Right- and Left-Wing Violent Extremist Abuse of Digital Technologies in the Global South

The abuse of digital technologies by violent extremists is keeping pace with the exponential growth of new technologies and poses multifaceted challenges to national and global security. Cyber-enabled threats manifest in terrorist-operated websites, the shift by violent extremists to alternative or fringe social media platforms, their use of the decentralised web, and gaming and adjacent platforms, and the abuse of live-streaming technologies to maximise the impact of their attacks. In addition to these online activities, there is a threat of more disruptive or destructive cyber operations by extremist actors, such as Distributed Denial-of-Service (DDoS) attacks and the hacking of critical infrastructure such as hospitals, potentially resulting in civilian casualties. Throughout the research on the diverse range of malicious actors behind these threats globally, there is little on the online activity of violent extremist movements, whether right-wing or left-wing, in the Global South compared to the Global North. 

The report Right- and left-wing violent extremist abuse of digital technologies in South America, Africa and Asia, jointly published by UNICRI and VOX-Pol, seeks to fill this gap, analysing the online activities, narratives, and potential cyber capabilities of these actors in South America, Africa, and Asia. In particular, the joint report investigates the threats stemming from the complex interplay between terrorism, violent extremism, and cybercriminality – threats that are often overlooked, owing to the difficulty of gathering evidence and attributing offensive cyber operations, and to the prioritisation of more pressing security threats in diverse geographic locations. The report outlines a set of regional case studies, looking at right-wing violent extremism in Brazil, South Africa, India, and Maritime South-East Asia, and left-wing violent extremism in Mexico, Chile, Brazil, Argentina, and India. This analysis provides a brief overview of the digital ecosystem, the cyber capabilities of violent extremist actors across the Global South, and the potential responses to these threats.

A complex digital ecosystem 

Globally, violent extremist groups and networks exploit a broad variety of platforms and services simultaneously, including for propaganda, recruitment, financing, planning and internal communication. However, the group of 31 experts interviewed as part of UNICRI’s research agreed that right- and left-wing violent extremists in South America, Africa, and Asia often seem to face fewer restrictions in terms of content moderation by technology companies, many of which are based in the United States or Europe.  

As in Europe, North America, and Australasia, the online activities of right- and left-wing violent extremist groups in South America, Africa, and Asia are increasingly superseded by more disparate, horizontal online networks. In many of the case studies analysed in the report, for example in Brazil and India, physical attacks have increasingly been carried out by lone actors or small cells, some of which may have had previous engagement with organised groups. This dynamic has implications for the ability of technology companies and law enforcement agencies to counter the threat, as planned attacks and their perpetrators may be more difficult to prevent or identify. According to experts consulted as part of UNICRI’s research, the threat of violent extremism online is existing as part of an increasingly congested information environment on the Internet, in which different online harms – including misinformation, disinformation, cybercrime, and child sexual abuse material (CSAM) – overlap with violent extremism in toxic digital spaces.

Today, many such groups and networks operate for a variety of purposes on multiple different apps and platforms, including social networking platforms, messaging apps, crowdfunding services, file-sharing platforms, video-sharing platforms, gaming services, static websites, forums and message boards, on the surface, deep and dark web. Prominent groups, such as the ethnonationalist Afrikaner Suidlanders operating in South Africa, maintain a significant online presence via social media, websites, bespoke apps and encrypted messaging platforms. This may be part of a concerted effort by these networks to reach a broad audience and mitigate the impact of the potential removal of their accounts or groups by technology companies, for instance, by using outlinking between platforms. There is a growing tendency among these threat actors to use voice messages and audio content, which are harder to scan and analyse than text-based content, and to split their communication into different platforms, sharing the first part of a message in one channel and the second part in a channel on another platform – making it difficult for technology companies and relevant law enforcement authorities to monitor or counter.

Despite the heightened focus on the potential exploitation of emerging technologies by nefarious actors, and their use of popular contemporary digital platforms, the long-standing exploitation of traditional static websites remains a persistent and largely unresolved issue. Online networks affiliated with the CPI-Maoist in India, for instance, disseminate their ideologies via websites and blogs, all with different top-level domains (TLDs), but redirecting to the main website and mitigating the impact of takedowns of specific sites. Chan sites, imageboard websites, also play a role in the digital socialisation of several violent extremist networks, particularly those on the extreme right-wing. Sites such as 55chan, Dogolachan, Hispachan and 4chan are popular with Spanish- and Portuguese-speaking right-wing extremists, and some have been linked to acts of violence in Brazil, including school shootings. These websites are challenging to tackle, as web infrastructure providers, which are not always based in the same jurisdiction as a website’s users, tend to require high evidential and legal thresholds before taking action. Such companies have often been reluctant to act even in cases where there appears to be a threat to human life.

The cyber capabilities of right- and left-wing violent extremist actors in the Global South 

The threat of offensive cyber operations by right- and left-wing extremist actors forms part of a much broader, and growing, cybercrime landscape. As more and more aspects of daily life are taking place online, the range of potential vulnerabilities that hostile actors may exploit are increasing. This issue is likely to be prevalent in economies that have digitised particularly rapidly and do not necessarily have the protections they need against the risk of domestic or cross-border cyber-attacks. In this context, violent extremists comprise the minority of the perpetrators delivering cyber-attacks globally. Most of these incidents are believed to be carried out by state-backed actors, hacktivist collectives, or financially motivated criminals. Interviews with a group of 31 experts consulted as part of UNICRI’s research, however, indicate that the threat from cyber-attacks motivated by a belief system and delivered by individuals or groups affiliated with violent extremist movements is likely to increase in the coming years, and is likely to be particularly high in countries believed to have less developed cybersecurity defences. 

Several factors can increase this likelihood, from the growing availability of digital technologies and Internet access among domestic populations to cases of hackers becoming involved in terrorist groups. Additionally, the proliferation of Cybercrime-as-a-Service (CaaS) has lowered the bar to entry for more disruptive cyber operations by violent extremist non-state actors, including those that do not have a high level of computing skills. There is an extensive illicit digital market of off-the-shelf tools and services available for use by less technically skilled malicious actors, including ransomware, malware, botnets-for-hire, DDoS tools, and access to compromised systems. Some violent extremist organisations, including left-wing extremist groups in South America, have deliberately sought out recruits with technical skillsets in an attempt to bolster their cyber capabilities. Nationalist hacktivist groups engaged in disruptive cyber activities in India and South-East Asia represent examples of hacktivist collectives with ideological proximity to some violent extremist movements. While these groups rarely endorse physical violence explicitly, they often engage in disruptive hacking activities against perceived enemies, with tactics typically including DDoS, web defacement, and the hacking of CCTV cameras in target countries.  

Despite the availability of offensive cyber tools and services on the dark web and encrypted messaging platforms, there are few indications of frequent or widespread use of them by violent extremist actors in South America, Africa, or Asia. The reasons for this are unclear, but it may suggest a general lack of intent to prioritise offensive cyber operations over more traditional forms of activism or violence, a lack of Internet infrastructure or access in the areas where some violent extremist groups operate, or a reluctance to risk introducing external actors into clandestine operations. Overall, violent extremist actors globally are probably more interested in defensive technical tooling geared towards hiding their identities, for example, such as encryption, cryptocurrency, Tor, or Virtual Private Networks (VPNs), than in computer hacking or other more offensive tactics. There are documented examples of CPI-Maoist members, for example, relying on encryption solutions such as Pretty Good Privacy (PGP) and Protonmail to encrypt their communications, thereby posing challenges to law enforcement investigations. 

Technology sector responses  

Technology companies face significant challenges in effectively moderating violent extremist use of their platforms globally while also balancing user privacy, freedom of expression and other fundamental human rights. They have come under increasing pressure in recent years, particularly from governments and civil society organisations, to keep their platforms safe and free from illegal or otherwise ‘harmful’ content. Overall, right- and left-wing violent extremist actors in South America, Africa, and Asia have shown a sophisticated understanding of how to exploit digital technologies to spread their message and communicate through mainstream social media platforms, like X, Facebook, Instagram, TikTok, and YouTube, and consequently the ability to exploit apparent gaps in technology responses maintaining a relatively open presence on these platforms. Evidence gathered throughout the report suggests that international technology companies are not enforcing their policies as consistently in South America, Africa, and Asia compared to markets in Europe, North America, and Australasia. 

Some platforms appear to have dedicated disproportionate resources to moderating English-language content compared with other languages. The task of detecting and understanding violent extremist content or communication in languages other than English is made more difficult by the challenge of interpreting and understanding local dynamics and the community-specific slang found in content, and by the efforts of malevolent networks to evade detection or enforcement by moderation teams. Technology companies also have difficulty deciphering cultural nuances and the contextual circumstances of violative posts, especially when these emanate from geographical contexts in which they lack cultural understanding. As a result, platforms may fail to moderate material that violates their terms of service, or may remove innocuous content disproportionately from marginalised communities, at the risk of suppressing legitimate speech. According to experts consulted as part of UNICRI’s research and based on national authorities’ feedback gathered by UNICRI, technology companies sometimes do not maintain as close a working relationship with law enforcement or government departments in South America, Africa, or Asia as they do with governments in the Global North, which means that governments sometimes struggle to establish consistent contact with some companies. 

Technology companies operating globally are subject to a variety of differing and often contradictory regulatory requirements, including those relating to terrorist designations, hate speech legislation and Internet-related laws, and companies can be under pressure from the political or cultural contexts in particular countries. A popular approach to resolving such jurisdictional inconsistencies, adopted by technology companies, is to ‘geoblock’ content that violates specific local laws, rendering it inaccessible to users in one particular country but not others. Moreover, definitional and legal differences between countries regarding concepts such as terrorism and violent extremism, and the obligations placed on technology companies on the basis of those norms, are likely to be particularly problematic for the technology industry when it comes to right- and left-wing violent extremism. Many of the individuals, groups and organisations discussed in this article, and in the report, are not widely designated as terrorist, nor are many of them banned or otherwise sanctioned in the countries in which they operate. In some jurisdictions, even where such content incites violence or violates the terms of service in other ways, there can sometimes be no clear domestic legal framework – or no effective enforcement of existing laws –obliging technology companies to remove it. These differences and challenges increase the risk of ‘differential disruption’, whereby different malicious actors are subject to very different levels of disruption and content moderation online. All these factors can make it difficult for technology companies to consistently and effectively maintain a balance between removing violative content and upholding human rights and fundamental freedoms.   

Conclusions

While outlining the manifestations of right- and left-wing violent extremism in the Global South, and their exploitation of digital technologies, several key trends are mentioned in this short piece, and thoroughly analysed in the report, that warrant further attention and should guide further research activities.  

First, the inherently interconnected nature of the online and offline activities of violent extremist groups, networks and movements. The use of digital technologies by violent extremist actors, as by the general population, is an integral part of day-to-day communication and productivity, which means that neither online nor offline spaces can be studied in isolation from the other.  

Second, while violent extremism is a term used predominantly to apply to non-state actors, varying degrees of connection between violent extremists and state-backed actors are taking shape. This includes ideological proximity, pro-government vigilantism, state-backed cyber activities, and evidence of potential operational cooperation between diverse threat actors. Such convergences make effective responses to these issues more difficult, including from the perspectives of domestic politics, content moderation and international diplomacy.   

Third, a common theme is that these movements operate across multiple online services, and demonstrate a relatively advanced understanding of how to exploit digital technologies to further their objectives. In specific geographical contexts, these movements are able to exploit apparent gaps in technology responses to violent extremism, and thereby maintain a relatively stable and open presence on mainstream platforms.   

The report presents a set of general recommendations, as well as tailored recommendations for Member States, the research community, the technology sector and international inter-governmental organisations, aimed at identifying, investigating, preventing and disrupting the abuse of digital technologies by violent extremists.

Disclaimer

The opinions, findings, conclusions and recommendations expressed in this piece do not necessarily reflect the views of UNICRI, VOX-Pol or contributory organisations, and do not imply any endorsement. The groups and movements presented within this article, and in the referenced report, are not necessarily referenced as violent extremists either by the United Nations or by the Member States mentioned, however, their alignment, proximity, and connection with right- and left-wing violent extremist ideologies, as well as their use of violent extremist tactics, justify mention in this article, and referenced report, to ultimately reflect on the global dimension of the abuse of digital technologies by violent extremists.  

This article represents the views of the author(s) solely. ICCT is an independent foundation, and takes no institutional positions on matters of policy unless clearly stated otherwise.

Photocredit: ioat/Shutterstock