Skip to content
Search

Latest Stories

NatSecEdge
cipherbrief

Welcome! Log in to stay connected and make the most of your experience.

Input clean

Machine Learning and Tracking Terrorists

As the accused accomplices of terrorist Mohammed Merah stood trial in France in October 2017, aggregate web page traffic related to the location of the trial, hostile vehicle mitigation equipment, and eyewitness videos of past vehicle attacks in France all surged. A few days later, police announced they had arrested two men for trespassing on the judicial complex where the trial was taking place, one of whom, according to press reports, had loose ties to a terrorist cell in Paris.

Was this activity simply coincidence or the open web traces of pre-attack planning? When I worked on counterterrorism programs in the U.S. Government, I often faced this type of challenge, separating credible threat intelligence from spurious. With the proliferation of indicators and warnings derived from publicly available information, the challenge is now even greater.


Recent technological advances can help address this challenge. Knowing that internet activity precedes real world action, we can use machine learning to find predictive trends in anonymized and aggregated raw data.

Both companies and governments have used this technology to better understand terror risk throughout Europe, most recently the attack on March 23rd in southeastern France. Redouane Lakdim, though known to police, was not specifically on a terrorism watch list before he killed four people during a carjacking and subsequent hostage taking at a rural shopping center. Two weeks earlier, web page traffic for road barriers, French counterterrorism operations, and key ISIL commanders in Syria had intensified in line with the predictive pattern for terrorism in France.

Similar patterns have emerged ahead of major counterterrorism operations across Europe over the past year. British police conducted raids in northern England in December 2017, reportedly foiling a Christmas time plot. This past June, German authorities seized thousands of ricin pellets in Cologne, claiming the seizure thwarted an imminent attack. In both of these cases, activity on pages about ISIL commanders and recent attacks in France was in line with the pattern identified using machine learning; the authorities’ intervention appears to have been well timed.

Using this technology, analysts can also understand periods of low terrorism risk, of great interest to authorities intent to devote counterterrorism resources where the threat is most critical. In January, Belgian authorities were questioned for lowering their official terrorist threat designation. However, analysis of web traffic patterns revealed that the typical precursor activity for terrorist incidents in Belgium was muted in comparison to its neighbors, supporting the Belgian decision.

These types of predictive analytics are not yet widely used in counterterrorism, but they have the potential to change the way agencies and decision-makers keep us safe. During my government tenure, there were instances when the intelligence pointed to terrorist threats that we viewed as credible and serious. However, the intelligence was usually of a sufficiently general nature that policymakers were left grappling with how to prioritize counterterrorism resources.

With risk indicators derived from machine learning algorithms, analysts and decision-makers can better contextualize warnings coming from specific threat streams. Further, risk of a terrorist attack is not always apparent to the naked eye. The models often reveal unexpected linkages between the concepts, organizations, and individuals that contribute to terrorism risk, which can improve assessment of the likely timing and vector of a particular threat. Authorities can also use data-driven risk indicators to evaluate the efficacy of counterterrorism interventions. There is always an opportunity cost to counterterrorism operations, so better understanding the threat environment ensures limited resources are applied as efficiently as possible.

In the case of the Merah accomplices trial in France in October 2017, machine learning technology, parsing the surge in traffic on web pages related to the trial location, attack vectors, and prior terrorist attacks, identified the recurring pattern that indicates high risk of a terror attack. In other words, this surge likely was pre-attack planning and police likely prevented an attack in the heart of Paris.

Save Your Seat

Related Articles

Sabotage Without Warning: ​Why the Gray Zone Could Be America’s Biggest Blind Spot

Sabotage Without Warning: ​Why the Gray Zone Could Be America’s Biggest Blind Spot

EXPERT BRIEFING — Polish Prime Minister Donald Tusk announced this week that 32 people have been detained since the start of Moscow’s war with [...] More

Experts Warn of Insurgents' Paradise in West Africa

Experts Warn of Insurgents' Paradise in West Africa

CIPHER BRIEF REPORTING– A terrorist group with links to Al Qaeda now controls a swath of territory five times the size of Texas, threatens the [...] More

Ukraine's Defense Export Pivot Is A Game-Changer

EXPERT PERSPECTIVE/OPINION -- Ukraine may have just fundamentally shifted the global defense landscape. On June 21st, Ukraine unleashed its "Build [...] More

Security will be a Critical Aspect of New AI Center

EXPERT PERSPECTIVE — The recent signing of an agreement between the United Arab Emirates and the United States to create a large scale joint center [...] More

Counter-AI May be the Most Important AI Battlefront

EXPERT PERSPECTIVE — Artificial intelligence (AI) has truly captivated the American imagination, with increasing attention focused on the latest AI [...] More

How the U.S. is Tapping a Much Bigger Well in The Middle East

EXPERT DEEP DIVE – President Donald Trump’s first official trip to the Middle East during his current administration may have tapped a well that runs [...] More