Introduction
On 1 January 2025, two acts of violent extremism shook the United States. In New Orleans, a 42-year-old Army veteran named Shamsud-Din Jabbar, allegedly inspired by the Islamic State, drove a rented Ford F-150 Lightning pickup truck into a crowd of New Year’s revellers on Bourbon Street. Fourteen people were killed, and at least thirty-five were injured. After the vehicle was immobilized, Jabbar exchanged gunfire with responding officers before being fatally shot. Seventeen hundred miles away in Las Vegas, 37-year-old Green Beret veteran Matthew Livelsberger detonated an explosive device in a Tesla Cybertruck near the Trump International Hotel. Livelsberger took his own life just moments before the blast, leaving behind handwritten notes expressing his dissatisfaction with national affairs and personal struggles. While authorities found no direct connection between the attacks, both involved electric vehicles rented through peer-to-peer (P2P) rental services, raising concerns about vulnerabilities in these platforms.
In both incidents, the assailants rented their vehicles through Turo, a peer-to-peer car-sharing platform that connects private vehicle owners with individuals seeking temporary rentals. While P2P car-sharing offers convenience and is often cost-effective, it has also raised legitimate questions about how easily it can be misused for violent extremist and terrorist acts. Additionally, Jabbar rented an Airbnb property in New Orleans – a company that also follows the P2P model – where authorities later discovered bomb-making materials. In light of these incidents, this Insight explores the vulnerabilities within peer-to-peer rental services and their potential for misuse by extremist actors. It also reviews current safeguards instituted by companies and governments to mitigate these risks.
Vulnerabilities of Peer-to-Peer Rental Services
Peer-to-peer rental services enable individuals to share a wide range of goods—cars, homes, equipment—through online marketplaces. Unlike traditional firms that own substantial inventories and maintain strict oversight, P2P rental platforms act as digital middlemen, connecting hosts to renters seeking convenience, variety, and cost savings. However, these benefits can also create vulnerabilities, as bad actors can exploit gaps in verification and oversights.
One key concern is the ease of anonymity on P2P rental platforms. In contrast to traditional car-rental agencies or hotels, which typically require in-person identity checks and credit card verification, platforms like Airbnb or Turo rely primarily on digital verification methods such as uploading identification documents or linking financial accounts. While Airbnb conducts background checks on some U.S.-based users and India-based hosts, the company itself acknowledges significant limitations in this process. For example, they do not guarantee the accuracy of user information, records are not always up to date, and not all criminal offences are captured in public databases. The company also notes that these checks may not include all state and county records, do not always account for crimes committed outside the country, and may be limited to incidents occurring within a specific time frame, such as the prior seven years in certain states. In addition, Airbnb does not routinely run background checks on users located outside of these jurisdictions and when it does, their scope and accuracy vary due to differences in foreign laws, reporting systems, and database completeness.
While background checks add an additional layer of security beyond what traditional hotels provide—where identity verification typically stops at in-person ID checks—they are not foolproof. Despite improvements in verification processes across industries, both peer-to-peer rental platforms remain susceptible to fake IDs, stolen credentials, or what are sometimes called “straw renters,” who rent vehicles or properties on behalf of someone else. Airbnb’s reliance on remote, digital verification—without consistent in-person checks—may make it particularly vulnerable. Unlike hotels, which require guests to present identification at check-in to a staff member and create an opportunity for a front desk clerk or hotel staff to visually assess a guest’s identity or detect suspicious behaviour.
Generative AI exacerbates the threat of fake IDs. As recent reporting from 404Media found, underground websites are using “neural networks” to generate realistic-looking photos of fake IDs for just $15 USD, radically disrupting the marketplace for fake identities and cybersecurity more generally.”
A related concern within peer-to-peer rental services is the diminished physical oversight during transactions. Traditional hospitality and rental sectors typically employ on-site personnel to verify customer identities and also to monitor activities. In contrast, P2P rental platforms often allow property or vehicle owners to lease their assets with minimal direct involvement, which can be advantageous for those seeking passive income streams. This model allows owners to manage rentals remotely, sometimes from entirely different regions or countries. For instance, some owners use ‘contactless’ check-in with lockboxes or smart locks, reducing face-to-face interaction and potentially making it even harder to discern a renter’s true identity or motive. To address these security concerns, Italy has recently implemented a ban on self-check-ins for short-term rentals, requiring hosts to verify guest identities in person. This approach reflects a broader recognition that company-led policies have limitations and that governmental interventions are increasingly shaping the regulatory landscape.
Even when in-person interactions take place, owners may lack the training to recognise signs of illegal activities or the expertise to identify forgeries, despite having some resources available on the platform. In contrast, some jurisdictions have implemented mandatory training programs to address such challenges. For example, Minnesota Statute 157.177 requires all hotel and motel operators to ensure that all on-site employees, including owners, operators, and managers, receive approved training on identifying and responding to suspected sex trafficking within 90 days of hire and annually thereafter.
The inability to recognise suspicious activities is particularly concerning when it involves specialised equipment. Large vans and trucks from rental agencies have been exploited by terrorists for vehicle-ramming attacks, such as the 2016 Bastille Day attack in Nice and the 2018 Toronto van attack. Rental trucks have also been used to construct VBIEDs (Vehicle Borne Improvised Explosive Devices), as seen in the 1993 World Trade Center bombing and the 1995 Oklahoma City bombing. To mitigate these risks, various initiatives have been introduced to help rental service providers identify potential threats, enhance security measures, and prevent their equipment from being used for terrorist purposes. However, similar training or awareness programs, which identify assets more likely to be exploited by terrorists and provide guidance to their owners, are largely absent in the context of peer-to-peer rental platforms. Therefore, these specialised assets are left more vulnerable to exploitation.
Specialised assets include large SUVs, trucks, and vans, whose mass can inflict particularly deadly damage in vehicle-ramming attacks. Electric vehicles, with their significant weight and rapid acceleration, further increase the potential for lethality in such incidents. Additionally, properties located in strategic areas, such as near high-profile event spaces, can be exploited to facilitate political violence. For example, in both the 2017 Unite the Right rally in Charlottesville and the January 6, 2021, attack on the US Capitol, individuals attempted to use Airbnb, as well as traditional hotels and other short-term rental platforms, to secure accommodations near the event sites. Peer-to-peer services can also aid in planning an attack by allowing perpetrators to book multiple short-term stays and rentals in different locations. Indeed, this is possible using hotels too, but the vulnerability exists nonetheless. This enables terrorists to test operational feasibility, practice safe-house logistics, and analyse police response times without committing to longer leases or leaving a permanent footprint.
In response to the 2017 Unite the Right rally, Airbnb banned accounts linked to individuals who used the platform to book accommodations for the event. In subsequent years, Airbnb banned Iron March members. Following the Capitol attack, Airbnb issued a statement announcing it would not permit its platform to be used to coordinate housing for anyone planning to join protests surrounding President Joe Biden’s 20 January 2021 inauguration. They further pledged to permanently ban individuals found to have participated in illegal activities during the January 6 attack on the US Capitol.
In addition to platform-level bans and enforcement of community standards, Airbnb became the first sharing-economy member of Tech Against Terrorism, aiming to share intelligence and adopt best practices for detecting terrorist or extremist users. However, whistleblower accounts indicate that trust-and-safety teams remain understaffed, overburdened, and often hesitant to implement harsher measures that could alienate legitimate users or result in complaints. Airbnb has refuted these claims, stating that it takes a proactive approach to removing extremists from its platform and has invested significantly in trust and safety measures. Nonetheless, extremists often adapt quickly, employing fake identities or intermediaries to bypass bans, highlighting the need for more robust and proactive measures.
Like AirBnb’s, Turo’s user agreements forbid illegal activities. However, the incidents on January 1st highlighted challenges in enforcing these policies. Turo’s vetting process, which includes ID and background checks aimed at filtering out high-risk users, failed to detect either Jabbar’s or Livelsberger’s intentions. In response to these incidents, Turo has expressed its commitment to user safety and is cooperating with law enforcement authorities to address these issues.
Implications and Conclusion
The attacks on New Year’s Day were separate and unrelated, but their methods were strikingly similar. These incidents in New Orleans and Las Vegas reveal the dangerous potential for the sharing economy to be exploited by terrorists and extremists to facilitate large-scale violence. Platforms such as Turo and Airbnb, while offering undeniable benefits like enhanced travel flexibility, diversified local economies, and opportunities for individuals to monetize personal assets, also face significant security vulnerabilities. Extremists exploit the structural vulnerabilities of peer-to-peer platforms, taking advantage of inadequate identity verification, ease of anonymity, and limited physical oversight to bypass safeguards and carry out malicious activities.
Events like these have spurred both platform-driven changes and government regulations to address security vulnerabilities. Platforms such as Airbnb have responded by banning extremist users, partnering with initiatives like Tech Against Terrorism, and issuing transparency reports to improve accountability. Simultaneously, governments have implemented measures such as banning self-check-ins, mandating host registrations, and proposing stricter background checks for renters of large or specialised assets. Many cities now require short-term rental hosts to register with authorities and display permit numbers in their listings, which helps officials track rental activity and its purposes. However, enforcement remains uneven, leaving room for exploitation by determined extremists.
In confronting the threat of terrorist abuse of P2P rental services, multisectoral collaboration is needed in order to thwart devastating attacks and severe reputational harm. For instance, an unfounded rumour that the Manchester Arena bomber, Salman Abedi, had stayed at an Airbnb led to a controversial advertising campaign by the Hotel Association of New York City, which falsely implied a connection between Airbnb and the attack.
As criminals and extremist groups become more sophisticated, so too must the defences of the sharing economy. Strategies may include advanced identity verification systems, enhanced data-sharing frameworks between companies and law enforcement, and the ongoing refinement of community standards to encourage hosts and renters to report suspicious behaviour.
Ultimately, the January 1st attacks highlight the harsh reality that today’s digital marketplaces cannot remain apolitical or passive intermediaries. These platforms have tangible implications for public safety, particularly when extremist groups exploit technologies that seamlessly connect users worldwide. To preserve public trust, P2P platforms must innovate not only in user experience and profitability but also in security. Achieving this will require continuous monitoring, ethical data handling, and active collaboration with diverse stakeholders. While it may be impossible to eliminate all risks in an open, decentralised economy, building a robust system that deters would-be attackers is essential to ensuring that the promise of P2P services—greater freedom, flexibility, and economic opportunity—does not become a liability in the fight against violent extremism.