March 22, 2018 | By Brian Hanson, Gabriel Weimann

Deep Dish: Terrorism in Cyberspace

Social media, the internet of things, and the dark web are the latest battlegrounds in a new era of asymmetrical warfare. Premier cyberterrorism expert Gabriel Weimann joins Deep Dish to discuss how terrorists and bad actors use cyber networks to recruit members, spread propaganda, and cause physical harm.



[Gabriel Weimann: We find what they do, and they try to adapt to what we do as countermeasures, and then we have to apply new countermeasures. This is a never-ending cycle.

Brian Hanson: How is the dark web different than what most folks experience in the Internet, and how does that complicate things?

Gabriel Weimann: Now we're talking about Google, and Microsoft, and Twitter, and Whatsapp. All of them, all those companies, are now aware that they are abused, and they certainly don't want to be abused, certainly not by people who kill others.

Brian Hanson: You talk about lone wolves as not being lone wolves at all. They're part of a pack. What do you mean, and how does that work?]

This is Deep Dish on Global Affairs, going beyond the headlines on critical global issues. I'm Brian Hanson, and today we're talking about the evolution of terrorism in cyberspace. I'm joined by one of the premier experts on this subject, Professor Gabriel Weimann, who has been studying terrorism online since the days of dial-up Internet, back when you connected to the Internet through your phone. He's been doing this since 1998. He's currently a full professor of communications at the University of Haifa in Israel, and is on sabbatical, where he's teaching at the University of Maryland currently. He is a fellow of the Woodrow Wilson Center, working on Internet terrorism projects there.

Welcome, Professor Weimann. It's good to have you here.

Gabriel Weimann: Thank you. It's nice to be here.

Brian Hanson: Terrorist use of cyberspace continues to expand and proliferate. We've seen some public displays of that with ISIS's prolific use of social media to spread propaganda, recruit followers, elevate their events. We've also seen some state actors actually following some of the same playbook. I want to start out by asking you to tell us, what are the most significant ways that terrorist groups are using the Internet now?

Gabriel Weimann: The answer is quite complicated, because they changed. We are talking about 20 years of online presence of terrorist groups. I must say that by now all terrorist groups, all around the world, are present on the Internet, and they use all the platforms. Now, that depends. What platform they use and how they use it depends on who is the targeted audience and why they do it. Is it for recruitment? Is it for propaganda? Is it for launching an attack? Is it for radicalizing people? Is it for training people? They use the net in many ways, on many platforms, for different purposes, targeting different audiences. This is why the answer was so long.

Brian Hanson: Okay, all right. Let's dig into some of those specifics. How do terrorists use the Internet in order to recruit people into their movement and activities?

Gabriel Weimann: Here, the Internet changed things. In the past, terrorists used to recruit people in mosques, in a personal meeting, in a gathering, in social clubs, moving them to terrorist training camps, and so on. Today, all these activities are done online. It starts with radicalization, a gradual radicalization, training, and finally instructions and launching.

This is a gradual, I would say, process. It's not one stage only, and it takes time. Those people what are recruited online, and there are thousands of them from the West, for example, that were recruited by Daesh, by ISIS, including thousands from western Europe and North America, Australia, and Westerners who were not Muslims at all. It is a multi-step process that looks like a funnel. You start with many. These are broadcasting, then you narrow down the messages. Some people drop. Most of them drop out, and you end up with very few. Those will be finally the terrorists that will be activated and launched.

Brian Hanson: When terrorists are recruited this way, is it for them to act in their home countries, or them to come take part in activities in the Middle East? How are these people then employed?

Gabriel Weimann: I would say all the answers are correct. They do it first to recruit people to come and join them. ISIS brought over 30,000 volunteers. That's the highest rate in the history of terrorism. Most of them were recruited online and brought in online. That is, the instructions how to get to Syria or Iraq were given online.

This is not the only way of recruitment. We know of many lone wolf attacks that occurred in North America, in Australia, in western Europe, all the countries in western Europe in fact. These were local people, sometimes native citizens, who were recruited online and then launched against their state. Then we have other ways of recruitment. This is to get fundraising, to get support, not just to be active terrorists. They reach out for many audiences in many ways of recruiting.

Brian Hanson: One of the things that struck me about when I was reading your work is you talked about lone wolves as not being lone wolves at all. They're part of a pack. What do you mean, and how does work?

Gabriel Weimann: Okay. First let's speak about lone wolves in nature. A lone wolf in nature will die if he or she hunts alone. They need to hunt in packs. There's no lone wolf in nature. The same about lone wolf terrorists. You may see, as in nature, the last terrorist or the last wolf attacking, but somebody radicalized that person, taught him how to do it, and sent him to do that mission.

If you take, for example, the marathon in Boston, the two brothers, the Tsarnaevs, they were lone wolves. They didn't go to a mosque. They didn't attend any meeting, but if you go into their footprints they left on cyberspace, which we did and others did, you find that they were linked to a virtual community, the people that taught them, radicalized them, and finally sent them to the action. They even downloaded from the web instructions how to build a bomb. It was a homemade bomb made from a pressure cooker, and the instructions found on their computers were downloaded from an online magazine, launched by Al Qaeda by the way, called Inspire. There's a section there which is Open Source Jihad. That is how they call it. It has the section How to Prepare a Bomb in Your Mother's Kitchen, and they did.

Brian Hanson: On the one hand, this is all more frightening for how easy it is to bring people into an action like this, and provide them with the training that they need in order to do violence. On the other hand, it's perhaps hopeful in that if it's a lone wolf, it can be hard to figure out how are you ever going to know about an individual. Is there a way to use the fact that these, quote, lone wolves are using technology to connect to the pack? Does that create opportunities to counteract or prevent these kinds of attacks?

Gabriel Weimann: That's an excellent question, because it's a two-sided answer that I'm going to give you. One has to do with the difficulties. Being a lone wolf makes it harder because these people are at home. They don't go out. You don't find them in gatherings, in meetings. They sit somewhere at home, and it's very hard to find them. They're working alone.

On the other side, as you said, they are dependent on one channel of communication, online platforms. So, if you can monitor what we call the traffic online, the chatter online, if you can sometimes, and it was done, to use honey-traps, and try to find those people interested in volunteering and joining these groups, then there are opportunities as well. You're fighting a new kind of war, and you're using a new kind of method of war, and new weapons, when you fight online terrorism, especially in the case of lone wolves.

Brian Hanson: What are some of the techniques that you would use to find these people? I imagine that also there's been concern about privacy issues and those folks who aren't terrorists. To what extent is it legitimate to trace their traffic and all? How hard is this, and does this raise civil rights concerns?

Gabriel Weimann: It's getting harder and harder, especially now that they are moving to the dark web, to the dark net, to the deeper layers of the net. Let me say, we are living in this bad neighborhood for over 20 years. We know the neighbors. We know when they come and when they go. We know how they call themselves. Our research assistants worldwide are sometimes listening to the chatter and just monitoring announcements like where is our new website, or which kind of Whatsapp application should you use. They teach people how to use those applications. They direct people to any posting they have on YouTube or on any other social media platform. We learned how to find them.

It's getting harder, but let me say one more thing. Being academics and doing it for academic purposes, we are not interested in identifying them, stopping them. This is not our [inaudible 00:09:00] so we don't go that deep to find them, or to block them, to stop them. We are more interested in the platforms they use, in the psychology they use, the tactics they use, who are the audiences they are using, what kind of platforms they are adopting, and so on.

Brian Hanson: Let's probe a little bit about those platforms, because you mentioned the dark web. One of the reasons that it's getting harder is they're moving to the dark web. How is the dark web different than what most folks experience in the Internet, and how does that complicate things?

Gabriel Weimann: The dark web is a part of what we call the deep web, so I have to explain the terms.

Brian Hanson: Please.

Gabriel Weimann: Actually, what we see on the Internet, whenever you use Google and search for a website, it's about 4 to 5% of the content online. This is the open net. Most of it is hidden below, like 6/7ths of an iceberg, under water, and it should be hidden, because these are private things like your bank account, your medical record, or your family issues, and so on. You don't want anyone to get to it, but it is in the deep web, which is not accessible and not open to everyone.

There's a deeper layer, which is called the dark web. The dark web is using all those I would say deep layers of the Internet to conceal their activities. That means that in order to get there, you have to use encryption. You have to use programs like the Tor search. They feel much safer there because they know that it is very hard to break into those sites, and to find their identities, and to interfere with their communication. We see gradually, and when I say gradually it's within the last two years, not longer than that, the terrorists are also joining the dark web.

Brian Hanson: To what extent are there efforts to make that more transparent? One would expect this is a bad thing, that it enhances the ability for all kinds of illegal activities to happen. Have there been measures taken to reduce the ability to use this, and use these tools, and stay anonymous?

Gabriel Weimann: First of all, they use the Internet in many ways. Sometimes, when they are looking for propaganda, for publicity, for attention, to get on the media agenda and the public agenda, they won't go deeply into the dark web. On the contrary, they will go to the surface web. As we saw ISIS posting all those terrible executions, beheadings, burning of people, these were all in the open net.

If they are interested in what they want to consume, their inner communication, coordinating actions, fundraising using bitcoin for example, the virtual currency, buying ammunition, buying weapons, buying explosives, that will be done on the dark web. It's making it tougher also for people who try to counter terrorism. It's getting harder to find this communication, to break into those encrypted [inaudible 00:11:50] messages, and to get into the deep web, the dark web traffic.

Brian Hanson: One of the issues that came out with the Santa Barbara shooting was access to the Apple iPhone. To what extent do the big manufacturers and software producers have a responsibility in order for these groups to be able to make less use of these devices for their own purposes, to make it easier for law enforcement to track them?

Gabriel Weimann: My answer will be combining optimism and pessimism. Optimism, because I really think that the private companies are right now under pressure to cooperate with the counter-terrorism efforts. We're talking about Google, and Microsoft, and Whatsapp, all of them, and Twitter. All those companies are now aware that they are abused, and they certainly don't want to be abused, certainly not by people who kill others. That's the optimistic side, because I think they are going slowly, gradually, towards more cooperation.

Now, why is it pessimistic? Because the terrorists will know it too, and they will adopt new measures. They will move to other platforms. For example, we find now terrorists using instead of Whatsapp or other messenger communications, they use Telegram, which is an encrypted communication platform. Again, this is a cat and a mouse game, in a way, that we have been monitoring for 20 years. We find what they do, and they try to adapt to what we do as countermeasures, and then we have to apply new countermeasures. This is a never-ending cycle.

Brian Hanson: What are you seeing in terms of that escalation of activities? One you just mentioned was moving from one platform to another, a more and more secure platform, but basically doing the same kind of activities. Are you also seeing the kinds of activities that terrorists are engaging in through the Internet changing as well?

Gabriel Weimann: I must say that our capabilities are limited, because again, we are not intelligence forces, and we are not counter-terrorism agencies. We certainly don't try to find them, and block them, and stop them or arrest them. We focus more on the open type of communication, on the recruitment, on the radicalization, on the seduction of people, and also propaganda and I would say publicity-seeking material. These are easier for us to find, especially since we don't really go into the identities of those who post it.

Brian Hanson: What are the strategies that terrorist groups use to recruit people? Are there certain patterns? Are there certain typical targets that they go after? What's the pattern there?

Gabriel Weimann: In my lecture and my book, I use the term narrowcasting. Terrorists in the beginning would use broadcasting. That is one website, one message, one appeal to all. They became more sophisticated, and that applies also to recruitment. That means that they target different messages on different platforms to different sub-populations. If they want to recruit people, they will have different recruitment styles and messages, and appeals directed, for example, for young people or old people, for Muslims or non-Muslims, for people who are females or males.

For example, ISIS's success in drawing so many Westerners relied mainly on the fact that it was not one message to all. For example, when they targeted females, it wasn't, "Come here and be suicidal." Sometimes it was the humanistic approach. "Come and help the suffering children. Work with us in the hospitals." Sometimes it was the romantic appeal. "You'll find your partner, your spouse here. We have marriage. Marriage into jihad." They have some females, especially from western Europe, joining for that motive. Sometimes it was the seeking of adventure motive. Sometimes it was seeking a community. "You are alone." This is only just targeting Western women.

Imagine how they target, for example, the alienated Muslim population in North America and western Europe. The messages differ. Here, they speak more about, "Come to us, brother. If we like you, here you'll find your brothers. Here you'll find your community, and you can fight." Sometimes it was countering the Syrian cruel regime, people who bomb children, who use gas. "Come and fight against the bad guys," and they were bad guys. ISIS managed to combine all of these appeals to different populations, and it drove in many people with different motives.

Brian Hanson: Interesting. ISIS in recent months has lost territorial control significantly. Has their Internet strategy changed as their physical presence in the world and possibilities have changed?

Gabriel Weimann: As it happened with Al Qaeda, the more they lost presence on the ground, physical presence, the more they lost territories in the physical world, the more they moved to cyberspace. Now the same applies only to ISIS, only that ISIS, like Al Qaeda, is not a single organization. It's not one group. It's not a central organization. You have franchises, like Al Qaeda had. You have now ISIS outlets in the Far East, in India, in the Sinai Desert, in Libya, in Africa, in European communities. ISIS is alive in cyberspace, but alive in a different way, not in the same way it was in the past with one central communication, production company.

For example, most of the content in the past by one organization of ISIS called Al-Hayat Media Center. They wanted to control all the production processes, all the contents that came out. Recently, they don't have that much control, but you have many other groups related like a franchise operation to ISIS, the same way you have with Al Qaeda, by the way, that are not controlled directly by any center. They produce all their material online.

Brian Hanson: I would imagine that makes it all the more difficult to have a comprehensive view of what's going on. In ballpark, how many sites do you estimate are out there producing and putting this material out?

Gabriel Weimann: I think you would be shocked by the numbers. When we started, 1998, there were 12 websites.

Brian Hanson: 12?

Gabriel Weimann: 12. Today, we are dealing with ... Recently, we had a count of over 9,800 websites of terrorist groups. Not all of them, by the way, are jihadi or related to extreme Islam. We have other groups, as well. This is only websites. On top of it, you have to add YouTube. You have to add Twitter. You have to add Instagram. You have to add Facebook. It's Telegram, now. It's getting more and more. The numbers are amazing.

Brian Hanson: One strategy I could imagine some people might think of is just cut off the connection, but if you're dealing with a network that huge, and given the way the web works, there's no way just to cut one thing, I would think.

Gabriel Weimann: In one of my lectures, a somewhat older guy said, "Why don't we restart the Internet from the very beginning, and stop the access of criminals, bad guys, terrorists?" You can't go back. It doesn't work like that. I would say the beauty of the Internet, its democratic, liberal nature, its being open to all, is also a weakness. Terrorists are using and abusing this weakness.

We do enjoy the fact that we have free speech on the Internet, that it's really a free platform. Some groups, including terrorists, are abusing it. Countering it is somewhat difficult, because they will always emerge or reemerge. You remove the video, they'll repost it. You erase the post, and they will repost it, so it's not that easy.

Brian Hanson: Another area that you point out in your book is the area of cyber attacks and the potential for terrorists to engage in cyber attacks. What's the nature of this threat, and what have we actually seen happen in the world?

Gabriel Weimann: We already see cyber attacks. The recent debates about Russian involvement in the U.S. are just a glimpse of the potential of cyber attacks. By the way, the Russians already did it. They did it in Estonia. They did it in Georgia. They did it in Ukraine. Before the attacks in Ukraine or Georgia, they launched cyber attacks.

The value of cyber attacks has to do with our dependency on computers. Our banking system, political system, transportation, infrastructure, electricity, water, nuclear, whatever you want, are all based on computers. The idea of cyber attack is, instead of using the computer networks, the Internet for spreading propaganda, recruitment, and so on, is to attack the Internet. Now instead of hijacking planes, it's to harm or damage the control systems of trains, of airplanes, and so on, of chemical plants, of nuclear facilities.

Can terrorists do it? That's a big question so far. We were quite doubtful about it. When I wrote the previous book in 2006 about terrorism and the Internet, chapter five, as far as I remember, said, "Cyber terrorism is like a cloud on the horizon. It's there. It may come here, and if it comes, it may take some years." In my recent book, I really say, "The cloud is here." Can they do it? They are certainly more interested now in doing it than before, especially since the physical war, conventional war, is not that helpful.

Second, they can find the sources or the resources to teach them how to do it. They can recruit people. If you recruit 30,000 people, you can find one or two of them who are computer geeks, who can launch such attacks. They did experiment with these attacks, and more than that, don't forget that some of those terrorist organizations are funded, supported by states, states like Iran that have units that have the capacity of cyber attacks. If Iran, for example, decides one day, that may be very soon, to lend its cyber capabilities to proxies like Hezbollah, Hamas, Islamic Jihad, then we may see real cyber attacks launched by terrorist groups.

Brian Hanson: One of the topics that's much discussed right now is artificial intelligence and the rise of artificial intelligence. People are speculating about all kinds of things, useful things like self-driving cars, although I suppose if they could be hacked by terrorist groups, that also creates vulnerabilities. In terms of the capabilities that people are discussing in artificial intelligence, will this have implications for the way terrorists are able to use these tools as well?

Gabriel Weimann: Yeah. The way I presented this is like a dialectical conflict, in both sides always learning from the past, applying new technologies, new countermeasures, and new measures to counter the countermeasures. The way terrorists are getting more sophisticated, counter-terrorism agencies are getting more sophisticated. The way they move now to the dark web, we have to apply new techniques, and new technologies, and new measures that should be applied to the dark web.

In some ways, I'm worried about that too, I must say. For me, the dark web is not all dark. I also see the bright side of the dark web. For example, dissidents in certain regimes, opposition forces in certain countries or societies, whose only ability to communicate to the world their grievances, their messages, are using the dark web to protect them. If you decide to launch a campaign against the dark web, we may harm the good guys on the dark web. We have to consider how to balance our countermeasures in order to preserve some of the values, especially of freedom of speech, free flow of communication, in those dark alleys of the Internet.

Brian Hanson: I can imagine that could be all the more so with authoritarianism on the rise throughout the world. These are important modes of communication for folks who have very different intentions, and positive intentions. We've been talking about a number of challenges and threats created by terrorists' use of cyberspace. Is there a hopeful side to this story? Do you see optimism for our progress to deal with these kinds of threats?

Gabriel Weimann: My answer will involve pessimistic and optimist dimensions, and I'm sorry for the complication, but this is how it goes. I'm somewhat optimistic in the sense that there's a growing awareness, both in the public sector, states, and in the private sector, companies and organizations, to cooperate and find ways.

I am also optimistic because I think that one of my messages in the previous book is somewhat getting attention now. This is not to be reactive, but to be proactive. That is, not only to react to what they do, but to look at the future and say, "What are the emerging platforms? How can we construct the new platforms in a way that will minimize the potential for terrorists to abuse them?" That is, what will be the next Facebook? What will be the next bitcoin? What will be the next stage? Find ways to reward the people who develop those platforms that will make them consider minimizing terrorism damages.

However, when it comes to terrorism, I am less optimistic about the future of terrorism because terrorism is not going to diminish, not going to disappear. It was here for thousands of years. It's not new. ISIS didn't invent that, or Al Qaeda. It was here for a long time. It will always be here. We have to look with the fact that some people will go to political violence to fulfill or to achieve what they want, so we always will have to fight terrorism. In a way, that's one of the prices of living in a society that not everybody accepts your opinion.

Brian Hanson: Which takes me to my closing question. Taking it down to an individual level, somebody who's listening to this show, do you have advice for what they should do, be aware of, or take action about in order to do something against this kind of threat, or is this something that happens at a governmental level, and there's really not anything an individual can do?

Gabriel Weimann: First of all, what I tell my research assistants is, "You have to be very careful. If you move into this environment, into this neighborhood, and you want to study or just to look at material that terrorists are posting online, be aware that you'll be monitored both by the bad guys and by the good guys. So, be very careful about it." For example, don't try to communicate. Don't send messages. Don't respond. Don't send donations. You can look. You can watch. You can look at the material if you want, but never be active. Try to be safe.

Second, we have to realize that sometimes people, by sharing the information the terrorists post, by sending it to others, by liking it, are actually serving the terrorists' purposes, and are actually promoting it. Even if you see something which you think you want your friends to say, don't forget, if it is terrorist material, you're doing a big service for them.

Brian Hanson: Very good. Professor Weimann, thank you very much for being here today and talking about really a world that many of us have no experience with and can't even imagine, and help us understand how terrorists are using the power of cybersecurity.

Gabriel Weimann: Thank you.

Brian Hanson: Thank you for tuning in to this episode of Deep Dish on Global Affairs. If you have questions about anything you heard, feel free to ask them in our Facebook group, Deep Dish on Global Affairs. As a reminder, the opinions you heard belong to the people who expressed them, and not the Chicago Council on Global Affairs. If you liked the show, please subscribe and share this episode with your friends. You can find us under Deep Dish on Global Affairs wherever you listen to podcasts. Deep Dish is produced by Evan Fazio. Joe Palermo is our audio engineer. Our research intern for this week was Mariana Cubillos. Thanks, Mariana. Appreciate your help. I'm Brian Hanson, and we'll be back soon with another slice of Deep Dish.


The Chicago Council on Global Affairs is an independent, nonpartisan organization that provides insight – and influences the public discourse – on critical global issues. We convene leading global voices and conduct independent research to bring clarity and offer solutions to challenges and opportunities across the globe. The Council is committed to engaging the public and raising global awareness of issues that transcend borders and transform how people, business, and governments engage the world.

The Chicago Council on Global Affairs is an independent, nonpartisan organization. All statements of fact and expressions of opinion in blog posts are the sole responsibility of the individual author(s) and do not necessarily reflect the views of the Council.


| By Ian Klaus

Did the UNSG Say “Revolution”?

While there is nothing convenient about 2020, the upcoming Pritzker Forum on Global Cities has been helpfully anticipated by a series of publications that speak to the high stakes currently in play in cities around the world and the urgent need - from the perspective of both efficacy and equity - to adapt governance practices.

| By Laurence Ralph, Thomas Abt, Brian Hanson

Deep Dish: Police Reform Lessons from Around the World

Princeton University’s Laurence Ralph and the Council on Criminal Justice’s Thomas Abt join Deep Dish to explain why police brutality is not a uniquely American phenomenon and argue the strongest examples of successful police reform come from outside the United States.

| By Pavin Chachavalpongpun, Brian Hanson

Deep Dish: Thailand’s Youth Demand Democratic Reforms

Political scientist Pavin Chachavalpongpun joins Deep Dish to explain how social media makes these Thailand's pro-democracy protests different than past movements and why the United States should see Thailand as a foreign policy priority when negotiating a rising China.

| By Maha Yahya, Emile Hokayem, Brian Hanson

Deep Dish: Can Lebanon Overcome Corruption and Crisis?

Carnegie Middle East Center Director Maha Yahya and the International Institute for Strategic Studies’ Emile Hokayem join Deep Dish to examine the ongoing protest movement in Lebanon, Hezbollah’s role in the crisis, and how a system built on sectarian politics could be rebuilt.

| By Laura Rosenberger, Jacob Helberg, Brian Hanson

Deep Dish: Making Cyberspace Safe for Democracy

The Alliance for Security Democracy’s Laura Rosenberger and Stanford University’s Jacob Helberg join Deep Dish to discuss digital interference, misinformation, and data privacy within the lens of geopolitics.