Islamist terrorist organisations including al-Qaeda, Islamic State (IS),and their supporter networks are increasingly exploiting open-source software to create “cloud platform” websites to store their content. These are password-protected websites that enable terrorist actors to share content via URLs. Many of these contain an extensive and regularly updated archive of terrorist material.
This trend is likely due in part to a broad improvement in moderation of terrorist content by mainstream tech platforms. Cloud platforms currently provide terrorist actors with a comparatively stable, centralised location in which to store their material. This is because the process of taking down cloud platforms is extremely challenging. As a result, content stored on cloud platforms canstay active without significant threat of being removed. Mostcloud platforms monitored by Tech Against Terrorism exploit open-source software developed by Germany-based company NextCloud.
The exploitation of the decentralised web –or Dweb –by terrorist and violent extremist (TVE) actors in recent months has both expanded and diversified. Messaging apps and social media platforms built on Dweb technology are serving critical roles in the online TVE ecosystem, ensuring the ongoing availability of terrorist content online. Decentralised web hosting software and file storage systems like Skynet and the InterPlanetary File System (IPFS), are also increasingly being exploited for the hosting of terrorist content. The administrators of a prominent pro-IS propaganda archive website, for example, have been using a Dweb browser plugin since at least late 2020 to circumvent frequent takedowns over the past several months. The plugin enables users to locate a stable landing page on which the latest link for the website can be found.
This shift is likely the result of a combination of improved moderation by centralised platforms alongside a flawed perception among TVE actors that Dweb services cannot be moderated. We anticipate that TVE actors are likely to further expand their exploitation of Dweb services in the coming months, particularly if centralised platforms continue to make improvements in moderating terrorist content.