The Growing Threat of Digital Tradecraft in Terrorism

Context

The November 10 car bombing near Delhi's Red Fort clearly demonstrates that terrorists are now dangerously active not only on the ground but also in the digital world. Using encrypted apps, private servers, and secret online methods, terrorists are evading surveillance by agencies.

Digital Tradecraft: A New Form of Terrorism

• Terrorists now plan using encrypted messaging apps, private servers, and secret digital methods.
• Many modules even use VPNs and foreign proxies to access banned apps.
• Modern versions of old espionage methods like "dead-drop email" are being used digitally.
• Educated individuals with technical knowledge, such as doctors and professionals, are now becoming part of these networks.

Key Features

• Encrypted Communication: Use apps and services like Threema, Session, Discord, and ProtonMail, which require neither a phone number nor an email address.
• Private Servers: Terrorists create their own private servers and communicate within a closed network.
• Dead-Drop Technique: Instead of sending emails, they save drafts, which other members read and then delete.
• Minimal Digital Footprint: Keeping phones switched off, limiting online activity, and using VPNs.
• Physical Reiki + Digital Planning: A hybrid model of ground-based Reiki and online covert planning.

Differences from Traditional Ground-Based Threats

• Previously, terrorists used phone calls, meetings, and open networks. Now, communications are fully encrypted, decentralized, and difficult to trace.
• Physical evidence is limited, and sometimes even digital evidence is automatically erased. Traditional surveillance, such as phone tapping and email intercepts, has become virtually ineffective.
• Secret servers and draft emails are beyond the reach of traditional security agencies.

Key Challenges

• Encrypted apps and private servers are extremely difficult to track.
• Digital evidence is quickly erased, making forensic investigations difficult.
• Even banned apps can be easily accessed through a VPN.
• Rise of educated and technologically capable terrorist modules
• Increasing role of foreign networks and transnational connections
• Early detection of radicalization activities hidden within institutions is difficult

Way forward

• Advanced digital forensic teams: Teams specialized in encrypted platforms, private servers, and memory forensics
• Regulations on private servers: Clear legal and oversight framework for such digital systems
• Amendments to laws: Incorporate threats such as digital dead-drops and encrypted communications into the law
• Institutional awareness: Radicalization detection programs in universities and professional institutions
• International cooperation: Coordination with foreign agencies, tech companies, and the countries of origin of apps
• Public awareness: Increasing the ability to understand and report on the digital nature of modern terrorism