Mapping Global Cyberterror Networks: An Empirical Study of Al-Qaeda and ISIS Cyberterrorism Events

• DOI: 10.1177/10439862211001606
• Published date: 01 August 2021
• Date: 01 August 2021
• Subject Matter: Articles

https://doi.org/10.1177/10439862211001606

Journal of Contemporary Criminal Justice

2021, Vol. 37(3) 333 –355

© The Author(s) 2021

Article reuse guidelines:

sagepub.com/journals-permissions

DOI: 10.1177/10439862211001606

journals.sagepub.com/home/ccj

Article

Mapping Global Cyberterror

Networks: An Empirical

Study of Al-Qaeda and ISIS

Cyberterrorism Events

Claire Seungeun Lee1, Kyung-Shick Choi2,

Ryan Shandler3, and Chris Kayser4

Abstract

This study explores the internal dynamics and networks of terrorist groups in

cyberspace—in particular, Al-Qaeda and the Islamic State of Iraq and al-Sham (ISIS).

Using a “Global Cyberterrorism Dataset” that features data on cyberterror attacks

between 2011 and 2016, this research analyzes these two terrorist groups through

the lens of a cyber-conflict theory that integrates conflict theory with Jaishankar’s

space transition theory. Through a network analysis methodology, we examine

the invisible relationships and connections between the national origins and target

countries of cyberterror attacks. The analysis focuses on the networks of national

origins of terrorists and victims, network structures of Al-Qaeda and ISIS actors,

and clustering networks of Al-Qaeda and ISIS cyberterrorists. Results indicate that

terror in cyberspace is ubiquitous, more flexible than traditional terrorism, and that

cyberattacks mostly occurred within the countries of origin. We conclude by discussing

the complex features of cyberterror networks and identify some of the geostrategic

implications of the divergent cyber strategies adopted by Al-Qaeda and ISIS.

Keywords

cyberterrorism, Al-Qaeda, ISIS, social network analysis, cyber-conflict theory, space

transition theory

1University of Massachusetts Lowell, MA, USA

2Boston University, MA, USA

3University of Haifa, Israel

4Cybercrime Analytics Inc., Calgary, Canada

Corresponding Author:

Claire Seungeun Lee, University of Massachusetts Lowell, Lowell, MA 01854, USA.

Email: claire_lee@uml.edu

1001606CCJXXX10.1177/10439862211001606Journal of Contemporary Criminal JusticeLee et al.

research-article2021

334 Journal of Contemporary Criminal Justice 37(3)

Introduction

In the aftermath of the 9/11 terror attacks, a surge of academic research in the field of

terrorism has contributed to a deep understanding of how conventional kinetic terror-

ism is organized, facilitated, and propagated (Abrahms, 2019; Duyvesteyn, 2004;

Neumann & Smith, 2007). Yet terrorism is subject to the same global forces and devel-

opments as the rest of the world, and advances in technology have beckoned forth a

new threat of cyberterrorism. The ubiquity and anonymity of cyberspace has enabled

terror organizations to access new methods in designing traditional or complex attacks.

The cyber component of cyberterrorism relates to both the networked structure of

modern terror organizations that are able to more efficiently disseminate and commu-

nicate information and also the wielding of cyber weapons that allows for anonymous

transnational attacks against newly vulnerable targets.

While research on technology-facilitated terrorism has increased (Archetti, 2013;

Mair, 2017; Rudner, 2017), only a handful of papers have incorporated empirical anal-

yses of cyberterrorism (Canetti et al., 2017; Gross et al., 2016, 2017; Qvortrup, 2015).

This article attempts to add to the dearth of empirical research into cyberterrorism

(Conway, 2005, 2017; Holt et al., 2019; Zelin, 2013) by conducting a systematic anal-

ysis of the relationship between actors and victims in cyberterrorism, resulting from

increased use of technology and cyberspace to plan, execute, monitor, and evaluate the

results of their attacks. Developing an understanding of the relationship between

offenders and victims in cyberterrorism cases would contribute a great deal to the

criminological literature and also to policy makers, national security officials, and the

wider public. To do this, we introduce a novel “Global Cyberterrorism Dataset” that

provides comprehensive data on dozens of cyberterror attacks attributed to Al-Qaeda

and Islamic State of Iraq and al-Sham (ISIS) between 2011 and 2016.

For the purposes of this analysis, we define cyberterrorism as a computer-based

attack, or threat thereof, that is intended to intimidate or coerce governments or societ-

ies in pursuit of goals that are political, religious, or ideological (Lachow, 2009). This

relatively broad definition builds on Dorothy Denning’s (2000) seminal understanding

of cyberterrorism as the “convergence of terrorism and cyberspace.” We adopt a defini-

tion that views cyberterrorism as pertaining to acts that use cyberspace as a means of

attack, as well as those that view it as the target of the attack. In light of the heated

debate over the scope and definition of cyberterrorism (Luiijf, 2014), we adopt a broad

operationalization of the phenomenon, rejecting more modern variants that suggest that

cyberterrorism must cause physical destruction (Lachow, 2009). As such, our expan-

sive construal of the phrase includes the use of cyber networks by terror organizations

to disseminate political messages, for recruitment, fundraising, and more.

This current study explores the internal dynamics and networks of terrorist groups

in cyberspace—in particular, Al-Qaeda and ISIS. Specifically, this article illuminates

how the national origins and sources of terrorists and victims are interrelated to one

another by looking through the prism of cyberterror attacks launched by these two ter-

ror groups. Using the uniquely constructed data set—“global cyberterrorism data-

set”—that includes annual data from Terrorism Reports from 2011 to 2016 (U.S.