Terrorist Use of the Internet by the Numbers: Part III – Research and Policy Implications

This post is Part 3 of 3; Part I is HERE and Part II HERE. Also, a PDF combining all three posts is available HERE 

Collectively, the results from the open source data analysis presented in Part I and the findings from the police data contained in Post II highlight the need to focus upon online behaviours linked to the demonstration of terrorist intent.

Whilst engagement with radicalising materials and/or radicalisers is a prerequisite of radicalisation, it is perhaps a poor predictor to base disruption activities upon given the much larger volume of individuals exposed to these materials. The conclusions from these posts have a number of implications for research, risk assessment, policy, and practice.

Research Implications

In terms of research, the results illustrate the great degree of granularity possible from both open and closed sources. Rather than focusing on ‘who’ became radicalised, this is the first research of its type to instead focus upon the ‘how’ of online radicalisation and provided insight into the prevalence of various attack planning behaviours in an online setting.

The results also make clear that whilst analysing the opportunities afforded by the Internet is important, it is perhaps more instructive to view it in the context of how potential terrorists use the Internet based upon their motivations, needs, expectations, and histories. Online radicalisation is not a uniform process across or even within ideologies, for example, but there tends to be significantly different behaviours witnessed depending upon the needs of a potential attack/attacker.

The results largely confirm the conclusions of von Behr et al. (2013) and Gill and Corner (2015), whereby the Internet is largely a facilitative tool that affords greater opportunities for violent radicalisation and attack planning. Offenders hampered by their co-offending environment or plot ambitions are afforded opportunities to overcome these online.

We found significant differences across targeting strategies, ideologies, network forms, and propensity to engage in online learning and communication. Our research highlights the fact that there is no easy offline versus online violent radicalisation dichotomy to be drawn, as plotters regularly engage in activities in both domains. Threat management policies would do well to understand individuals’ breadth of interactions rather than relying upon a dichotomous understanding of offline versus online, which represent two extremes of a spectrum that regularly provide prototypical examples in reality. A preoccupation with only checking online behaviours may lead to crucial components of a plot’s technical development or a perpetrator’s motivation being missed.

Policy and practice may benefit from adopting insights from emerging research arguing in favour of disaggregating our conception of the ‘terrorist’ into discrete groups (LaFree, 2013; Gill & Corner, 2013) rather than disaggregating the radicalisation process.

Cases in which all transactions were conducted online were found to be rare. Face-to-face interactions were still key to the process for the vast majority of actors even if they were aware of, and made use of, the bounty of ideological and training material available online. Violent radicalisation should therefore be framed as cyber-enabled rather than cyberdependent, while underlining that enabling factors differ from case to case depending upon need and circumstance.

The use of the Internet was largely for instrumental purposes whether it was pre- or post-attack. There is little evidence to suggest that the Internet was the sole factor prompting actors to decide to engage in a violent act. Our results further suggest that many went online not to have their beliefs changed, but rather reinforced. This is in line with von Behr et al.’s (2013) previously cited research.

Challenges for Research, Practice, and Policy  

A number of significant challenges remain with regards to research and practice.

First, the recent development of databases and larger datasets have led to the development of variables (e.g. demographic, behavioural, historical, social, and, to a lesser extent, biological) that co-vary significantly with radicalisation, recruitment, involvement in, and to a lesser extent, disengagement from violent extremism has accumulated. As datasets continue to expand—involving an ever-larger number of variables across an ever-larger number of cases—the list of significant statistical associations is likely to grow. It is now time to take stock of the evidence rather than endlessly developing new (and largely untested) risk factors.

Second, base rates remain a continual problem. Quite simply, we have no grasp on the societal prevalence of the vast majority of online radicalisation indicators. In some cases, like issues surrounding mental disorders, it is easier because of epidemiological studies (see Corner, Gill and Mason, 2016). Other behaviours, like making threats online, are a far more difficult task to quantify. Without a sense of base rate, we can’t measure with any certainty how reliable any one indicator is, either in isolation or in combination with other indicators. Instead, we can only sample on the dependent variable, which is not good practice.

Third, there is a distinct lack of research concerning protective factors. The literature just does not account for them. We only look for ‘risk factors’, which may lead to a series of confirmation biases amongst intelligence analysts. Protective factors may come in many forms and include individual factors (e.g. attitudes, academic achievement, social orientation, self-control, personality factors), peer factors (e.g. close relationships with non-criminal peers, pro-social norms within peer group, number of affective relationships), family factors (e.g. highly connected to family, involvement in social activities).

The final problem is that of weighting. In most studies of radicalisation indicators, all indicators are treated equally. For example, the Safire Project2 outlines 21 indicators, ranging from “lingering concerns with questions of meaning and identity” to “dependence on communication technology” to “associating with extremist groups” and “training travel,” without prioritising any. Other risk assessment tools discriminate between indicators to a small extent (e.g. the Terrorist Radicalization Assessment Protocol or ‘TRAP-18’). The argument for such discrimination is logical, interesting, and yet rarely made. Of course, in reality, not all indicators are equal.

A part of the problem is that those developing indicators oftentimes try to do too much—from highlighting indicators of someone adopting an extremist ideology to highlighting indicators of someone planning an attack. These are very different processes, underpinned by very different behaviours and necessitating intervention by very different parts of the policing/intelligence/partner agency framework. Basically, the radicalisation literature lacks specificity in terms of what it is studying the indicators of. Exasperation at current attempts to counter online radicalisation is perhaps therefore understandable given the unclear parameters concerning what we are trying to, or even what we should, counter (e.g. do we counter ideological adoption, ideological radicalisation, attack planning, attack commissioning, or the variables and experiences that may make these phenomena more likely).

The research reported herein acts as a starting point in the scientific study of terrorist engagement via the Internet by providing a count of various online behaviours and how they co-vary with other attack-related variables. To advance the science further, it is important to utilise both open and closed sources, learn from the shortcomings outlined in the preceding paragraphs and importantly disaggregate online radicalisation into various discrete phenomena (e.g. ideological attainment, attack planning, attack commissioning) whilst also understanding that the importance of various factors may be modulated by ideology, the presence of co-offenders, and attack sophistication.


Dr. Paul Gill is Senior Lecturer in the Dept. of Security & Crime Science at University College London, which is a VOX-Pol partner. Follow him on Twitter: @paulgill_ucl