Click here to read our latest report: Going Dark: The Inverse Relationship between Online and On-the-Ground Pre-offence Behaviours in Targeted Attackers

How Terrorists Use the Internet for Weapons and Component Procurement

How Terrorists Use the Internet for Weapons and Component Procurement
26th February 2020 Jessica Davis
In Insights

When Salman Abedi was buying material to build the bomb he would use to attack the Ariana Grande concert in Manchester in 2017, his cousin bought him some of the chemicals from Amazon. In the lead-up to his attack at a New Zealand mosque, Brenton Tarrant bought firearms and ammunition online. And when ISIS needed drones for bombings, they purchased drones and shipped them to Syria from a number of different online retailers. Terrorist use of online retailers to procure material for their attacks is not new, but it is increasingly common, and presents both challenges and opportunities for detecting how terrorists use funds, and what for. Online purchases can be a missed opportunity for suspicion to be detected, and can form part of terrorist financial tradecraft that obscures the totality of their level of preparation for an attack. On the other hand, online procurement activities increase the players with important financial intelligence. Exploiting this financial intelligence will require a fine balance between information sharing, regulation and public-private partnerships.

Terrorists buying goods online may reduce opportunities for members of the public to detect and report suspicious activity, an important tool for foiling plots. For instance, a terrorist plot in the United Kingdom was thwarted in part because of a shop keeper who was suspicious of fertilizer purchases by an individual. Academic studies have also demonstrated that terrorists “leak” their intent to those around them. Security and intelligence agencies have also studied this phenomenon, and people with important information can include bystanders like shop-keepers. Without this in-person interaction, the opportunity for individuals to observe suspicious behavior is reduced, potentially also reducing the likelihood of reporting. But online purchases also open up other potential avenues for detection, such as automated reporting through the use of algorithms designed to detect the purchase of particular goods.

Terrorists can also take advantage of online purchases to obscure the totality of their purchases, making it harder for investigators to get a clear picture of what they are intending to do. Essentially, terrorists can make purchases from the same retailer over time, or multiple retailers, thus reducing the possibility that suspicions will be raised about their activity. Online purchases can also be used to ship goods across jurisdictions with little suspicion. For instance, in the case of Canadian El-Bahnasawy, he purchased a number of goods that could be used for the construction of improvised explosive devices and shipped them to (what he thought was) a co-conspirator in the United States, the intended target of his plot.

Financial intelligence, often derived as part of a terrorist financing investigation, is a powerful tool for counter-terrorism investigators. It provides leads, but until relatively recently was the exclusive domain of financial service providers. Now, online retailers have critical intelligence with a level of detail that goes beyond what traditional financial intelligence can provide. For instance, financial intelligence may have been able to reveal how much and where money was spent, but not what specifically was purchased. Retailers (both online and in the physical domain) have this information, making them collectors of financial intelligence, and important ones at that.

The procurement of goods for terrorist purposes online presents both opportunities and challenges for counter-terrorism practitioners. It may provide opportunities for automated reporting and easier access to intelligence, but may also obscure the level of preparation of terrorist activity. Overcoming these challenges and exploiting these opportunities will require a balance of privacy and security and engagement with the private sector. While it may be tempting to draw lessons from the model of counter-terrorist financing that involves mandatory reporting by financial institutions, this model is by no means a panacea, and may not be particularly effective at preventing terrorist activity. While public-private partnerships are likely to prove fruitful in combatting online procurement activities, the tensions between the corporate profit motive and any motive to assist in national security should be carefully considered.

At the very least, online retailers should be made aware of how terrorists have used their services in the past, and how they may be exploited in the future. A broader conversation amongst members of the public, governments, and international organisations is required to establish norms and boundaries to establish what, if any, record keeping and reporting obligations should be placed on these entities. Existing research on terrorist financing and social media may also provide areas where the model can be improved. Ultimately, terrorist online procurement activities are an important part of their financing cycle, and will remain a feature of terrorist attacks in the 21st century.