Skip to content
Jerusalem Center for Public Affairs
Strategic Alliances for a Secure, Connected, and Prosperous Region
Menu

Cyber Terror and Security

Brig.-Gen. (res.) Yossi Kuperwasser

The challenge of dealing with the terror threats on the Internet is becoming more complicated, as the quantity of data grows exponentially and as the terrorists make effective use of the cyber dimension for a wide variety of purposes. They take advantage of the Internet’s wide reach, its complexity, the ability to use it without being identified, the emphasis by its mega-corporate operators on protecting privacy and free speech, its reliability, and its commitment to facilitate secrecy so that secured communications will be guaranteed for everybody.

New technologies have made it possible for terrorists to produce propaganda videos and disseminate messages with relative ease, reaching an incredibly wide audience that was previously beyond their reach with immediacy and intimacy. Terrorists recognized the power of social media early on and built an entire organizational network that has been very difficult for counter-terrorism analysts to penetrate. By exploiting Twitter and Facebook platforms, apps such as Telegram, and content sharing sites such as JustPaste, terrorists further improved their capability to safely and rapidly extend their messages to wide audiences. Thus, the use of these new technologies by counter-terrorism analysts wishing to penetrate closed forums or telegram groups must be incredibly focused. Different methods must be adopted depending on the type of information desired. If done correctly, analysts can put potential terrorists under surveillance, track every move they make, both on and off social media, in order to get secret information.

The approach for finding terrorists and/or terrorist activity online must be based on the type of content desired. For example, looking for the current jihadi chatter about a specific incident, it is vital to check jihadi forums and Twitter and then search those platforms using related keywords and hashtags. With the emergence of new media, terrorists have switched to operating on closed forums and telegram, and privacy issues have become more relevant as social media platforms established their regulations and strict usage policies. Thus, in order to get the necessary sensitive information, one has to develop methods that may enable penetrating and following any of these closed groups.

The Search for Information

Information about homemade explosives can be found through searches on Google and YouTube. Jihadi homemade explosives manuals can be collected from jihadi forums and other platforms such as Archive.org. Information about improvised explosive devices (IEDs) and vehicle-borne improvised explosive devices (VBIEDs) can be found on social media accounts of explosive ordnance disposal teams, news agencies, and YouTube that are known for publishing reputable materials. Every arena has its own special sources – some countries have official interior publications or certain news agencies that provide this kind of information, so it is vital to investigate these sites as well.

In addition to knowing where to look for specific information, it is necessary to know how to find specific information in a sea of data, how to be selective and know whom to follow and monitor. The key is recognizing when something requires further investigation and where to look for further information. Successful coverage depends on deep understanding of the culture, vocabulary, and symbols used by terrorists. A post on Facebook or a tweet on Twitter may seem benign without this deep understanding, but alarming with it. The ability to use mass databases may help in locating the terrorists on time. For example, if a video encouraging terror – implicitly or explicitly – was posted on Facebook, the first step is to download the video in case it is removed later on.

The next step is to examine the person who uploaded it as well as all those who liked the video, commented, and shared. Then begins the selection process and further investigation into particular individuals in order to find a smoking gun. Doing this manually takes a lot of time, which is why it is imperative to invest in technology that focuses on the target group so that fewer people have to be to analyzed in the first place. However, with technology comes various legal issues, including privacy and terms of use on various platforms, which put certain limitations on what information can be obtained.

The “smoking gun” on social media is the last piece of the puzzle before the terrorist goes out into the real world and carries out an attack. In Israel, attacks may be very close to home and thus finding the smoking gun quickly before a terrorist can act on it is of utmost importance. Therefore, considerable time and energy is put into locating the red flags and investigating them before anything happens in real life.

The need to have access to such information is obvious in Israel, and Israeli companies have developed tools to secure this access, while in the West this issue remains unsolved. The Israeli approach is very clear; protecting life is more important than protecting privacy and the terms of using certain technologies.

Israeli soldiers
Israeli soldiers participate in 48 hour “hackathon” – innovating new programs for Israeli defense. (IDF)

On top of locating the threats and thwarting attacks in this manner, fighting terror on the Internet also requires a determined effort to prevent the use of social media for the dissemination of incitement for terror. Israel is leading the international effort in this respect and seeks cooperation from other liberal democracies and from the mega-consortiums that control most Internet activities. In the meanwhile, it has adopted a new law that enables it to limit the use of the Internet for incitement.

Other aspects of fighting terror on the Internet include the use of the Internet to promote de-radicalization programs so that whenever a tendency to radicalize is indicated, there is automatic sending of countering messages to the relevant person. The potential radical/terrorist is also approached by the local leadership and members of the family. The use of a wide variety of information is available on the Net to allow the identification of threats in time. For example, if somebody is considered a threat, then his picture, phone number, and car license number should be automatically shared with the security forces to prevent him from carrying out an attack.

Finally, counterterrorism on the Internet should include an effort to thwart cyber terror itself. This relates to preventing attempts to damage vital infrastructure (both physical and Internet, such as databases and banking systems) through cyberattacks, attempts to collect vital information by using fake identities, taking over broadcasting capabilities to terrify and misinform the public, promoting terror attacks by enticing Israeli citizens to make contact with seemingly innocent individuals, and other potential ways of abusing the Internet. In 2013, Iranian hackers were able to gain access to the controls of a dam in Rye, New York. In 2016, four Israeli hospitals were hit by Ransomware. The scope of these options is growing dramatically and the precedent set during the election campaign in the United States, where Democratic Party emails were allegedly penetrated, is the first example of how the attackers may very easily be a step ahead of the defenders.

To cope with these threats, Israel employs a robust system of organizations specializing in cyber protection efforts. The protection of military assets rests with the IDF itself, whereas the responsibility to protect critical infrastructure lies with the Internal Security Service (Shabak). Israel’s cyber security industries are among the most advanced in the world. Some 300 Israeli companies specialize in cyber-security, accounting for $3.5 billion worth of anti-hacking exports in 2015.

The private systems are guided in their efforts to defend themselves by the recently established National Cyber Staff. This structure facilitates an open flow of information and best practices that is necessary in this kind of war.