Evolving Tech, Evolving Terror

Available Downloads

Over the course of the 16-year War on Terror, experts have identified political and socioeconomic conditions as root causes of terrorism. The technological enablers that make terrorism possible are less studied, however. Innovations in computing and telecommunications—like widespread internet access, end-to-end encryption, and virtual private network (VPN) usage—have made new types of operations possible for a higher number of radicalized individuals.

The Islamic State best capitalized on the new technologically driven landscape by remotely inspiring and directing attacks. These operations require little training or tactical planning, involve crude tools—like knives or cars—and can be conducted by anyone, anywhere. The combination of simple operations and increased communicative capacity has made terrorism accessible to the masses.

To date, mass-accessible operations have been confined to the West. However, as ISIS transitions to a more conventional terrorist network, these attack types’ geography stands to expand. As a result, policymakers would be well-served to incorporate technological conditions into their projections of emerging ISIS hotspots.

Policymakers would be well-served to incorporate technological conditions into their projections of emerging ISIS hotspots.

Malaysia provides an important case study in the emerging threat of remotely inspired attacks because of its widespread internet access, popular encrypted messaging services, proliferating use of VPNs, and a potential cohort of veteran foreign fighters returned from the Syrian battlefield to spur radicalized individuals into action.

Technological Capabilities

The first and most basic capability, access to the internet, has changed the way individuals radicalize and plan attacks. On the radicalization side, online platforms offer more opportunities to become radicalized and accelerate the speed with which radicalized individuals mobilize. Once radicalized, jihadists have used the internet for communication and operational planning. The attack on the Curtis Culwell Center represents the most extreme occurrence, as al-Shabaab-turned-ISIS operative Mohammad Abdullahi Hassan directed the perpetrators to conduct the operation through Twitter.

As with other developing countries, internet usage in Malaysia is becoming increasingly common. Sixty-eight percent8 of Malaysians use the internet nationwide. When parsed for age, that rate climbs to 91 percent among Malaysians 18–34. Jihadist content producers—namely ISIS—have capitalized on the trend, targeting Malaysian youth in their recruitment efforts.

Second, end-to-end encrypted messengers—like WhatsApp and Telegram—afford their users privacy by scrambling data sent from the sending device, through the cell tower and server, to the receiving device. In terrorist applications, these encrypted messaging services allow for unprecedented operational security, limiting law enforcement's ability to view or disrupt these communiques.

Encrypted messaging is surprisingly popular in Malaysia and represents three of the top twenty-five most popular mobile applications in the country. Violent extremists can leverage this fact, employing the technology to plot domestic operations.

Finally, in the same way that prospective terrorists use encrypted messaging for offense—to stage attacks—VPNs allow radicalized individuals to play defense. As their name suggests, VPNs provide users with a private connection to the internet, replacing the user's Internet Provider address with one from a VPN provider. In doing so, the technology effectively anonymizes the internet activity of the user. For terrorists, this prevents law enforcement from tracking their movement and intentions.

In Malaysia, VPN usage outpaces most Western countries. Approximately one in three13 internet users anonymize their online presence. The reasons for VPN usage vary: popular rationales in Malaysia range from accessing free entertainment to hiding web browsing from the government. This existing VPN culture can readily turn sinister and the technology applied to jihadist activity.

Terrorist Intent

Malaysia's technological landscape is necessary but not sufficient for operations with low technical barriers. Terrorist intent in the country is required for ISIS to ramp up its activity. Here, both internal and external pressures have resulted in populations who may use technology to conduct terrorist operations.

Despite the geographic distance between Malaysia and the Syrian Civil War, returning Malaysian foreign fighters from the conflict stand as a concern to policymakers. Though estimates vary wildly, as many as 400 Malaysians entered the conflict zone in Syria and Iraq. Further, eight confirmed cases of foreign fighters returning to Malaysia highlight the threat's viability. This number stands to grow, as Malaysian security services reported that Turkey has been deporting non-Malaysian foreign fighters to Malaysia.

Internal changes to Malaysian society exacerbate the terrorist threat. Malaysia is beginning to embrace more conservative religious practices and politically this is spurred by Malaysia's ruling United Malays National Organization (UMNO) party. This process has the dual effect of normalizing conservative interpretations of Islam for some, and generating public distrust of the government for others. In the latter case, this distrust may further propagate VPN use among large segments of the population—a dynamic that extremists can tap into. Further, ISIS has specifically targeted Malaysia with Malay-language propaganda. These dynamics have translated into real action: the Royal Malaysian Police (RMP) have disrupted at least 14 ISIS-related plots.


In Malaysia and similarly positioned countries, some have advocated for stronger key disclosure laws, which compel suspects to surrender their passwords. In many cases, however—as with the San Bernardino attack21—the keyholders are deceased. Others have called for telecommunication companies to build backdoors22 into their products, which would give law enforcement a way to access encrypted data. Although methods for VPN blocking exist, VPNs remain largely unregulated internationally.

These policy options all attempt merely to disrupt the technology’s distribution but do little to undermine the technology itself. In other words, VPNs and encryption can exist without VPN and encrypted messaging providers—especially in the context of illicit activity. As a result, policymakers must look elsewhere to combat the threat.

More promising approaches involve placing a renewed emphasis on defensive counterterrorism measures. While continuing to work to prevent attacks, law enforcement should also explore new ways to mitigate attacks’ effectiveness. Examples of this thinking have begun to emerge in Europe, where new barriers will limit the impact of vehicular rammings.

While the government’s ability to disrupt accessible terror is limited, it can consider the availability of these technologies as a factor in determining high-risk locations. This increased awareness can be used to better target preventative efforts and assist officials in finetuning their threat assessments.


In the recent months, counterterrorism policy conversations have become increasingly politicized. For some, terrorists are irredeemable and counterterrorism strategy should be driven by kinetic force. Others maintain that counterterrorism strategy should focus on the root causes of terror. In the past, counterterror policy has largely remained immune from the divisive political discourse that has plagued other public policy issues. If counterterrorism’s technocratic character is to continue, apolitical approaches to counterterrorism will be required.

Careful analysis of the technological enablers of terrorism fits squarely into this model. It captures both tactical and strategic considerations warranted by emerging technologies and, favoring more defensive approaches, occupies space far enough downstream to sidestep counterterrorism's thornier political questions. It remains clear, however, that as more people gain access to more sophisticated technologies, counterterrorism efforts will have to adapt.

Seth Harrison is a research intern with the Transnational Threats Project at CSIS.

Full citations available in PDF

Seth Harrison

Former Intern, Transnational Threats Project