Terrorist organizations are increasingly exploiting the internet to promote extremist and violent ideologies, to radicalize individuals, to fund operations, and to otherwise support their illicit activities.
In the past, these organizations had much less operational capacity to reach supporters worldwide for financing, recruitment and other activities. The internet has allowed such organizations, as well as lone terrorists, to quickly and effectively reach a global pool of potential supporters and to spread their ideology and propaganda to the general public with relative ease. The possibility of communicating anonymously via the internet and the rest of cyberspace, and the relatively low barriers to entry, makes it an optimal tool for exploitation by terrorists around the globe.
Terrorist abuse of the internet and other elements of cyberspace creates both challenges and opportunities for the counter-terrorism efforts of governments, international organizations and social media platforms. In order to develop effective regulation and policies to prevent this exploitation of cyberspace, it is fundamental for regulators and enforcement authorities to first understand the ways in which terrorists utilize the internet to achieve their goals; and then to develop focused regulatory and enforcement tools to counter these illicit activities through laws, strategies, policies and other measures.
Although counter-terrorist regulation on the part of countries and organizations has in the past focused on acts of terror that are carried out in physical space and have physical impact (such as airplane hijackings, kidnappings, and bombings), regulators have begun to incorporate measures that identify, track and mitigate terrorist activity that takes place on the internet, and that may have an impact only in cyberspace. There are several approaches to the classification of this activity.
The taxonomy used for the ICTRP research classifies the means by which terrorists use the internet into ten categories: propaganda, psychological operations, incitement, recruitment, radicalization, financing, information sharing (including training), intelligence, communications, and cyberterrorism. An explanation of each of these categories follows.
The internet facilitates the dissemination of terrorist messages. The use of propaganda is the most fundamental stage in which terrorist organizations spread their ideologies, beliefs and motivations. According to the 2012 United Nations Office on Drugs and Crime (UNODC) report on “The use of the Internet for terrorist purposes” (herein, “the UNODC Report”), propaganda can take the form of “virtual messages, presentations, magazines, treatises, audio and video files and video games developed by terrorist organizations or sympathizers.” Additionally, terrorist content appears on “dedicated websites, targeted virtual chat rooms and forums, online magazines, social networking platforms, such as Twitter, Facebook, and popular video and file-sharing websites, such as YouTube and Rapidshare, respectively.” Terrorist propaganda focuses on the promotion of violence and/or extremist narratives, particularly in cyberspace. Online propaganda may include content that inspires young individuals to engage in role-play and develop an interest for terrorist activity. Consequently, this type of indoctrination poses a serious threat for internet users.
One of the major strategies used by terrorists is to evoke fear in members of the targeted population. The internet facilitates this process, since propaganda helps terrorist organizations share threatening messages through videos, online magazines and audio files. For example, Al-Qaeda and the Islamic State of Iraq and Syria (ISIS) regularly use media channels to disseminate messages and violent images that evoke fear. These include videos of beheadings, hostage takings, suicide bombings, explosions and calls for Jihad. Additionally, ISIS-affiliated ‘Abd al Faqr media group published a guidebook and video providing religious justification for the use of biological weapons against “the enemy”.
Incitement to commit acts of terrorism or to assist in such acts takes place when terrorist groups or terrorists as individuals promote, encourage, urge or command such acts – whether or not they are eventually committed. As mentioned in the UNODC Report, there is a key distinction between propaganda and online material intended to incite individuals to commit acts of terrorism. For instance, in some jurisdictions, a direct causal relationship between propaganda and an actual terror plot (or attack) is necessary in order to be held liable for incitement to terrorism. Incitement that takes place via social media, websites, mobile phone communications, internet communications, and other cyber-enabled means shares similarities with incitement in the physical world. One key aspect is the need to determine that such communications are not protected by free speech safeguards in the relevant jurisdiction. Examples of incitement to acts of terrorism in cyberspace include the dissemination of messages calling for a “holy war” against non-believers, when the messages are explicit and specific.
The internet facilitates the recruitment of terrorists and supporters of terrorism by enabling those who are most responsive to propaganda to develop radical views and join terrorist organizations. These organizations conduct both clandestine and open recruitment on websites, chat rooms and forums with restricted access to the general public. It is through these restricted platforms that potential recruits learn about the organization’s purposes, ideologies, objectives and become more involved in terrorist activities. Recruiters know how to effectively indoctrinate marginalized and vulnerable individuals, including children. When targeting minors, propaganda may take the form of cartoons, music videos, and computer games that promote terrorist acts. Additionally, all the information used by terrorist organizations are available in many languages, enabling recruiters to reach a global pool of potential members.
Radicalization is the process by which recruits are transformed into individuals determined to act with violence on behalf of a terrorist organization. This is the stage in which recruits become involved and determined to adopt, conduct and live based on violent extremist ideologies. The radicalization process may be conducted online (in websites or chat-rooms) or offline (during one-on-one meetings).
Terrorist organizations use the internet to raise funds for their hostile activities. By employing effective propaganda strategies, they identify potential donors and instruct them about ways to financially support the organization. The UNODC Report indicates that they collect resources through the following ways: “direct solicitation, e-commerce, the exploitation of online payment tools and through charitable organizations.” Direct solicitation refers to the utilization of e-mails, online groups and websites by terrorists to demand donations from members. Additionally, websites are used as online stores, facilitating money transfers between parties. Terrorist organizations also exploit online payment facilities by stealing credit card information or using other fraudulent means. Finally, charities or seemingly philanthropic organizations are misused by terrorists who collect donations for their own purposes.
Terrorists use different online platforms to share information and provide potential recruits with training on how to conduct attacks. In many cases, they choose small or restricted-access platforms to ensure that their activities are not blocked by governments or private companies. Terrorists share audio files, electronic magazines, and videos to provide members with practical information on how to make explosives, or use firearms to stage attacks. For example, the Islamic State of Iraq and Syria (ISIS) had published on its online magazine “Rumiyah” instructions on how to perpetrate car ramming and stabbing attacks.
Studies have largely focused on terrorist use of the internet for radicalization and recruitment purposes, giving little attention to data mining and intelligence gathering. Yet terrorist organizations often use social media platforms to collect open-source intelligence on potential targets. This is key for them to effectively plan and coordinate their attacks. For instance, large-scale terrorist attacks such as the November 2015 Paris attacks carried out by the Islamic State of Iraq and Syria (ISIS) rely upon prior intelligence gathering and analysis by terrorist groups.
Terrorists use the internet to coordinate their daily activities and plan their operations. For example, Al-Qaeda used the internet in a number of ways to plan the September 11 attack against the United States that provoked that country’s “war on terror”. The internet facilitates both ongoing communication between members of a terrorist organization and can be used specifically to support the planning stage of an attack. It also provides channels of communication that recommend ways to perpetuate attacks, and make instructional videos or audio files available. As seen in the cases of ISIS and Al-Qaeda, terrorist organizations use the internet to provide their members with tactics to effectively organize the preparatory steps of an attack.
In circumstances where terrorist organizations may utilize the internet to inflict physical damage to property, including critical infrastructure such as electrical grids, water systems and railroads – such events may be classified as cyberterrorism, in accordance with many jurisdictions’ definitions of terrorist acts. Certain countries have already used such cyber-enabled means to inflict physical damage, (such as the Russian takedown of parts of the Ukrainian electrical grid in 2015 and 2016), or to cause loss of life or injury to people. Some experts include the manipulation or destruction of non-physical data in this definition, as in the Syrian Electronic Army hack into an Associated Press Twitter account in April 2013 that caused a severe, albeit brief, drop in the value of stocks on the New York Stock Exchange. Such terrorist-initiated cyber attacks have been rare until now, for reasons that may include the small number of terrorist organizations that are capable of conducting such cyberattacks; and the lack of motivation on the part of terrorist organizations to focus on such operations due to reduced visibility of impact, as compared to operations carried out in the physical world.