According to DHS, social media and online forums are increasingly leveraged by threat actors to advance false narratives and promote violent ideologies.
Last week the Department of Homeland Security (DHS) issued a National Terrorism Advisory System (NTAS) Bulletin outlining the latest threats facing the United States. The bulletin warns that the current threat environment is extremely volatile with threats “posed by domestic terrorists, individuals, and groups engaged in grievance-based violence, and those inspired or influenced by foreign terrorists and other malign foreign influences.”
According to DHS, social media and online forums are increasingly leveraged by threat actors to advance false narratives and promote their violent ideologies. This activity takes place on a variety of platforms and ranges from direct calls for violence to disinformation campaigns. Examples highlighted in the bulletin include:
Racially or ethnically motivated violent extremists (RMVEs) have targeted houses of worship and crowded commercial facilities or gatherings. Some RMVEs advocate via social media and online platforms for a race war and have stated that civil disorder provides opportunities to engage in violence in furtherance of ideological objectives.
Ideologically motivated violent extremists fueled by perceived grievances, false narratives and conspiracy theories continue to share information online with the intent to incite violence. Online narratives across sites known to be frequented by individuals who hold violent extremist ideologies have called for violence against elected officials, political representatives, government facilities, law enforcement, religious or commercial facilities and perceived ideologically opposed individuals.
Nation-state adversaries have increased efforts to sow discord. For example, Russian, Chinese and Iranian government-linked media outlets have repeatedly amplified conspiracy theories concerning the origins of COVID-19 and effectiveness of vaccines; in some cases, amplifying calls for violence targeting persons of Asian descent.
DHS encourages state, local, tribal and territorial (SLTT) law enforcement organizations to maintain awareness of the online threat environment. Both DHS and the FBI continue to provide guidance to SLTT and share threat intelligence. Industry partners are also collaborating with DHS “to identify and respond to those individuals encouraging violence and attempting to radicalize others through spreading disinformation, conspiracy theories, and false narratives on social media and other online platforms.”
Given the scope and impact of malicious activity taking place online, both public and private sector entities are utilizing social media to maintain situational awareness of the current threat environment. However, it can be very challenging with new social media platforms to navigate, vast amounts of data to sift through and the legal and privacy implications to consider.
There are an estimated 4 billion active social media users around the world, making these platforms a powerful force in nearly every facet of daily life -- for better or worse. And with so much information being shared on social media, it’s a valuable source for investigative research.
But investigators need a safe and anonymous browsing and research framework that allows them to investigate social media without the risk of being identified or infecting their endpoint with malicious web code. This is especially true when investigative targets are suspected terrorists.
To maintain security and anonymity and avoid blown investigations, it’s important to remember: The browser will betray you.
Legacy browsers (e.g., Chrome, Firefox, Safari) will give away information that could reveal your identity and intent while browsing, even if using a private browsing mode. If you’re logged into accounts like social media, you’re giving away even more details about who you really are.
There are a number of ways you’re tracked online despite use of VPNs, private browsing and other mechanisms to maintain anonymity. Legacy browsers pass your device type, OS, software/plugins installed, time zone, audio/video devices and more. Websites themselves store cookies as well as the HTML5 local storage. And more identifying information can be derived from displayed content by techniques like HTML5 canvas fingerprinting. Your own behavior can also be used to build a recognizable identity -- the search terms you use, the times you’re online, your social media connections, shopping interests, favorite sites, account activity, typing speed and more. All this information together -- or even portions of it -- could tip off an investigation target that someone’s snooping.
Control the specific aspects of your online identity. By managing attribution and manipulating details of the browser fingerprint (time zone, language, keyboard settings, OS, device type and web browser) and the network address (physical location, ISP, subscribe information) to blend in with average visitors to a site under investigation, you can avoid arousing the suspicion of the webmaster and continue investigating inconspicuously.
Ensure your browsing session is isolated from organizational networks and even the local machine. Using a cloud-based browsing interface will ensure no web code ever touches your device, eliminating the risk of web-borne threats that might be used to deter or retaliate against investigations. And a single-use, “disposable” session will also negate persistent tracking mechanisms.
With these practices, analysts can safely conduct online investigations including social media platforms without putting themselves or their organizations at risk.