How Violent Extremists and Terrorists use Redundancy
Why do threat actors share content outside of their core digital ecosystem? The most obvious reason for this is to expand the reach of their propaganda, as well as expand the presence of their communities onto both mainstream and adversarial platforms. Their intentions behind this can be twofold: A) they might not have a presence on the platforms their are disseminating content on and wish to recruit individuals from these spaces, B) they wish to have their content noticed and mainstream in a way that will catch the attention of (well intentioned but ignorant) oppositional actors that will notice this expansion and promote their content through research or reporting, or C) they wish to have harmful content they share in their existing ecosystems, be spread to a wider more mainstream space to harm target individuals or identity groups. To be successful in the dissemination of propaganda, redundancy plays a important role. Redundancy plays an important role in the violent extremist and terrorist propaganda toolkit. Redundancy can be used as a mitigation measure 1) in reaction to sustained attempts at the takedown of digital assets, and 2) in preparation of a kinetic attack, whereby an individual plans to leave a manifesto or plans a live stream.
Redundancy in Reaction to Sustained Attempts of Taking Down Digital Assets
Removal of digital content does not only occur on mainstream digital platforms, but adversarial communication, social networks and video platforms are known to take down violent extremist and terroristic content. Lets take Telegram as an example of an adversarial platform that carries out sustained attempts at the deletion of violent extremist and terroristic chats, channels and accounts ( I’m not here to talk about the efficacy of their methods). In order to circumvent the actions taken by Telegram, threat actors use redundancy to protect their core assets by leveraging the private/public function of Telegram chats and channels. Threat actors who administer some of the more popular or well known branded channels and chats on Telegram will create a private version of channel or chat where they will curate and archive all of their propaganda material, as well as their favorite material from other sources. Therefore, when the digital asset is taken down on Telegram there is a backup so that the channel admin can still forward content to existing channel, or when the admin set up a new version of the channel and chat they can dump all these digital assets rapidly back into the ecosystem.
This is not unique to admins, but the average user, will also create archives of propaganda in telegram channels they resonate with. This is not unique to Telegram but is a practice found across all platforms: social networking, cloud storage platforms, and/or on adversarial streaming platforms for videos (Bitchute, WorldTruthVideo and Odysee some of the most widely used). I have seen violent extremist and terroristic digital assets from channels that were deleted years ago still be shared from a users private reserves today. Redundancy guarantees that threat actors can circumvent attempts at the takedown of digital assets and networks on any platform and have it re-shared an amplified when a ne chat, channel, stream, website, etc. is brought back online.
Redundancy also provides a way to guarantee that their content will survive initial dissemination. By posting the same digital asset, lets say a video on Telegram, there will likely be a version shared on YouTube as it is the largest video streaming platform, but it is hostile to violent extremist and terroristic content; therefore, threat actors will also post it simultaneously to Odyssey, Bitchute, WorldTruthVideo, short forms are share on TikTok, YouTube Shorts and Instagram Reels. If and/or when the video is taken down from one of the platforms, archives will exist on other platforms making it available for other individuals to access, consume, archive, reproduce, and amplify further. In the end it is not about a single piece of content but about both the network of extremist actors, and the cross platform network a single user will create for themselves.
Redundancy in Preparation for a Kinetic Attack
Threat actors leverage redundancy as part of the tactics, techniques and procedures of carrying out a kinetic attack, to ensure the dissemination and preservation of the digital assets (propaganda, instructional material, websites, etc.), they wish to have consumed by their peers, while also maximizing the reach and impact of their digital assets to instill fear and inspire others to follow in their footsteps. Their goal is to avoid attempts at taking down manifestos, livestreams and instructional material they may have used, prior to anyone within their violent extremist or terroristic milieus having the chance to preserve a copy (this then ensures that it will likely always be found online).
An example of this if the Buffalo Attack in May 2022. The perpetrator of the attack wanted to have his manifesto, his digital diary and the livestream of his attack viewed and consumed by as many people as possible to instill fear and inspire others to follow in his footsteps. Prior to his attack he released his manifesto on four different cloud storage sites, each of which had three different accounts per site to guarantee that the manifesto would make it out even if attempts were made to take it down following the attack was happening. This is a key process of mass casualty attacks, as it insures a continuation of incidents. In as much as the Buffalo attacker was inspire by the Christchurch attacker, the propaganda from Buffalo attacker inspired the Bratislava attackers to follow in his footsteps.
Though it is a Basic Practice it is Important
In sum, the take down of terroristic and violent extremist content represents an important point of failure in any threat actors attempts at kinetic attacks, as well as their attempts at recruiting individuals or simply causing harm by amplification of their content and deeds. In light of this reality, threat actors apply malevolent creativity in their efforts to countermand their propaganda efforts. Redundancy is an important operational practice by successful threat actors to guarantee the survival of their networks their aesthetic their brand and their members. Though I focused mostly on adversarial platforms, this is behaviour that is seen across the board. It is not only about the content, but it is also about the cross platform networks, as well as the tactical behaviour of threat actors in their use of digital technologies.