Connect with us

Intelligence

Cyberspace and intelligence: Threats to intelligence, business and personal data will increase in 2022

Published

on

In 2021 cyberthreat actors around the world increased the pressure on security issues, and it is no exaggeration to say that 2022 could be the most challenging year ever. With a view to helping security teams better face challenges, security vendor ZeroFox has recently released the 2022 Threat Intelligence Forecast report, which provides predictive analysis of the increasing threats in cyberspace.

Ransomware – a type of malware that restricts access to the device it infects, requiring a ransom to be paid to remove the restriction – will continue to accelerate in 2022. Organisations in the financial, manufacturing, retail and healthcare sectors will continue to face increased risks. Ransomware developers can focus on persistent and sustainable campaigns, including targeting threats to known individuals.

The year 2022 will see a wave of “data kidnapping” attacks (extortion due to the lack of encryption of the victim’s data). “Data kidnapping” means that in the big data era, while people proactively or passively enjoy the benefits and advantages brought by big data, they have to endure the digitisation of every aspect of their lives and the impact on their social lives will entail severe negative effects.

Attacks on the third-party intelligence chains will keep on increasing in frequency, scale and sophistication. In 2022 threat actors are likely to target small third-party vendors and critical events in large supply chains.

Competition among developers of infostealer software – i.e. malware that seeks to steal information – is expected to intensify in 2022, which is likely to spur innovation among developers to create “better”, more complex products and easier-to-use services.

Demand for Initial Access Broker (IAB) services – individuals or groups who band together to gain access to a corporate network or system through means that may include credential theft; aggressive attacks and exploitation of 0-day vulnerabilities (any vulnerability in a piece of software not known to its developers or known to them but not managed); or known but unpatched vulnerabilities – will continue to grow in 2022. Given the low risk of being discovered and the high demand for initial access, an increasing number of IABs or individual actors  are trying to sell access to sensitive data to third parties.

Cybercriminals are expected to continue to use automation to foster growth in their sales and licensing of sophisticated phishing-as-a-service suites – an inclusive form of cybercrime that potentially opens the door to everyone – and more cybercriminals will switch from Bitcoin to Monero as their cryptocurrency of choice in the coming year.

It is very likely that ransomware will continue to accelerate in 2022. Without significant changes to security measures to prevent intrusions and possible legal provisions, including international ones, to prevent threat actors from operating in judicial “immunity zones”, it is easy for the ransomware industry to keep on thriving, heading towards organisations of all sizes and across all sectors. Among these, the ransomware threat will severely challenge the financial, manufacturing, retail and healthcare sectors.

Although threat actors will probably continue to focus on SME targets in early 2022, we expect the “big hunt” to reappear in the months ahead. This may take the form of campaigns targeting Managed Security Service Providers and other third-party services as they provide privileged access to multiple customer systems, thus enabling threat actors to infect numerous downstream organisations with a single intrusion.

On the other hand, law enforcement agencies’ crackdowns are unlikely to have a lasting impact on ransomware campaigns. Since the groups targeted by such crackdowns can suspend operations or rename themselves and reopen, and the cycle goes on forever, as there will be new targets (“protected” software) to hit. The threat actors behind the most popular ransomware families of 2021 – DarkSide, Conti, REvil, LockBit and BlackMatter – could come back in 2022 with new identities and improved robbery software.

Considering the trends that emerged in the second half of 2021, threat actors will pay increasing attention to search, encryption and data exfiltration activities. This will entail running search strings to identify and disclose sensitive business data, including industrial espionage; and the “affected” organisations cannot mitigate the impact of such threats with simple security measures, such as creating offline backups or relying on in-house “experts” employed with a fixed salary.

Intelligence about the target may include legal or insurance documents, commercial and financial information, intellectual property or market-sensitive data (such as details of acquisitions or mergers), not to mention the intelligence of some recently pilloried States.

Threat actors can use this intelligence to demand higher ransom payments and put more pressure on victims to give in. Ransomware developers can also focus more on persistent attack campaigns, in which threat actors are able to attack victims again even after the security team believes the initial threat has been removed. Just an illusion or a figment of imagination.

Aggressive law enforcement action against ransomware groups in 2021 pushed some of them to relinquish attacks in favour of data kidnapping schemes that these groups consider less risky. In a data kidnapping operation, attackers/groups obtain data, via phishing, downloading a misconfigured server or other means, and then threatening the victim companies with disclosure of data if they do not pay. This is different from a ransomware attack because victims’ files are not encrypted and victims have full control over their servers and operations, but they may want to avoid reputational damage or fines associated with data breaches.

As threat actors seek more effective means for forcing victims to pay ransom, their extortion tactics may also evolve. Besides disclosing and exploiting sensitive corporate data, threat actors may turn to individuals known to organised crime to push victims to pay. Threats to senior executives and their families, or the executives’ involvement in illegal activities, are possible options. What advice can be given to at least mitigate threats?

1. From an in-depth defence strategy to a zero-trust security strategy. The zero-trust model is based on the principle of “never trust, always check” and relies on other network security methodologies, such as network segmentation and strict access controls. It is an approach to security that assumes the absence of a trusted network perimeter, whereby every network transaction must be authenticated before it can materialise.

2. Segregation of important assets and administrative accounts, also going back to the method of keeping hard copy documents in a safe: a “primitive” method, but immune to malicious attackers who have neither combination nor explosives.

3. Implement multi-factor authentication for remote access and administrative accounts.

4. Monitor threat actors’ communication channels for compromised credentials.

5. Use threat intelligence to focus management on vulnerabilities that the attacker will exploit, provided that intelligence is not – in turn – monitored by the attacker.

6. Disable administration tools for users who do not need them to prevent threat actors from abusing and taking advantage of classic naivety.

7. Disable unnecessary or obsolete Windows and Linux components.

8. Remove remote access solutions that are no longer needed.

9. Prepare for breaches by constantly building and maintaining relations with law enforcement agencies.

It is likely that the use of TCP – the transmission control protocol, which is part of the Internet protocol suite dealing with transmission control, i.e. making online data communication between sender and receiver reliable – as a vehicle for ransomware distribution is increasing, because it lowers barriers to entry for threat actors, and puts malware in multiple operators’ hands. Ransomware attacks, however, can generate much media coverage, which could be a mitigating factor, as threat actors do not want to attract authorities’ attention.

The continued expansion of the software supply chain could also lead to an increase in TCP attacks. Small third-party vendors in large supply chains will be seen as weak links through which threat actors can target high-value, security-conscious organisations. Therefore, organisations cannot focus only on strengthening their own defences, but must also protect their supply chains. Threat actors are also likely to increase attacks on vulnerabilities in teleworking and cloud infrastructure.

“Non-State” hackers – i.e. those operating across national borders – could also increase. These attackers could target key media events in 2022, such as the World Championship in Qatar, etc., causing disruptions and reputational damage to event organisers and sponsors. Moreover, as was the case with the 2020 US presidential election, the 2022 mid-term elections could further highlight the risks associated with third-party vendors.

Throughout 2022, the underground crime market will continue to provide a lucrative channel for all types of cybercriminals to peddle credentials stolen from an organisation’s network. The surge in the use of intelligence thieves – such as RedLine, Vidar, Azorult, Raccoon, Grand Stealer, Vikro Stealer, or even open source products such as Sorano and AdamantiumThief – will continue to drive and well pay its developers and the community.

Moreover, given the effectiveness and prevalence of their attacks, the multi-dimensional capabilities that these infostealing software already possess are likely to expand and grow further. Competition among developers of infostealing software will intensify, which is bound to spur innovation among developers to create “better”, more complex products and easier-to-use services, with personal and “employer” profits far beyond any imagination.

Infostealing software significantly lowers the barriers to entry for low-level threat actors by providing botnet logs that help attackers gain additional access to other services by collecting credentials, obtaining confidential information or assisting in the distribution of other payloads.

Botnet is a network of computers, usually PCs, controlled by a botmaster and composed of devices infected with specialised malware, called bots or zombies. Zombie is a computer or mobile device connected to the Internet that, without the user’s knowledge, has been compromised by a cracker or infected with a virus in such a way as to enable unauthorised people to take partial or full control of it.

The versatility of infostealing software and its ability to steal large amounts of sensitive data make it a threat to every organisations in all sectors. The growing “symbiotic relationship” between access brokers and ransomware operators will see the demand for IAB services continue to grow. This will exacerbate physical attacks across multiple sectors to simplify the cyber intrusion process, enabling threat actors to operate more quickly and effectively. Considering the low risk and high demand for initial access, more groups or threat actors will engage and attempt to sell access to various organisations.

Based on the trends observed in 2021, it is believed that vulnerabilities in packages bundled and imported into various applications will continue to attract threat actors seeking to maximise the effectiveness of their attacks. They may invest time finding consistent inputs from various applications that eventually lead to the same vulnerable functionality in commonly used computer libraries. This could enable attackers to develop effective exploit tools for various applications, increasing the number of potential targets and reducing the workload. Furthermore, threat actors gaining access from the breach will further compromise systems, extract personal identification data and implement data extortion schemes. As early as January 2022, threat actors have begun advertising access to hundreds of thousands of servers.

Cybercriminals will continue to use sophisticated and automated phishing kits in 2022 to take cybercrime to the next level. These types of kits may vary in sophistication and be purchased through clandestine criminal networks, covert channels and sometimes even transparent online platforms operating on the dark and deep web.

The operators purchasing kits from these platforms usually have most – if not all – of the necessary resources provided by the kit creator. These include tools to quickly distribute and deploy landing pages, detection evasion tools and even interfaces to generate obfuscated HTML templates that bypass anti-spam or phishing email controls and successfully reach recipients’ mailboxes.

It has been found that threat actors involved in distributing phishing kits can advertise their products through underground criminal networks and covert channels, and even automate transactions using bots to sell the leaked data. As security technologies designed to detect phishing kits and websites continue to improve and evolve, threat actors are constantly changing their tactics, methods and procedures to avoid detection and maintain their operations.

“Remittance-intensive” economies will switch to digital currencies at a faster pace in 2022, especially in the Middle East and Central Europe. The threat posed by cryptocurrencies to “long-lived” currencies such as the dollar and euro could increase regulation of the sector.

As cryptocurrencies are known to avoid sanctions, launder money and disrupt dollar-based economic systems, further regulation of the sector could come from traditional economic powers, such as the United States last year, which introduced new tax return requirements. The EU is also exploring a digital euro to compete with cryptocurrencies in the coming years.

Besides causing financial losses to victims, threat actors may also look for opportunities to expose user data, as these companies collect large amounts of data from customers for security purposes.

As cybercriminals find new ways to steal investors’ financial resources, and attacks on cryptocurrencies become more targeted, the opportunity to exploit digital currencies will not only attract cybercriminals, but in 2022 State hackers will probably continue to carry out ever more high-speed attacks in the cryptocurrency sector as a way to raise funds for governments to circumvent various international controls.

Furthermore, as mentioned above, cybercriminals may accelerate the transition from Bitcoin to Monero as the cryptocurrency of choice to facilitate transactions and respond to more aggressive actions by the law enforcement agencies, as well as controls by governments and various related intelligence. The use of Monero in the threat actor community is estimated to increase significantly by the end of 2022, as observed on the darknet markets, namely Silk Road, AlphaBay and White House Market.

Advisory Board Co-chair Honoris Causa Professor Giancarlo Elia Valori is an eminent Italian economist and businessman. He holds prestigious academic distinctions and national orders. Mr. Valori has lectured on international affairs and economics at the world’s leading universities such as Peking University, the Hebrew University of Jerusalem and the Yeshiva University in New York. He currently chairs “International World Group”, he is also the honorary president of Huawei Italy, economic adviser to the Chinese giant HNA Group. In 1992 he was appointed Officier de la Légion d’Honneur de la République Francaise, with this motivation: “A man who can see across borders to understand the world” and in 2002 he received the title “Honorable” of the Académie des Sciences de l’Institut de France. “

Continue Reading
Comments

Intelligence

Unmasking India’s IB and RAW

Published

on

India’s prime minister Narendra Modi granted a year-long extension in service to retiring heads of India’s Intelligence bureau (Arvind Kumar) and the Research and Analysis Wing (Samant Kumar Goel). Both officers are specialists in the art of disinformation and insurgency.  They masterminded the so-called Blakote strikes inside Pakistan. Besides, they mounted a world-wide Pakistan-bashing campaign that resulted in Pakistan’s isolation in comity of nations. Pakistan FATF woes could veritably be attributed to the machinations of the said two officers. They are protégé of India’s national security czar Ajit Doval. Doval himself boasts of having carried out covert activities in Pakistan for about eleven years. He did not care a fig for violating the diplomatic norms while posted in Pakistan.

Difference between the Intelligence Bureau and RAW

The common belief is that the IB and the RAW have separate domains. But, in actual fact, the both organisations coordinate their activities. Like the RAW, the IB also has its offices abroad. In his book, RAW: A History of India’s Covert Operations, Yatish Yadav make startling disclosures about activities of India’s intelligence agencies. In a chapter titled “Hunting the RAW traitor”, he reveals the career of the RAW agent Rabinder Singh, an ex-Army man who sold national secrets to the CIA for money. Singh was outwardly a religious person who had a penchant for quoting from Hindu religious book Bhagwad Gita. He led parallel lives and passed on classified information to the foreign power. Although given asylum in the U.S., he was soon forsaken by the CIA and met with an unexplained road accident there. The accident was masterminded by the RAW.

The Intelligence Bureau (IB) is the national domestic internal security and counter-intelligence agency that works under the Ministry of Home Affairs. It was formed as the ‘Central Special Branch’ on December 23, 1887, which was later renamed as ‘Intelligence Bureau’ in 1920. The organisation mainly focused on National Security activities. According to an article published in Jagaran Josh, the Intelligence Bureau (IB) is said to be the oldest surviving intelligence organisation in the world.

About Research and Analysis Wing (RAW)

Initially, the IB was only responsible for India’s internal and external intelligence, but in 1968, it was bifurcated and left with internal intelligence only. While it’s external branch was handed over to the newly created Research and Analysis Wing (RAW).

The bifurcation took place after IB lapse in the intelligence about the Sino-Indian War of 1962, and India-Pakistan War of 1965. So the Research and Analysis Wing (RAW) was founded in 1968 to counter external security threats. The RAW provides intelligence to policymakers and the army and it keeps a close eye on the activities of the neighbouring countries (China, Pakistan, Sri Lanka, Myanmar, etc.) of the nation.

Generally, the IB is the national internal intelligence agency that maintains the internal security of the nation, while RAW is an external intelligence agency that keeps an eye on international threats. The main functions of the IB include counterintelligence, counterterrorism, VIP Security, anti-secession activities and intelligence collection in border areas. RAW on the other hand collects secret information about the activities of neighbouring countries. IB functions under the governance of the Ministry of Home Affairs, while RAW has been placed directly under the Indian Prime Minister’s office. IB gets its employees from the Indian Police Service, law enforcement agencies and the military, while RAW has its own service cadre known as the Research and Analysis Service (RAS). Initially RAW was also dependent on the services of trained intelligence officers from the military, police and other services for its candidates.

Objectives

The RAW’s objectives include:

Monitoring the political, military, economic and scientific developments in countries which have a direct bearing on India’s national security and the formulation of its foreign policy. Mould international public opinion and influence foreign governments. Covert Operations to safeguard India’s National interests. Anti-terror operations and neutralizing elements posing a threat to India.

To control and limit the supply of military hardware to Pakistan, from mostly European countries, America and more importantly from China.

RAWS exploits

The RAW stoked insurgency in East Pakistan that led to dismemberment of Pakistan. The Indian army and other agencies acted in tandem.

Another event shows that Indian diplomats developed deep ingress in Islamabad. On May 29, 1988, a senior official of the Pakistan Intelligence Bureau was abducted in Islamabad. India alleges that his abductors were personnel from the Inter-Services Intelligence Directorate (ISI). According to their own account of the incident, narrated in the news magazine Herald, they beat up the IB official until he revealed the location of a secret telephone exchange that was monitoring calls made by Zia-ul-Haq.

Kalbushan Jhadav’s story speaks volumes on how India penetrates even its serving officers to carry out sabotage and subversion in Pakistan.

Disinformation

‘Disinformation’ (Russian deziinformatzia) is a concept that finds mention in Sun Tzu’s Ping Fa (Principles of War). Even before Sun Tzu, Kautilya in Arthashastra supported disinformation as a civil and military warfare tool within his concept of koota yuddha (unprincipled warfare as distinguished from dharma yuddha, righteous warfare).

Tzu’s and Kautliya’s principles were used not only in World War II but also in the Cold War period (to hoodwink own and foreign people). Richard Deacon says, ‘Truth twisting…unless it is conducted with caution and great attention to detail, it will inevitably fail, if practiced too often… It is not the deliberate lie which we have to fear (something propaganda), but the half-truth, the embellished truth and the truth dressed up to appear a something quite different’ (The Truth Twisters, London, Macdonald & Company (Publishers) Limited, 1986/1987, p. 8).  He gives several examples of disinformation including subliminal disinformation by which the truth can be twisted so that the distortion is unconsciously absorbed, something which both television and radio commentators have subtly perfected’ (Ibid., p. 9).  In the USA, the Creel Committee, through false anti-German propaganda turned pacifist Americans against Germans.

Disinformation influenced even independent-minded Americans who laid down a constitution, beginning with words `we the people’. Yet Chomsky says the American masses are like a “bewildered herd” who have stopped thinking (Noam Chomsky, Media Control: The Spectacular Achievements of Propaganda, p.16). He asserts that in a “properly functioning democracy”, there is a “small percentage of the people”, a “specialised class of citizens” who … analyse, execute, make decisions and run things in the political, economic, and ideological systems”. Chomsky reminds, ‘Woodrow Wilson was elected President in 1916 on the platform “Peace without Victory”, right in the middle of World War I.  The American population was extremely pacifistic and saw no reason to become involved in a European War.  The Wilson administration established a government propaganda commission, called the Creel Commission [Committee], which succeeded, within six months, in Chomsky reminds, ‘Woodrow Wilson was elected President in 1916 on the platform “Peace without Victory”, right in the middle of World War I.  The American population was extremely pacifistic and saw no reason to become involved in a European War.  The Wilson administration established government propaganda commission, called the Creel Commission, which [through fake news, films, etc.] succeeded, within six months, in turning a pacifist population into a hysterical, war-mongering population which wanted to destroy everything German, tear the Germans limb from limb, go to war and save the world….  After the war, the same techniques were used to whip up a hysterical Red Square…’ (ibid.page 12).

Fifth-generation war is believed to be a vague term. George Orwell (Politics and the English Language) suggested that that trying to find a clear-cut definition of fifth-generation or hybrid war would reveal exactly that kind of vagueness, with the use of important-sounding, pseudo-technological words to impress readers and convince them that this war is being fought at a level the layperson cannot comprehend. However, India has proved that it understands the dimensions of the fifth generation war or fake news. It knows how to apply its techniques to achieve its objectives. It is time for Pakistan to wake up

EU Lab belatedly discovered a world-wide network that spread disinformation against Pakistan. Even prestigious Indian newspapers sometimes publish reports or articles that smack of being pieces of state-sponsored disinformation.  Harvard’s criteria for detecting fake news could be applied to disinformation bloomers. Harvard suggests `everyone should vet a publisher’s credibility first and then check all the sources and citations’. James Carson offers tips in his article `Fake news: What exactly is it – and how can you spot it‘? (Telegraph January 31, 2019)

Disinformation camouflaged in Op-Eds is hard to detect as they do not usually quote their sources of information. A case in point is Shishir Gupta’s article ‘In Imran Khan’s 18-point Kashmir plan for Aug 5, outreach to Turkey, Malaysia and China’, published in Hindustan Times dated July 28, 2020.

RAW officers speak many languages such as Chinese, Russian, Arabic, Sinhalese, German, Polish and Urdu. By the time of Morarji Desai, RAW had a staff of “more than five thousand on its payroll”. Desai turned out to be inhospitable to RAW and Kao, and K. Sankaran Nair left the organisation. N.F. Suntook took charge and “saved the agency”. RAW “recruited trained and deployed informers and covert action teams in the USA, Iran and several European countries as well as in India’s immediate neighbours. It also employed analysts, polygraph examiners, cartographers, linguists, economists and political analysts to defend the country from internal foes and external enemies. While the I.B.’s mandate was essentially within the country, it also opened offices at times on foreign soil. As is to be expected, the two agencies joined hands, and at times fought over turf to the detriment of the common cause.

In Bangladesh, RAW combated the influence of the CIA and Pakistan. The assassination of Sheikh Mujibur Rahman was a big blow and a much-chastened RAW regrouped to regain its lost influence in Bangladesh. By November 1988, RAW’s station head, code-named Krishna Patwardhan, had set up the necessary network in Bangladesh, to target elements that were hostile to India.

RAW saw spectacular action in other theatres as well. On March 20, 1988, RAW operative Anupam Malik began to carry out Mission Fiji’, “aimed to disrupt and dismantle Fiji’s military regime” that threatened to upset the ethnic balance in Fiji. Attempts were being made by this regime to deny political rights to ethnic Indians, most of whom had been immigrants to the country during the British Raj. Deporting all ethnic Indians to India’ was a distinct possibility. By the 1990s Sitiveni Rabuka, the strongman, was honey-trapped and compromised by RAW agents in Fiji and had to abdicate political power.

Similarly, RAW’s involvement in Afghanistan, we learn, began with the Soviet Union’s invasion of the country. The agency’s operatives carried out missions right through the chequered regimes of Tarki, Amin and Karmal encountering opposition from Pakistan’s Zia ul-Haq and the Taliban at different times.

In Sri Lanka, RAW propped up the Liberation Tigers of Tamil Eelam (LTTE) and had to follow the contradictory path of support and opposition following the dictates of the political masters in Delhi.

In the chapter titled “Shadowy War in Washington”, we see the RAW operative code-named ‘Blue Sky’ track down the Khalistani leader Jagjit Singh Chouhan and successfully penetrate the World Sikh Organisation, the International Sikh Federation and the Babbar Khalsa International. While the traditional rivalry between the I.B. and RAW continued, according to RAW operative Krishna’s candid opinion, “the I.B. proved to be far superior in the Canadian theatre than the RAW.”

Concluding reflections

RAW’s cover officers, including RK Yadav and B. Raman, make no bones about India’s involvement in Bangladesh’s insurgency. They admitted that India’s prime minister Indira Gandhi, parliament, RAW and armed forces acted in tandem to dismember Pakistan. Raman reminds us that the Indian parliament passed a resolution on March 31, 1971, to support the insurgency.

Indira Gandhi had then confided with RAW chief R.N.Kao that in case Sheikh Mujib was prevented ruling Pakistan, she would liberate East Pakistan from the clutches of the military junta.

In order to sabotage the China Pakistan Economic Corridor (CPEC) a cell had been established in RAW with the sole objective of disrupting it and the cell worked ‘under the supervision of the Indian Prime Minister’.

Yet another book (Terror in Islamabad) has been published by an officer Amar Bhushan who happened to have served as a diplomat at the Indian High Commission Islamabad. Before being posted to Islamabad, Bhushan had served as an officer of India’s premier intelligence agency Research and Analysis Wing, Border Security Force Intelligence, and State Special Branch for a quarter of a century. His book mentions another RAW officer, Amit Munshi (real name Veer Singh) posted as Cultural Attache.

Since times immemorial diplomats have enjoyed immunity in countries where they are posted. International conventions govern their conduct in host countries. If a diplomat is caught red handed violating norms of diplomatic conduct, he is declared a persona non grata. Bhushan’s book reveals that Singh’s assignment was to “identify potential Pakistanis for subversion”. The familiar elements of intelligence craft are espionage, sabotage and subversion. India added one more element “insurgency” to the intelligence craft if we go through another RAW officer’s book The Kaoboys of R&AW: Down Memory Lane. B. Raman makes no bones about India’s involvement up to the level of prime minister in Bangladesh’s insurgency.

Continue Reading

Intelligence

How 4chan Radicalizes Youth and Grooms Them Towards Terrorism

Published

on

The image board was started in 2003 to discuss anime and various other topics but festered into a safe space for hateful rhetoric soon after. In the aftermath of yet another racially motivated mass shooting by a frequent user, its dangers have finally reached the mainstream.

4chan is an extremely unique website. It has been running since 2003, and over the course of almost 20 years, has influenced many internet memes and phenomena. However, in the wake of the European Migrant Crisis in 2015 and the 2016 Presidential Election, it became associated with white supremacy, especially on its /pol/ board. This hateful rhetoric festered, worsening in 2020 during the COVID pandemic and George Floyd protests. 4chan was sprung into the spotlight once again on May 14th, 2022, when a white supremacists livestreamed his massacre of a supermarket.

This attack, fresh in American’s minds, led many to question why 4chan is still allowed to exist. This comes after 4chan’s rhetoric inspired a 2015 mass shooting in Oregon and its users aided in the organization in the Unite The Right Rally and the January 6th Riots. Clearly 4chan is a hotbed for far-right terrorism. But why is this image board the way it is? The answer lies in its lax moderation of content.

Upon looking at 4chan, you will find it is mostly made up of pornography. However, if you go on the site’s /pol/ board, it does not take long to find the kind of rhetoric that radicalized the Buffalo shooter. One particular post I found featured a racist joke at the expense of Black people. Another was praising fighters in the Ukrainian Azov battalion while joking about killing trans people. Yet another post complained about an “influx of tourists” due to the Buffalo shooter, who they insulted with an anti-gay slur. These memes and jokes seem to appeal to a younger, perhaps teenaged audience. It is clear that they are still trying to recruit youth into their ranks even after the tragedy in Buffalo.

The content is, to say the least, vile. The fact that this stuff is permitted and encouraged by not just the userbase (which numbers in the millions) but also many moderators tells us that there is something fundamentally wrong with 4chan. In fact, copies of the livestreamed Buffalo massacre were spread widely on 4chan to the amusement of its userbase.

Many of the users on 4chan are social rejects who feel as if they have nothing to lose. They feel unaccepted and alienated from society, so they turn to 4chan. Many harmful ideologies, such as White supremacy and incel ideologies, seem extremely validating for these dejected youth.  Young, socially alienated men, who make up the majority of 4chan’s userbase, are also among the most vulnerable demographics for radicalization.

What can we do to prevent further radicalization of youth and deradicalize those already affected by harmful rhetoric? First of all, we need to either heavily regulate 4chan or have it shut down. There is no space on the internet for this kind of hatred or incitement to commit horrific acts like what happened in Buffalo. For those already radicalized, we need to perform a campaign of deradicalization among those affected by this rhetoric. But how can this be done?

4chan prides itself on anonymity, so it is difficult to figure out who uses it. Thus, education on radicalization and identification of propaganda is vital. This education should focus on adolescents mostly due to their predisposition towards radicalization when exposed to hateful rhetoric. While White supremacy must be emphasized, other forms of radicalization should be mentioned as well such as Jihadism and other forms of ethnic supremacy. Finally, tolerance must be fostered among all people, not just those at risk of becoming groomed into terrorism.

The age of 4chan has spawned many humorous memes, but it has since become a hotbed for hatred and terrorism. Since memes are able to convey dangerous ideas, websites like Reddit and Facebook need to be heavily regulated to prevent the dissemination of dangerous misinformation. It is unlikely that 4chan will ever moderate itself, as lack of strict moderation is its defining feature. Thus, it has overstayed its welcome and no longer has a place in today’s information-driven society.

Continue Reading

Intelligence

New ISIS Strategy and the Resurgence of Islamic State Khorasan

Published

on

ISKP Uzbek Jihadist

Unlike Abu Ibrahim al-Hashimi al-Qurayshi, the second late leader of ISIS, who was derided as a “secluded paper caliph” and “an unknown nobody” for his relative anonymity and non-publicity, the new caliph of the Islamic State, Abu al-Hassan al-Hashimi al-Quraishi, has apparently launched a new strategy to strengthen linkages to regional wilayahs (provinces) and boost the group’s global presence.

Indeed, during his short time leading the group (31 October 2019 – 3 February 2022), Abu Ibrahim al-Qurayshi never publicly addressed his followers, which negatively affected the coordination of the activities of Islamic State-Central (ISC) and its regional branch of the Islamic State Khurasan Province (ISKP). Although his killing during a US counterterrorism raid in northwest Syria in early February was a major blow to the global jihadi organization, the change in leadership nevertheless provided it with new opportunities to update its command-and-control, recruitment and propaganda campaign.

Predictably, Abu al-Hassan al-Hashimi al-Quraishi, the new ISIS overall leader, sees his historical role not only in ensuring the Caliphate’s continuity and avoiding its potential fragmentation but also in establishing a more direct and consistent command line between its core in Iraq and Sham and its Central and South Asian affiliates.

ISIS collage dedicated to rocket attack on Uzbek Termez

The new strategy of the Islamic Caliphate not only gave a new impetus to its Khorasan offshoot waging a holy jihad in post-American Afghanistan against the Taliban but also opened a new front line against the post-Soviet Central Asian regimes. Indeed, the analysis of ISKP activities revealed that the proclamation of Abu al-Hassan al-Quraishi as the new Caliph and the launch of a new campaign “Revenge Incursion for the Two Sheikhs” increased the combat capability of IS Uzbek and Tajik fighters, as well as strengthened the coordination of local language and IS-Central propaganda machines.

Notoriously, on April 17, ISIS launched the new campaign “Revenge Incursion for the Two Sheikhs” to avenge the deaths of the former ISIS leader, Abu Ibrahim al-Qurayshi, and his official spokesperson, Abu Hamza al-Qurashi, who were killed in a US raid in February in the northwest Syrian town of Atmeh. In his recent audio address, Islamic State’s new spokesman Abu-Omar al-Muhajir called on the Caliphate warriors to avenge the deaths of the former ISIS leaders by “painfully striking” the enemies of “al-mujahideen” and saying that if they kill, they should “kill by many.” This call was made to the group’s followers worldwide and asked them to remain patient, but also be ready when the “war” begins. Al-Muhajir called to expand the campaign “Revenge Incursion for the Two Sheikhs” to the territory of US, Europe and Central Asia, urging Muslims living there to follow the lead of past “lone wolves” who conducted operations that “filled with horror.” He asked them to repeat “lone wolf” operations by stabbing, attacking, and ramming, and drawing inspiration from recent attacks in Israel.

ISKP Threat to Central Asia

Among the first to support the Islamic State’s new ‘global offensive’ campaign were ISKP Uzbek and Tajik jihadists challenging the new Taliban government and dreaming of overthrowing the ‘Taghut (idolaters) regimes’ in Central Asia. Thus, inspired by the new Caliph’s new strategy, for the first time in the history of the Islamic State, they managed to conduct a transnational jihadi operation from Afghanistan to the territory of Uzbekistan and Tajikistan.

Initially, on April 18, 2022, the ISKP fired ten rocket salvos into the territory of Uzbekistan, which was successfully exploited by the Uzbek-speaking regional jihadi media and IS-Central’s propaganda resources as evidence of the opening of a “second front” in the Central Asian direction. Expert assessments clearly observed the good coordination between the IS-Central’s media and ISKP’s local jihadi mouthpieces, both in terms of Islamic ideological content and hierarchical sequences.

ISKP Uzbek nasheed performer Asadulloh Urganchiy

The Islamic State-Central’s Amaq News Agency reported that “Mujahedeen of the Caliphate have fired 10 Katyusha rockets at a murtad (apostasy) Uzbekistan’s military base in the border town of Termez.” The ISIS central media wing also released a photo and video of the projectiles to back its claims. Another IS-Central’s weekly al-Naba newsletter also widely covered the topic of rocket attacks by detailing how the projectiles were fired from Afghan territory on the Central Asian nation.

Following IS-Central official news agencies reports, IS-Khurasan Willayah’s local media outlets, such as Al-Azaim Foundation and Khurasan Radio, the Uzbek-language Xuroson Ovozi (Voice of Khurasan), Tavhid Habar (Tawhid News), Tajik-language Telegram channels Mujahideen of the Caliphate and The Army of the Victorious Nation published a series of audio, video and text messages in Uzbek and Tajik detailing the goals, causes, and consequences of the rocket attack. In particular, Al-Azaim Foundation glorified the rocket attack as “the heroism of the brave lions of Allah Almighty punishing the corrupt army of the murtad Uzbek government.”

The ISKP media outlets were extremely outraged by the Uzbek government’s denial of the rocket attack, claiming that nothing had landed on their territory. In response, pro-ISKP Uzbek, Tajik and Russian Language Telegram channels re-posted IS-Central’s statement, photos, videos of the attacker and a map marked with the possible rocket impact location in Termez.

Central Asian Salafi-Jihadi experts’ attention was drawn to a 24-minute audio address of Khuroson Mujahid, the leader of ISKP Uzbek group, whose speech style and ideological views strongly resembled the late ISIS chief strategist Abu Mohammed al-Adnani. His speech revealed that the ideological vision of ISKP Central Asian jihadists, staunch followers of Takfiri Salafism, is in line with the Islamic State’s global agenda. He considers democracy to be the religion of “murtad states” of Central Asia, the Taliban government and Pakistan. He believes that due to committing shirk (idolatry), deviating Allah and doubting Tawheed (God’s Oneness), the leaders of taghut countries should be killed.

Considering Khuroson’s oratorical skills, Takfiri persuasion and ideological savvy, it is quite possible that the ISKP recruitment and incitement campaign will intensify in Central Asia in the near future. Obviously, the engagement between IS-Central and ISKP in the military, media and ideological directions reached a new level in the more permissive operating environment of post-American Afghanistan.

On May 7, the ISKP carried out a second rocket attack, this time into Tajikistan. According to the Central Media Office (Diwan al-I’lam al-Markazi) of ISIS, “Caliphate’s fighters fired seven rockets from the Khawaja Ghar district of Afghanistan’s Takhar Province towards the Tajik military base near the city of Kulob.” The rocket attacks on the territories of Uzbekistan and Tajikistan for three weeks nevertheless mark a clear escalation by ISKP Central Asian foreign fighters from just hostile anti-five post-Soviet “murtad governments” rhetoric to direct militant action.

Notably, the methods of media coverage of both attacks and the engagement between IS-Central and ISKP’s local media resources were clearly similar. The algorithm of their actions was in line with the new ISIS strategy. Thus, IS-Central posted a brief information about the rocket attacks with video and photos, then the Tajik, Uzbek and Pashto-language local media resources of ISKP glorified the “warriors of Allah”. The Uzbek-language pro-Islamic State Telegram channels Islomiy Maruza Davat Guruh, Khuroson Ovozi, Tawheed news, the Tajik-language Telegram channel of Ulamoi Rabboni (إنَّ اللّٰهَ مَعَنَا) actively propagated ISKR rocket attacks, undermining the image and credibility of the military potential of Tajikistan and the Taliban.

These Central Asian pro-IS media resources, supported by IS-Central propaganda bodies and comprised of a constellation of official branch outlets, regional pro-ISKP groups, and grassroots supporters have become a prominent voice aggressively impugning the Taliban’s reputation in the global jihadi world. Such method makes it possible to preserve the hierarchical structure and maintain a uniform media strategy of the global jihadi group. This reflects that after the fall of the Caliphate and a series of dramatic losses of its leaders, ISIS has learned a bitter lesson and is now moving from centralizing power to strengthening its wilayahs.

Apparently, the ISKP seeks to broaden its appeal in Central Asia both through increasing cross-border attacks against Afghanistan’s neighbors and ramping up the production, translation, and dissemination of propaganda directed at Uzbek, Tajik, and Kyrgyz communities in the region. These rocket attacks and ISKP’s propaganda campaigns targeting Central Asians for recruitment are any indicators, the group has become a serious jihadi power challenging not only the Taliban government, but also the post-Soviet authoritarian regimes. Through its Uzbek, Tajik and Pashto-language Telegram channels, the ISKP is conducted an unprecedented activity to recruit Central Asian jihadi groups affiliated with al Qaeda and the Taliban, as well as new radical Islamists from the Fergana Valley.

Future of ISKP Central Asian Jihadists

Obviously, the ISKP is exploiting the US military withdrawal from the region and the Afghan Taliban’s deviation from the hardline jihadi concept by successfully portraying their government as a Pashtun ethno-nationalist organization rather than a bona fide Islamic movement.

In conclusion, it is to be expected that the ISKP will actively capitalize external operations to undermine the legitimacy of the Taliban government, which assured the US and Central Asian neighbors not to allow Afghan soil to be used to attack Afghanistan’s neighbors. Strengthening cross-border rocket attacks has already raised the morale of ISKP fighters and consolidated its support base.

Thus, the new Islamic State’s strategy to strengthen its offshoots in its provinces is quite capable to reestablish its positioning in the broader global jihadi movement, which we see in the example of IS-Khorasan Province.

Continue Reading

Publications

Latest

Middle East1 hour ago

Israel admits involvement in the killing of an Iranian army officer

Col. Sayad Khodayee, 50, was fatally shot outside his home in Tehran on Sunday when two gunmen on motorcycles approached...

South Asia3 hours ago

Economic And Political Reform Is Needed In Sri Lanka, Not State Violence

Sri Lanka’s worst economic crisis since independence has highlighted years of political and economic mismanagement and a reliance on state-sanctioned...

Economy5 hours ago

The Waning Supremacy of the Petrodollar Economy

Since the 1970s, the US dollar has been the undisputed reserve currency around the globe. Agreements with Saudi Arabia (and...

Economy7 hours ago

Chinese Maritime Strategy: Further Expansion and Progress

The Belt and Road Initiative represents a shift in China’s global perspective as well as an update to its role...

Health & Wellness9 hours ago

World’s richest countries damaging child health worldwide

Over-consumption in the world’s richest countries is creating unhealthy, dangerous, and toxic conditions for children globally, according to a new...

New Social Compact11 hours ago

Open and Closed: From Russia to China to America, the Largest Societies Are Pushing Their Limits

Today we are seeing the largest nations in the world pushing their limits. Open societies are pushing the limits of...

World News15 hours ago

UNICEF urges leaders to keep schools safe following deadly Texas shooting

Governments must take greater action to ensure school remains a safe place for boys and girls, the head of the...

Trending