UNCOVERING TERRORIST OPERATIVES THROUGH OSINT
Globalization has expanded terrorist organization’s theater of operations beyond established territorial borders and into the online sphere. With easy access to large amounts of potential supporters and seamless communication with operatives around the world via new media platforms, it is no surprise that research shows that around 90% of terrorist organizations have social media presence.
Analysis of terrorist organizations’ social media presence and use of new media to disseminate propaganda, recruit, and fundraise, can provide law enforcement agencies unique insights into these organizations. Using the proper tools, law enforcement can leverage OSINT to dissect desired entities’ tactics, their fundraising efforts, and even profile operatives across the globe.
Although top leadership of terrorist organizations are not generally active on the web, they are not untraceable, as they deal with organizational funds that warrant commercial presence. Additionally, these leaders will almost always have middle level operatives in their circle, who commonly use social media for personal and organizational purposes, inevitably leaving a trace.
The FBI’s Most Wanted List
In September 2019, the Federal Bureau of Investigations (FBI) added MI, 41 years old from Egypt, to its FBI’s most wanted list. The Bureau of Investigation alleged that MI was an Al Qaeda operative with direct involvement in planning attacks on U.S soil and a provider of material support to Al Qaeda operations. Although MI was known to be living in Brazil, the investigation regarding his links to terrorism and involvement was still underway, the FBI requested the public to come forward with relevant information. MI appearance on the list prompted local Brazilian news papers to cover the story and various articles mentioning his name to surface the web.
Mapping Out Potential Operatives
While researching Al Qaeda operations in Latin America, Digital Clues investigators came across a local newspaper article discussing MI alleged role as an Al Qaeda leader. Given that terror organization leaders are not usually active on social media, Digital Clues’ investigation began by searching for commercial information connected to the target. Since the Brazilian government and local news outlets had confirmed MI location as São Paulo, the investigators created a dedicated crawler using the platform’s Robot StudioTM to collect information from Brazil’s national company directory. Analysis of the results surfaced a furniture company registered under the target’s name, relevant addresses, and personal information regarding his two business partners living in Brazil. Knowing that Al Qaeda usually operates in cells, the investigators added MI’s business partners to a list of potential operatives.
To enhance the personal information obtained through OSINT regarding MI’s business partners, ProFilerTM was employed. The platform provided further intelligence including email addresses. The email addresses led investigators to another business entity, registered by one of the business partners, whose purpose was said to be helping new immigrants of Arab decent integrate by offering Portuguese tutoring lessons. Through the ProFoundTM platform, investigators collected and analyzed the information provided on the tutoring company’s website, uncovering an organized effort to collect donations to fund terrorism, presumed to be for Al Qaeda.
After establishing a link to terrorism through fundraising activities, the investigators decided to dig deeper into MI’s partner’s connections and cross reference them with known Al Qaeda operatives and fundraisers around the globe. A known Muslim Brotherhood member and avid preacher caught the investigators attention from within the connections. The Sheikh’s social media presence, video content and connections were collected and analyzed via the ProFoundTM platform. The investigators then intersected connections between MI’s partner and the Sheikh’s uncovering further potential Al Qaeda operatives in Brazil and the Middle East. Analysis also revealed a São Paulo mosque as a possible point of convergence for Al Qaeda members, local and foreign, used for the recruitment of funds and sympathizers.
Starting from a single target’s name obtained from an article of a local Brazilian newspaper, Digital Clues’ investigators collected and analyzed OSINT that led to the compiling of a list of potential Al Qaeda operatives in Brazil and their connections to on the group operations in the Middle East. During this investigation, Digital clues platforms analyzed more than 45K data points, surfacing dozens of new targets and their connections. All of this was done in a matter of hours, dramatically reducing the time of the investigation from days or weeks.
With Digital Clues’ full suite of OSINT tools, investigators uncovered intelligence for law enforcement agents to move forward to the operational stage of the investigation. Continued monitoring of the targets through OSINT is recommended throughout the whole process combined with a hands-on intelligence collection approach, such as the use of avatars or undercover agents. Undercover activities and direct contact with the identified companies as well as physical undercover agents at the identified mosque can advance the investigation.