Click here to read our latest report “Transmisogyny, Colonialism and Online Anti‐Trans Activism Following Violent Extremist Attacks in the US and EU”

Terrorist Platform Migration: The Move to Smaller, Less Regulated Online Spaces

Terrorist Platform Migration: The Move to Smaller, Less Regulated Online Spaces
23rd June 2023 Scott N Romaniuk

Introduction and Background

The internet provides terrorists and violent extremist organisations (VEOs) with novel and useful means of achieving their goals—ease of access, lack of regulation, vast potential audiences, and a fast flow of information. Terrorists have demonstrated both the need for and the ability to be imaginative on the internet by utilising strategies such as limiting incriminating terms or employing coded language. Such strategies allow groups to continue eluding authorities while posing as legitimate actors.

Terrorists would be able to extend the reach of their messaging by operating on large social media platforms. However, maintaining a conspicuous online presence on larger websites and platforms also entails the risk of detection or disruption by authorities. Terrorists and VEOs are consequently shifting their attention and presence away from large platforms that have strengthened their efforts to monitor and detect suspicious behaviour in favour of smaller, less regulated spaces that serve as digital ‘havens’. This entails a move to different parts of the decentralised web (Dweb). The Dweb differs from the traditional ‘surface’ web, where network decentralisation, regulatory barriers, coordination, and collaboration amongst states and non-state actors (NSAs) make detection and disruption difficult. Operating on the Dweb, therefore, reduces the risks for terrorists and offers attractive and welcoming spaces and opportunities to recruit, radicalise, and plan operations. 

Our examination of two case studies, one on al-Qaeda (as a ‘network of networks’ with global reach) and the other on Kata’ib Hizballah (KH), demonstrates the relevance of smaller online settings for VEOs, notably Salafi-jihadist terrorist groups. We provide insight into terrorist platform migration and a condensed critique of actions in relation to the EU’s online task force by investigating terrorist sites and activity online and via the use of primary and secondary source materials. Terrorists have been successful in eluding government authorities to a large extent, and we expect this trend to continue in the absence of data-informed policy changes that translate into efficient and effective front-line agent-based action and response.

Terrorist Migration Online 

As larger platforms improve or claim to enhance their ability to detect and respond to terrorist activity online, terrorist groups and individuals maintain access to an extensive range of digital safe spaces from which to recruit new members and disseminate their messages. Smaller platforms may lack the security expertise of larger platforms, which usually have comparably more robust security systems, stricter moderation policies, and larger Trust and Safety teams. The process by which terrorists transfer their online activities from one platform to another is referred to as ‘migration’. Driven from larger, mainstream social media platforms, terrorist actors have moved to smaller, less regulated platforms. In the next section, we explore these cases, add to existing knowledge, and further scholarly conversations on the topic.


Jihadist-terrorist organisations have operated on chat servers for many years, and their utility is expanding. In a National Institute of Justice study on Sunni-inspired extremist groups such as al-Qaeda, one of the major recommendations was to suppress the producers rather than the consumers of terrorist propaganda online. Al-Qaeda has utilised the centralised open-source platform Rocket.Chat to extensive effect for the purposes of broadcasting and thereby proliferating its violent messages and reaching a wide audience.

Real-time chat, audio, and extensive file sharing lend efficacious opportunities to al-Qaeda by enabling them to interact with existing affiliates, make new connections with individuals, contact alternative cells and groups, and recruit by using the platform to target demographics and people who express or exhibit particular jihadist ideas, interests, or behaviours. As a single chat server, Rocket.Chat has more than one hundred channels for the transmission of the group’s messages. Other fundamentalist and militant groups that either have pledged an oath of allegiance (bayat) to or have less concrete connections with al-Qaeda, such as Hamas, Hezbollah, and the East African-based al-Shabab, have also adopted this new strategy to continue proliferating largely unchecked on social media to reach more people and spread extremist rhetoric.

A tale of two sites: the case of Kata’ib Hizballah

The anti-American and Iranian-backed Shiite militia and terrorist organisation, Kata’ib Hizballah (KH), has been active in Iraq and Syria since 2003 and aspires to build a new pro-Iranian government in Iraq. After the death of Abu Mahdi al-Muhandis in 2020, the group’s new leader, Ahmad al-Hamidawi, continues to pursue this goal. KH is responsible for a variety of violent assaults on US targets in Iraq as well as attacks on Iraqi civilians. Yet, its influence goes beyond Iraq and Syria’s borders, inspiring other active terrorist groups and militias globally. Recent public pressure to remove terrorist propaganda from the internet has prompted social media companies to act; Europol and Telegram have recently collaborated with the intention of countering criminal and terrorist activity on the internet.

Brian Fishman, Facebook’s Global Head of Counterterrorism, said the social network had zero tolerance for any group the United States listed as a terrorist entity. In July 2009, the US designated and labelled KH as an operational terrorist and insurgent organisation that received support from the Iranian government. Further, KH was regarded as posing a severe danger to coalition forces in the Middle East, therefore raising the prospect of increased terrorist activity in the United States. The social media operation run and managed by KH continues uninterrupted in spite of these claims and efforts by social media companies to remove terrorist online information; counterterrorism forces continue to pursue active websites and accounts on Facebook, Twitter, and Telegram. For instance, a 2021 scenario showed this terrorist group operating and utilising websites which were later taken down by the Office of Export Enforcement of the US Department of Commerce’s Bureau of Industry and Security.  

The websites that KH used as its media and propaganda arms were seized with a search warrant by US investigators. On January 23, 2023, KH launched a fundraising campaign purporting to help the Yemeni Houthi movement acquire more drones intended for attacks against the United Arab Emirates. The campaign was launched by Amir al-Musawi, the spokesman for Sharia Youth Gathering (Tajamma Shabab al-Sharia, or TSS), an umbrella organisation controlled by KH. The campaign was advertised as a ‘grassroots’ initiative and named Hamlat Shabab al-Iraq (‘The Iraqi Youth Campaign’). The organisation’s Telegram channel was the most active muqawama channel promoting the campaign. In brief, KH, a terrorist group, consistently uses small platforms to communicate recruitment messaging across a variety of media, including but not limited to videos, photos, essays, and publications. Specifically, the KH group’s websites served a dual purpose of recruiting and distributing false material to manipulate public opinion in favour of radicalisation and recruitment.

Government Regulation

The EU’s Internet Referral Unit (IRU) is housed within Europol’s European Counter Terrorism Centre (ECTC) and was established in July 2015 “to support EU states in preventing and combating serious forms of crime… which are committed through the internet.” The IRU reports suspicious or illegal content to online service providers for assessment against their own individual terms of service. Crucially, any subsequent action to remove said content is voluntary and non-enforceable and takes place in the absence of public oversight, revealing a foundational fault in the regulatory structure within which the IRU and similar units function and operate. A recent and notable case involving the IRU’s collaboration with Telegram and its subsequent engagement with extremists online caused networks of extremists to spread across smaller messaging apps or return to their original apps and platforms: TamTam, Blockchain Messenger (BCM), Hoop Messenger, Matrix, Threema, Kik, LINE, TalkRay, IM+, and many others.

The effectiveness of the unit’s actions is hindered due to limited resources; a lack of enforcement capabilities; information and real-time data sharing; relationships with both willing and guarded private sector organisations, and the subjectivity of data and narrative interpretations. This creates disparities in both knowledge and action. Unit foci are also selective, at times limited to focusing on the actions of a few known organisations and therefore being restrained. Silvia D’Amato and Andrea Terlizzi’s empirical analysis of the EU’s counterterrorism policy and actions reveals a significant knowledge gap that still exists regarding how different stakeholders share information and assign roles and responsibilities to agencies responsible for addressing terrorism. They also discover that EU publications rarely explicitly mention or describe the internal and external operational actions that EU agencies are to carry out. Inadequate training and knowledge have therefore prevented and continue to hinder response teams from achieving desired outcomes, resulting in symbolic action execution with poor and imprecise outcomes. Thus, technological growth and advancements in social media and the prevailing gaps in online regulation also support the ambitions of terrorist groups while augmenting the barriers that law enforcement authorities must contend with. 


Terrorists and VEOs continue to exploit the internet to achieve their specific goals of recruitment and propaganda dissemination. This current environment reflects the failure of governments to adopt approaches and measures to detect and disrupt terrorist and VEO tech platform migration. Policymakers struggle to understand the specific factors that influence the decision of terrorist organisations to migrate to the Dweb, where detection by authorities is more difficult. Due to the vastness of the internet, state-response latency, structural disparities between governments and law enforcement bodies, as well as a lack of clear and shared definitions, states have been relegated to a reactionary function. This has resulted in poor responses and human rights violations within the EU. Hence, terrorist outfits and VEOs can shift from domain to domain with considerable ease, forcing authorities to play ‘whack-a-mole’ in a decentralised digital abyss.

For terrorist recruitment and radicalisation purposes, a vast number of websites and apps offer terrorists direct and instant access to potential recruits, bypassing state security measures and leaving the security of the state and citizens in the hands of digital service providers. Thus, terrorist groups and VEOs have turned to more covert and difficult-to-control online spaces. The process of setting up a robust regulatory framework that helps combat extremist and terrorist online content, upholds rights to free expression and access to information, fosters a safe digital environment, and reflects democratic values is an urgent and critical task.

Dr. Scott N. Romaniuk is a visiting fellow at the International Centre for Policing and Security at the University of South Wales in the U.K. and a 2022 Newton International Fellow of The Royal Society and the British Academy. He is also a non-resident expert at the Taiwan Center for Security Studies and a senior Research Fellow at the Centre for Studies of South and South-East Asian Societies at Kazi Nazrul University in West Bengal, India.

Prof. Amparo Pamela H. Fabe is a visiting fellow at the International Centre for Policing and Security, University of South Wales, U.K. She is the 2023 Irregular Warfare Initiative Fellow, a joint project of the Modern War Institute of the US Military Academy at Westpoint and the Empirical Studies of Conflict Institute of Princeton University.

Dr. Debasish Nandy is an associate professor and head of the political science department at Kazi Nazrul University in Asansol, West Bengal, India. He is also the coordinator of the university’s Center for Studies of South and South-East Asian Societies.