Step-by-Step Online CVE

by J.M Berger

The world continues to deal with the offline consequences of how ISIS works online, hunting among the fringes of society for those rare individuals who can be convinced to act on its behalf.

Its success comes in part from volume – social media makes it possible to sift efficiently through more potential recruits than ever before. But while the process ISIS employs to achieve its goals contributes to its relative success, it also opens windows for disruption.

In an article for the October issue of the CTC Sentinel, I took a detailed look at how ISIS functions online, breaking it down into a five-part template, which can be implemented in different ways depending on the target’s disposition:

  • Discovery – ISIS discovers a potential recruit, or a potential recruit discovers ISIS
  • Create Micro-Community – ISIS supporters flock around potential recruits to surround them with social input
  • Isolation – Potential recruits are encouraged to cut ties with mainstream influences, such as their  families, friends and local religious communities
  • Shift to Private Communications – ISIS supporters encourage targets to take their conversations about ISIS into private or encrypted messaging platforms
  • Identify and Encourage Action – ISIS supporters probe to figure out what the target is most likely to do (usually travel to join ISIS, or carry out terrorist attacks at home), then encourage the target to take action

It is possible to see some of these stages as they play out online, and we can also match some of our countermeasures to particular steps.

For instance, efforts to limit how ISIS broadcasts its propaganda online can make discovery more difficult. The mainstream media also has a role to play, by making sure its coverage is measured and responsible, and that it does not robotically amplify the ISIS message. Many, perhaps most, potential recruits first learn about ISIS from the media, only then seeking it out on social media.

While it’s well worth fighting this battle, there are practical and ethical limits to how much we can interdict discovery. Countermeasures need to function as robustly as the recruitment efforts themselves, contesting ISIS at each opportunity.

The point at which ISIS users try to create a community around a potential recruit can be detected through social media analysis, for instance by measuring interactions sent by known ISIS recruiters and examining how many ISIS supporters a target follows.

Efforts to isolate targets can often be observed online in tweets (for instance, “A place that calls to shirk and cursing of the Sahaba is not a masjid”), in private communications, or in recommendations that potential recruits block users on social media who might influence them against ISIS. Individual and targeted interventions may help disrupt this process as it occurs.

The shift to private communications, which is sometimes telegraphed in public exchanges on social media, might be a signal for law enforcement investigations or intelligence community surveillance, when the context of such a move is clearly appropriate (for example, in response to a question about joining ISIS in Syria). Such steps would be most sensibly centered on recruiters, rather than all of their potential targets. But when investigation shows that a recruiters’ call to action appears to be succeeding, law enforcement intervention devolves to the target’s level.

One of the virtues of social media is that it forces human interactions into a relatively strict structure, which in turn allows us to diagnose the process behind and interaction, and recognize processes when they repeat. We can be smarter and more effective in how we counter ISIS on social media by stripping away the mystique and focusing on the mechanics.

J.M. Berger is co-author of ISIS: The State of Terror and a non-resident fellow at the Brookings Project on U.S. Relations with the Islamic World.

Leave a Reply