Introduction
The use of technology by terrorists and violent extremists is a perennially trendy issue in counterterrorism (CT) research—and for good reason. Identifying, monitoring, and assessing technological advancements and understanding how these innovations can be or have already been leveraged for malicious purposes is a key component to effectively disrupting terrorist plots. Attempting to stay and remain ahead of emerging technologies and the novel ways in which they might be employed has become an essential component in redressing the “failure of imagination” that led to the 9/11 attacks that saw US domestic commercial flights transformed into lethal weapons by a foreign terrorist organisation.
Islamic State (IS) and supporters inspired by the group have strategically used technology across a wide spectrum, often combining low- to high-tech tools for a variety of purposes, including recruitment, radicalisation, fundraising, financial transactions, attacks, logistical operations, and operational security. The New Orleans IS-inspired New Year’s Day attack, which tragically killed 14 people and injured dozens more, has shown again that attackers use tools across the technological spectrum, often in combination, to maximise lethality and minimise detection of the plot before execution, while also reflecting the conditions in which they operate. This Insight explores the New Orleans, Louisiana (NOLA) attack in the context of technology selection in IS external plots, depending on factors such as resources, technical proficiency, location, operational security considerations, and symbolic value.
Early Adopters
Both the Islamic State’s military operations in the Levant, as well as its external operations, demonstrate the early adoption of emerging and new technologies. The Islamic State of Iraq and Syria (ISIS) demonstrated early and effective adoption of unmanned aerial vehicles (UAVs), initially using them for filming propaganda videos, later for reconnaissance, and eventually modifying them into bombs. ISIS developed one of the most robust drone infrastructures of any non-state actor, relying almost entirely on do-it-yourself style modifications. That same year, Islamic State operatives shipped bombmaking components from Türkiye to Australia as part of a plot intended to blow up a commercial jet departing from Sydney. The plot was disrupted, but the intent showed a sophisticated supply chain that nearly enabled a complex terror attack. Fast forward to 2023, a 26-year-old mechanical engineering PhD student at Birmingham University was convicted for designing and building a drone for the Islamic State, partially manufactured using a 3D printer at home. The makeshift kamikaze drone, assembled by the PhD student, underscored both the critical role of technological advancement and the alarming eagerness of would-be attackers to share the drone’s design with ISIS supporters online for further production.
In 2024, Islamic State’s official and semi-official propaganda outlets, as well as supporters, have experimented with generative Artificial Intelligence (AI) to create compelling content. Experimental engagement, as well as full-on adoption of new and emerging technologies, serves as something of a force multiplier for the group, allowing the broader media ecosystem of its supporters to make it seem as though the group is ubiquitous, issuing threats in myriad languages and touting tactical successes from Syria to Somalia. Discussions online among the group supporters consistently revert back to the topic of opportunistic terrorist attacks, such as using fireworks, knives, or vehicles. In tandem, channels on Rocket.Chat and Telegram, some of IS’ preferred communications platforms, give in-depth instructions on how to make Improvised Explosive Devices (IEDs) in a low-cost, minimal technical capability fashion.
Factors in Adoption
IS and IS-inspired attackers’ decision to use certain technological tools over others is influenced by a range of factors, primarily rooted in the environmental context. When analysing attacks and plots, the selection of technology can be better understood by considering the following factors:
(1) Cost of technology and resources available: What resources are available to the attacker? Are there resource restrictions (manpower, material, money) limiting the scale of the attack possible, therefore steering the attacker to certain technologies? What technology makes sense for the attack envisioned? Does the attacker work alone or in a cell? Does the attack need to happen in a simultaneous manner for maximum effect?
(2) Location and environment of the attacker: How strong are intelligence and law enforcement capabilities of the attacker’s jurisdiction and/or in the jurisdiction the attacker is targeting? How easy is it to get access to explosive chemicals or weapons and do so without detection?
(3) Technical proficiency and barriers to entry: Does the attacker have a background in engineering or possess know-how that may facilitate the use of certain technologies such as 3D printers? Does the terrorist group inspiring the attacker provide easy how-to guides for the attacker to follow? Is the attacker embedded with hobby communities online that may inadvertently help him get the tacit knowledge to use certain technologies?
(4) Anonymity and operational security considerations: What technology can the attacker use without raising suspicion in the law enforcement or intelligence community? Is going low-tech (pagers) or high-tech (encrypted platforms) better operational security (OPSEC) practice in the attacker’s environment? Does the attacker need external assistance to procure or implement the technology correctly? If so, adding more people to a plot or conspiracy increases the chances of ‘leakage’ and introduces new risks for the attacker.
(5) Symbolic value and echo: Is there any technology that may enhance the symbolic value or further echo of the attack? For example, attackers have demonstrated an interest in using Go-Pro cameras because they add a video-gamification element to the attack. Furthermore, they can be framed as a point-of-view (POV) lens that is rare among terrorist attacks but often celebrated among an attacker’s support base.
The NOLA Attack
Numerous low- and high-tech tools were involved in the New Orleans New Year’s Day attack and its preparation. In the lead-up to the plot, the attacker used the vehicle-sharing platform, Turo, as well as an Airbnb rental. On IS propaganda channels online, some have exchanged tips on carjacking, for example, to commit ramming attacks. Some have speculated on whether the use of Turo to rent the attack vehicle was a deliberate strategy by the attacker, giving him affordable access to a heavier, more lethal attack vehicle. However, in previous VRAs, vehicles have been stolen to commit attacks or rented out from traditional car rentals.
Furthermore, law enforcement found bombmaking materials at the rental the attacker stayed at, indicating he worked on the IEDs there that were later found in the attack vehicle. Both physical and operational security likely required him to work on the IEDs in New Orleans rather than in his home state of Texas. IEDs tend to be unstable, rendering transportation across states not only an operational security issue but also a physical one. IEDs have unreliable triggering mechanisms and are incredibly sensitive to external influences like shock and temperature changes. However, in the case of the particular chemical compound used for the IED in the NOLA Attack, stability was less of a concern. Additionally, short-term rentals, like Airbnb, can provide more privacy which could make them better safehouses than hotels, especially in the final stages of preparation.
Another key component in the planning phase of the attack was his prior visits to New Orleans to conduct reconnaissance and casing his targets, during which the attacker used Meta Ray-Ban glasses to film the French Quarter without raising suspicion. Footage found by the FBI shows the attacker driving a bike through the quarter, looking around, clearly filming the neighbourhood’s narrow streets. Such detailed footage may have been important for the attacker in choosing where he would strike exactly or what areas are most congested, thus leading to higher lethality levels.
The literature on Augmented Reality (AR) and Virtual Reality (VR) in relation to terrorism is rich, and these technologies have already been used in numerous ways by terrorists and violent extremists for their strategic objectives, including radicalisation, recruitment, training, planning, etc. While the Ray-Ban Meta smart glasses do not have AR capabilities, they have already been used to dox strangers, for example. Notably, although wearing the glasses, the attacker did not livestream the attack.
The attacker’s primary weapon was his rented vehicle, a Ford F-150 Lightning electric pickup truck. There have been numerous hypotheses about the attacker’s use of the platform Turo to rent the attack vehicle, and his choice of car could provide one possible explanation. Some have argued, for example, that Turo was potentially a cheap way for the attacker to have access to a heavier, electric truck. Heavier trucks not only cause more casualties, but the electric nature of the car may have also made it more lethal, silently and more rapidly accelerating than a combustion engine, the noise of which would have given advanced warning to pedestrians to flee the area or seek shelter. This is a compelling thesis that shows an overlooked part of the technology discussion: how new tactics, techniques, and procedures (TTPs) do not have to be compelled by revolutionary new technology.
As is common with VRAs, especially IS-inspired ones, the attacker used a secondary weapon, a semiautomatic rifle, to shoot at law enforcement once he had rammed into the crowd and crashed into construction equipment. IS instructions on VRAs actively encourage secondary weapons to maximise lethality and build in redundancy to attack planning. The semiautomatic rifle was legally and privately purchased from an individual in Arlington, Texas on 19 November by the attacker. Not used but found at the scene of the attack were two functional IEDs placed in coolers near Bourbon and Orleans Street and a remote detonator found in the truck. While the IEDs were initially believed to have been based on a compound called R-Salt, further testing exposed the compound as RDX, a military-grade high explosive that is more powerful than TNT. Some of its advantages are that RDX is extremely stable in storage, and requires a detonator to explode, making it safer to transport. RDX is extremely hard to find in the U.S., with some experts believing the attacker may have synthesized the explosive himself. However, it seemed the attacker lacked the technical knowledge to detonate the IED, for which the electric match he used was inadequate.
As the investigation continues, it will be very important to understand, for example, which of the environmental factors of the attacker (online exposure, price, availability) made him opt for this compound. Additionally, the knowledge of how to make the IED will also point investigators to which propaganda channels he likely frequented. The attacker majored in computer information systems at Georgia State University and graduated in 2017. While in the US Army, the attacker did not hold a combat position, so would not have had a background in explosives.
The attacker used social media platforms, and Facebook specifically, to pledge his allegiance to Islamic State (Bayat), and to broadcast his view of Jihad, including descriptions of his view of his family, the war between believers and disbelievers, and more. The choice of platform may be connected to the fact he wanted to reach his family members in one of his messages. Unlike the October 2023 ISIS-inspired attack in Brussels, where an extremist shot and killed two Swedish soccer fans and then posted a video online, in the New Orleans attack, the videos were removed quickly and have not been spreading.
Conclusion
The main aspect highlighted by the technology used in the New Orleans attack is the importance of contextualising the ‘shiny bright object’ when analysing terrorist plots. While new and emerging technologies are absolutely a key pillar of terrorist attacks and adaptation by terrorist groups and lone wolf attackers, the importance of brute-force, low-tech tactics with little chance of detection by the law enforcement and intelligence community are equally important. Contextual factors, including cost and available resources, the attacker’s location and jurisdiction, technical proficiency, OPSEC considerations, and symbolic value or echo wanted, all can help analysts understand the technology use of attackers.
One of the seemingly most consistently present technology uses in IS-inspired plots is the access to social media and communication platforms to access IS propaganda and manuals online. While it remains unclear how the NOLA attacker radicalised, the fact that his attack is classified as IS-inspired likely indicates the forensics of the attacker’s devices show a significant presence on the sprawling online propaganda ecosystem of IS. Closer public-private partnerships between the US government and tech companies are genuinely a net positive, but it must become more than a simple ‘buzz phrase’ trotted out in the recommendations section of a policy briefing. Beyond engagement, where certain social media platforms are lax in content moderation or eschewing due diligence measures that can lead to public safety risks, legal pressure should be applied to encourage innovative and timely responses from platforms, especially repeat offenders who are frequently resistant to taking corrective measures.
Additionally, one of the main issues with content moderation and deplatforming is the exodus of IS supporters to less regulated platforms. Specifically, the use of decentralised and encrypted communication platforms used by IS and its supporters, such as Rocket.Chat, make taking down content nearly impossible, as it is stored on self-hosted servers. In Rocket.Chat’s documentation with information on law enforcement, it clearly states that it cannot access or control self-managed servers and that the company can only act on servers it directly hosts. While DDoS attacks can disrupt these types of servers, new domains can continue to be made, as an incident from 2019 demonstrates.
Clara Broekaert is a security researcher predominantly focused on foreign interference, terrorism, and technology. She is an Analyst at The Soufan Group and a Research Fellow at The Soufan Center.
Colin P. Clarke, Ph.D., is the director of research at The Soufan Group and the author of After the Caliphate: The Islamic State and the Future Terrorist Diaspora.