Connect with us

Intelligence

Telegram: the Mighty Application that ISIS Loves

Published

on

Authors: Ahmet S. Yayla & Anne Speckhard

[yt_dropcap type=”square” font=”” size=”14″ color=”#000″ background=”#fff” ] I [/yt_dropcap]SIS has been the most successful terrorist organization in history using social media and the Internet for distributing its propaganda, dissemination of its news and more importantly to communicate. There is no doubt that the frequency and quality of ISIS posts on the Internet, including their videos, memes and online journals are of a quality to make many professional editors and producers envious and they also receive much attention[1].

ISIS usually does not host its posts on dedicated servers but uses several free and open mediums including Google drive, Cloud.mail.ru, Yandesk, YouTube, Sendvid.com, Dailymotion.com, Drive.ms, Archive.org, Justpaste.it, Bitly.com and some other recent platforms. Of course, hosting is not enough; hosted posts need to be distributed to followers, the target audience and the public. At this point, several social media platforms including Facebook, Twitter, Telegram, WhatsApp, Google+, Instagram, Pinterest, Tumblr, Viber, and WeChat are utilized by ISIS to circulate their posts so that the target audience and public are made aware and can watch or read them by clicking on the web addresses posted to those mediums.

Among these social media platforms Twitter, YouTube, Facebook, Tumblr and Instagram were previously heavily utilized by ISIS, but since takedowns on these sites, ISIS currently favors Telegram where ISIS users maintain a presence in several different languages. ISIS has assigned administrators in several languages who are in charge of ISIS social media accounts including Telegram. When interviewing ISIS defectors[2], we also learned that female foreign fighters are specifically tasked for the administration of social media accounts, and they have special offices in Raqqa to carry out their tasks under the control of their emirs. A Belgian female defector recently recounted being recruited upon her arrival to ISIS to serve as an Internet seductress, a role she declined[3]. Indian police also told us that most of their ISIS recruitment occurs via the Internet and consists of female seducing males into the group[4]. Indeed, American Mohamad Khweis appears to have been seduced in this way, marrying his ISIS bride when he arrived to Istanbul and then traveling into ISIS territory with her[5].

At ICSVE, our researchers closely follow ISIS’s Telegram posts on a daily basis and download any relevant videos, journals, memes, pictures or anything else useful for our research. While the terrorist organization utilizes several different platforms to distribute their posts, the most reliable medium of late for their purposes has been the Telegram social media application. This is because other platforms usually quickly take down posts or shut down the accounts posting the links to these hosts. Hosting mediums also delete posts as soon as they realize they are ISIS content. As a result, Telegram has become the main social media platform for ISIS members and followers primarily because, so far, Telegram administrators do not usually shut down ISIS accounts, and when they do, the frequency is far less when compared to other social media accounts. For example, Twitter or Facebook take down ISIS accounts in a day or most two in many cases, and when the same account owners open new accounts, they block them even sooner. However, there are Telegram accounts opened or used by ISIS members that stay active for months or basically never get closed.

Telegram was launched in 2013 by two brothers, Nikolai and Pavel Durov, who also founded Russia’s largest social network Russian VK. The Telegram Messenger LLP is registered as an independent nonprofit company in Berlin, Germany. The founders claim that Telegram is “faster and safer” than other apps and more importantly the “messages sent through Telegram cannot be bugged by third parties.” [6] Indeed, Telegram is an encrypted social media application that is very difficult for law enforcement to penetrate or eavesdrop.

Apart from accounts not being closed as often as other ISIS social media accounts, there are two other advantages to ISIS for using Telegram. The first is that while in most cases the links to hosts are distributed in Telegram groups where there are several members or directly sent to individual accounts, they become useless as soon as the hosting companies realize they are ISIS posts and take them down, making them dead links. However, Telegram’s large file-hosting feature becomes very handy in this case because almost all files pushed through Telegram with links are also uploaded to the Telegram channels, and those files remain as long as the channels are open or the user who posts does not delete them. Therefore, even if a file is not available as a link, if it is uploaded to Telegram, it will exist there unless it is deleted or the channel is closed. Furthermore, Telegram allows uploading large files simultaneously consequently allowing the ISIS social media accounts to simultaneously upload videos with four or five different resolutions and sizes beginning from the largest to the smallest, such as a video in full HD from which would be 1.5 gigabytes to smaller resolution versions such as 800 megabytes, 500 megabytes, 200 megabytes and 50 megabytes. The smallest size versions would be for mobile devices.

The other advantage of Telegram is providing users a forum to be able to communicate in a secure way through a secure algorithm. While Telegram chat rooms are usually open to all members, one-to-one communications are secret and cannot be seen by others. There have been several attacks where it was later established that ISIS members communicated internationally about the attacks before they took place. For example, the Istanbul Reina club attacker got his orders from his Emir in Raqqa, Syria through Telegram and communicated over Telegram with his Emir both before and after the attack[7]. The same was true of the Paris attacks[8]. Telegram has thus become one of the main communication apparatus of ISIS, particularly with foreign fighters deployed outside of ISIS territories.

In addition to all these advantages, like all other applications, Telegram is convenient and mobile as it can be installed on cell phones, Windows PCs, and IOS computers, therefore, making it available on many different devices.

Joining Telegram is easy. The only requirement on the side of Telegram, to sign up, is having a cell phone number and verifying that number after the registration through a text message verification step. In some cases, some Internet proxy phones (phone accounts created over the Internet) work as well, omitting the requirement of a cell phone number as long as the Telegram system does not recognize the number provided as a proxy Internet number. Telegram, therefore, only requires a cell phone number to verify the user and once a user is verified, the user does not need to maintain the phone number, enabling users to use a number once to verify an account without the necessity to keep that number. In fact, the one of the cell phones ICSVE staff use to track ISIS telegram accounts was registered through a cell phone number and that number has been inactive since 2015, but the account has still been in use without any problems. This feature becomes a great tool for ISIS terrorists as they do not need to reveal their real identities or provide anything to be traced other than a phone number which they don’t need to maintain.

On the side of ISIS, in most cases, there is no vetting to join their public channels or groups, but private ones do vet potential members with a range of questions, sometimes having to do with the basics of Islam such as cleansing before prayer (wudu) etc. If ISIS members need to connect over the Telegram without physically being in touch, they either use other known members to reach and connect to the desired members or for their foreign fighters, they pre-arrange known passwords and indicators to vet the people they are communicating with to ensure the authenticity of the parties.

As a user interface, Telegram is no different than many other similar mediums such as WhatsApp and Twitter. When it comes to peer-to-peer communication, it is more like WhatsApp where users can message each other, share documents, links, videos and voice messages similar to the chat features of many social media platforms. There are even time stamps indicating when the messages were sent and if they were read or not. Telegram channels are a different from common social media groups as followers are not allowed to interact with the others in the channel openly unless authorized by the administrator. Members are only able to read and download posts shared in the channel unless they have permission for greater access. Posts flow on the timeline chronologically and with time stamps and an indicator “eye” acting as a counter showing how many times a post was downloaded by the channel members. Telegram groups, as opposed to channels, are just like other social media groups where members can interact with each other and their individual posts, therefore, making it possible to communicate with sometimes thousands of people at once. Based on our experience at ICSVE, several channels and individual accounts in the same languages are usually run by the same administrators, or there are a handful of administrators who appear to share the same posts simultaneously.

Reaching out on to ISIS members via Telegram channels is a significant challenge for beginners. First of all, as the Telegram application is installed, the application copies all the contact numbers on one’s cell phone and connects the users with any of his contacts who are already registered with Telegram. However, to connect with ISIS members, channels, or groups, the key is knowing what channels are ISIS channels and what their names or addresses are. ISIS usually does not require verification for its public channels, therefore if one knows the name or address of an ISIS channel, joining those channels is simple—locate the channel and click the join button. As soon as one joins a channel all that channel’s posts are available to the new user. For peer-to-peer communication, however, the users must know each other’s registered phone numbers or user names. If a user is not originally recorded in one’s downloaded phone connections, in order to connect with that user over Telegram, one of the users has to provide the other his registered cell phone number. This process is useful for ISIS foreign fighters operating abroad as they often switch phones and need to reconnect with their emirs or middlemen and can easily do so even with a new burner phone, using their original login credentials. ISIS members may also open accounts before traveling and exchange those accounts beforehand so when they need to use them they can easily install Telegram on whatever device they are currently using and log into Telegram with their credentials to communicate with their ISIS peers.

ISIS frequently posts on new and backup channels with different names for different purposes including: media and video sharing, book and journal sharing, news and daily updates, hisbah (morality police) office, accounts of personal well-known ISIS members, pamphlets and meme accounts, ISIS Amaq News Agency and several other channels or groups with different names. These lists are frequently shared on different social media platforms alerting users to subscribe to new or backup accounts in the case an account is closed or expected to be closed. While being banned and dropped in other social media mediums occurs to ISIS endorsers, supporters and distributors quite often, Telegram, as mentioned previously, does not frequently close ISIS accounts. However, the backup or spare ISIS channels usually function as a mirror of the original channel or simply are ready to be facilitated if an original channel is closed. ISIS cross shares the lists of their Telegram channels as they appear and reappear via different social media accounts. For example, they post their new or existing Telegram channel addresses on Twitter or Facebook, and then in their Telegram channels, they provide their Twitter, Facebook or Instagram account names and encourage their members to follow those accounts as well to be updated of any changes when channels are taken down. In that manner, they efficiently migrate their followers from Telegram channel to channel. ISIS social media administrators also often share bulk ISIS Telegram account lists both in regular social media and also in their Telegram channels, by which users are alerted to join channels or follow individuals simply clicking the links of those accounts. If someone starts to follow an ISIS Telegram account, it is thus very easy to update and enrich their ISIS network of account collections and lists by simply subscribing to the post lists or by following the users who post to the groups and simply by looking at the forwarded posts and reaching to the original post owners with a few clicks. Therefore, following or communicating with ISIS Telegram accounts is an easy task as long as one understands how they work and basically keeps following the posts to update their related contact lists. Even if one completely loses ISIS Telegram channels on Telegram, it is still easy to reach out to those channels again by simply following ISIS related Twitter and Facebook accounts.

ISIS users or administrators are not shy about their posts, and they are usually aware of the fact that many of their followers in the channels are not ISIS members, but are intelligence members or researchers. In fact, it happened several times with our ICSVE Twitter posts sharing some important incidents or updates from the ISIS Telegram channels we follow, that they would then openly post into the same channels saying “We know you are here and you are sharing our posts on your Twitter account. You are an infidel, and we don’t care if you are following us.” Strangely enough, ISIS administrators have never banned or blocked us from their channels thus far, perhaps enjoying the attention and being a threatening presence. Of course, there are strategies behind that as well. Simply put, the terrorist organization is using its Telegram channels to disseminate its propaganda and the narratives they would like to share, and they are aware of the fact that outsiders may be the ones who also become conduits for their shares to the outer world.

There are countless channels and groups on Telegram, not only related to ISIS but also to other Salafist-jihadi terrorist organizations as well. If one does not know the specifics of different terrorist organizations, one would very easily confuse other Salafist terrorist organization’s channels with ISIS channels as they promote very similar thinking. While ISIS dominates the Telegram terrorism cyber-space, other groups use the same medium as well and just like ISIS, maintain groups and channels in different languages, probably more than twenty.

One may witness a variety of things in ISIS channels. First of all, regular known ISIS channels or groups maintained by well-known recognized ISIS members such as Khilafah News, the Strangers, Mr. State, al-Firdaws English or Mr. Killer, share ISIS related breaking news, videos, memes, propaganda campaigns, brochures, new ISIS journals including Rumiyah and others, nasheeds, pictures or stories, or anything they would like to push. However, theme specific channels or groups only share related posts. For example, ISIS video channels would periodically post new or old ISIS videos in different resolutions or sizes, book channels would only post books or booklets mostly in pdf forms, news channels would only post news or news articles and so on. Therefore, based on the type of the channel or group, it is possible to reach and follow groups in different categories.

Another important feature of Telegram is being able to search the channels posts, group messages, individual messages or any kind of communications or posts in one’s account. This feature is available for both cell phone applications and the Web-based Telegram interface making it possible to reach any content by simply searching. This basically makes Telegram one of the largest free ISIS databases available to the public especially considering the fact that many other mediums including Google, YouTube, Twitter and Facebook are continuously taking down ISIS posts.

Telegram has enabled ISIS to create, without much effort, its grand propaganda machine to further its reach beyond it’s so-called “Caliphate” to the whole world with only the click of a button, pushing its new media content constantly and reaching to its targets momentarily, and most importantly communicating with its fighters abroad to direct them for new attacks or facilitate their operations in different countries[9]. The nature of the Telegram application with a secure algorithm providing protection from the outside world and making it almost impossible, or very difficult, for law enforcement to trace back to the original users, also has become a magnificent advantage for the terrorist organization in terms of the anonymity of its users and for carrying out terrorist operations via secure communications. These two qualities are the most valuable qualifications, or gifts, for a terrorist organization like ISIS. Thanks to Telegram, ISIS has now been using their application very heavily almost without any interruptions with great success when compared to other social media applications.

While other social media platforms have since 2014 taken strong stances to institute takedown policies when it comes to ISIS, the stand of the Telegram application when it comes to allowing ISIS to use its platform without interference is quite different and difficult to understand. Recently, Rob Wainwright, the director of Europol, European Union’s policing body, condemned Telegram owners for failing to join the fight against terrorism. Wainwright said that Telegram’s reluctance to work with anti-terrorist authorities was causing major problems[10] considering the fact that the application is in widespread use among the target population of ISIS.

Telegram has become the choice of the ISIS due to its specifications—providing secure encrypted communications and allowing users to share large files and act with their accounts operating with impunity. While Telegram administrators claim, they favor speech free of interference; it is time for the owners of Telegram to thoroughly consider the existence of ISIS presence and activities on their digital platform. Telegram has become the ultimate tool for the bloodiest terrorist organization in history, carrying and spreading its terrorist ideology around the world, recruiting and even directing cadres to carry out attacks globally. Recently, the families of the San Bernardino shooting sued Facebook, Google, and Twitter, claiming that these social media companies permitted ISIS to flourish on these social media platforms[11]. It may soon happen that Telegram will also have to deal with several legal actions as ISIS cadres continue to utilize their application for their terror operations and communications.

Reference for this Article: Yayla, Ahmet S. & Speckhard, Anne (May 5, 2017) Telegram: the Mighty Application that ISIS Loves, ICSVE Research Reports, http://www.icsve.org/brief-reports/telegram-the-mighty-application-that-isis-loves/

References

[1] Speckhard, Ph.D., Anne; Shajkovci, Ph.D., Ardian; and Yayla, Ph.D., Ahmet S.. “Defeating ISIS on the Battle Ground as well as in the Online Battle Space: Considerations of the “New Normal” and Available Online Weapons in the Struggle Ahead.” Journal of Strategic Security 9, no. 4 (2016): 1-10.

[2] Speckhard, A., & Yayla, A. S. (2016). ISIS Defectors: Inside Stories of the Terrorist Caliphate: Advances Press, LLC.

[3] Speckhard, Anne research interview Brussels, Belgium January 2017

[4] Speckhard, Anne research interview New Delhi, India March 8th, 2017

[5] Speckhard, Anne & Yayla, Ahmet S. (March 20, 2016) American ISIS Defector – Mohamad Jamal Khweis & the Threat Posed by “Clean-Skin” Terrorists: Unanswered Questions and Confirmations. ICSVE Brief Report http://www.icsve.org/american-isis-defector—mohamad-jamal-khweis-and-the-threat-of-clean-skin-terrorists-.html

[6] Editorial, “Russia’s Zuckerberg launches Telegram, a new instant messenger service,” Reuters, August 30, 2013, http://www.reuters.com/article/idUS74722569420130830

[7] Yayla, A.S., “The Reina Nightclub Attack and the Islamic State Threat to Turkey” CTC Sentinel, Combating Terrorism Center at West Point, Vol 10, Issue 3, pp. 9-16, March 2017.

[8] Evan Perez & Shimon Prokupecz, “First on CNN: Paris attackers likely used encrypted apps, officials say,” December 17, 2015, http://www.cnn.com/2015/12/17/politics/paris-attacks-terrorists-encryption/

[9] Speckhard, A., & Yayla, A. S. (2017). The ISIS Emni: The Origins and Inner Workings of ISIS’s Intelligence Apparatus. Perspectives on Terrorism, 11(1). Retrieved from http://www.terrorismanalysts.com/pt/index.php/pot/article/view/573

[10] Dominic Kennedy, “Message app used by Isis refuses to fight jihadists,” May 4, 2017, https://www.thetimes.co.uk/article/message-app-used-by-isis-refuses-to-fight-jihadists-jrddv7c93?utm_content=buffer2b755&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

[11] Dan Whitcomb, “Families of San Bernardino shooting sue Facebook, Google, Twitter,” May 4, 2017, http://www.reuters.com/article/us-sanbernardino-attack-lawsuit-idUSKBN1802SL

Ahmet S. Yayla is an assistant professor at the DeSales University Homeland Security Department and faculty member at Georgetown University School of Continuing Studies. He is also a research fellow at the Program on Extremism at the George Washington University. Dr. Yayla previously served as a full professor and the chair of the Department of Sociology at Harran University in Turkey. Dr. Yayla is a 20-year veteran of the counterterrorism and operations department in the Turkish National Police and served as the chief of counterterrorism in Sanliurfa, Turkey between 2010 and 2013.

Continue Reading
Comments

Intelligence

An Underdeveloped Discipline: Open-Source Intelligence and How It Can Better Assist the U.S. Intelligence Community

Published

on

Open-Source Intelligence (OSINT) is defined by noted intelligence specialists Mark Lowenthal and Robert M. Clark as being, “information that is publicly available to anyone through legal means, including request, observation, or purchase, that is subsequently acquired, vetted, and analyzed in order to fulfill an intelligence requirement”. The U.S. Naval War College further defines OSINT as coming from, “print or electronic form including radio, television, newspapers, journals, the internet, and videos, graphics, and drawings”. Basically, OSINT is the collection of information from a variety of public sources, including social media profiles and accounts, television broadcasts, and internet searches.

Historically, OSINT has been utilized by the U.S. since the 1940s, when the United States created the Foreign Broadcast Information Service (FBIS) which had the sole goal (until the 1990s) of, “primarily monitoring and translating foreign-press sources,” and contributing significantly during the dissolution of the Soviet Union. It was also during this time that the FBIS transformed itself from a purely interpretation agency into one that could adequately utilize the advances made by, “personal computing, large-capacity digital storage, capable search engines, and broadband communication networks”. In 2005, the FBIS was placed under the Office of the Director of National Intelligence (ODNI) and renamed the Open Source Center, with control being given to the CIA.

OSINT compliments the other intelligence disciplines very well. Due to OSINT’s ability to be more in touch with public data (as opposed to information that is more gleaned from interrogations, interviews with defectors or captured enemies or from clandestine wiretaps and electronic intrusions), it allows policymakers and intelligence analysts the ability to see the wider picture of the information gleaned. In Lowenthal’s own book, he mentions how policymakers (including the Assistant Secretary of Defense and one of the former Directors of National Intelligence (DNI)) enjoyed looking at OSINT first and using it as a “starting point… [to fill] the outer edges of the jigsaw puzzle”.

Given the 21stcentury and the public’s increased reliance upon technology, there are also times when information can only be gleaned from open source intelligence methods. Because “Terrorist movements rely essentially on the use of open sources… to recruit and provide virtual training and conduct their operations using encryption techniques… OSINT can be valuable [in] providing fast coordination among officials at all levels without clearances”. Intelligence agencies could be able to outright avoid or, at a minimum, be able to prepare a defense or place forces and units on high alert for an imminent attack.

In a King’s College-London research paper discussing OSINT’s potential for the 21stcentury, the author notes, “OSINT sharing among intelligence services, non-government organizations and international organizations could shape timely and comprehensive responses [to international crises or regime changes in rogue states like Darfur or Burma],” as well as providing further information on a country’s new government or personnel in power. This has been exemplified best during the rise of Kim Jong-Un in North Korea and during the 2011 Arab Spring and 2010 earthquake that rocked Haiti. However, this does not mean that OSINT is a superior discipline than other forms such as SIGINT and HUMINT, as they are subject to limitations as well. According to the Federation of American Scientists, “Open source intelligence does have limitations. Often articles in military or scientific journals represent a theoretical or desired capability rather than an actual capability. Censorship may also limit the publication of key data needed to arrive at a full understanding of an adversary’s actions, or the press may be used as part of a conscious deception effort”.

There is also a limit to the effectiveness of OSINT within the U.S. Intelligence Community (IC), not because it is technically limited, but limited by the desire of the IC to see OSINT as a full-fledged discipline. Robert Ashley and Neil Wiley, the former Director of the Defense Intelligence Agency (DIA) and a former Principal Executive within the ODNI respectively, covered this in a July article for DefenseOne, stating “…the production of OSINT is not regarded as a unique intelligence discipline but as research incident to all-source analysis or as a media production service… OSINT, on the other hand, remains a distributed activity that functions more like a collection of cottage industries. While OSINT has pockets of excellence, intelligence community OSINT production is largely initiative based, minimally integrated, and has little in the way of common guidance, standards, and tradecraft… The intelligence community must make OSINT a true intelligence discipline on par with the traditional functional disciplines, replete with leadership and authority that enables the OSINT enterprise to govern itself and establish a brand that instills faith and trust in open source information”. This apprehensiveness by the IC to OSINT capabilities has been well documented by other journalists.

Some contributors, including one writing for The Hill, has commented that “the use of artificial intelligence and rapid data analytics can mitigate these risks by tipping expert analysts on changes in key information, enabling the rapid identification of apparent “outliers” and pattern anomalies. Such human-machine teaming exploits the strengths of both and offers a path to understanding and even protocols for how trusted open-source intelligence can be created by employing traditional tradecraft of verifying and validating sourcing prior to making the intelligence insights available for broad consumption”. Many knowledgeable and experienced persons within the Intelligence Community, either coming from the uniformed intelligence services or civilian foreign intelligence agencies, recognize the need for better OSINT capabilities as a whole and have also suggested ways in which potential security risks or flaws can be avoided in making this discipline an even more effective piece of the intelligence gathering framework.

OSINT is incredibly beneficial for gathering information that cannot always be gathered through more commonly thought of espionage methods (e.g., HUMINT, SIGINT). The discipline allows for information on previously unknown players or new and developing events to become known and allows policymakers to be briefed more competently on a topic as well as providing analysts and operators a preliminary understanding of the region, the culture, the politics, and current nature of a developing or changing state. However, the greatest hurdle in making use of OSINT is in changing the culture and the way in which the discipline is currently seen by the U.S. Intelligence Community. This remains the biggest struggle in effectively coordinating and utilizing the intelligence discipline within various national security organizations.

Continue Reading

Intelligence

Online Radicalization in India

Published

on

Radicalization, is a gradual process of developing extremist beliefs, emotions, and behaviours at individual, group or mass public levels. Besides varied groups, it enjoys patronization, covertly and even overtly from some states. To elicit change in behavior, beliefs, ideology, and willingness, from the target-group, even employment of violent means is justified. Despite recording a declination in terror casualties, the 2019 edition of the Global Terrorism Index claims an increase in the number of terrorism-affected countries. With internet assuming a pivotal role in simplifying and revolutionizing the communication network and process, the change in peoples’ lives is evident. Notably, out of EU’s 84 %, daily internet using population, 81%, access it from home (Eurostat, 2012, RAND Paper pg xi). It signifies important changes in society and extremists elements, being its integral part, internet’ role, as a tool of radicalization, cannot be gainsaid. Following disruption of physical and geographical barriers, the radicalized groups are using the advancement in digital technology:  to propagate their ideologies; solicit funding; collecting informations; planning/coordinating terror attacks; establishing inter/intra-group communication-networks; recruitment, training and media propaganda to attain global attention.  

               Indian Context

In recent times, India has witnessed an exponential growth in radicalization-linked Incidents, which apparently belies the official figures of approximate 80-100 cases. The radicalization threat to India is not only from homegrown groups but from cross-border groups of Pakistan and Afghanistan as well as global groups like IS. Significantly, Indian radicalized groups are exploiting domestic grievances and their success to an extent, can mainly be attributed to support from Pakistani state, Jihadist groups from Pakistan and Bangladesh. The Gulf-employment boom for Indian Muslims has also facilitated radicalization, including online, of Indian Muslims. A close look at the modus operandi of these attacks reveals the involvement of local or ‘homegrown’ terrorists. AQIS formed (2016) ‘Ansar Ghazwat-ul-Hind’ in Kashmir with a media wing ‘al-Hurr’.

IS announced its foray into Kashmir in 2016 as part of its Khorasan branch. In December 2017 IS in its Telegram channel used hashtag ‘Wilayat Kashmir’ wherein Kashmiri militants stated their allegiance with IS. IS’ online English Magazine ‘Dabiq’ (Jan. 2016) claimed training of fighters in Bangladesh and Pakistan for attacks from western and Eastern borders into India.Though there are isolated cases of ISIS influence in India, the trend is on the rise. Presently, ISIS and its offshoots through online process are engaged in spreading bases in 12 Indian states. Apart from southern states like Telangana, Kerala, Andhra Pradesh, Karnataka, and Tamil Nadu — where the Iran and Syria-based terrorist outfit penetrated years ago — investigating agencies have found their links in states like Maharashtra, West Bengal, Rajasthan, Bihar, Uttar Pradesh, Madhya Pradesh, and Jammu and Kashmir as well. The Sunni jihadists’ group is now “most active” in these states across the country.

               Undermining Indian Threat

Significantly, undermining the radicalization issue, a section of intelligentsia citing lesser number of Indian Muslims joining al-Qaeda and Taliban in Afghanistan and Islamic State (IS) in Iraq, Syria and Middle East, argue that Indian Muslim community does not support radicalism-linked violence unlike regional/Muslim countries, including Pakistan, Afghanistan, Bangladesh and Maldives. They underscore the negligible number of Indian Muslims, outside J&K, who supports separatist movements. Additionally, al- Qaeda and IS who follows the ‘Salafi-Wahabi’ ideological movement, vehemently oppose ‘Hanafi school’ of Sunni Islam, followed by Indian Muslims. Moreover, Indian Muslims follows a moderate version even being followers of the Sunni Ahle-Hadeeth (the broader ideology from which Salafi-Wahhabi movement emanates). This doctrinal difference led to the failure of Wahhabi groups online propaganda.  

               Radicalisation Strategies/methods: Indian vs global players

India is already confronting the online jihadist radicalization of global jihadist organisations, including al-Qaeda in the Indian Subcontinent (AQIS), formed in September 2014 and Islamic State (IS). However, several indigenous and regional groups such as Indian Mujahideen (IM), JeM, LeT, the Taliban and other online vernacular publications, including Pakistan’s Urdu newspaper ‘Al-Qalam’, also play their role in online radicalisation.

Indian jihadist groups use a variety of social media apps, best suited for their goals. Separatists and extremists in Kashmir, for coordination and communication, simply create WhatsApp groups and communicate the date, time and place for carrying out mass protests or stone pelting. Pakistan-based terror groups instead of online learning of Islam consider it mandatory that a Muslim radical follows a revered religious cleric. They select people manually to verify their background instead of online correspondence. Only after their induction, they communicate online with him. However, the IS, in the backdrop of recent defeats, unlike Kashmiri separatist groups and Pak-based jihadist mercenaries, runs its global movement entirely online through magazines and pamphlets. The al-Qaeda’s you tube channels ‘Ansar AQIS’ and ‘Al Firdaws’, once having over 25,000 subscriptions, are now banned. Its online magazines are Nawai Afghan and Statements are in Urdu, English, Arabic, Bangla and Tamil. Its blocked Twitter accounts, ‘Ansarul Islam’ and ‘Abna_ul_Islam_media’, had a following of over 1,300 while its Telegram accounts are believed to have over 500 members.

               Adoption of online platforms and technology

Initially, Kashmir based ‘Jaish-E-Mohammad’ (JeM) distributed audio cassettes of Masood Azhar’s speeches across India but it joined Internet platform during the year 2003–04 and started circulating downloadable materials through anonymous links and emails. Subsequently, it started its weekly e-newspaper, Al-Qalam, followed by a chat group on Yahoo. Importantly, following enhanced international pressure on Pak government after 26/11, to act against terrorist groups, JeM gradually shifted from mainstream online platform to social media sites, blogs and forums.   

 Indian Mujahideen’s splinter group ‘Ansar-ul-Tawhid’ the first officially affiliated terror group to the ISIS tried to maintain its presence on ‘Skype’, ‘WeChat’ and ‘JustPaste’. IS and its affiliates emerged as the most tech-savvy jihadist group. They took several measures to generate new accounts after repeated suspension of their accounts by governments.  An account called as ‘Baqiya Shoutout’ was one such measure. It stressed upon efforts to re-establish their network of followers through ‘reverse shout-out’ instead of opening a new account easily.

Pakistan-backed terrorist groups in India are increasingly becoming  technology savvy. For instance, LeT before carrying out terrorist attacks in 2008 in Mumbai, used Google Earth to understand the targeted locations.

IS members have been following strict security measures like keeping off their Global Positioning System (GPS) locations and use virtual private network (VPN),  to maintain anonymity. Earlier they were downloading Hola VPN or a similar programme from a mobile device or Web browser to select an Internet Protocol (IP) address for a country outside the US, and bypass email or phone verification.

Rise of radicalization in southern India

Southern states of India have witnessed a rise in  radicalization activities during the past 1-2 years. A substantial number of Diaspora in the Gulf countries belongs to Kerala and Tamil Nadu. Several Indian Muslims in Gulf countries have fallen prey to radicalization due to the ultra-conservative forms of Islam or their remittances have been misused to spread radical thoughts. One Shafi Armar@ Yusuf-al-Hindi from Karnataka emerged as the main online IS recruiter for India.  It is evident in the number of raids and arrests made in the region particularly after the Easter bomb attacks (April, 21, 2019) in Sri Lanka. The perpetrators were suspected to have been indoctrinated, radicalised and trained in the Tamil Nadu. Further probe revealed that the mastermind of the attacks, Zahran Hashim had travelled to India and maintained virtual links with radicalised youth in South India. Importantly, IS, while claiming responsibility for the attacks, issued statements not only in English and Arabic but also in South Indian languages viz. Malayalam and Tamil. It proved the existence of individuals fluent in South Indian languages in IS linked groups in the region. Similarly, AQIS’ affiliate in South India ‘Base Movement’ issued several threatening letters to media publications for insulting Islam.

IS is trying to recruit people from rural India by circulating the online material in vernacular languages. It is distributing material in numerous languages, including Malayalam and Tamil, which Al Qaeda were previously ignoring in favour of Urdu. IS-linked Keralite followers in their propaganda, cited radical pro-Hindutva, organisations such as the Rashtriya Swayam Sevak (RSS) and other right-wing Hindu organisations to motivate youth for joining the IS.  Similarly, Anti-Muslim incidents such as the demolition of the Babri Masjid in 1992 are still being used to fuel their propaganda. IS sympathisers also support the need to oppose Hindu Deities to gather support.

               Radicalization: Similarities/Distinctions in North and South

Despite few similarities, the radicalisation process in J&K is somewhat different from the states of Kerala, Karnataka, Tamil Nadu, Andhra Pradesh, Maharashtra, Telangana and Gujarat. Both the regions have witnessed a planned radicalization process through Internet/social media for propagating extremist ideologies and subverting the vulnerable youth. Both the areas faced the hard-line Salafi/Wahhabi ideology, propagated by the extremist Islamic clerics and madrasas indulged in manipulating the religion of Islam. Hence, in this context it can be aptly claimed that terror activities in India have cooperation of elements from both the regions, despite their distinct means and objectives. Elements from both regions to an extent sympathise to the cause of bringing India under the Sharia Law. Hence, the possibility of cooperation in such elements cannot be ruled out particularly in facilitation of logistics, ammunitions and other requisite equipment.

It is pertinent to note that while radicalisation in Jammu and Kashmir is directly linked to the proxy-war, sponsored by the Pakistan state, the growth of radicalisation in West and South India owes its roots to the spread of IS ideology, promotion of Sharia rule and establishment of Caliphate. Precisely for this reason, while radicalised local Kashmiris unite to join Pakistan-backed terror groups to fight for ‘Azadi’ or other fabricated local issues, the locals in south rather remain isolated cases.

               Impact of Radicalisation

The impact of global jihad on radicalization is quite visible in West and South India. Majority of the radicalised people, arrested in West and South India, were in fact proceeding to to join IS in Syria and Iraq. It included the group of 22 people from a Kerala’s family, who travelled (June 2016) to Afghanistan via Iran. There obvious motivation was to migrate from Dar-ul-Harb (house of war) to Dar-ul-Islam (house of peace/Islam/Deen).

While comparing the ground impact of radicalization in terms of number of cases of local militants in J&K as well as IS sympathisers in West and South India, it becomes clear that radicalisation was spread more in J&K, owing to Pak-sponsored logistical and financial support. Significantly, despite hosting the third largest Muslim population, the number of Indian sympathisers to terror outfits, particularly in West and South India is very small as compared to the western countries. Main reasons attributed to this, include – religious and cultural pluralism; traditionally practice of moderate Islamic belief-systems; progressive educational and economic standards; and equal socio-economic and political safeguards for the Indian Muslims in the Indian Constitution.

               Challenges Ahead

Apart from varied challenges, including Pak-sponsored anti-India activities, regional, local and political challenges, media wings of global jihadi outfits continue to pose further challenges to Indian security agencies. While IS through its media wing, ‘Al Isabah’ has been circulating (through social media sites) Abu Bakr al Baghdadi’s speeches and videos after translating them into Urdu, Hindi, and Tamil for Indian youth (Rajkumar 2015), AQIS too have been using its media wing for the very purpose through its offshoots in India.  Some of the challenges, inter alia include –

Islam/Cleric Factor Clerics continue to play a crucial role in influencing the minds of Muslim youth by exploiting the religion of Islam. A majority of 127 arrested IS sympathizers from across India recently revealed that they were following speeches of controversial Indian preacher Zakir Naik of Islamic Research Foundation (IRF). Zakir has taken refuge in Malaysia because of warrants against him by the National Investigation Agency (NIA) for alleged money laundering and inciting extremism through hate speeches. A Perpetrator of Dhaka bomb blasts in July 2016 that killed several people confessed that he was influenced by Naik’s messages. Earlier, IRF had organised ‘peace conferences’ in Mumbai between 2007 and 2011 in which Zakir attempted to convert people and incite terrorist acts. Thus, clerics and preachers who sbverts the Muslim minds towards extremism, remain a challenge for India.

Propaganda Machinery – The online uploading of young militant photographs, flaunting Kalashnikov rifles became the popular means of declaration of youth intent against government forces. Their narrative of “us versus them” narrative is clearly communicated, creating groundswell of support for terrorism.In its second edition (March 2020) of its propaganda magazine ‘Sawt al-Hind’ (Voice of Hind/India) IS, citing an old propaganda message from a deceased (2018) Kashmiri IS terrorist, Abu Hamza al-Kashmiri @ Abdul Rehman, called upon Taliban apostates and fighters to defect to IS.  In the first edition (Feb. 2020) the magazine, eulogized Huzaifa al-Bakistani (killed in 2019), asking Indian Muslims to rally to IS in the name of Islam in the aftermath of the 2020 Delhi riots. Meanwhile, a Muslim couple arrested by Delhi Police for inciting anti-CAA (Citizenship Amendment) Bill protests, were found very active on social media. They would call Indian Muslims to unite against the Indian government against the CAA legislation. During 2017 Kashmir unrest, National Investigation Agency (NIA) identified 79 WhatsApp groups (with administrators based in Pakistan), having 6,386 phone numbers, to crowd source boys for stone pelting. Of these, around 1,000 numbers were found active in Pakistan and Gulf nations and the remaining 5,386 numbers were found active in Kashmir Valley.

Deep fakes/Fake news – Another challenge for India is spread of misinformation and disinformation through deep fakes by Pakistan. Usage of deepfakes, in manipulating the speeches of local political leaders to spread hate among the youth and society was done to large extent.

India’s Counter Measures

To prevent youth straying towards extremism, India’s Ministry of Home Affairs has established a Counter-Terrorism and Counter-Radicalisation Division (CT-CR) to help states, security agencies and communities.

Various states, including Kerala, Maharashtra and Telangana have set up their own de-radicalisation programmes.  While in Maharashtra family and community plays an important role, in Kerala clerics cleanse the poisoned  minds of youth with a new narrative. A holistic programme for community outreach including healthcare, clergies and financial stability is being employed by the Indian armed forces. An operation in Kerala named Kerala state police’ ‘Operation Pigeon’ succeeded in thwarting radicalization of 350 youths to the propaganda of organizations such as Islamic State, Indian Mujahideen (IM) and Lashkar-e-Taiba (LeT) via social media monitoring. In Telangana, outreach programs have been developed by local officers like Rema Rajeshwari to fight the menace of fake news in around 400 villages of the state.

In Kashmir the government resorts to internet curfews to control the e-jihad. While state-owned BNSL network, used by the administration and security forces, remains operational 3G and 4G networks and social media apps remain suspended during internet curfews.

Prognosis

India certainly needs a strong national counter- Radicalisation policy which would factor in a range of factors than jobs, poverty or education because radicalization in fact has affected even well educated, rich and prosperous families. Instead of focusing on IS returnees from abroad, the policy must take care of those who never travelled abroad but still remain a potential threat due to their vulnerability to radicalization.

Of course, India would be better served if deep fakes/fake news and online propaganda is effectively countered digitally as well as through social awakening measures and on ground action by the government agencies. It is imperative that the major stakeholders i.e. government, educational institutions, civil society organisations, media and intellectuals play a pro-active role in pushing their narrative amongst youth and society. The focus should apparently be on prevention rather than controlling the radicalisation narrative of the vested interests.

Continue Reading

Intelligence

Is Deterrence in Cyberspace Possible?

Published

on

Soon after the Internet was founded, half of the world’s population (16 million) in 1996 had been connected to Internet data traffic. Gradually, the Internet began to grow and with more users, it contributed to the 4 trillion global economies in 2016 (Nye, 2016). Today, high-speed Internet, cutting-edge technologies and gadgets, and increasing cross-border Internet data traffic are considered an element of globalization. Deterrence seems traditional and obsolete strategy, but the developed countries rely on cyberspace domains to remain in the global digitization. No matter how advanced they are, there still exist vulnerabilities. There are modern problems in the modern world. Such reliance on the Internet also threatens to blow up the dynamics of international insecurity. To understand and explore the topic it is a must for one to understand what cyberspace and deterrence are? According to Oxford dictionary;

 “Cyberspace is the internet considered as an imaginary space without a physical location in which communication over computer networks takes place (OXFORD University Press)”

For readers to understand the term ‘deterrence’; Collins dictionary has best explained it as;

“Deterrence is the prevention of something, especially war or crime, by having something such as weapons or punishment to use as a threat e.g. Nuclear Weapons (Deterrence Definition and Meaning | Collins English Dictionary).

The purpose of referring to the definition is to make it easy to discern and distinguish between deterrence in International Relations (IR) and International Cyber Security (ICS). Deterrence in cyberspace is different and difficult than that of during the Cold War. The topic of deterrence was important during Cold Wat for both politicians and academia. The context in both dimensions (IR and ICS) is similar and aims to prevent from happening something. Cyberspace deterrence refers to preventing crime and I completely agree with the fact that deterrence is possible in Cyberspace. Fischer (2019) quotes the study of (Quinlan, 2004) that there is no state that can be undeterrable.

To begin with, cyber threats are looming in different sectors inclusive of espionage, disruption of the democratic process and sabotaging the political arena, and war. Whereas international law is still unclear about these sectors as to which category they fall in. I would validate my affirmation (that deterrence is possible in Cyberspace) with the given network attacks listed by Pentagon (Fung, 2013). Millions of cyber-attacks are reported on a daily basis. The Pentagon reported 10 million cyberspace intrusions, most of which are disruptive, costly, and annoying. The level of severity rises to such a critical level that it is considered a threat to national security, so professional strategic assistance is needed to deal with it[1]. The past events show a perpetual threat that has the ability to interrupt societies, economies, and government functioning.

The cyberspace attacks were administered and portrayal of deterrence had been publicized as follows (Fung, 2013);

  1. The internet service was in a continuous disruption for several weeks after a dispute with Russia in 2007.
  2. Georgian defense communications were interrupted in 2008 after the Russian invasion of Georgia.   
  3. More than 1000 centrifuges in Iran were destroyed via the STUXNET virus in 2010. The attacks were attributed to Israel and the United States of America.
  4. In response to STUXNET virus attacks, Iran also launched a retaliatory attack on U.S financial institutions in 2012 and 2013.
  5. Similarly in 2012, some 30,000 computers had been destroyed with a virus called SHAMOON in Saudi Aramco Corporation. Iran was held responsible for these attacks.
  6. North Korea was accused of penetrating South Korean data and machines in 2014, thus interrupting their networks in 2014.
  7. A hybrid war was reported between Russia and Ukraine in 2015 that left Ukraine without electricity for almost six hours.
  8. Most critical scandal, which is still in the limelight call WikiLeaks released distressing and humiliating emails by Russian Intelligence at the time of the U.S presidential campaigns in 2016.

While such incidents may be considered a failure of deterrence, this does not mean that deterrence is impossible. Every system has some flaws that are exposed at some point. At this point, in some cases a relatively low level of deterrence was used to threaten national security, however, the attacks were quite minor in fulfilling the theme affecting national security. Nye (2016:51) in his study talks about the audience whose attribution could facilitate deterrence. (I). intelligence agencies should make sure highest safeguarding against escalation by third parties, and governments can also be certain and count on intelligence agencies’ sources. (II). the deterring party should not be taken easy, as I stated (above) about the lingering loopholes and flaws in the systems, hence, governments shall not perceive the intelligence forsaken.  (III). lastly, it is a political matter whether international and domestic audiences need to be persuaded or not, and what chunk of information should be disclosed.

The mechanisms which are used and helpful against cyberspace adversary actions are as follows (Fischer, 2019);

  1. Deterrence by denial means, the actions by the adversary are denied that they failed to succeed in their goals and objectives. It is more like retaliating a cyberattack.
  2. Threat of punishment offers severe outcomes in form of penalties and inflicting high costs on the attacker that would outweigh the anticipated benefits if the attack takes place.
  3. Deterrence by Entanglement has the features and works on a principle of shared, interconnected, and dependent vulnerabilities. The purpose of entanglement is to embolden and reassure the behavior as a responsible state with mutual interests.
  4. Normative taboos function with strong values and norms, wherein the reputation of an aggressor is at stake besides having a soft image in the eyes of the international community (this phenomenon includes rational factors because hard power is used against the weaker state). The deterrence of the international system works even without having any credible resilience.

Apparently, the mechanisms of deterrence are also effective in cyber realms. These realms are self-explaining the comprehensive understanding and the possibility of deterrence in cyberspace. The four mechanisms (denial, punishment, entanglement, and normative taboos) are also feasible to apply deterrence in the cyber world. Factually, of many security strategies, cyber deterrence by using four domains could be a versatile possibility. Conclusively, as far as the world is advancing in technological innovations, cyberspace intrusions would not stop alike the topic of deterrence in the digital world.


[1] An updated list of cyberspace intrusions from 2003 till 2021 is available at (Center for Strategic and International Studies, 2021).

Continue Reading

Publications

Latest

Central Asia2 hours ago

Unrest in Kazakhstan Only Solidifies China-Russia Ties

The Russian-led military operation in Kazakhstan has presented an important test for Moscow’s ties with Beijing.  In early January, Kazakhstan...

Crypto Insights4 hours ago

The Subtle Dominance of Stablecoins: A Ruse of Stability

Digital tokens are nothing new in 2022 as the crypto market continues to fold into the traditional financial sphere. The...

Environment6 hours ago

2021 joins top 7 warmest years on record

Last year joined the list of the seven warmest years on record, the UN weather agency said on Wednesday, and...

Development8 hours ago

India: West Bengal Gets $125 Million to Help Citizens Access Social Protection Services

The World Bank’s Executive Board of Directors today approved a $125 million loan to the Government of West Bengal to...

East Asia10 hours ago

Rebuilding the World Order

Many in the West believe China’s economic ascendancy indicates that Beijing is covertly working to usher in a new world...

Development14 hours ago

World Bank Financing Will Strengthen Learning, Access to Education in Cambodia

The World Bank today approved financing that, along with a grant from the Global Partnership for Education, will provide US$69.25...

Tech News16 hours ago

Tech Start-ups Key to Africa’s Digital Transformation but Urgently Need Investment

The World Economic Forum’s latest report, “Attracting Investment and Accelerating Adoption for the Fourth Industrial Revolution in Africa” analyses the...

Trending