Far-Right Lone-Actor Terrorist Attacks and Violent Extremist use of File-Sharing Platforms

By Sean McCafferty

This analysis will focus on the role of file-sharing platforms in disseminating propaganda linked to violent far-right lone-actor attacks, examining the recent Bratislava perpetrator as a case study. A pattern among a selection of attackers represents an emerging typology of behaviour within the propaganda dissemination strategies of violent extremists on the far right. Namely, there has been an increase in the use of file-sharing platforms, especially after high-profile lone-actor attacks such as this shooting, the March 2019 attack in Christchurch, New Zealand, and the May 2022 attack in a supermarket in Buffalo, NY.

Attacker’s Online Footprint (Bratislava)

At 1900hrs on 12 October 2022 a gunman killed two people and injured one other outside the LGBTQIA+-friendly Tepláreň Bar in Bratislava city centre. The attacker was active on social media in the weeks and days preceding the attack, posting violent messages and selfies near possible targets, including outside the Tepláreň Bar. Additionally, the perpetrator appears to have been engaged with various far-right online spaces and referenced the attack in Buffalo as a specific catalyst in his decision to implement his manifesto and carry out the attack.

Figure 1. Attackers’ Online footprint

The Manifesto and its Dissemination

At 1351hrs CET on the day of the attack, the perpetrator posted six outlinks on Twitter to a 65-page PDF document titled “A Call to Arms”. The manifesto outlines the attackers’ ideological views, attack planning, incitement of others to violence, and the sources of inspiration to carry out an attack. It also details how the author meant to spread the manifesto and includes an explicit statement of their intention to share the manifesto on file-sharing platforms.

The links led to six different file-sharing platforms hosting a PDF of the document. Following the attack, supporters likely lifted the manifesto from these six small file-sharing sites. Subsequently, re-uploading the manifesto on other file-sharing platforms and across popular messaging channels affiliated with the violent far right, including chatrooms, message boards, and forums.

Figure 2. Network analysis of manifesto distribution following the attack.

Despite the removal of the original post by Twitter, this decentralised dissemination strategy creates a relatively robust network of links and hosting sites through which the manifesto can be found and re-shared by those sympathetic to the attacker’s views. The attacker is explicit about his desire to use these sites so that “these words get out to people.”

Exploitation of File-Sharing Platforms by Terrorists and Violent Extremists

The use of file-sharing platforms is a strategy long employed by terrorist and violent extremist actors online. Since November 2020, Tech Against Terrorism has, employing our Terrorist Content Analytics Platform (TCAP), located, verified, and alerted a total of 24,635 unique URLs linking to official terrorist propaganda and placed on file-sharing sites by both far-right and Islamist terrorist entities.

Across the broader far-right terrorist online ecosystem, messaging platforms and archives remain a more popular method of content dissemination representing 67.1% of unique URLs. The lack of widespread exploitation of file-sharing platforms by the violent far-right is likely due to three key factors. Firstly, violent far-right actors often share content within groups such as messaging apps, which already provide a stable environment for content. Secondly, violent far-right content is not as identifiably tied to designated terrorist organisations. It is, therefore, less likely to be moderated, meaning that violent far-right actors have historically found it less necessary to diversify their propaganda dissemination strategies. Lastly, several alt-tech services provide some violent far-right actors with a more permissive space to communicate and propagate their message, when de-platformed from mainstream social media.

These trends complicate content moderation efforts, making violent far-right content challenging to identify and classify, networks of content dissemination hard to track, and terrorist content on specific platforms hard to remove. While we have not yet seen the widespread adoption of file-sharing platforms to host propaganda by the far-right terrorist and violent extremist online ecosystem, lone-actor attacks have popularised this strategy. This is likely due to the coordinated tech sector response and automated removal of violent content, which prevents hosting violent far-right content on larger platforms.

Far-Right Violent Extremist Attacks and File-Sharing Platforms

Violent far-right extremists have a long history of propagandising acts of violence. Many attackers have shared manifestos and other propaganda before and during their acts of violence. The March 2019 attack in Christchurch, New Zealand, has become a recent reference point for a wave of attacks, high-profile examples of which include the August 2019 El-Paso shooting, the October 2019 Halle attack, and the May 2022 attack in Buffalo, NY. Several of these attackers did not use file-sharing platforms but shared and hosted their propaganda on fringe social media platforms and messaging boards. Moreover, both the Christchurch and Bratislava perpetrators outlinked their propaganda to file-sharing sites in the hours immediately preceding their attacks. By contrast, the Buffalo attacker’s livestream and manifesto media availability on file-sharing sites is due to re-uploads by supporters following the attack.

If using file-sharing platforms to host the attacker’s propaganda is representative of a new behavioural typology characteristic of lone-actors and their supporters, this suggests a move away from hosting and sharing content on one platform. This tactic was previously instrumental in disseminating the most shocking content. In contrast, the forums and social media sites used to host this content now serve as beacons to direct followers to the media on more stable platforms. This shift is likely due to increased scrutiny and attention to violent far-right content across major platforms.


These attacks provide a framework for future attackers and supporters, not only in the methods of violence and attack planning but also in the strategies of propaganda dissemination. The growing list of attackers from Christchurch to Bratislava builds a body of knowledge on which others will draw and will be evident in the online footprint, methods of violence, and propagandistic value of future attacks and their perpetrators.

Tech Against Terrorism is focusing on supporting smaller and file-sharing platforms to mitigate the threat posed by this shift in propaganda dissemination strategies. Tech Against Terrorism’s Terrorist Content Analytics Platform (TCAP) is designed to identify, verify, and alert terrorist content. Led by the work of our OSINT team, we are focusing on supporting smaller platforms to prepare for and combat terrorist exploitation of their services. With a broad network of over 100 platforms, we help bring the tech sector together to mitigate the threat posed by terrorist actors and their shifting propaganda dissemination strategies. To date we have alerted over 39,000 unique URLs linked to terrorist content. Through the TCAP, we alert new content daily and respond in real-time to terrorist attacks, as we continue to do in connection with the shooting in Bratislava on 12 October 2022.

This analysis is based in part on a confidential intelligence briefing produced by Tech Against Terrorism’s open-source intelligence (OSINT) team on 14 October 2022. If you would like to obtain a copy of this briefing, please email contact@techagainstterrorism.org.

Sean McCafferty is a research assistant at Tech Against Terrorism. Sean recently graduated with distinction from the Erasmus Mundus International Master’s in Security, Intelligence and Strategic Studies at Glasgow University, Dublin City University and Charles University. His research focuses on terrorism, insurgency, propaganda, and technology. Twitter: @SeanRMcCafferty

Image Credit: Pixabay

Want to submit a blog post? Click here.


Leave a Reply