)
The proliferation of unrestricted, encrypted messaging platforms with millions of users has made it easy for extremists to coordinate attacks across time zones and borders.
When a couple of locals noticed more than two dozen men dressed in combat gear piling into the back of a rented moving van in a plush northern Idaho resort town, they called law enforcement. It was the day of the annual Pride festival, celebrating the local LGBTQ community, and a nearby lakefront park was full of booths, barbecues, families, and performers.
Law enforcement acted quickly, pulling over the moving van. Inside the vehicle, they found 31 men from nine different states. Only one of them was from Idaho. All belonged to the same notorious alt-right group, The Oath Keepers, and all had arrived in Idaho with plans to violently disrupt the annual Pride festival.
Over the past several years, as the alt-right has solidified as a movement, it has successfully adopted a leaderless organizational model – motivated not by a charismatic leader but through a potent ideology. Gone are the days of hierarchical structures and dark alley meetings. Instead, alt-right proponents convene across loosely organized online communities from the comfort of their own homes. Ubiquitous internet access has made communication safe and efficient for fringe activists, so they no longer have to risk meeting in person.
Radical political extremists are understandably cautious with their communication. They prefer encrypted messaging apps and platforms that allow them to create private, invite-only forums – hiding under a digital veil to evade detection by law enforcement.
NETWORKS AND PLATFORMS commonly used for communication by secretive groups and monitored by Cybersixgill:
Deep Web: Telegram was founded in 2013 and claims to have 700 million users. It’s a cross-platform encrypted instant messaging app developed in Russia, and it’s so popular it now offers an upgraded Telegram Premium for a fee.
Deep Web: Discord was founded in 2015, and it’s a free voice, video, and text app that claims to have tens of millions of users. Discord hosts private invite-only spaces (chatrooms) that are perfect for setting up forums for gamers and political activist groups who want to be in control of who’s participating in their groups.
Clear Web: Pastebin was founded in 2002 and claims to have more than 17 million users. It’s a platform based on the structure of the original pastebins and text storage sites, developed by computer and coding enthusiasts in the late 1990s as places to share bits of code, text, and data for a set amount of time. Pastebin is popular with threat actors who upload and share malicious code or show off their latest data hacks and snippets of breached datasets they promote for sale on the dark web.
Clear & Dark Web: 4chan was founded in 2003 and claims to have 22 million monthly visitors. It’s an anonymous imageboard platform dedicated to forums for online games, Anime, and Manga. It’s the English language counterpart to the Japanese language Futaba Channel. The site has both a clear web domain and a dark web onion site.
Clear & Dark Web: 8kun (formerly known as 8chan) was founded in 2013 and functions the same way as 4chan, but with much fewer restrictions on what can be shared. It quickly became associated with child pornography and the fringe right movement and is widely known as the birthplace of the Qanon conspiracy theory. The site has gone through various iterations, with the platform’s clear web domain banned multiple times from search engines and cloud hosting services because of its content. In 2019, following 8chan’s removal from the clear web, it relaunched under its new name 8kun.
It’s easy for far-right extremist groups to cultivate and radicalize Lone Wolves online.
I co-authored the report, The Far Right – Ideology, Modus Operandi and Development Trends, together with Dr. Eitan Azani, Dr. Liam Koblenz-Stenzler, Lorena Atiyas-Lvovsky, Dan Ganor, and Arie Ben-Am. This detailed and well-researched report clearly shows that: “The current iteration of far-right extremism largely operates outside the confines of traditional, hierarchical structures, reflecting an increasing emphasis on the individual. Within this decentralized collective of loosely-connected anonymous activists, the esoteric boundaries between organizations and movements, instruction and inspiration, and satire and incitement are becoming more and more ambiguous. This individualistic nature of extreme-right terror does not indicate, as some have assumed, that these events are isolated happenstance. Rather, it serves as a manifestation of the modern networked milieu, whereby web-based technologies and platforms allow for a diffuse form of radicalization, connecting seemingly unrelated attacks in a transatlantic web of ideologically-connected acts of terror. These amorphous networked communities provide for anonymous, unorganized participation in ideologies by a variety of individuals who may or may not engage with formally organized groups. Lone Wolves are the new vanguards of the violent far-right revolution, and ideology is the potent, mobilizing force galvanizing their action. Online interactive participation also serves to connect myriad right-wing extremist ideologies, creating a nexus of hate-based narratives that expands the pool of potential recruits.”
Lone Wolf attacks in North America may indeed have something in common with a similar attack in New Zealand.
Why is it essential for law enforcement organizations to be able to monitor these platforms?
No matter their reasoning – some do it for money, some do it for fame, some do it for political or ideological motivations – threat actors target critical parts of our most used infrastructure such as financial institutions, health care organizations, law enforcement, and civic targets like city administrations.
Sometimes threat actors and budding domestic terrorists share their plans in private forums on one of these hard-to-penetrate digital platforms. For instance, shortly before embarking on his August 2019 mass shooting spree at a grocery store in El Paso, TX, that left 23 dead, perpetrator Patrick Crusius shared a four-page manifesto titled “The Inconvenient Truth” on 8chan justifying his attack. Crusius’ manifesto referenced two similar documents published on the same platform by two other domestic terrorists earlier that year – the first posted by Christchurch, New Zealand Mosque shooter Brenton Tarrant in March and the second by Poway Synagogue shooter John Earnest in April.
With user numbers reaching the hundreds of millions, it’s a Sisyphean task to monitor the deep and dark web. Threat actors and radical extremists are cautious – they don’t share their plans indiscriminately for all to see. They have developed a secret, digital ecosystem of underground communities across access-restricted forums and messaging groups. This is where the chatter leading to mass shootings and cyberattacks is found.
Let Cybersixgill do the dark web monitoring so you can stay ahead of the next threat
At Cybersixgill, we are experts in deep and dark web monitoring. We covertly infiltrate and maintain access to forums, marketplaces, messaging groups, paste sites, and underground imageboards, continuously capturing illicit chatter and activity in real-time. This data is processed, analyzed, and enriched using advanced Artificial Intelligence (AI) to derive critical insights and identify threats as they emerge. Cybersixgill’s market-leading collection of threat intelligence data can be customized to search for and identify specific threats and targets relevant to your community’s defense.
You don’t have to be a domestic terrorist to catch one.
Our portal does not require a lot of training. In fact, our customers have experienced reductions in the average time it takes to investigate a threat from two days down to two hours. Law enforcement is busy and sometimes understaffed – Cybersixgill’s technology will speed up investigations and eliminate many cold investigative leads.
All it takes is an initial kickoff session with you to go over every part of the portal and align the specific areas and features your organization is monitoring for you to get rolling. Alternatively, we offer numerous integration points so you can easily merge our body of threat intelligence data into your existing systems.
Let us know if you want more information about how Cybersixgill can help you stay ahead of cybercrime. If you would like a demo, please reach out to us.
)
)
)
)