Since before 9/11, Al-Qaeda and other jihadi groups have been quietly investing in cyber jihad, which is now disseminated and promoted by a new, Internet-savvy generation. Jihadis have advanced from primitive password-protected websites to freely available social media platforms. Al-Qaeda, and now the Islamic State (ISIS), have infested YouTube, Twitter, Instagram, Tumblr, Yahoo's Flickr, and the Internet Archive, and adopt new social media – Ask.fm, Vimeo, Vidme, VK.com, and SoundCloud, to name a few – almost as quickly as they emerge. They also depend on apps available on Google Play and iTunes for Apple. Jihadis’ online presence now consumes U.S. and other Western governments' counterterrorism efforts, and it should be of concern to the business community, which has remained largely silent on this issue.
American tech companies have been instrumental in helping to spread jihadi ideology. Anyone can follow, "like," "friend," tweet, and re-tweet content by ISIS as well as submit questions to it, view photos posted by it, and conduct dialogue with it. There is also an effort to recruit activists with computer and Internet skills to help hack government and bank websites, hijack drones and other aircraft, and carry out various cyber crimes, such as leaking personal details of military, government, and business leaders or stealing customer data. Just recently, it was announced that a Kosovoan hacker was arrested in Malaysia on a U.S. warrant alleging he hacked into the computer system of a U.S. company, stole personal information of 1,351 service members, and passed it on to several ISIS figures.
With the exception of Facebook, major tech companies, led by Google and Twitter, have done very little to confront cyber jihad. Pressure from a handful of concerned members of Congress coupled with bad media publicity has prompted them to take some, but largely cosmetic, action. I first met with senior Google officials in 2010 to discuss al-Qaeda's use of YouTube and its growing impact on the radicalization of young people. But their subsequent removal of some jihadi videos and accounts is hardly a sufficient solution, as many of these accounts have been re-launched – some over 100 times.
This weak response is indicative of a lack of creativity in dealing with this challenge and a failure to understand the true aim of cyber jihad. It also highlights the fact that these companies and Western governments have consistently remained two steps behind jihadi advancement online. Early on, Twitter was used by only a handful of jihadis, but by 2011, it had been adopted by the Taliban and the Somali Al-Qaeda affiliate Al-Shabab. In a very short time, the number of jihadis on Twitter ballooned from hundreds to thousands to tens of thousands. My organization’s attempts to warn Twitter about this surge in jihadist activity on its platform were ignored. Twitter is now the heart and soul of cyber jihad.
American journalist James Foley's August 2014 beheading finally forced Twitter to address the fact that terrorists were using its platform. As media, researchers, and the government focused on Twitter and YouTube, where ISIS had posted the execution video, jihadis, who had been quietly experimenting with homemade encryption technology for half a decade, ramped up their embrace of Western encryption technology and secure messaging apps. Although Al-Qaeda had developed and began using its own encryption technology in 2007, it was in 2013, after the Snowden leaks, that Al-Qaeda and other jihadis began using readily available encryption tools, including security software based on military-grade technology. Products and tools by Apple, Google, Microsoft, Kik, Concise (Surespot), Wickr, Threema, Detekt, TOR, and other companies are increasingly popular among jihadis.
The Snowden affair had a major impact on the relationship between tech companies and the U.S. government. Jihadi groups have changed how they communicate and are now more confident in their ability to use the Internet to advance their goals. For example, on February 22, 2015, a tweet by a user calling himself “Jihadi John,” after the infamous British ISIS executioner, stated: “The NSA revelations are of extreme academic value, they're really useful and we do operate in accordance with their uncoverings.” Last December 13, ISIS banned the use of GPS-equipped mobile devices by all its fighters – particularly Apple devices. Snowden's own Twitter account, launched just last month, includes among its followers well-known Twitter users from ISIS and Al-Qaeda Syria affiliate Jabhat Al-Nusra (JN). Some engage him directly, asking him questions and re-tweet his tips.
Despite warnings over the past year by U.S. government officials about the jihadi encryption threat, these companies have steadfastly refused to provide a way to monitor this content, citing privacy concerns. Last week, President Obama announced that he was dropping his demand that tech companies give authorities a “back door,” having concluded, according to The New York Times, that “it is not possible” to do so “without also creating an opening that China, Russia, cyber criminals and terrorists could exploit.”
As the debate among policy-makers and the business community about encryption rages, a major development is being overlooked: Over the past month, many leading jihadi organizations and their online followers have moved to the Berlin-based encrypted messaging app Telegram – among them ISIS, Al-Qaeda in the Arabian Peninsula (AQAP), the Al-Qaeda-affiliated media company Global Islamic Media Front (GIMF), JN, and the designated terror group Ansar Al-Shariah in Libya.
Tech companies should, in coordination with government agencies, seek advice from outside experts and new ideas to deal with these types of developments. In the Middle East, where social media has radicalized tens of thousands of young people, authorities have begun to respond. Egypt, for example, sponsors an online observatory launched by Al-Azhar that focuses on countering the jihadi narrative. The long-running Saudi Al-Sakina campaign works to refute the ISIS narrative and rehabilitate former ISIS fighters. The United Arab Emirates has set up the Sawab and Hedayah Centers, which focus on counter-narratives. To date, these efforts have reaped few positive results.
Measures being taken by Middle East and Western countries are mainly reactive – two steps behind what jihadis are doing. Rather than focus on de-radicalization, however, a better solution is to use technology to prevent jihadi content from being disseminated online in the first place. The business community and Western governments ought to better coordinate their efforts if they want to get ahead of jihadis online.
