The Disruption Report: July 2023

Tech Against Terrorism presents a new quarterly update outlining our effort to detect and disrupt the terrorist threat online. 

INTRODUCTION

Tech Against Terrorism is focused on preventing terrorists and violent extremists from exploiting the internet. A central component of our work is tracking the threat and taking immediate steps to disrupt terrorist activity online, for which our principal tool is the Terrorist Content Analytics Platform (TCAP), which automates the alerting of terrorist content. From April to June 2023, we submitted 2,736 URLs containing terrorist content to the TCAP and sent 2,030 alerts to 24 tech platforms. 84% of this had been removed at the time of writing.  

Much of our additional Open Source-Intelligence (OSINT) work at Tech Against Terrorism is done behind the scenes. This is to mitigate the risk of unintentionally amplifying terrorist narratives or encouraging shifts in adversarial behaviour. 

Here we give examples of our work in this area beyond the TCAP: we provide insight into current behaviours and tactics used by terrorist and violent extremist actors to maintain a stable online presence, and into our proactive and practical work to disrupt them. In order to prevent further exploitation, names of certain groups and the platforms they exploit are withheld. 

SUMMARY 

From April to June 2023, Tech Against Terrorism disrupted several terrorist-operated websites (TOWs), responded to the hacking of a prominent social media account by a neo-Nazi, and discovered the latest creative attempts by Islamic State (IS) networks to exploit new and emerging platforms. 

HIGHLIGHTED ACTIONS 

Islamic State (IS) networks wiped out from Malta-based messaging app  

In mid-May, IS-affiliated networks began using an emerging messaging app run by a company registered in Malta. By early June, Tech Against Terrorism was monitoring 20+ IS-affiliated channels on the platform, most of which were posting identical content and posing as “official” IS propaganda channels.  

We reached out to the company on 7 June 2023, and published a briefing for our stakeholder network on 9 June. At the time of writing, we had not received a response from the company, but 19 of the 20 channels had either been suspended or become inactive by 15 June. By 20 June we had not seen any further attempts by IS networks to re-establish themselves on the platform.  

IS networks were likely to have been experimenting with the messaging app as a potential future alternative to the platforms they have been exploiting for the past several years. The attempted migration has occurred in the context of persistent moderation of IS channels on multiple other similar messaging apps, including one that was shut down entirely.  

Disrupting Terrorist-Operated Websites 

Over the past two months, Tech Against Terrorism disrupted 10 terrorist-operated websites (TOWs) run by individuals affiliated with Al-Qaeda in the Arabian Peninsula, Al-Qaeda Central, Islamic State (IS) and Tehreek-e-Taliban Pakistan (TTP) by engaging with infrastructure providers. 

One particular Al-Qaeda website had been active without disruption for more than two years, and was affiliated with Al-Qaeda’s Central Command. It attracted more than 38,000 monthly visitors. A significant majority of its visitors (77%) were based in Pakistan. The site hosted a significant archive of official propaganda from Al-Qaeda and numerous affiliated groups.  As a result of our action, three domain names linked to this website have been suspended. However, terrorist and violent extremist actors remain persistent in eluding infrastructure providers and returning online.  

Terrorist-operated websites are a key concern for Tech Against Terrorism. While terrorists are finding it harder to exploit social media platforms, they are finding it easier to simply set up websites for recruitment and disseminating information. 

NUMBER OF SITES DISRUPTED 

Helping Tech Platforms Disrupt the Threat 

We detected and reported the hacking of a social media account owned by an adult film actress with 1.2 million followers. The hacker posted threats and violent extremist propaganda originally produced by Injekt Division, which is a militant right-wing accelerationist online community linked to an attempted mass shooting in Texas in May 2021. Following our report, content posted by the hacker was removed, and the account was returned to its owner.  

We also reported three attempts to share links to bomb-making manuals by an IS supporter using a link-shortening provider. The links were originally posted on a pro-IS server and linked to content hosted on a small pasting site. The company responded immediately and disabled the links used to share the content. 

To discuss our work, contact us at contact@techagainstterrorism.org