Mapping Global Cyberterror Networks: An Empirical Study of Al-Qaeda and ISIS Cyberterrorism Events

Published date01 August 2021
Date01 August 2021
Subject MatterArticles
Journal of Contemporary Criminal Justice
2021, Vol. 37(3) 333 –355
© The Author(s) 2021
Article reuse guidelines:
DOI: 10.1177/10439862211001606
Mapping Global Cyberterror
Networks: An Empirical
Study of Al-Qaeda and ISIS
Cyberterrorism Events
Claire Seungeun Lee1, Kyung-Shick Choi2,
Ryan Shandler3, and Chris Kayser4
This study explores the internal dynamics and networks of terrorist groups in
cyberspace—in particular, Al-Qaeda and the Islamic State of Iraq and al-Sham (ISIS).
Using a “Global Cyberterrorism Dataset” that features data on cyberterror attacks
between 2011 and 2016, this research analyzes these two terrorist groups through
the lens of a cyber-conflict theory that integrates conflict theory with Jaishankar’s
space transition theory. Through a network analysis methodology, we examine
the invisible relationships and connections between the national origins and target
countries of cyberterror attacks. The analysis focuses on the networks of national
origins of terrorists and victims, network structures of Al-Qaeda and ISIS actors,
and clustering networks of Al-Qaeda and ISIS cyberterrorists. Results indicate that
terror in cyberspace is ubiquitous, more flexible than traditional terrorism, and that
cyberattacks mostly occurred within the countries of origin. We conclude by discussing
the complex features of cyberterror networks and identify some of the geostrategic
implications of the divergent cyber strategies adopted by Al-Qaeda and ISIS.
cyberterrorism, Al-Qaeda, ISIS, social network analysis, cyber-conflict theory, space
transition theory
1University of Massachusetts Lowell, MA, USA
2Boston University, MA, USA
3University of Haifa, Israel
4Cybercrime Analytics Inc., Calgary, Canada
Corresponding Author:
Claire Seungeun Lee, University of Massachusetts Lowell, Lowell, MA 01854, USA.
1001606CCJXXX10.1177/10439862211001606Journal of Contemporary Criminal JusticeLee et al.
334 Journal of Contemporary Criminal Justice 37(3)
In the aftermath of the 9/11 terror attacks, a surge of academic research in the field of
terrorism has contributed to a deep understanding of how conventional kinetic terror-
ism is organized, facilitated, and propagated (Abrahms, 2019; Duyvesteyn, 2004;
Neumann & Smith, 2007). Yet terrorism is subject to the same global forces and devel-
opments as the rest of the world, and advances in technology have beckoned forth a
new threat of cyberterrorism. The ubiquity and anonymity of cyberspace has enabled
terror organizations to access new methods in designing traditional or complex attacks.
The cyber component of cyberterrorism relates to both the networked structure of
modern terror organizations that are able to more efficiently disseminate and commu-
nicate information and also the wielding of cyber weapons that allows for anonymous
transnational attacks against newly vulnerable targets.
While research on technology-facilitated terrorism has increased (Archetti, 2013;
Mair, 2017; Rudner, 2017), only a handful of papers have incorporated empirical anal-
yses of cyberterrorism (Canetti et al., 2017; Gross et al., 2016, 2017; Qvortrup, 2015).
This article attempts to add to the dearth of empirical research into cyberterrorism
(Conway, 2005, 2017; Holt et al., 2019; Zelin, 2013) by conducting a systematic anal-
ysis of the relationship between actors and victims in cyberterrorism, resulting from
increased use of technology and cyberspace to plan, execute, monitor, and evaluate the
results of their attacks. Developing an understanding of the relationship between
offenders and victims in cyberterrorism cases would contribute a great deal to the
criminological literature and also to policy makers, national security officials, and the
wider public. To do this, we introduce a novel “Global Cyberterrorism Dataset” that
provides comprehensive data on dozens of cyberterror attacks attributed to Al-Qaeda
and Islamic State of Iraq and al-Sham (ISIS) between 2011 and 2016.
For the purposes of this analysis, we define cyberterrorism as a computer-based
attack, or threat thereof, that is intended to intimidate or coerce governments or societ-
ies in pursuit of goals that are political, religious, or ideological (Lachow, 2009). This
relatively broad definition builds on Dorothy Denning’s (2000) seminal understanding
of cyberterrorism as the “convergence of terrorism and cyberspace.” We adopt a defini-
tion that views cyberterrorism as pertaining to acts that use cyberspace as a means of
attack, as well as those that view it as the target of the attack. In light of the heated
debate over the scope and definition of cyberterrorism (Luiijf, 2014), we adopt a broad
operationalization of the phenomenon, rejecting more modern variants that suggest that
cyberterrorism must cause physical destruction (Lachow, 2009). As such, our expan-
sive construal of the phrase includes the use of cyber networks by terror organizations
to disseminate political messages, for recruitment, fundraising, and more.
This current study explores the internal dynamics and networks of terrorist groups
in cyberspace—in particular, Al-Qaeda and ISIS. Specifically, this article illuminates
how the national origins and sources of terrorists and victims are interrelated to one
another by looking through the prism of cyberterror attacks launched by these two ter-
ror groups. Using the uniquely constructed data set—“global cyberterrorism data-
set”—that includes annual data from Terrorism Reports from 2011 to 2016 (U.S.

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT