How Terrorists Communicate Through Social Media
Tradecraft is defined as the methods used in clandestine operations such as espionage. Establishing a secure form of communications is tradecraft 101.
A common tradecraft communications tactic used by terrorists was to video, from the back seat of a car, someone driving around listening to loud music, perhaps in Syria or elsewhere. The perspective shows only the side of the driver and the front seat with a newspaper lying on the seat next to the driver, with nothing to identify the location.
You cannot see the driver’s face, so only the newspaper provides a date and location, which identifies the particular message. After several minutes of driving around, the driver picks up the newspaper to reveal a handwritten note. After leaving sufficient time to read the note, it is covered by the newspaper again, and shortly thereafter the video is posted to YouTube. It’s a boring upload to YouTube that no one will watch all the way through other than the person for whom the note is intended.
Under these circumstances, current algorithms are not capable of reading the handwritten notes, and an actual human would have to review each and every posting to detect such communications, which is simply not practical. The person receiving the message merely surfs YouTube and, even if later investigated by the FBI, no records of these sorts of communications are detectable.
To YouTube’s credit, they have been able to eliminate most of these videos, but as soon as one form of communication is detected, terrorists change tactics and another method pops up.
In 2017, Björn Stritzel a reporter for Bild, a German-language news magazine, pretended to be an Islamist willing to carry out an attack. Over several months, the reporter was given videos and received detailed instructions and motivational speeches on how to conduct a “lone wolf” attack by his two English-speaking ISIS handlers.
To cover his communications with ISIS he was advised not to communicate via Telegram—an encrypted instant messaging service—because ISIS uses it for spreading propaganda; better to use the similar messaging service Wickr for planning the attack. They also instructed that just before the attack he was to set the self-destruction timer for the messages to one minute. That way they could remain in contact until right up until the moment of the attack, and then all sent messages would be deleted on both devices and proof of their contact destroyed.
By its nature, social media lends itself to be used as part of terrorist communications tradecraft. Social media is everywhere, and two people located on opposite sides of the planet can routinely talk to each other and exchange information in complete privacy. Terrorists worldwide take full advantage of this fact to employ solid tradecraft in their communications.
ISIS, Al-Qaeda, and Hezbollah have routinely used YouTube and other social media in such a way that their communications are extraordinarily difficult to detect. They use social media to securely spot, assess, develop, and recruit susceptible individuals worldwide to conduct attacks.
The official policy of the U.S. government remains that “lone wolf” attacks are just that, acts of unstable individuals with no ties to terrorist groups or anyone else. This is in spite of a long laundry list of nearly identical attacks taking place all over the world, and in spite of clear evidence that these attacks are driven by ISIS and other terrorist groups. How is it possible that our official policies in this regard remain the same?
Brad Johnson is a retired CIA senior operations officer and a former chief of station. He is president of Americans for Intelligence Reform.
Views expressed in this article are the opinions of the author and do not necessarily reflect the views of The Epoch Times.