<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=254990494906321&amp;ev=PageView&amp;noscript=1">

Wednesday, Oct 28 - 10am PDT

What data sources are you overlooking? Security teams require web monitoring capabilities that locate risks across a wide variety of social media, deep and dark web sites. Learn more about how to combine these feeds for a comprehensive solution.


A Wave of Jihadist Propaganda Enabled by Decentralized Platforms

Alex Ciarniello October 1, 2020 Social Media Monitoring, National Defense

In early September 2020, the BBC reported on the “caliphate cache,” a growing online library of over 90,000 Islamic State propaganda files discovered by the Institute of Strategic Dialogue.

In spite of IS’s territorial losses, the cache—which contains everything from plane hijacking how-to’s to terrorist lifestyle promo—should sound an alarm for counter-terror organizations around the world. Extremists rely on the power of online content to co-opt grievances and facilitate recruitment and real-world violence. The cache’s discovery indicates that the threat of Islamic terrorism is still alive and well online, and increased reach could mean increased national security threats.

New call-to-action

What makes this content more concerning than some jihadist propaganda, which has been heavily censored by governments and online networks, is its use of decentralized social platforms and websites. 

Decentralized platforms not only make it harder for intelligence agencies to locate new patterns in online terror—they also pose new challenges for content discovery and takedown.

How do extremists engage on decentralized platforms, and what does their use mean for national security and counter-terror organizations?

What Are Decentralized Platforms?

iStock-social overlay graphic cityscape
Many social networks and content-hosting platforms are stored on a central server, making their activities easier to track and potentially remove. Decentralized platforms, on the other hand, are distributed across many servers around the world, some of them user-operated, allowing for greater privacy and immunity when it comes to shutdowns.

For example, the social network Mastodon is operated on many servers (“instances”) worldwide. This permits discussions that would otherwise be centrally governed and removed by content rules and US law on mainstream networks like Facebook. Even though Mastodon servers might grow, shrink, or become isolated if many other servers block them, they cannot theoretically be taken offline, even by Mastodon’s developers.

This has advantages for marginalized communities like sex workers or users in countries where online spaces are heavily policed and censored by the government. The model’s flip side is harmful networks like Gab and dangerous content distribution like the caliphate cache.

caliphate_cache_-_raidforumsRaid Forums user requesting links to the caliphate cache—discovered by Echosec Systems

How Are They Used by Terrorists?

This infrastructure is ideal for nefarious networks, like IS and other terrorist groups, who are highly monitored and blacklisted by government and counter-terror organizations. Decentralized platforms give terrorists a means to sustainably communicate and host overtly harmful videos, guides, and other content, as well as more subtle propaganda targeting suggestable audiences. 

According to Mina Al-Lami, a monitoring specialist quoted by BBC, “the biggest development in jihadist’s use of technology [in 2020] has been their exploitation of decentralized websites [and] decentralized platforms.”

New call-to-action

With decentralization, the challenge for terrorists is not necessarily how to keep content on the internet—it’s how to disperse it beyond the echo-chamber of fringe platforms to grow their reach. According to the BBC article, terrorists have been creating and hacking social media accounts on mainstream networks like YouTube and Twitter at scale, posting content and nestling cache links within their user bios. 

While these are usually detected and removed promptly by providers, the strategy is persistent and the cache continues to evolve as it acquires traffic from social media sites. In fact, the caliphate cache is still live at the time of writing this article, even after authorities were alerted to its initial discovery late in 2019. 

What Do These Platforms Mean for Counter-Terror Initiatives?

Government, defense, and public safety organizations combating international terror must be able to effectively track extremist content, threats, and patterns online. As these groups evolve, understanding how they communicate, who and how far they reach, and what technologies they leverage is crucial for informing national security strategies and content takedowns.

Unsurprisingly, decentralized platforms throw a wrench in these strategies. Aside from their immunity to censorship, decentralized platforms often emerge quickly and contain invite-only or semi-closed groups requiring account creation to access. Manually navigating a wide variety of these platforms is not viable for intelligence analysts tasked with monitoring violent extremism online.

unnamed-2-Sep-28-2020-03-21-27-74-PMJihadist propaganda shared on PasteFS, an unindexed surface web paste site—discovered by Echosec Systems

Threat intelligence technologies like those offered by Echosec Systems allow users in government and counter-terrorism to easily aggregate posts from a number of decentralized platforms—such as Mastodon and ZeroNet—in a single interface. Content from these networks is indexed, allowing users to search and analyze posts (even those requiring account creation to view) within the safety of their regular browser. Such tools are also useful for locating jihadist engagement on less-regulated sites where content slips through the cracks more easily than platforms like YouTube.

Threat intelligence tools are the first step in tracking international terrorism across more obscure and distributed networks effectively—and also in overcoming decentralized technology when it’s used to compromise public safety.

As long as the caliphate cache is online, it will likely continue to grow and reach audiences susceptible to expanding the threat of violent extremism. And considering the caliphate cache was discovered almost by accident—through hidden links in social media bios—what other caches could be hiding in plain sight?

Specialized threat intelligence solutions are required to more easily locate and monitor terrorist content dumps and communication channels on decentralized platforms. These tools will provide much-needed support for takedown and counter-terror initiatives as adversaries swiftly adopt decentralized technology in the name of religious extremism.

Decentralized platforms are evolving quickly.
Contact our team to see if you’re missing out on any valuable data sources.




Quarterly updates, news and opinion


New call-to-action
New call-to-action
New call-to-action
New call-to-action
New call-to-action