In its recently released Internet Organised Crime Threat Assessment for 2018, EUROPOL turned its attention to trends in the behaviour of terrorist groups in cyberspace. After detailing the changing nature of the use of this forum for terrorist activities, EUROPOL presented recommendations for reforms that it believes would strengthen ongoing efforts to combat terrorism online.
What are the present trends in the cyber activities of terrorist organisations?
In the report, EUROPOL considered a broad scope of ways in which terrorists groups are evolving in their online endeavours. These range from alterations in the particular online forums used, to cyber-attack capabilities, to use of cryptocurrencies.
EUROPOL reports that recent efforts to counter online terrorist activities have resulted in a migration of terrorists and terrorist sympathisers from public platforms (such as Twitter and Facebook) to encrypted messenger applications. Apart from being protected by the secrecy of encryption, these applications commonly have functions such as preventing message forwarding, timed self-destruction of messages, and link keys to chat groups. Amongst other actions, terrorist groups have continued utilising the dark web, blogs, and online forums.
In recent times, various allied nations have also coordinated efforts to take disruptive action against Islamic State’s online propaganda infrastructure.
According to EUROPOL, sympathisers of Islamic State have disseminated instructions on evading surveillance by governments hostile to terrorist causes. Evasion techniques include registering for social media accounts without providing mobile phone numbers, and removing GPS tracking from accounts.
Further, despite the closure of a large number of social media and email accounts of the supporters of Islamic State, a large pool of accounts – the ‘al-Ansar Bank’ – has been created to allow terrorist sympathisers to circumvent registration and stay anonymous whilst operating online.
Despite fears over the potential for terrorist groups to begin launching damaging cyber-attacks, there exists a disparity between the capabilities of these organisations in their ability to promulgate propaganda and utilise encrypted communications, and their ability to use cyber-attack tools.
EUROPOL reports that terrorists, rather than developing their own cyber weapons, are still purchasing such tools from other sources. Still, sympathisers of Islamic State have conducted relatively small scale hostile cyber actions (e.g. hacking a Swedish radio station and creating a ‘Muslim’s Network’ alternative to Facebook).
Although Islamic State has not yet developed its own cyber tools, EUROPOL notes with concern that ‘[w]ith the crime-as-a-service business model of the digital underground however, there may of course be no need for them to do so.’
Use of cryptocurrencies
EUROPOL notes that the ability for cryptocurrencies to be moved between countries without the scrutiny applied by the conventional banking system makes them an attractive proposition for terrorist groups. Their use has included large scale cryptocurrency ‘donation campaigns in IS affiliated websites as well as in chat environments’.
This action has evolved in its sophistication, employing embedded payments within their own websites, malware to mine the currencies, and prepaid credit card payments. The soliciting of cryptocurrency payments also extended to the targeting of people in Western nations.
EUROPOL reports that, to date, no terrorist attack in Europe appears to have been funded with cryptocurrencies. The predominant sources of funding for terrorist groups are ‘conventional banking and money remittance services’.
What did EUROPOL recommend as potential reforms?
EUROPOL’s perspective on the role of law enforcement policing online terrorist related activity is pragmatic: whilst acknowledging that ‘it is impossible to completely eradicate terrorist propaganda from the Internet, it is possible to minimise its impact’.
Accordingly, EUROPOL proposed two main recommendations relating to how law enforcement can continue to combat the evolving nature of terrorist and terrorist sympathiser activities in cyber space.
- Primarily, efforts should be devoted to pushing back against the online recruitment and propaganda of terrorists. The key to success in this regard is close coordination and information sharing between different nations’. This extends as much to the public law enforcement agencies of states as it does to private enterprise, including the providers of internet services.
- Further, the ability of terrorist groups to carry out cyber-attacks should be targeted.
EUROPOL emphasises that these strategies are mutually supportive: less propaganda means less access to components necessary for cyber tools, and a reduced threat of cyber-attacks lessens the attractiveness of terrorist groups to potential recruits.