The Cyber5 Podcast

Episode 60: Combating Terrorist Messaging on the Open Internet

Episode 60 | November 10, 2021

In episode 60 of The Cyber5, we are joined by Tom Thorley, the Director of Technology at the Global Internet Forum to Counter Terrorism (GIF-CT).

Episode 60 | November 10, 2021

In episode 60 of The Cyber5, we are joined by Tom Thorley, the Director of Technology at the Global Internet Forum to Counter Terrorism (GIF-CT).

We discuss the mission of GIF-CT and how it’s evolved over the last five years, with particular interest on violent terrorist messaging across different social media platforms. We also discuss the technical approaches to countering terrorism between platforms and how their organization accounts for human rights while conducting their mission. 

Here are the 4 Topics We Cover in This Episode:

1) The Evolving Mission of GIF-CT:

GIF-CT combats terrorist messaging on digital platforms and is particularly focused on removing live streaming of violence. They were founded in 2017 by Microsoft, Facebook, YouTube, and Twitter to mostly combat advanced ISIS messaging efforts across their platforms, particularly after several high profile terrorist attacks were live streamed. 

GIF-CT has grown to include 17 different technology companies that participate in the mission of combating terrorist exploitation of their platforms. Since ISIS has been degraded over the last three years, GIF-CT has expanded their mission to include supporting the United Nations Security Council’s Consolidated Sanctions List.

2) Behavioral Models as Opposed to Group Affiliation: 

Due to the fast adaptation and evolution of terrorism, GIF-CT has moved to track behavioral models of violence rather than attempt to focus on known terrorist groups. They built out an incident response framework to review emergency crisis situations using technology called “hash sharing.” Now, they are looking at expanding into:

  • Manifestations of terrorist attacks just carried out
  • Terrorist publications (Inspire Magazine by al-Qaeda) with specific branding
  • URLs, videos, and images where specific terrorist content exists across platforms

3) Hash Sharing Across Social Media Platforms with Content​​: 

User created content is not associated with an identifiable individual, like an IP address generally tied to a device. When GIF-CT hashes videos, they not only use traditional MD5 hashes, but also use perceptual hashes, which are locality sensitive. These hashing techniques and different algorithms provided by the technology companies, allow images, videos, and URLs to be flagged and potentially removed from the platform in close to real time. 

There is some new hash sharing technology that is being explored around PDFs. The need has been driven in part because malware is exploited because the backend code of the PDF is manipulated whereas terrorist manifestos are not, they are just content. Technology is being explored by GIF-CT where they can hash certain content strings in PDFs for alert.

4) Optimizing for Human Rights: 

GIF-CT hashing algorithms minimizes impact to human rights during emergency situations and differentiates between legitimate journalism and normal discord between people on the platform. GIF-CT goes through tremendous transparency initiatives that focus their algorithms on violence extremism.

Adversary Insights℠ RFI Subscription
Timely response to client-specific requests for finished intelligence on cyber and physical risks
OSINT Monitoring & Analysis
Client-specific curation and analysis of dark web, open source, and social media data
External Attack Surface Monitoring & Analysis
Defense against attacks to your digital perimeter and internal environment
Executive Shield
Discovery of threats to key personnel with attribution and PII takedown
Threat Landscape Assessment
Analysis of external threats to assess level of risk and identify methods of mitigation
Zero Touch Diligence®
Discovery and analysis to assess risk for investments, IPO, M&A, and third parties
Event-Driven Intel Investigation
Multidimensional security fact-finding in response to adversary behavior