to text size, font, and other parts of pages that you can customise. They may also be used to provide services a user has asked for, such as watching a video or commenting on a blog. The information these cookies collect may be anonymous and they cannot track a user’s browsing activity on other websites. Without these cookies, a website cannot remember choices previously made by the user or personalise the user’s browsing experience.

These cookies are used to tailor marketing to a user and their interests. They are also used to limit the number of times a user sees an advertisement and help measure the effectiveness of advertising campaigns. They remember that a user has visited a website and this information may be shared with other organisations (such as advertisers). Although these cookies can track a user’s visits to other websites, they don’t usually know who a user is. Without these cookies, online advertisements encountered by a user will be less relevant to them and their interests.

When a user visits an SI Risk Ltd website, SI Risk Ltd collect web statistics concerning their visit which are stored in a log file. Log files allow SI Risk Ltd to record visitors’ use of the website, monitor site performance, and address any errors. The web teams use analytics to record visitors’ use of the site and use this information to make changes to the layout of the website and to the information provided on the website. Log files do not contain any personal information and they are not used to identify any individual patterns of use on the website.

This statement only covers websites and data maintained by SI Risk Ltd and does not cover other data or websites linked to, or associated with, SI Risk Ltd websites.

SI Risk Ltd may change its Privacy Statement to align with legislation and industry standards. They will not explicitly notify website users about these changes. SI Risk Ltd recommend that you check this statement on their website occasionally for any policy changes.

This version was last updated on 16 April 2019.
I agree with the Terms & Conditions