Beyond Content Moderation: The Urgent Need to Stop Terrorist-Operated Websites

Our Executive Director, Adam Hadley, addressed the Internet Governance Forum 2024, offering critical insights into the ever-evolving threat landscape and the vital work of Tech Against Terrorism. 

In his address, Adam highlighted the shifting dynamics of terrorist exploitation of the internet, emphasising the urgent need for innovation and collaboration to counteract these threats. He underscored the critical responsibility of internet infrastructure providers in preventing their services from being weaponised by terrorist organisations, calling on the global community to take a united, collaborative approach to combating terrorist organisations' online presence. 

The following article expands on the key points of his speech. 

Executive Summary:

Terrorist exploitation of the internet has reached a critical inflection point, marked by unprecedented levels of content and a fundamental shift from terrorists merely using online platforms to becoming infrastructure operators. 

Three pressing challenges demand immediate attention:

1. The Strategic Communications Challenge: Beyond recruitment and radicalisation, terrorists now utilise the internet for strategic communications and operational coordination.

2. The Infrastructure Challenge: We are seeing growing infrastructure ownership by terrorist organisations. Terrorist Operated Websites (TOWs) are difficult to dismantle, with terrorists using multiple domain providers and web hosting services to evade detection.

3. Detection and Analysis Limitations: We estimate that existing monitoring efforts cover less than 1% of terrorist-related content, leaving a vast digital landscape unchecked

Addressing these challenges requires robust cross-sector collaboration involving government, industry, civil society, and academia. A unified approach must prioritise preventing terrorist ownership of infrastructure while safeguarding fundamental freedoms.  

Beyond Content Moderation: The Urgent Need to Stop Terrorist-Operated Websites 

In the past year, we've witnessed terrorist content online reach levels unseen in a decade. Beyond Hamas and Hizballah, there has been a notable surge in violent extremist content from groups including Islamic State and Al-Qaeda, along with their affiliates - Islamic State - Khorasan Province and al-Shabaab being particularly active. But what's most concerning isn't just the volume of content—it's how terrorist organisations are transforming from internet users into infrastructure operators. 

At Tech Against Terrorism, we have observed this paradigm shift firsthand. Founded in 2017 with the backing of the United Nations, our organisation bridges the gap between the tech sector and governments to disrupt terrorist use of the internet while respecting human rights. Working closely with the UN Counter-Terrorism Executive Directorate (CTED), we've earned recognition from the UN Security Council for our efforts, most recently in resolution 2713, which encourages our support of Somalia's government in confronting Al-Shabaab's online presence. The organisation’s approach is global, with 24/7 coverage, providing tools, resources, and support to tech companies and governments to identify and mitigate terrorist content online. 

The current landscape is deeply troubling. Since October 2023, we've seen terrorist content online reach levels unseen in a decade. These groups aren't simply sharing content—they're actively integrating current conflicts into their narratives to build support and legitimacy. The threat is magnified by what appears to be a deprioritisation of terrorist content removal. We regularly find unedited material produced by terrorist organisations shared on major platforms, where historically, such content was at least obfuscated to evade detection mechanisms. Networks of extremist-aligned actors operate openly on major social media platforms, often with minimal intervention. 

We face three critical challenges in combating terrorism online. First is the strategic communications challenge. Historically, terrorist use of the internet has been understood purely in terms of radicalisation and countering this. However, terrorist organisations increasingly use the Internet for strategic communications to promote domestic popularity and project international standing. They use mainstream platforms and their own operated websites to shape narratives around current conflicts, challenge state authority, and advance their political agendas. When platforms and infrastructure providers allow terrorist groups to operate with relative impunity online, they're not just enabling content distribution—they're effectively providing strategic communications infrastructure to entities that actively seek to undermine national and global security objectives. 

Second is the infrastructure challenge. Terrorist groups aren't just users of the internet anymore – they're becoming infrastructure operators. Since 2021, we've uncovered over 300 terrorist-operated websites (TOWs), and these demonstrate remarkable resilience. When we disrupt an Islamic State or Al-Qaeda website, it often reappears within hours across different infrastructure providers. We frequently identify that domain name registrars lack provisions against terrorist exploitation in their terms of service or community guidelines, creating a dangerous precedent where there's no policy-based framework for action. 

The third challenge involves the detection and analysis of terrorist content. Despite the vast amount of terrorist content online, our ability to monitor and respond to emerging threats is hindered by several factors. Restriction of API access, high costs for obtaining it, and reduced analytical tools available at scale impede our efforts. Currently, we are monitoring less than 1% of the total content, leaving a massive gap in our surveillance capabilities. Language capability gaps are being exploited by terrorist actors, with groups like ISKP targeting local audiences through dedicated Uzbek and Tajik media branches. Moreover, the increasing complexity of "unofficial" media outlets has made tracking their involvement in operations and attack planning more difficult.  

While platforms and governments face numerous threats amid unprecedented geopolitical instability, the de-prioritisation of counterterrorism is deeply concerning. We must improve action from the tech sector, governments, and other stakeholders to ensure appropriate resources are being deployed to tackle this evolving threat. 

However, amidst these challenges, there are opportunities. Generative AI, often viewed with apprehension, presents significant potential for enhancing content moderation. It can improve both the accuracy and scalability of detecting terrorist content online. We encourage increased investment in these technologies to detect obvious examples of content emanating from designated terrorist organisations. 

Looking toward 2025, the risks associated with terrorist use of the internet will only grow. International instability, increasing youth involvement in terrorist activities, and the surge in online guided/hybrid plots are all factors that will drive the continued evolution of online terrorism. Terrorists are becoming more adept at exploiting grievances regarding insecurity and state failure, with the internet playing an increasingly crucial role. 

There's also a concerning geopolitical dimension. As consensus about internet jurisdiction may reduce over time due to growing tensions, we face the risk that at the very moment we need increased global agreement about internet governance, it may become more difficult to achieve. 

The path forward requires a new international framework that addresses three critical areas: the prevention of terrorist infrastructure ownership and operation, standardisation of response across jurisdictions, and coordination between domain registrars and security researchers. The Somali government's efforts in taking down Al-Shabaab's content and activity serve as an example of what's possible with decisive action. 

Our work at Tech Against Terrorism will continue as a small NGO of around 10 people. We currently alert more than 140 platforms and work with a range of stakeholders, governments, and tech companies. Our approach includes sharing resources cost-free through our Threat Intelligence Capabilities, Knowledge-Sharing Platform, Terrorist Content Analytics Platform, and Trusted Flagger Portal. As we look ahead to relaunching our Trustmark and other services, we remain committed to supporting both the tech sector and governments in this crucial fight. 

The fight against online terrorism is one that no single organisation can win alone. The complexity and scale of this challenge demand collaboration across sectors, bringing together expertise from government, industry, civil society, and academia. We are fortunate to work alongside dedicated partners who share our commitment to this mission. The UN Counter-Terrorism Executive Directorate (CTED) continues to provide crucial leadership in coordinating global counterterrorism efforts. The EU Internet Forum has been instrumental in fostering dialogue between governments and the tech industry. The Christchurch Call to Action has mobilised unprecedented international cooperation to eliminate terrorist and violent extremist content online. Tech Against Terrorism Europe (TATE) extends our reach across the European continent, while the Extremism and Gaming Research Network breaks new ground in understanding emerging threats in digital spaces. These partnerships demonstrate what's possible when we work together toward a common goal. 

The question before us isn't whether we can completely stop terrorists from using the internet—it's what we can achieve together, in a collaborative way that upholds fundamental freedoms, to push back against terrorist content and activity online. The internet's role in global security has never been more critical.