Posts Tagged ‘terrorism’

Another edited interview with a senior security official for the excellent CTC Sentinel. I realize that it has been quite a while since I wrote an actual researched article for them. Been working on one for a long time which I really need to get finished. Huge thanks to Paul and his excellent team for their work.

A View from the CT Foxhole: Robert Hannigan, Former Director, GCHQ

Robert Hannigan was Director of GCHQ, the United Kingdom’s largest intelligence and security agency and NSA equivalent, between 2014 and 2017. He established the United Kingdom’s National Cyber Security Centre (NCSC) and was responsible with military colleagues for the United Kingdom’s national offensive cyber program.  

He was Prime Minister’s Security Adviser from 2007-2010, giving advice on counterterrorism and intelligence matters. Prior to that, he worked as principal adviser to Prime Minister Tony Blair on the Northern Ireland peace process. He was awarded the U.S. Intelligence Distinguished Public Service Medal in 2017 and honored by Queen Elizabeth for services to U.K. national security in 2013.

Robert is currently Warden of Wadham College, Oxford, and European Chairman of the cyber security company BlueVoyant. He is a Senior Fellow at the Belfer Center, Harvard; Fellow of the Institution of Engineering & Technology; and Distinguished Fellow of the Royal United Services Institute. 

CTC: Shortly after you were appointed the director of GCHQ (Government Communications Headquarters) in 2014, the Islamic State declared a caliphate after taking control of large swaths of Iraq and Syria. When you retired as director in 2017, the group was well on the path to territorial defeat in Syria and Iraq. How would you describe the contribution GCHQ made to the global campaign against the Islamic State and protecting the United Kingdom from the group’s terrorism? How did GCHQ evolve to focus on the Islamic State threat, and what were the lessons learned?

Hannigan: There were two things in particular about ISIS that made it different. One was obviously the geographical hold: the fact that it had territory in northern Syria and northern Iraq—whether you want to call it a caliphate or not—which made it almost inaccessible from the ground in practice.

The other thing that made it different was generational. This was a group that understood the power of media, and particularly new media, in a way that previous Islamist extremist groups had not. Those were two big challenges. From GCHQ’s point of view, counterterrorism was at that stage the biggest single mission. There were, of course, lots of other missions, too, but [CT] was a huge investment of resources, for obvious reasons. To some extent, GCHQ was using the lessons it had learnt in Afghanistan, which had been a very strong counterinsurgency/counterterrorism effort where GCHQ had been embedded with the military. It was building on those lessons, but of course the SIGINT environment in Syria and Iraq was very different.

In Afghanistan, essentially the Allies owned the communications space, just as they owned the air space. That wasn’t the case in northern Syria, so it was a different kind of challenge. But a lot of the techniques and international cooperation had been well exercised in Afghanistan. To some extent, the first part was a traditional mission of ‘how do you disrupt and destroy a terrorist organization from its leadership downwards,’ but the second bit was genuinely new in the sense that ISIS was obviously trying to project attacks back, as well as recruit heavily from the West to travel into the caliphate. Both of those ISIS objectives, which were interconnected, were things which we needed to disrupt, and so a lot of the task was about understanding how ISIS media worked and trying to disrupt that. I cannot say how this was done from a U.K. perspective, but there is a great deal of media reporting and academic work on this available in the U.S.

ISIS were doing two things through their media campaigns. One was inspiring people and then actively grooming those they had inspired to either come to join the group or launch attacks. And both of the stages really needed disrupting. Disrupting global ISIS media was a much broader challenge, of course, but trying to prevent individual grooming and attack planning was traditional MI5 territory, supported by GCHQ. It would not be right to go into the details of how it was done, but I do not think there was anything conceptually different about how we went about doing that from disrupting traditional recruitment and attack planning. The big difference was that it was all at one remove.

I think there were two advantages [for ISIS] to having territory: one was the propaganda value and the fact that you can present, as you saw endlessly in Dabiq and the other glossy publications, what life in the caliphate was like. That gave them a romantic propaganda advantage to be able to say, ‘Here we have built this wonderful land for you, where you can live a religiously pure life.’ But it also gave them a safe place from which to mount operations, and all they needed apart from connectivity was the understanding of how to do that: How do you inspire, radicalize, and then manipulate people? So in a sense, it was a psychological campaign as much as a physical one.

CTC: How would you describe the counterterrorism cooperation between GCHQ and U.S. agencies such as the NSA as well as other members of the Five Eyesa and European allies?

Hannigan: It is incredibly close and always has been, in particular with the NSA. But I think what happened over the ISIS campaign was that counterterrorism really drove the cooperation between SIGINT agencies in Europe. Cooperation amongst European partners has always been good on particular cases, but I think the pressures of terrorism really drove that in a very constructive way. So now the SIGINT agencies are [working] closer together, probably more than they have ever been as a result of terrorism, and there was very active cooperation right through the attacks in Europe and beyond, as well as cooperation with other services around the world.

Fortunately, with European partners, Brexit did not make much of a difference in terms of maintaining cooperation, partly because of the threat of terrorism; these joint efforts were too important to be damaged. Different Five Eyes partners will have slightly different relationships with different European countries. But for the U.K., the French and German relationships, for example, were very important. And the U.K.’s traditional military and intelligence relationships with the Scandinavian countries have remained very strong and strengthened in the context of Russia.

CTC: What for you have been the key lessons learned in balancing democratic liberties with intelligence gathering in counterterrorism in the 21 years since 9/11?

Hannigan: It’s always been a balance. Access to data is the key for SIGINT in particular, but probably for all the agencies, and what’s changed is that there’s been an exponential rise in the amount of data being produced by the private sector on citizens. This gives undemocratic states new possibilities to do surveillance, and it’s right that in a democratic society you need to have an active and constant debate about whether you’ve got the balance right. In the U.K., the [2016] Investigatory Powers Act was an attempt to do that after the revelations by Edward Snowden, though I think the legislation was coming anyway at the time, probably accelerated a bit by Snowden. In the U.K. context, that legislation seems to strike a balance that people are comfortable with.

It’s quite interesting that very quickly after the Snowden revelations, the debate moved on, because terrorism, then the resurgence of Russian aggression, and what the tech companies were doing with data really made what governments had access to seem quite secondary. Of course, it is very important that government should be held to a higher standard, and I think that it is a debate that needs to be had all the time, particularly as data processing and data holding in the private sector changes. But it does feel like the public debate has moved on, moved on to what companies like Facebook/Meta and the other tech companies are doing.

So I think the lesson for the intelligence community is not to be afraid of the public debate. Probably one of the mistakes made towards the end of the last century, and at the beginning of this one as the internet became available widely, was not to have that debate openly enough. Because consent is crucial to intelligence operations in democratic countries, and I think there was probably an assumption that everyone understood what was happening within this context and I am not sure people did. So one of the lessons is to get better at having that debate more often, especially as it is not a static thing and you are never going to come to a conclusion on the issue, rather it has to be a dynamic debate. Ultimately, we want the minimum necessary powers for agencies. But as the technology evolves, you have to evolve in response.

CTC: If we could pull on a few threads there, what was the impact of Edward Snowden’s revelations on counterterrorism capability, and how responsible do you think the social media platforms have been in keeping terrorists and extremist content off their platforms?

Hannigan: There was a clear reaction from terrorist groups and hostile states in particular, to the revelations, and yes, there were specific counterterrorism consequences, which at the time my predecessor Iain Lobban and his counterpart at the NSA Keith Alexander talked about.b There were things going dark that probably wouldn’t have gone dark otherwise.

With the tech companies, things have changed, but when I came into the job in 2014 I had a go at the companies1 (something that was unusual at the time). I thought they were at that point being irresponsible, and we were in a slightly ridiculous position where the agencies were having to ask a company’s permission effectively to help on particular operations. The companies would decide whether this met their threshold for what constituted terrorism, and there seemed to be something completely anti-democratic about that. For all their failings, governments at least get elected. Tech companies are not, and they do not have any expertise in this, so it is quite weird to be expecting a bunch of probably well-meaning people in Silicon Valley to make decisions about what is and what is not terrorism in a far-flung part of London.

And, to be fair to the companies, I think they felt deeply uncomfortable, too. They are money-making enterprises. Most of them are effectively advertising companies, if we are honest; Meta is a massive advertising company, and so was part of Google. That is their business, and they did not really want to be drawn into CT, which is where the narrative about them being neutral conduits and just platforms with no editorial control came from. I think they actually believed that narrative, and they really did not think they were enabling terrorist activity.

I think over the years—under public pressure but also as a result of terrorism and other serious crime—they have realized that they are not neutral and they have to take some kind of position on this, and they have to find a better way of doing it. Every major country is now looking at legislating on this; in the U.K., through the Online Safety Bill.c The manipulation of democratic institutions and elections has accelerated the feeling that we have to do something and put even more pressure on the tech companies.

So it does look very different now from when I said those things about ‘big tech.’ It was unfashionable to have a go at tech companies back in 2014; now everybody piles in and, if anything, it is a little one-sided. I think they are, on the whole, trying to address the problems, with varying degrees of success. But nobody quite has the answer. We know in the West that we do not want state control of these things, but neither do we want an unregulated private sector-driven landscape.

CTC: GCHQ has long been associated with signals intelligence. But in recent decades, there has been an information revolution with deep implications for intelligence gathering and analysis. Not only is there vastly more information (and dis- and mis-information) to sift through than ever before but open-source intelligence has become much more important and “the government’s ability to collect and analyze information is nowhere near dominant compared to what it used to be.”2 How have and should agencies like GCHQ be adapting? How important is AI and machine learning (ML) in this new era? Given “secret agencies will always favor secrets,” and given the calls for an open-source agency to be set up in the United States,3 does the United Kingdom now need a dedicated open-source agency, a new sort of BBC Monitoring?

Hannigan: Well, it’s interesting you mentioned BBC Monitoring as the Americans had the Open Source Center, which was a much larger version of that. It has now changed and become the Open Source Enterprise.d It was taken very seriously by the U.S. and did a great job. As does BBC Monitoring, though it has gradually been pared down over the years, and in any case was traditionally more focused on broadcast media than on new media or social media.

[Dis/mis-information] is a huge challenge but is highlighted not so much by terrorism but by the attempts to subvert democratic processes by Russia. The U.K. and lots of countries were really caught napping here because there wasn’t any structural part of government whose responsibility was to monitor this. There were two reasons for this, I think. One is that the secret agencies have a lot of other things to do—countering terrorism, for example—and have limited resources. But secondly, it’s very uncomfortable for intelligence agencies to be doing open-source monitoring, particularly where social media is concerned. There is something instinctively difficult about secret agencies looking at mass social media use. The idea [of having] GCHQ or MI5 all over everybody’s Facebook accounts smacks too much of a surveillance state and would be unacceptable in a democratic society.

As a result, for both those reasons, lots of governments, including the U.K., have shied away from looking at this and attempted to do it in a tactical, well-meaning but arguably ineffective way in the Cabinet Officee or somewhere like that, where they are trying to get a small group of people to have a look at this information flow.

To me, the answer has to be a better use of the private sector. Most of this open-source material is being generated by the private sector. Look at Ukraine and the low-orbit satellite imagery that is being generated; it’s absolutely phenomenal, better in many cases than the military equivalent and available in theory to everybody. [The same applies to] the monitoring of social media trends. So I think the answer has to be government agencies using [private sector-generated data and analytics] better.

There are still lots of datasets that are secret, of course, and there are statutory-based accesses to data, which other people don’t have outside government. Focusing on that and what is genuinely secret and hidden is a much better use of agency time.

The real advantage comes from washing the secret and the open-source data together. In other words, you are, as a secret agency, doing your secret thing but you’re also washing that against the results of open source, and that’s where you get something particularly valuable and that’s where you ought to be able to spot some of the things we failed to spot: for example, Russian intervention in elections. But if I am honest, I do not know how much progress Western governments have made on this. The U.S. probably comes the closest because they have invested in it, but I think most governments have just danced around it, partly for resource reasons, but also because it is politically and ethically a very difficult area.

The answer is probably to use the private sector mechanisms that are there already and that are quite open; there are NGOs like Bellingcat that are already doing some extraordinary work in the public domain. They are not the only ones; there are plenty of academic NGOs and journalistic organizations who are doing really interesting work here and it is every bit as good as what governments do. So I do not think we need some huge new bureaucracy in government to look at open-source material; rather, we should synthesize what is already out there and use it intelligently with the secret insights that agencies generate to deliver some more effective results.

CTC: Another key part of this, which brings in the private sector, is encryption, and you regularly hear from politicians and serving security officials that end-to-end encryption is a danger that protects, among others, terrorists. What is your sense of the counterterrorism concerns around this?

Hannigan: The GCHQ view on this has always been slightly unusual because GCHQ is an agency that delivers strong encryption and, indeed, in the 1970s was involved in inventing some of the strongest encryption that is currently in use. So we think encryption is a good thing. It protects everybody—protects governments and protects business. I have always resisted the temptation to say encryption is bad somehow, and law enforcement and government should be given the key to everything, partly because I do not think that would be healthy and partly because it’s not practical. You cannot uninvent end-to-end encryption. It is a mathematical invention; it’s not something you can suddenly say is not going to be there.

What you have to do is keep it in proportion. Yes, it is misused by criminals and terrorists, but it is predominantly used by honest citizens and businesses who are protecting themselves, so we shouldn’t let the security tail wag the dog. As always, criminals and terrorists will use good technology for bad purposes. There are some ways around this. One is to work with the companies, as they themselves have offered to different degrees to do things that are short of decryption because, of course, they cannot decrypt it themselves if it’s genuinely end-to-end, but there are things they can do to help with the data around it. It is probably not helpful to go into the details here, but they themselves have said it is not all about the content.

Better relations between the companies and governments help. And there are some macro proposals that have been put out there but so far they have not found favor with the privacy lobby in the United States. And whatever you do, you will always have criminals who will use something else, move away from the big platforms and use something different, so you might just end up pushing the problem elsewhere. You already see a bit of that now, with, for example, a lot now coalescing around Telegram and away from some of the traditional Western platforms.

The short answer is that there is not an easy answer. And efforts should be focused on particular targets rather than trying to do anything at scale. I know some law enforcement people still hanker after large-scale solutions, but there is, frankly, no way that companies are going to give any kind of blanket access to law enforcement or governments in the future. And I cannot see any legislation that would actually compel them to do it. Of course, there are some countries that ban end-to-end services, for this reason. But I cannot see democracies agreeing to that, and I think it would be disproportionate. The task for the agencies in cooperation with the companies is to go after specific targets and help each other do that, where there’s general agreement that these are legitimate targets.

CTC: In July, FBI Director Chris Wray and MI5 Director Ken McCallum did a series of events in London in which, among other things, they identified the lone-actor threat as the heart of the terrorist threat both faced.4 Would you agree with this assessment, and how do you characterize the journey of how we got here?

Hannigan: They are much more current than I am on this, but it has been a trend for a while. In fact, it was ISIS and [Abu Bakr] al-Baghdadi himself that promoted the lone-wolf idea and propagandized it through their various channels, so it’s not unexpected. It was a perfectly logical response to better intelligence and law enforcement disruption because it’s extremely difficult to spot, disrupt, and prevent genuine lone actors. The thinking of the al-Baghdadi model was ‘we don’t need to control this. We do not even need necessarily to know who you are; if you go out and do something for ISIS, then you are part of the struggle.’ That’s quite a new departure for terrorist groups. They have always tended to be control freaks: The study of terrorist bureaucracy and leadership is instructive. By contrast, ISIS was crowdsourcing in quite an innovative way. The demise of the ‘caliphate’ made the lone wolf approach even more compelling for ISIS.

I would not write off organized terrorism in the future; I think there’s plenty of evidence that it has not gone away, but lone-actor terrorism does seem to be the trend at the moment and the thing that is hardest for agencies to spot. All I would say is, if you look at the lone wolves who have been successful or mounted successful attacks in a number of countries, they are very rarely completely ‘lone’ or completely unknown to their government agencies. And so it comes back to the age-old problem of prioritization. Most of them appear amongst the ranks of the many thousands of people of interest to police and law enforcement and intelligence agencies, and probably the task is to use data better to prioritize better.

Some of the criticisms around, for example, the London Bridge attacksf were about failures to do that and failures to use data better to understand where the priorities are and where the tipping points are. But all of this is very easy to say and very difficult to do, and it is never going to be [got] completely right. It is a constant struggle for MI5 in particular, but for all agencies to prioritize out of the thousands of people who might be a worry, who are the ones that you need to focus on now, and deploy your very, very limited surveillance resources on, because we all know how much it costs and how difficult it is to do.

But the reality is that even lone wolves usually display behavior and patterns of life [notwithstanding encrypted communications and the end-to-end problem] that says something about them; they are in touch with other people, even if they’re not involved in joint attack planning. The challenge has to be to use data to try to work out when they have reached a tipping point. You will never be successful 100 percent of the time, but it’s about trying to raise the percentage of success.

CTC: Not only does the West currently face the challenge of Russian aggression in Ukraine, but Directors Wray and McCallum identified China as the biggest long-term national security threat.5 Given the shift in resources on both sides of the Atlantic to great power competition, is there a danger of counterterrorism being underfunded? Where do you see the intersections between great power competition and counterterrorism?

Hannigan: It is a perennial problem of governments that you veer from one crisis to another, and [then] something has to be deprioritized. We have seen what happened after we deprioritized Russia after the Cold War. The ambition should be to try to reduce investment in particular areas without giving up your core capability and eroding the skills and knowledge that you have had on that subject. This applies to counterterrorism, too, because the threat hasn’t gone away.

It is clearly right to focus on China and Russia. When I started at GCHQ, I said I thought the two big challenges for the next 50 years in the West were managing a declining Russia and a rising China. We are seeing the declining Russia problem in the lashing out, and the nationalism, and the economic failure to reform, and the kleptocracy that has emerged as a result. We are experiencing that in Ukraine, and it’s a big challenge to confront and contain it, but I think it is a much easier challenge than a rising China, which is a complex mixture of opportunity and challenge. But there is a lot of threat there as well, as Wray and McCallum rightly said. So we should be focusing on that, and it is the right top priority, but that doesn’t mean we can neglect CT. There will have to be a difficult discussion about to balance resources. Quite a lot of the great power strategy is outside the remit of agencies. A lot of it is about industrial policy, investment decisions, and regulation. Regulating Chinese tech and Chinese tech ambition is not core intelligence work, so it doesn’t all fall on the agencies.

On the question of crossover, that is a potential worry because states obviously have used all sorts of proxies in the past. In the cyber world, they use criminal groups. And they have also used terrorist groups as proxies. It is not hard to imagine that in the future, they will do the same again to put pressure on Western countries either by using terrorist groups in whichever part of the world the conflict might be taking place, or even to target us at home. I do not know that we’re seeing a sudden upsurge in that yet, but it is certainly a concern for the future, and the more desperate a country like Russia gets, the more likely it is to be happy to foment that.

CTC: You led the creation of the United Kingdom’s National Cyber Security Centre (NCSC), oversaw the country’s pioneering Active Cyber Defense Program, and helped create the United Kingdom’s first cyber security strategy.6 When it comes to cyber, much of the concern has focused on state actors such as China as well as criminal groups and the threat to critical infrastructure. How would you characterize the cyber threat posed by terror groups, including jihadi terror groups? Have we yet seen a cyber terror attack?

Hannigan: There have always been great scare stories about this, partly because the media loves the idea of cyber terrorism and terrorists being able to take down an entire infrastructure or electricity grid or something. Whether we have seen it or not depends on how you define it. You could say Hezbollah [cyber] attacks against Israel are cyber terrorist attacks.g You could say that Iranian attacks on water treatment plants in Israelh are a potential attack by a nation-state designed to instill terror.

So, it is certainly not unimaginable, but cyber is not necessarily the best weapon for terrorists to use. Firstly, it does require quite a degree of long-term commitment and knowledge. And terrorists in the past have been rather traditional in wanting spectaculars of one sort or another, so their mindset may not be geared towards it. This may change with the new generation. We certainly saw that with [their ability to exploit] social media, so there is a logic to saying, ‘Well, they might get good at this in the future.’ It has also got much cheaper and easier to do because [the technology] is something you can now buy as a service or commodity and use it. So, the trajectory suggests that it ought to be easier to do cyber terrorism in the future.

The other point, though, is that while you can disrupt things and you can make people’s lives difficult [through cyber-attacks], it is quite difficult to do destructive activity that is really long lasting. Having said that, I did notice that one of the American consultancies on tech that issues reports every so often, and is usually quite a cautious organization, projected that by 2025 operational technology would be weaponized to cause death.7 They were certainly thinking of nation-states rather than terrorists, but the fact that they were saying this is interesting.

These kinds of destructive cyber effects will be accidental for the most part. The first cyber homicide that I can think of is the case in Germany two years ago where a woman was being transferred to a hospital that had been paralyzed by ransomware and so she was diverted to another hospital and died on the way. German police decided to treat this as cyber homicide.8 Those sorts of things—ransomware out of control—might well cause people’s deaths, either through interfering with operational technology that is running power, water, or healthcare, or just by accident. But all of that is more likely than a planned cyber-terrorist event. But it is not unimaginable, and it is not unimaginable for the nation-state to find it convenient to false flag something [it has perpetrated against an adversary], to mask a cyber attack as a terrorist attack. We have, of course, seen the Russians doing that in their [2015] attack on [the French television station] TV5,i which they flagged as a terrorist attack.9 So cyber terrorism is not unimaginable but probably not top of the list of worries at the moment.

CTC: In the September 2021 issue of CTC Sentinel, former acting CIA Director Michael Morell assessed that following the Taliban takeover of Afghanistan, “the reconstruction of al-Qa`ida’s homeland attack capability will happen quickly, in less than a year, if the U.S. does not collect the intelligence and take the military action to prevent it.”10 It’s been a year since the Taliban assumed power. How do you assess the international terror threat from jihadi groups operating on its soil?

Hannigan: My biggest concerns are, do we know what the threat is and how would we know if it is growing? We have lost most of our insight into what’s going on in Afghanistan, for all the obvious reasons, and the biggest worry is we simply won’t see a problem—from ISIS in particular but also al-Qa`ida—until it’s well formed and mature. Now, I may be wrong; maybe we have great insight. But I have not seen it, and I doubt it is actually there. The successful U.S. attack on al-Zawahiri this summer seems to me to be about a determined long-term manhunt: It does not imply great understanding of Afghanistan in general. In addition, there are so many other things going on in the world that even if we had some insight, I doubt it’s top of the list for most governments. So I think it is a real concern from an intelligence point of view as to who actually knows what the CT threat emerging or growing in Afghanistan is, and how much of it might be projected outwards. Most of it is currently focused internally, but these things have a tendency to get externally directed over time.

CTC: According to the 2021 U.K. government integrated review, “It is likely that a terrorist group will launch a successful CBRN attack by 2030.”11 In the wake of the COVID-19 pandemic, what is your assessment of the CBRN terror threat?

Hannigan: It is a bigger worry to me than cyber terrorism by a long way. Partly because organizations have seen the chaos you can cause through CBRN, and whether it’s pandemics, chemical weapons in Syria, or the near disasters in Ukraine through radiological mismanagement during the war, there must be people thinking, ‘Well, if I want to cause an enormous amount of suffering and disable a country, this is a better route to go.’ A key problem is that the global instability tends to make the control of the substances more difficult. We have been pretty effective [in past decades] in having organizations like the OPCW [Organisation for the Prohibition of Chemical Weapons] that could control and monitor the materials you need to conduct such an attack. However, in a world of chaotic great power relationships, that gets much harder, and so the opportunity to get hold of this material, or to manufacture it, becomes easier. Afghanistan is one of those places where we have seen in the past, and could certainly see in the future, terrorist programs to this end. It is certainly a bigger worry to me than cyber terrorism.

CTC: Given the strong nexus to far-right extremism of Russian paramilitary groups involved in the fighting in Ukraine and given the history of such ties also on the Ukrainian side,12 do you see any terrorist or foreign fighter threat emanating from the war in Ukraine?

Hannigan: One of the lessons we should learn from ISIS is relevant to this discussion. One of the reasons the lone wolves or more often the small groups who were effective in launching attacks—for example, in [Paris in November] 2015—were so effective was that they were battle-hardened and they knew what to do. They knew how to withstand firefights. They were not just ideologically hardened; they actually had battlefield experience. You have to assume that the same could be true of other kinds of extremists returning from any conflict. We have seen similar things emerging from Chechnya in the past as well. It seems plausible that the many current theaters of conflict may produce battle-hardened and radicalized individuals.

CTC: What is your assessment of the current security outlook in Northern Ireland?

Hannigan: We obviously underestimated, in around 2007, the resilience of dissident Republicanism, and I think that was partly because nobody foresaw the economic downturn. People assumed that there would be a great tidal wave of economic benefits and a peace dividend for lots of communities that did not materialize. But you cannot just pin it all on economics. There is a cyclical side to Republican violence in Irish history that is unlikely to ever go completely away, but the problem now is that the politics can get destabilized relatively quickly. I do not foresee a sudden return to violence, but I think the more the politics frays, the more instability there is, and the more you tinker with what was a political settlement that everybody could just about buy into, the more you run the risk of the fringes becoming violent again. And all of this might start successfully radicalizing young people. It was never a particular concern that the older generation of dissidents were still there—diehards who never signed up to the peace process and were never going to change their minds—but what was concerning was young people being recruited in their teens and 20s into dissident activity. That’s much more worrying. It is the key thing you have to guard against for the future. And clearly, the best way to do that is through political stability and political progress.

CTC: What were you most proud of in your work in counterterrorism? From a CT perspective, what worries you most today?

Hannigan: I am very proud of what GCHQ did in preventing attacks in the U.K., with MI5 and others. Most of those are not seen because they are prevented, but that was great work that I do not take any personal credit for, but was done exceptionally well. Personally, the thing I found most rewarding in counterterrorism was in Northern Ireland because this was a domestic threat where pretty much all the levers were in the U.K.’s hands—security and intelligence, economic and political. It was probably the last time that the U.K.’s top national security threat, as it was then, was a domestic one. It taught me a lot about terrorism, not least through talking to members of the Provisional IRA and other organizations, which gave me a greater understanding of how terrorist organizations think and work, and how individuals are motivated. In the end, it was, over a 30- to 40-year period, a successful process. There were, of course, mistakes, but it was a good marriage of security policy and political process, that addressed the underlying causes of the Troubles and, partly through good CT work, created space for politics to work.

I do not think Islamist extremism has gone away and the rise of the extreme-right is clearly a concern, but terrorism will continue to bubble up in all sorts of areas that may not yet have been predicted: where people feel either disenfranchised or disadvantaged, or feel that their identity is threatened. In a chaotic international environment, where outrage can be generated and manipulated on a larger scale than ever before, not least through technology, there will be more of this, and it will be more unpredictable. Right-wing extremism is just the latest [threat to gain prominence], but in reality, it has been around a long time. I suspect there may be all sorts of new causes, and people may resort to violence more quickly than they did in the past.     CTC

Substantive Notes
[a] The Five Eyes (FVEY) is an intelligence alliance of Australia, Canada, New Zealand, the United Kingdom, and the United States.

[b] Editor’s Note: In a November 2013 hearing before the UK Parliament’s Intelligence and Security Committee (that provides oversight of the UK’s intelligence agencies), Sir Iain Lobban revealed “we have actually seen chat around specific terrorist groups, including close to home, discussing how to avoid what they now perceive to be vulnerable communications methods or how to select communications which they now perceive not to be exploitable.” “Uncorrected Transcript of Evidence Given By, Sir Iain Lobban, Mr Andrew Parker, Sir John Sawers,” November 7, 2013.

[c] Editor’s Note: The Online Safety Bill is a wide-ranging piece of legislation currently under consideration by the UK Parliament that will provide government with powers to regulate online content, as well as impose large fines on companies for failing to fulfill their responsibilities. The draft bill under consideration was submitted in May 2021 and can be found at

[d] Editor’s Note: In October 2015, the Open Source Center (OSC) was “redesignated the Open Source Enterprise and incorporated in CIA’s new Directorate of Digital Innovation. The Open Source Center, established in 2005, was tasked to collect and analyze open source information of intelligence value across all media – – print, broadcast and online. The OSC was the successor to the Foreign Broadcast Information Service (FBIS), which gathered and translated world news coverage and other open source information for half a century.” Steven Aftergood, “Open Source Center (OSC) Becomes Open Source Enterprise (OSE),” Federation of American Scientists Blog, October 28, 2015.

[e] Editor’s Note: The Cabinet Office is a central U.K. government function that supports the Prime Minister and his Cabinet, drawing on input from across government to help deliver on policy goals.

[f] Editor’s Note: On June 3, 2017, three terrorists launched a knife and van ramming attack on London Bridge and in the nearby area of Borough Market, murdering eight before dying themselves. On November 29, 2019, Usman Khan, a formerly incarcerated terrorist attacked and murdered two people at an event at Fishmonger’s Hall, before being shot by police on the nearby London Bridge. In both attacks, subsequent investigations revealed that authorities were aware of the individuals and may have failed to prioritize the level of threat that they posed. For more on the 2017 attack, see the inquest page at and the 2019 attacks, its own inquest page at

[g] Editor’s Note: For instance, “over the past decade, companies in the US, UK, Egypt, Jordan, Lebanon, Israel and the Palestinian Authority have been targeted by a hacker group called ‘Lebanese Cedar’, also known as ‘Volatile Cedar,’ which seems to be linked to Hezbollah, ClearSky Cyber Security announced” in January 2021. Tzvi Joffre, “Israel targeted by Hezbollah hacker group, remained unnoticed for 5 years,” Jerusalem Post, January 28, 2021.

[h] Editor’s Note: Iran reportedly attempted to trick computers to increase chlorine levels in the treated water for residential areas during an April 2020 cyberattack against Israel’s water systems. Mehul Srivastava, Najmeh Bozorgmehr, and Katrina Manson, “Israel-Iran attacks: ‘Cyber winter is coming,’” Financial Times, May 31, 2020.

[i] Editor’s Note: In April 2015, TV5 Monde was taken off air in an attack carried out by a group of Russian hackers. It was reported that they “used highly targeted malicious software to destroy the TV network’s systems.” An Islamic State-linked group going by the name the Cyber Caliphate had first claimed responsibility. Gordon Corera, “How France’s TV5 was almost destroyed by ‘Russian hackers,’” BBC, October 10, 2016.

[1] Editor’s Note: Robert Hannigan, “The web is a terrorist’s command-and-control network of choice,” Financial Times, November 4, 2014.

[2] Don Rassler and Brian Fishman, “A View from the CT Foxhole: Amy Zegart, Senior Fellow at the Hoover Institution and Freeman Spogli Institute for International Studies, Stanford University,” CTC Sentinel 15:1 (2022).

[3] Ibid.

[4] Gordon Corera, “Terrorism: Lone actors make stopping attacks harder, say FBI and MI5 chiefs,” BBC, July 8, 2022.

[5] Gordon Corera, “China: MI5 and FBI heads warn of ‘immense’ threat,” BBC, July 7, 2022.

[6] National Cyber Security Strategy 2016 to 2021, HM Government, November 1, 2016.

[7] Editor’s Note: “Gartner Predicts By 2025 Cyber Attackers Will Have Weaponized Operational Technology Environments to Successfully Harm or Kill Humans,” Gartner press release, July 21, 2021.

[8] Editor’s Note: See Joe Tidy, “Police launch homicide inquiry after German hospital hack,” BBC, September 18, 2020.

[9] Editor’s Note: “Hacking of French TV channel was ‘terror act,’” Local (France), April 9, 2015.

[10] Paul Cruickshank, Don Rassler, and Kristina Hummel, “Twenty Years After 9/11: Reflections from Michael Morell, Former Acting Director of the CIA,” CTC Sentinel 14:7 (2021).

[11] Global Britain in a competitive age: The Integrated Review of Security, Defence, Development and Foreign Policy, HM Government, March 2021.

[12] Don Rassler, “External Impacts and the Extremism Question in the War in Ukraine: Considerations for Practitioners,” CTC Sentinel 15:6 (2022).

A short piece for the Financial Times looking forwards on how terrorism might evolve and melt into the wider greater great power conflict that currently consumes international affairs.

Terrorism fused with great power conflict may be the west’s next challenge

Some countries such as Iran persist in using armed proxies to advance their goals

Veteran al-Qaeda leader Ayman al-Zawahiri was killed by a drone strike on a safe house in Kabul

The writer is senior fellow at the S Rajaratnam School of International Studies

Terrorism is the past and the future is great power conflict. In a moment of nearly perfect public narrative, the death of al-Qaeda leader Ayman al-Zawahiri was almost entirely overshadowed by the visit of US House Speaker Nancy Pelosi to Taiwan. Yet the risk is that we miss how the two problems can become entangled and make each one worse.

As national security agencies turn their focus to states, they will inevitably deprioritise terrorist threats. Yet the shift is unlikely to be as tidy as this suggests. Even more worrying than the risk of paying less attention to terrorist groups is the potential for the two threats to interact with each other. In a worst-case scenario, great power conflict might make global terrorism worse.

The use by states of terrorist groups as proxies is not new. Iran has a long history in this regard. Hizbollah in Lebanon is the largest of numerous proxies that Iran has used to attack its adversaries. In recent years, Tehran has become more overt about using terrorist tactics directly itself.

In July 2018, an Iranian diplomat was arrested in Germany alongside a pair of Iranians in Belgium for planning to bomb a high-profile dissident rally in Paris. Rudy Giuliani, Donald Trump’s former lawyer, and several British MPs were due to attend the event. This month, the US Department of Justice charged a member of Iran’s elite Revolutionary Guards with directing agents in the US to murder John Bolton, Trump’s national security adviser.

Tehran may be the most blatant about it, but it is not the only power to use such groups or engage in such plots. Moscow’s hand can be seen behind some extreme-right terrorist networks in

Europe. India detects Chinese intelligence playing in the shadows of some of its domestic conflicts. India and Pakistan have honed the art of manipulating such groups against each other, and sufunderlying fered the blowback as a result. Furthermore, all these powers see supposedly all-powerful western intelligence agencies lurking behind various networks and plots that they perceive as threats.

The second risk comes from how the war on terrorism has been pursued around the world. As the west grows frustrated with longstanding counterterrorism campaigns in distant places, resources have been pulled back or withheld. Clearly, some capability is retained, but in certain places a vacuum has emerged and Russia has frequently filled it. Private security group Wagner has stepped in to bolster local authorities and launch offensives in the name of counter-terrorism. It is questionable how much this helps. It often appears as though these campaigns exacerbate the anger that creates the terrorist groups in the first place.

Mali is the most obvious example, with the situation escalating to the point that the country’s government is now accusing France – a previous leader in providing counter-terrorism support – of working with jihadis. At the same time, Wagner is celebrated in the streets of Bamako, the capital. But Wagner forces have also been deployed in the Central African Republic, Libya and Mozambique, all places suffering from terrorism that the west has failed to address or is not focusing on.

According to one view, it is a relief to have someone else deal with such problems. But the risk is that they are only making the situation worse, or that they may try to manipulate groups on the ground to their own ends, with little regard for any backlash that might strike the west. Or, this could be their intention.

The other side to this shift in attention is that taking pressure off terrorist groups may end up with no one focusing on them. We do not really know whether the reason we are now seeing a lowered terrorist threat is because the threat has gone down or because of the pressure that was on it.

The exact nature of how threat and response play off against each other is poorly understood. But just because we have stopped worrying about a problem does not mean it no longer exists. It is hard to say with confidence that any of the underlying issues that spawned the international terrorist threat have been resolved. Some analysts think they have grown worse.

Twenty years of conflict have changed the international terrorist threat that we face. But it has not gone away, and in a nightmarish twist it may start to fuse with the great power conflict we find ourselves locked into. The world has a habit of throwing multiple problems at us. In a growing world of threat, disinformation, proxies and opacity, terrorist groups offer a perfect tool. The west may one day rue the fact that it no longer has the relative clarity of the early years of the war on terror.

More catch up on previous events, this time an interview with La Repubblica in the wake of the death of al Qaeda leader Ayman al Zawahiri.

Al Zawahiri, Pantucci: “La leadership di al Qaeda è stata completamente decimata”

di Enrico Franceschini

“Un successo dell’intelligence Usa. La minaccia del terrorismo non scompare ma il gruppo dirigente responsabile dell’attentato dell’11 settembre è stato eliminato”, dice l’esperto di terorrismo del Royal United Services Institute

Al Zawahiri, Pantucci: "La leadership di al Qaeda è stata completamente decimata"

Eliminare al Zawahiri chiude un capitolo nella storia di al Qaeda, anche se il libro del terrorismo rimane aperto”. È il giudizio di Raffaello Pantucci, esperto del Royal United Services Institute, il più antico think tank per i problemi della sicurezza, autore del saggio We love death as you love life (Noi amiamo la morte come voi amate la vita), un’inchiesta sui terroristi della porta accanto in Gran Bretagna, e uno dei massimi specialisti in materia. “Ora la leadership di al Qaeda è stata completamente decimata”, dice in questa intervista a Repubblica.

Come giudica l’operazione annunciata dalla Casa Bianca, Pantucci?
“È chiaramente un successo dal punto di vista americano. Dimostra la capacità di eliminare un capo terrorista in un luogo ostile in un momento scelto da Washington con la garanzia di poter ricorrere ai droni, quindi con la certezza di colpire la persona giusta. Per Osama bin Laden, l’America dovette mandare i commandos delle forze speciali, perché non era sicura della propria intelligence. Stavolta invece sì, significa che l’intelligence è migliorata”. 

Che conseguenze avrà nella lotta al terrorismo?
“A mio parere chiude un capitolo su al Qaeda. La minaccia del terrorismo non scompare e può sempre riemergere in qualche modo, la rabbia contro l’Occidente rimane, però il gruppo dirigente responsabile dell’attentato dell’11 settembre e di tanti altri ha perso il suo centro, è stato decimato. Il libro del terrore è ancora aperto, ma un capitolo sembra chiuso”.

Recentemente Al Qaeda aveva rialzato la testa?
“Non in termini di attentati specifici, ma negli ultimi tempi era cresciuta la retorica, Zawahiri lanciava minacce all’India e ad altri paesi, incitava a continuare la lotta, sostenendo che il ritorno al potere dei talebani in Afghanistan dimostrava che si poteva sconfiggere l’Occidente”.

Zawahiri aveva appunto ottenuto rifugio a Kabul, proprio come bin Laden: in Afghanistan allora dal 2001 a oggi non è cambiato niente?
“Sembrerebbe proprio così, purtroppo, ma la presenza di Zawahiri era già stata segnalata in luglio da un rapporto dell’Onu, il che vuol dire due cose: o la sua presenza non era un segreto ben tenuto o tra i talebani c’era chi aveva interessa a rivelarla. L’impressione è che i talebani di oggi siano più divisi, e con più problemi al proprio interno, rispetto a quelli andati al potere vent’anni fa: questo è cambiato”. 

Le uccisioni mirate, da parte americana e non solo, suscitano critiche: sono un’opzione valida nella lotta al terrorismo?
“Io sono del parere che in assoluto sarebbe meglio catturare i terroristi e processarli. Ma stiamo parlando di gente che vive in nazioni ostili, aiutati o protetti dal governo locale e talvolta sarebbe impossibile catturarli. Nel caso di Zawahiri, inoltre, non sembrano esserci stati danni collaterali. Nell’agosto di un anno fa, l’America rispose al grande attentato all’aeroporto di Kabul con un attacco che doveva eliminarne gli autori ma, come si è poi saputo, colpì e uccise per errore una famiglia innocente. Stavolta gli Usa erano sicuri di non sbagliare”. 

Si dice che morto un capo se ne fa un altro, ma eliminarli ha anche un valore deterrente?
“Sospetto di no, come deterrenza non funziona se ci sono militanti altrettanto fanatici. Ma funziona nel danneggiare un gruppo terroristico: un leader ha conoscenza e carisma. Una volta eliminato il capo, non è facile trovarne un altro con le stesse capacità”. 

Azioni del genere fanno alzare i consensi verso il leader che le ordina, almeno per un po’: il presidente Biden avrà agito anche con un occhio al voto di mid-term?
“Non credo. Certo, esiste sempre l’idea che, se un leader ha problemi interni, un’azione in politica estera può distrarre l’opinione pubblica e rilanciare un politico facendolo apparire forte e determinato. Ma a parte che le elezioni di mid-term sono ancora lontane, operazioni di questo tipo richiedono una lunga preparazione e coinvolgono forze speciali e intelligence. Sono questi ultimi a dire al presidente quando è arrivato il momento di agire, non il contrario”.

In generale a che punto è la minaccia del terrorismo islamico ?
“Dipende dove sei. In Africa la minaccia è piuttosto acuta. In Medio Oriente e in Asia esiste ancora, particolarmente in Siria, in minor misura in Iraq, in Pakistan. In Europa è per lo più rappresentata dal fenomeno dei lupi solitari, alcuni ispirati dalle idee di organizzazioni come l’Isis e al Qaeda ma spinti ad agire anche per altri problemi che hanno nella vita, per attirare attenzione su sé stessi. E negli Usa la più grande minaccia ora è il terrorismo domestico, le stragi e le sparatorie compiute da fanatici di estrema destra”.

Visto che Zawahiri era il capo di al Qaeda, quanto è serio il rischio di un attacco di grandi proporzioni come quello dell’11 settembre 2001?
“Non è del tutto impossibile, però oggi è molto più difficile che in passato. Al Qaeda è seguita e scrutinata intensamente dai servizi di intelligence e antiterrorismo. Altri gruppi puntano i loro attacchi su obiettivi più regionali, in Africa o in Medio Oriente. Organizzare un attentato contro l’Occidente sulla scala dell’11 settembre richiede un livello di preparazione che adesso sarebbe molto difficile da nascondere. Ciò non esclude che qualcuno ci provi o speri di provarci, per cui la guardia va tenuta sempre alta”.

A longer report I have been working on for some time which builds on work about the terrorist threat in the UK as part of a series run by the German foundation the Konrad Adenauer Stiftung looking at the state of the terrorist threat in Europe in general. Have another big piece on this have been working on forever, just need to find time to finish. The entire report is available free online as a good looking PDF, so am not going to re-post in its entirety here, but will put the executive summary to give you a taste.

Jihadism in the United Kingdom

The UK’s jihadist terror threat picture has evolved compared to the 2000s, when the UK was a key target of al-Qaeda, and even more since the collapse of ISIS’s caliphate in 2017. That year, in fact, marked something of a recent apex which has heralded a period of regular lone actor plots – some of which demonstrate an inspiration from ISIS, but others where it is unclear. This paper seeks to better understand this transformation and the evolution of the threat in the UK, as part of the “Jihadist Terrorism in Europe” series published by the Konrad Adenauer Stiftung in which renowned experts analyse the current state of the jihadist threat in various countries, as well as the related counter-terrorism strategies and political debates.

In the present study, Raffaello Pantucci looks at the UK, which most recently in January 2022 saw a radicalised British national launch an attack against a synagogue in Texas in advance of the attempted liberation of Dr Aafia Siddiqui, the long-jailed female al-Qaeda member serving a lengthy sentence in a nearby jail.

› Although the UK jihadist threat has not produced any large-scale attacks recently, it has consistently produced lone actor plots.

› The paper outlines how the current threat links back to the past, and in particular the dangers posed to the UK by the reemergence of a Taliban-controlled Afghanistan.

› The UK also still has a lingering problem of foreign fighters who went to Syria and Iraq. Passport deprivation – a preferred Home Office method of dealing with such cases – has not eliminated the problem but simply displaced it. Some individuals are still trying to return home, while others remain in Turkish or insecure Levantine jails.

› Authorities in the UK have consistently focused on trying to manage the threat through greater internal coordination.

› Larger problems around extremism continue to fester, though the degree to which they are linked to the jihadist threat remains unclear.

› The biggest problem for the UK is managing a problem which never seems to be entirely resolved, but only seems to grow in unpredictable and confusing ways, creating new cohorts of problems for authorities to manage. This, along with the growing problem of the extreme right wing, as well as sectarianism amongst South Asian communities points to a set of issues which will continue to trouble the UK.

Some time ago, the UK’s Parliamentary Intelligence and Security Committee (ISC) published a report which provided an evaluation drawing on intelligence community thoughts and assessments about the nature and scale of the extreme right-wing threat in the UK. Its main recommendation seemed to be the security services needed more capability to manage this threat, which seemed dissonant to me with the wider discourse about the threat at the moment. Inspired I wrote the following for my UK institutional home, RUSI.

Extreme Right-Wing Terrorism in the UK: How Concerned Should We Be?

Worrying trends: the scene of a terror attack near Finsbury Park Mosque, London on 19 Jun 2017. Image: WENN / Alamy

A recent report indicates some worrying trends in extreme right-wing terrorism in the UK, but also highlights how the threat can sometimes be a product of its response.

The extreme right-wing terrorism (ERWT) threat in the UK is difficult to gauge. Often referred to as the fastest rising threat, the number of actual attacks and casualties the UK has experienced over the past decade can mercifully be counted on one hand. While attacks are a poor indicator of threat, the recent Parliamentary Intelligence and Security Committee (ISC) report on the ERWT threat in the UK shined a light on the problem and made the key recommendation that MI5 would need more resources to manage the threat. Yet it is not entirely clear what this resource growth should look like, or how acute the ERWT threat actually is.

Since April 2020, MI5 has taken on lead responsibility for managing the extreme right-wing terror threat (referred to now formally as ERWT as opposed to the previous XRW). The decision to transfer from the police was made in 2018 in the wake of reviews after the surge of terrorist attacks in 2017. While only one of these was linked to the ERWT (the murder of 51-year-old Makram Ali outside Finsbury Park Mosque on 19 June 2017), the attack came after the proscription of National Action and the murder of Jo Cox MP. The threat from ERWT seemed to be rising and required a stronger response.

According to the then independent reviewer of terrorism legislation, Sir David Anderson QC, at the time, he found a ‘lingering attachment in parts of MI5 to the notion that XRW [Extreme Right-Wing] plotting does not engage their national security function in the same way as Islamist plotting does’. He disputed this assessment, and the security establishment largely agreed, leading to the transfer of responsibility for the threat to MI5.

Yet reading the ISC report, it does not seem as though the actual threat from ERWT has notably increased in security assessments. In July 2019, MI5 is reported as saying: ‘Whilst we assess the ERWT threat to the UK is on a gradual upwards trajectory, we have not observed a significant increase in specific mobilisation or radicalisation during this reporting period, and ERWT investigations continue to constitute a significant minority of MI5’s CT [counterterrorism] casework’. This ‘minority’ was clarified by MI5’s Director General recently, who told the media earlier this month that ‘around one in five terrorism investigations in Great Britain were linked to neo-Nazi, racist ideology or other related extremism’, a rate he was reported to have said remained steady.

But the ISC report suggests that this might be a calm before the storm. It highlights research that suggests the coronavirus pandemic has materially strengthened the ERWT threat. Looking at online material, there is no doubt that the far right has adopted and absorbed narratives related to the pandemic to a greater degree than violent Islamists. In continental Europe, there has been a worrying growth in attacks, networks and plotting quite directly linking ERWT and the pandemic – the cases of Jurgen Conings in Belgium in May 2021 and a German network called the Vereinte Patrioten (United Patriots) that was disrupted in April this year highlighted some worrying trends. The involvement of serving armed forces members, the targeting of officials linked to healthcare, references to anti-vax narratives, and the wider networks around the plotters all indicated a problem that is moving in a dangerous direction. Europol’s latest annual report on the terrorist threat picture in Europe highlights how the number of attacks and plots in continental Europe has plateaued at around three per year, while the number of arrests continues to grow year-on-year.

But it is not clear how much this reflects what has been seen in the UK. There have been cases of serving police officers and soldiers being linked to ERWT groups, but these have been limited. The UK has not had to disband entire military units because of concerns about extreme right ideology as Germany has done, nor has the UK seen mobs linked in part to far-right groups attempt to storm or occupy public buildings (as seen in all other Five Eyes partners, to very different degrees). The UK has seen some hate crime and incidents such as 5G mast burnings which appear to be linked to online conspiracy theories, but these are not clear ERWT attacks.

Rather, the conclusion articulated by the ISC report, which seems to reflect the view of the wider security community, is that the threat in the UK from ERWT is for the most part dominated by Self-Initiated Terrorists (S-IT). While a number of ERWT groups have now been proscribed in the UK, only one attack has been linked to them. An interesting question raised by the ISC report is the degree to which the lone-actor threat and the ERWT threat might in fact be the same thing – or whether the ERWT threat is in large part an articulation of the lone-actor threat.

The report also highlights the significance of youth, autism spectrum disorders (ASD) and mental health issues among the ERWT caseload. While there is some internal dispute about these issues, the Homeland Security Group within the Home Office is quoted as highlighting how frontline services have reported an increase in ASD among their caseload, with a particular link to ERWT. The youth question is more obvious, with it becoming regular for very young teenagers to be arrested for ERWT offences (including most recently a 15-year-old boy from the Isle of Wight).

This poses a curious dissonance for authorities, who on the one hand have only seen actual ERWT attacks conducted by middle-aged men, while on the other hand teenagers increasingly dominate the arrest load. The question which was most recently alluded to by the Independent Terror Watchdog Jonathan Hall QC is whether these individuals are in fact simply ‘keyboard warriors’. Given most of their links and activity take place online, with few maturing to real-world plots, there is a question about the nature of the actual threat they pose – and by default, the wider threat ERWT poses if this is the majority of the arrests that are being seen.

There are also some curious aspects of the threat that are downplayed in the ISC paper, though it is difficult to draw too many conclusions on its threat assessments given the volume of redactions. Specifically, there are questions around the degree to which Russia and more recently the war in Ukraine have impacted the UK’s ERWT threat. Within the ISC report, suggestions are made about the far-right group Britain First’s connections to Moscow, but there are more worrying links out there. The Base, a proscribed organisation with deep roots across English-speaking countries, seems to be directed by an American based in Russia, while pro-Russian narratives are increasingly common among the ERWT community globally. This is interesting, as previously, ERWT individuals seeking training tended to go and fight alongside the far-right inclined Ukrainian Azov Battalion – though its current active support by Western authorities has confused things. It is not clear how many UK ERWT actors have actually gone to fight in the current conflict, and whether (if they have been fighting alongside Azov) they would actually pose a threat. How many (if any) have gone to fight on the Russian side is equally unclear.

The final point to consider and which the ISC paper alludes to is the degree to which this threat may be a product of its response. Early on, the report quotes MI5 as saying ‘it is difficult to establish an accurate historical trajectory of the ERWT threat on the grounds that the recent increase in focus by HMG and heightened public awareness of the ERWT threat has contributed to an increase in referrals and investigations’.

This raises the complicated interplay of threat and response. In the absence of attacks, terrorist threats are often defined by the response to them. Consequently, the ERWT threat in the UK is defined by the number of arrests, the volume of officials focused on it, and the proportion of capability that is being dedicated to looking at it. But none of these are objective metrics of the actual threat; rather, they are a reflection of the response. Were MI5 or the Police to dedicate more people to looking at the threat, doubtless they would find more things to look at. This is not to accuse them of artificially inflating the threat; it is simply that more resource would lower the general threshold for investigation.

This becomes relevant when looking at the wider threat picture and trying to objectively assess the degree of menace that is posed. It has been some time since the UK courts have seen any major terrorist case presented before them of the scale and ambition that used to be directed towards the country by al-Qa’ida or later Islamic State. There have not been any large-scale networks of the extreme right launching sophisticated and ambitious plots. National Action was stamped on by authorities before it could really mature, and before that one has to go back to the Aryan Strike Force, which in 2010 had mobilised people and one of its members had managed to produce ricinPatriotic Alternative may yet mature into a future threat, but as of yet it has not. The current threat picture that is seen consists of isolated individuals, shrinking numbers of arrests, and an ERWT threat that seems dominated by (though is not exclusive to) the very young.

The point is that it is not clear how much of a menace the ERWT threat actually is – or more generally how much it is a reflection of the attention it is getting rather than an increased threat. Most indicators suggest the UK’s general terror threat is down, and what plots are disrupted appear to be isolated lone actors often inspired by material they find or people they talk to online.

This is not to say that the threats from both violent Islamists or ERWT might not develop once again – the kindling is certainly in place at home and abroad. Nor is it to underplay the damage ERWT can do to the societal fabric in a way that a seemingly external threat like violent Islamists cannot. But it is to instead ask the question of whether the growing focus on an ERWT threat in the UK is appropriate. It has not yet matured to the state-level national security threat that it could have, but it is not clear if this is because of the security response to it, because the problem is decreasing, or because it is in fact a product of other societal issues which are now less linked to ERWT ideas than before (a possible explanation for the questions around ASD, mental health and youth). Finally, this comes back to the key recommendation made by the ISC for MI5 to receive more resources to deal with the ERWT threat. Is this a proportionate response to the threat, or might it actually have the counterproductive effect of highlighting or accentuating a more limited problem?

Moving away once again from book promotion, returning to the theme of terrorism in Europe, this piece for my institutional home RSIS touches on some of the larger issues covered in my BBC Radio 4 series looking at mental health and terrorism.

Terrorism in Europe: A Very Different Kind of Threat

For three weeks in a row this year, Europe has been hit by a highly public act of attempted mass murder. With the United States reeling from its latest bout of grim mass shootings, what exactly can be concluded from the fact that most terrorist incidents in the West are increasingly indistinguishable from apolitical mass murders?

Denmark in shock as gunman kills three at Copenhagen shopping mall, Reuters.

THE ATTACK in Copenhagen on 3 July 2022 by a 22-year-old Danish man is the third time this year Europe has been struck by what looked like a terrorist incident.

The weekend before the violent attack in Copenhagen, a Norwegian-Iranian gunman opened fire on celebrants of Gay Pride in Oslo killing two. On 8 June 2022 in Berlin, a 29-year-old German-Armenian drove his car into crowds on a busy shopping street. The attack killed a teacher visiting the city with a group of children from Hesse, and injured 31.

Extremist Ideology or Mental Health Issues?

Of these three violent incidents, it is only authorities in Oslo that have made a direct link to terrorism. Norwegian police revealed the gunman was someone known to them since 2015 who also had a history of mental illness. This suggestion of mental illness being present is similar to both the German and Danish cases, where the individuals have subsequently been placed into psychiatric care while authorities determine how to ultimately handle the case.

As if to emphasise the importance of this juxtaposition, the attack came at the same time as a sentence of full-time psychiatric care was imposed on a Danish convert to Islam who in October last year fatally attacked five people with a knife and bow and arrow in Norway.

But while mental health issues increasingly appear a constant, there is often also a suggestion that some ideological motivation might also be present. Highlighting this complicated balance which has become all-too-commonplace in Europe, Europol pointed out the terrorist threat as such in its last annual report:

“Some lone attackers in 2020 again displayed a combination of extremist ideology and mental health issues. This made it difficult at times to distinguish between terrorist attacks and violence caused by mental health problems.”

In the United States, there is an equally regular reference to both ideology and mental health issues in the wake of violent incidents, though the entire picture in America is complicated by the easy availability of high-powered guns. This makes acting on an impulse ever easier and more destructive, and subsequently understanding an individual’s motive even more complicated.

The US Department of Homeland Security (DHS) was careful not to point to mental health issues in an advisory it issued in early June. It stated: “…the primary threat of mass casualty violence in the United States stems from lone offenders and small groups motivated by a range of ideological beliefs and/or personal grievances.”

The DHS later, however, provided contacts for those concerned about others suffering from mental health issues suggesting at least the recognition that the issue was one that often came up in cases the department was handling.

The Mental Health-Terror Balance

The combination is difficult for authorities to manage for a variety of reasons. In the first instance, the behaviour of such individuals is very hard to predict. Their sometimes inherently erratic lives, the nature of attacks they are undertaking that often require little immediate preparation and the highly random nature of their targets makes it an almost impossible task to ensure total security.

While there is evidence that in some cases they do actually telegraph their intent before acting – for example, in the Danish case, it seems as though he posted videos suggesting something was about to happen a day before he launched his attack. This can still be a bit of a needle in a haystack piece of data.

Furthermore, focusing on healthcare requires getting healthcare providers involved.  Doctors and mental healthcare workers are by their nature focused on ensuring the well-being and care of their patients and society so are often welcome supporters. But it is difficult to get them to focus on concerns around extremism on top of their many other responsibilities. Some are also reticent about being pushed into roles that can appear to be that of security agents.

They are also often concerned about the criminalisation of what is an already very vulnerable community. The growing incidence of violent acts being committed by people with mental health issues can criminalise an entire community in the public mind, the vast majority of whom are simply very sick people in need of help. The term mental health itself is also not very helpful, when one considers the huge range of issues that it can encompass.

The final aspect which is important to bear in mind is that there can also be a danger in overfocusing on the mental health aspect of any case. Defence attorneys have long sought to use the presence of such issues as mitigation in their cases.

People suffering from mental health issues can also perpetrate crimes. Understanding this balance is complicated and becomes even harder to strike when you incorporate an ideological crime like terrorism.

Is This Even Terrorism?

But the biggest challenge is trying to understand if any of this even classifies as terrorism any more. As highlighted earlier, of this recent spate of extremist violence, only authorities in Norway are pursuing terrorism motivation at the moment. But it seems likely that the other acts at the very least ape terrorist acts in their behaviour.

In the US, the phenomenon of mass shooting has become so common alongside a highly angry and polarised political environment that it is very difficult to separate it, or even appreciate the degree to which mental health might be salient in a particular case. In Europe this all comes as France seems to finally close the book on the ISIS attack on Paris of November 2015 though the lone actor playbook ISIS promulgated continues to resonate.

In a recent joint appearance in London after a week of meetings, the chiefs of MI5 (the UK’s domestic intelligence agency) and the US Federal Bureau of Investigation (FBI), highlighted how the lone actor was the sharp end of the threat that their services saw in the terrorism space.

As MI5 head Ken McCallum put it, they were facing a “very difficult cocktail of risks”. The increasing prevalence of mental health and related issues in the threat picture has only served to make it harder, adding a layer of unpredictability.

Another brief break from book promotion, this time a new article for my Singaporean institutional journal Counter Terrorism Trends and Analyses (CTTA). This was an attempt to look back at COVID-19 and reflect a bit on some of my earlier pieces which looked at who benefitted most or not from the pandemic. Not sure everything I wrote earlier on quite played out, but some bits did. Am still convinced this anti-establishmentarian narrative will gain more traction and the extreme right in Continental Europe is going to be a bigger problem going forwards.

Extreme Right-Wing Terrorism and COVID-19 – A Two-Year Stocktake

As the pandemic moves into its third year, normality appears to be returning. While caution has not dissipated, there is no doubt that governments’ treatment of COVID-19 has changed. As countries embrace a wider “open up” strategy, this is already being flagged as a possible opportunity for terrorists.1 These warnings are linked to concerns that, as countries open up, the barriers erected to prevent COVID-19 from spreading will lift and make terrorist plotting easier once again. But a larger question lingers about what the actual impact of COVID-19 has been on terrorist threats at an ideological level. Given the threat has resonated in a stronger fashion on the Extreme Right, this article seeks to sketch out that impact and assess its wider implications.


Following the onset of the pandemic, there was a rush of commentary and subsequent research trying to understand its potential impact on terrorist and extremist threats.2 The conclusions drawn were fairly diverse, but few observers concluded that terrorism would be reduced as a result of the pandemic. Rather, concerns were articulated that the threats would become worse, owing to a variety of reasons – the increasing amount of time people were spending online;3 the growing isolation fostered by lockdowns;4 the uncertainty created by the pandemic;5 and the likely shrinking of counter-terrorism and P/CVE budgets.6 There was also divergence within the research community, with sharply dissenting voices pouring cold water on more dramatic prognostications, including that there would be a surge in online radicalisation.7

As it turned out, in the broadest possible terms, the two major threat ideologies diverged in their response to the pandemic. Violent Islamist groups like Al-Qaeda and the Islamic State (IS) broadly framed the pandemic as God’s providence and something followers should not worry too much about, except to celebrate how it made their enemies suffer and to maintain resilience.8 In some cases, they spoke of how strategic opportunities might present themselves, which followers should take advantage of,9 and at some lower levels, chatter was picked up that suggested people should try to weaponise the virus.10 But this was never something that the core organisations called on their followers to do.

In contrast, among the Extreme Right (violent, extremist or just Far Right), groups embraced the pandemic in their narratives to recruit and mainstream even further than they had already. Protests around pandemic restrictions were frequently adopted and promoted by extreme right-wing groups, and anti-establishment narratives absorbed pandemic resistance smoothly into their views.11 Systemic conspiracy theories also ran rife, absorbing prominent figures like Bill Gates into narratives of population control through vaccination,12 as well as broader conspiracies involving undermining indigenous communities.13

On the Far Left, an anti-systemic narrative also did catch on, but with far less vigour. While fears of government control could be found, their greater concern was with the resurgent far right or other acts of societal injustice.14 More confusing ideologies like the QAnon or Incel movement seemed to echo pandemic conspiracies but, for the most part, this merely fed into the wider chatter around their ideologies rather than transforming them.15 It was not clear from available research what the effect was on other faith-based extremisms – like Buddhist or Hindu extremists, for example.

Early Terrorist Action

Little of this noise translated into actual terrorist action, although there were widespread instances of civil disturbance – most prominently on January 6, 2021 when supporters of former US President Donald Trump stormed the Capitol Building in Washington, D.C. This was one of many instances where large protests ended in violence and involved resistance to pandemic restrictions, amongst other motivations. In Australia, it seemed as though the Extreme Right actively took advantage of such protests to advance their ideas.16

It was not always clear the degree to which the protests were terrorist activity, nor whether the protests could be entirely placed in the ideological category to which they were often linked. For example, during anti-lockdown protests or the January 6 assault on the Capitol, there were undoubtedly many extreme right-wing leaning individuals involved, but it remains unclear if they made up the entire corpus of the protest. Nor is it clear that the protest could be described as entirely motivated by extreme right-wing ideas.

In terms of terrorist action that could be directly linked to the pandemic, the list is more limited. At the pandemic’s onset, two cases in the United States seemed to suggest a direct link to the government’s response to the virus – Timothy Wilson’s attempted bombing of a Missouri hospital and Eduardo Moreno’s train derailment targeting the US Navy’s hospital ship Mercy docked in the Port of Los Angeles. Whilst clearly targeting institutions linked to the government’s pandemic response, both had different origins.

Wilson, a long-standing subject of interest to the Federal Bureau of Investigation (FBI), had links to a serving US soldier stationed in Kansas who was reportedly planning to fight alongside the Azov Battalion in Ukraine.17 He had also spoken of launching attacks on multiple domestic targets, including prominent Democrat politicians.18 Reportedly, Wilson had long been planning some sort of incident, and it is possible that the pandemic simply changed his targeting choices. He had also seemingly been planning his attack with the full knowledge of the FBI, although it was not clear whether this was because of an undercover agent who turned him in, or whether he was simply under FBI surveillance.19

In contrast, Moreno was a railway worker arrested for planning an attack by himself. This involved derailing the train he was working on in the Port of Los Angeles in an attempt to draw people’s attention towards the “government take-over” that he perceived was happening.20 As was stated in his indictment, “Moreno believed people needed to know what was going on with the COVID19” pandemic and the U.S.N.S. Mercy.21 Among other claims, Moreno stated that “they are segregating us and it needs to be put in the open.”22 He was also very specific in stating that “no one was pushing his buttons” in orchestrating the attack, reflecting his desire to not have his stated motivations dismissed.23

These two early cases received considerable attention, coming as they did in the immediate wake of the early announcements of lockdowns in March 2020, and as people sought a better sense of the pandemic’s likely impact on extremism. In both cases, action involving the perpetrators took place, and some inspiration from the pandemic response was involved in the attack planning, although not necessarily in the same way. While Moreno’s attack was clearly a response to the pandemic, Wilson seemed a longer-term extremist linked to Extreme Right networks who decided on a pandemic-related target relatively late in his planning cycle.24

From what is known about Moreno’s attack, it is possible to conclude that sans the pandemic the attack might not have happened. In contrast, Wilson’s pre-existing links to other extremists and networks suggest he could have acted even if the pandemic had not taken place. The pandemic appears to have presented an interesting targeting opportunity for Wilson, with the government’s response to the event reinforcing Wilson’s pre-existing worldview.25 This could also be the case for Moreno (he may have already held some anti-government ideas), but not enough is known about his case to draw a decisive conclusion.

In a survey of pandemic-related terrorism done in March 2021, Sam Mullins and Michael King concluded that this pattern of activity held across the extreme right-wing cases they surveyed.26 Looking at a dataset of seven cases, including both Moreno and Wilson, they concluded that all the individuals, aside from Moreno and one other where it was unclear, had pre-existing extreme right-wing tendencies (mostly linked to the anti-government Boogaloo Bois movement).27

The authors’ conclusion was that it remains too early to conclude that the pandemic has spurred more violence. While the cases they explored largely highlighted how problems of extremism have generally gotten worse along the same trajectory as prior to the pandemic, they are less clear about the pandemic’s potential accelerating effect.28 A survey of wider trends a year into the pandemic concluded something very similar, though it broadly surmised that the Extreme Right seemed like it was going to be affected more than the violent Islamist community.29

Trouble Spreading?

Largely, existing trends have continued and, as the pandemic ends, the expectation should be that extremist-linked activity will pick up as they had before. Consequently, parts of Europe may find themselves once again most seriously afflicted by lone-actor terrorism; the United States may face a metastasising menace of extreme right-wing and anti-government groups; Africa a sharpening terrorist threat linked to IS affiliates; the Middle East a constant threat; and Southeast Asia a threat that appears to have slowed over the past few years. Afghanistan has already started to export problems north and south of its border, suggesting the mid-2021 Taliban take-over is going to worsen long-standing terrorist problems across South Asia (and even into Central Asia). None of this brief overview seems to have been impacted notably by COVID-19.

However, there are some patterns that do appear to be worsening and can be linked to the pandemic. In particular, the extreme right-wing threat in Europe. A long-standing threat, it has in the past year shifted in a direction to resemble its North American counterpart in a way that is novel and potentially destabilising. There has been a notable number of large-scale disruptions that suggest networks of radicalised individuals, often with military training, inspired by extreme-right ideas and eager to strike targets associated with the pandemic response. Events in Ukraine have had an impact on the broader extreme right-wing in Europe, but this appears to have happened in parallel to the pandemic.

Recent cases have also put a spotlight on some worrying underlying trends. Specifically, these include the growing number of arrests of members of the security forces with links to extreme rightwing groups (something particularly noticeable in Germany); a growing number of vaccination centre bombings; and finally, spates of 5G mast attacks across Europe. The last two are not exclusively linked to the Far Right, though there are often links. All, however, point to a pent-up anger that could come to the fore in a dangerous fashion.

Two specific plots, which came a year apart from each other, underscore these trends. First, in mid-May 2021, Jürgen Conings, a radicalised soldier who was already under surveillance for his extreme right-wing links, fled with weapons stolen from his barracks, leaving behind a note for his girlfriend that claimed he was “going to join the resistance”30 and did not expect to survive. He had previously expressed anger towards a prominent Belgian virologist, and there were fears he was planning on targeting the latter for murder.31 Conings was found dead just over a month later, having taken his own life.

As investigation into his case continued, it was uncovered that Conings was a long-standing target of authorities and had close links to other prominent figures in the extreme right-wing movement in Europe.32 Conings’s case became something of a cause célèbre amongst the far-right and antivaccination communities in Belgium and French-speaking Europe, with thousands signing petitions and a number of protest marches organised in support of his case.33 While it is not clear whether his case inspired others to violence, it did illustrate the depth of support that exists below the surface, as well as the very smooth interlinking of extreme-right and anti-vaccination ideologies, all alongside the notion of using violence to fight back against the government.

This worrying pattern was found again in April 2022 in Germany, when authorities disrupted a plot involving a cell of five men who were planning to kidnap the country’s health minister and overthrow the government. The men had managed to obtain at least one Kalashnikov machine gun and were reportedly in advanced stages of planning their attack.34 Calling themselves the “United Patriots” (Vereinte Patrioten), the group had a long history of anti-pandemic activism.35 The leader had reportedly been boasting about his plans up to a year before the arrests, and the group was made up of individuals who were also active Reichsbürger members.

The Reichsbürger movement is similar to the Sovereign Citizen movement found in North America (and in parts of Europe), and is made up of a few thousand individuals who reject the German state, accusing it of being an overbearing construct imposed on the nation in the wake of the Second World War.36 They are a growing concern to German authorities, who find the individuals very violent during arrests, and are often discovered to have large caches of dangerous weapons. Prominent figures have also been arrested for the murder of security officials.37

What is notable about both these European cases is the high degree of similarity with earlier American cases. Long-standing extreme right-wing communities have now absorbed antipandemic sentiments, chosen targets and sought to launch terrorist attacks against them. The targets are often large symbols of the state, and the sort of attack being launched is a civil uprising, sometimes including a plot against a prominent politician or public leader. There is a strong strain of anti-government sentiment in these groups, with the pandemic offering the perfect context for the articulation of their anger.

This similarity may feel unsurprising but, within a European context, such large-scale anti-state activity is relatively new. While not unheard of, traditionally, European extreme right-wing groups or cells have tended to focus on nativist, white supremacist or xenophobic tropes and targets. Politicians and prominent figures have been targeted over the years (Anna Lindh,38 Pim Fortuyn39 and Jo Cox40 are a few examples), but it is usually part of an assassination plan undertaken by an isolated individual rather than an attempt to overthrow the government.

Where networks of extreme right-wing terrorists have been found, they tend to be groups that have gone on the run for long periods of time, launching repeated attacks on minorities (like the National Socialist Underground in Germany). Many European countries are plagued with white supremacist, nativist political parties, with some of these individuals spilling over into violence – though these are usually one-off cases. Organised extreme right-wing groups or individuals with an intent to truly overthrow the state are relatively rare.

The pandemic, however, seems to have pushed these networks to the fore or encouraged them in new directions. Angry at governments’ actions, they appear desirous of launching large-scale incidents to change the status quo. In this way, they are increasingly mirroring their American counterparts. The Patriot, Sovereign Citizen, Militia and extreme right-wing communities have a long history in North America; in Europe, these violent patriot-type ideologies are relatively new. Governments’ pandemic responses appear to have acted as a perfect storm to push groups forward in terms of providing them with a source of anger and thus instilling a new sense of purpose.

It is of course very difficult to absolutely link this trend to the pandemic. It is possible that the broader raising of profile and prominence of the Far Right during the Trump administration in Washington, as well as the fallout from the migration crisis of the mid-2010s, have created a context in Europe for the Extreme Right to mature in this new direction. It is also possible that the large-scale crackdowns that took place across Europe against the Extreme Right pushed some deeper into radicalisation (and we have yet to see the fallout from the growing mainstreaming of the far-right leaning Azov Battalion in Ukraine as a result of the Russian invasion).

In France, the Interior Ministry reported that such trends of extreme-right, anti-state violence took place in the year or so before the pandemic as well.41 Now that the trend has progressed in this direction, it is unlikely to go backwards. A far-right motivated individual or group, through complicated planning to undertake anti-state violence to overthrow the government, is likely to be an increasing norm in Europe. Old narratives of xenophobia and nativism will doubtlessly persist, but they will now be strengthened by this new expression of anti-state violence.

As such, the actual terrorist impact of the pandemic could well be gauged by the fostering of a new form of anti-state mobilisation in Europe that in part builds on prior developments (Anders Behring Breivik’s attack in 2010 was an early articulation of anger against the state, specifically with regard to migration policies),42 but whose organisation, links to the military and growing emergence across the Continent suggest something more substantial at play. And the pandemic response of imposing greater state control, alongside the likely impoverishment of large numbers in the wake of the pandemic and the fallout from Russia’s invasion of Ukraine, all suggest a context in Europe where grievances can fester. While the blame cannot entirely lie with the pandemic, it is clear that the pandemic provided a context for the violent Extreme Right in Europe to worsen, and laid the foundations for a much deeper long-term problem.

About The Author:

Raffaello Pantucci is a Senior Fellow at the International Centre for Political Violence and Terrorism Research (ICPVTR), a constituent unit within the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore. He can be contacted at


1 Amy Chew, “Terror Groups Target Asia as Global Travel Reopens: Singapore Defence Minister,” South China Morning Post, March 30, 2022,

2 Raffaello Pantucci, “After the Coronavirus, Terrorism Won’t Be the Same,” Foreign Policy, April 22, 2020,

3 Dan Sabbagh, “Pandemic has Spurred Engagement in Online Extremism, Say Experts,” The Guardian, October 19, 2021,

4 Nikita Malik, “Self-Isolation Might Stop Coronavirus, but It Will Speed the Spread of Extremism,” Foreign Policy, March 26, 2020,

5 Richard Burchill, “Extremism in the Time of COVID-19,” July 15, 2020, Bussola Institute,

6 Abdul Basit, “COVID-19: A Challenge or Opportunity for Terrorist Groups?” Journal of Policing, Intelligence and Counter Terrorism Vol. 15, Issue 3, 2020,, 263-275.

7 Michael King and Sam Mullins, “COVID-19 and Terrorism in the West: Has Radicalization Really Gone Viral?” Just Security, March 4, 2021,

8 Nur Aziemah Azman, “Evolution of Islamic State Narratives Amid the COVID-19 Pandemic,” Home Team Journal, Issue 10, June 2021,, 188-197.

9 Ibid.

10 “IPAC Short Briefing No. 1: COVID-19 and ISIS in Indonesia,” Institute for Policy Analysis of Conflict, April 2, 2020,; and

11 Blyth Crawford, “Coronavirus and Conspiracies: How the Far Right is Exploiting the Pandemic,” King’s College London, September 16, 2020,

12 Jane Wakefield, “How Bill Gates Became the Voodoo Doll of Covid Conspiracies,” BBC News, June 6, 2020,

13 Mark Scott and Steven Overly, “Conspiracy Theorists, Far-Right Extremists Around the World Seize on the Pandemic,” Politico, May 12, 2020,

14 The WannabeWonk, “Bremen is Emerging as a Hot Spot of Left-Wing Militancy in Germany,” Militant Wire, 30 November, 2021,

15 Marc-André Argentino, ‘QAnon Conspiracy Theories About the Coronavirus Pandemic are a Public Health Threat,” The Conversation, April 8, 2020,

16 Michael McGowan, “Workers’ Rights or the Far Right: Who Was Behind Melbourne’s Pandemic Protests?” The Guardian, September 24, 2021,

17 Mike Levine, “FBI Learned of Coronavirus-Inspired Bomb Plotter Through Radicalized US Army Soldier,” ABC News, March 27, 2020,

18 Ibid.

19 This detail might help clarify the degree to which others were involved in his planning and therefore how the pandemic actually impacted his targeting choices. But Wilson’s death has meant absolute certainty about exactly what was going to happen is now impossible.

20 Douglas Swain, “Statement of Probable Cause A. Moreno Derails Train at the Port of Los Angeles near USNS Mercy,” April 2020,

21 Ibid.

22 Ibid.

23 Ibid.

24 “FBI: Government’s Response to Virus Spurred Would-Be Bomber,” AP News, April 15, 2020,

25 Ibid.

26 Michael King and Sam Mullins, “COVID-19 and Terrorism in the West: Has Radicalization Really Gone Viral?” Just Security, March 4, 2021,

27 While their targets were linked to the pandemic or some aspect of response to the pandemic, it was not clear that they were entirely driven forward by it.

28 Michael King and Sam Mullins, “COVID-19 and Terrorism in the West: Has Radicalization Really Gone Viral?” Just Security, March 4, 2021,

29 Raffaello Pantucci, “Mapping the One-Year Impact of COVID-19 on Violent Extremism,” Counter Terrorist Trends and Analyses Vol. 13, Issue 2, March 2021,, 1-9.

30 Daniel Boffey, “Belgian Manhunt for Armed Soldier Who Threatened Virologist,” The Guardian, May 19, 2021,

31 Helen Lyons, “The Hunt for Jürgen Conings: A Timeline,” The Brussels Times, June 16, 2021,

32 “Un Terroriste d’Extrême Droite et Sympathisant de Jürgen Conings Comme Agent de Sécurité d’une Boîte de Nuit,” 7sur7, January 17, 2022,

33 Evelien Geerts, “Jürgen Conings, The Case of a Belgian Soldier On the Run Shows How the Pandemic Collides With Far-Right Extremism,” The Conversation, June 16, 2021,

34 Philipp Reichert, “Putin-Fans und Corona-Leugner,” Tagesschau, April 26, 2022,

35 “German Police Arrest Far-Right Extremists Over Plans to ‘Topple Democracy’,” Deutsche Welle News, April 14, 2022,

36 Wolfgang Dick, “What Is Behind the Right-Wing ‘Reichsbürger’ Movement?” Deutsche Welle News, July 24, 2018,

37 The Reichsbürger community has been very active during the pandemic, bringing together a series of narrative strands about overbearing authority that resonated with the community. See “Former ‘Mister Germany’ Facing Life in Prison for Attempted Murder of Policeman,” Deutsche Welle News, October 9, 2017,

38 “Suspect in Swedish Murder Makes Surprise Confession,” NBC News, January 8, 2004,

39 “Dutch Free Killer of Anti-Islam Politician Pim Fortuyn,” BBC News, May 2, 2014,

40 Ian Cobain, Nazia Parveen and Matthew Taylor, “The Slow-Burning Hatred That Led Thomas Mair to Murder Jo Cox,” The Guardian, November 23, 2016,

41 Laurent Nuñez, “Contending with New and Old Threats: A French Perspective on Counterterrorism,” The Washington Institute, October 12, 2021,

42 Mark Townsend and Ian Traynor, “Norway Attacks: How Far Right Views Created Anders Behring Breivik,” The Guardian, July 30, 2011,

Still catching up, this time a short piece for Nikkei Asian Review in the wake of the attack in Karachi by Balochi separatists which murdered the Confucius Institute director and some of his staff.

Karachi terror attack strains Pakistan’s ties with China

New government needs to listen to the concerns of Balochi separatists

Police officers and a crime scene unit gather near a passenger van after a blast at the entrance of Karachi University’s Confucius Institute on April 26: The attack crossed many red lines.   © Reuters

Raffaello Pantucci is a senior fellow at the S. Rajaratnam School of International Studies in Singapore and author of “Sinostan: China’s Inadvertent Empire” 
(Oxford University Press, April 2022).

While Beijing would never admit it, the rise of Shehbaz Sharif as Pakistan’s new prime minister is a welcome development.

Sharif’s early and positive comments toward China, the fact his new Finance Minister Miftah Ismail made meeting officials from the Chinese Embassy his first formal encounter and the appointment of Ahsan Iqbal as minister responsible for the managing the China-Pakistan Economic Corridor were all clear signals that the new government wants a cooperative relationship with Beijing.

That chummy mood was shattered by a brutal suicide bombing on April 26 that was claimed by the Balochistan Liberation Army at Karachi University and which killed the director of the Confucius Institute, Beijing’s cultural promotion organization, as well as two Chinese staff and their Pakistani driver.

The suicide bombing was the latest in a series of attacks by separatists who are now targeting China because of Beijing’s heavy investment in Balochistan, which includes the much discussed Gwadar Port.

Balochi separatists have a history of targeting Chinese nationals in Pakistan, launching a number of dramatic attacks over the years that include targeting the Chinese consulate in Karachi, the Chinese-built Pearl Continental Hotel in Gwadar and the Karachi stock exchange.

Shehbaz Sharif meets with Charge d’Affaires of the Embassy of China Pang Chunxue to offer condolences for the victims in Islamabad on April 26: The chummy mood was shattered. (Handout photo from Pakistani Prime Minister’s Office)   © Reuters

In 2018, then-Balochi leader Aslam Baloch dispatched his eldest son as a suicide bomber to blow up a busload of Chinese engineers going to work in Balochistan. No one aside from the bomber was killed, but that attack kicked off a violent campaign that has now taken another dark twist.

The latest attack on the Confucius Institute, a soft but prominent target, crossed many red lines, the most conspicuous of which was the unprecedented use of a female suicide bomber. The fact she appears to have been a well-educated, middle-class woman who leaves behind two young children suggests how broad and attractive the Balochi narrative has now become.

Amid the scramble to better understand precisely who was behind the attack, there are hints that other militant groups may have played some sort of support role. And as is usually the case in this troubled region, many are looking for signs that outside powers might be manipulating the Balochi cause for their own ends.

The usual suspects for those conspiracy minded are India and the United States. Afghanistan used to be the third, but this is less likely given the Taliban government’s crackdowns on Balochi groups based in Afghanistan, groups the former Western-backed government seemed to tolerate, a major source of discord between Islamabad and Kabul.

The bigger point is that the Balochi separatist cause is continuing to gain traction inside Pakistan and is only getting worse, with militants getting more and more ambitious, and seemingly able to strike at will.

In January, a bomb was detonated at a crowded market in Lahore, killing three, and in February, a large detachment of militants took on two bases belonging to the Frontier Corps, the paramilitary force charged with maintaining law and order in Balochistan.

At least 20 militants and nine Pakistani soldiers were killed in fighting that went on for many hours, although Balochi groups said the casualty rates were much higher, claiming that nearly 200 Pakistanis were killed, with only 16 of theirs dead.

By targeting the Confucius Institute, Balochi militants are sending a clear signal to the many thousands of Chinese who live and work in Pakistan.

Because not all Chinese living and working in the region are linked to the China-Pakistan Economic Corridor, many of them live beyond the security perimeter that has been put around official CPEC projects. These people are now all clearly targets too, vastly expanding the number of people Pakistani authorities need to worry about protecting.

It is not clear what Beijing’s answer to all this will be. One option would be to deploy a Chinese military detachment. More likely is that China will step up military and intelligence aid, as well as increase their discrete security presence on the ground. Chinese private security contractors will doubtless start to appear more frequently.

But this is only a stopgap answer. China is clearly unhappy, and while they might be willing to absolve the new government for responsibility for this latest attack, the underlying problem is that Pakistan seems unable to bring the separatists under control.

If we continue to see attacks like this on Chinese nationals, it will become increasingly difficult for Beijing to send its people to work in the country. More importantly, the repeated targeting of Chinese nationals undermines the myth that Chinese investment in Pakistan is seen as benign on the ground. A much wider and more dangerous narrative that Beijing has little desire to take hold.

The truth is that across this wider region, China is increasingly becoming the most consequential player on the ground. This attracts allies and enemies alike and is a role that has responsibilities, as much as Beijing might want to shy away from them.

Islamabad clearly needs to take a different tack in Balochistan. Locals feel persecuted and see little opportunity in modern Pakistan. Stories of extrajudicial killings, disappearances and torture are common. Nor do locals see much direct benefit from Chinese investment.

Greater transparency and engagement are needed. Otherwise, the conflict will continue to metastasize and create problems with one of Islamabad’s most important partners on the world stage.

A shift away from book promotion (briefly!), to touch on the case of the murder of Sir David Amess, MP, who was brutally murdered by an ISIS acolyte in the most recent terrorist attack in the United Kingdom. As seems to be de rigeur, the case attracted a lot of attention to Prevent which has a long awaited review due out at some point. The piece was published by my British institutional home RUSI, thanks as ever to Jonathan for helping shepherd it through.

An MP’s Murder: The Failure of the Prevent Programme?

29 April 2022

The UK’s counterterrorism programme Prevent is once again under the spotlight. But can the programme ever really be expected to eradicate terrorism?

Main Image Credit Courtesy of Maureen McLean / Alamy Stock Photo

The conviction of Sir David Amess’s murderer has reignited the debate on counterterrorism practice in the UK. Much has been made of the fact that the MP’s murderer was someone who had been referred in his late teens to the government’s counterterrorism Prevent programme. It was the latest in a number of people referred to Prevent who have subsequently gone on to launch attacks, and comes as a major review of the programme is underway.

Prevent has consistently been the most publicly discussed aspect of the UK’s counterterrorism strategy, yet in budgetary terms it consumes the smallest amount of money of all of the ‘four Ps’ that make up the strategy (the other three are Pursue, Protect and Prepare). The other ‘Ps’ are focused on responding to events and pursuing networks, protecting targets and preparing the public, while Prevent is about stopping the terrorist threat from ever emerging. Within Prevent, there are a range of activities that take place, from preventative work to steer people off the path to radicalisation, to the work that is instead focused on trying to rehabilitate or de-radicalise people who have been convicted of terrorist activity.

Some of it is contentious work. While in principle, few would disagree with the notion of trying to stop people being drawn towards terrorist ideas and action, in practice this means engaging with people through the lens of a counterterrorist programme before they have actually committed any terrorist act. It can feel like people are being seen through a criminal lens before any criminal act has actually taken place. The film Minority Report with its Department of Pre-Crime is often invoked as a dystopian comparison.

In practice, Prevent is made up of thousands of referrals every year – made by police, educators, health workers and concerned citizens – to Prevent officers, who will then examine the case and determine whether it requires greater engagement. In the majority of instances, they will dismiss the case, concluding that the referral is incorrect. To give a sense of numbers, in the year ending 31 March 2021 there were 4,915 referrals, of which 1,333 were discussed at a Channel panel, and 688 were taken on as cases. The year before, there were 6,287 referrals, with 1,424 discussed at Channel and 697 taken on. While the proportions are not always identical, they are similar, and the key point is that in the overwhelming majority of cases a Prevent referral does not result in deeper investigation.

It is difficult to know why this is the case. It is possible that people are over-referring out of a lack of understanding of extremist ideas or out a sense of needing to be seen to be doing something. This is a possible impact of the Prevent duty which was brought in through legislation in 2015 which obligates educators in particular to play a role in preventing people from being drawn into terrorism (alongside the police they are the biggest source of referrals). It is possible that the system is misidentifying which of the referrals are genuine cases or not.

It is not clear exactly where in this process the recently identified failed cases were. But it is equally clear that they are outliers. While even one failure in this context is too many, it is notable that we have seen a decrease in the volume of overall terrorist arrests, and a drop in coordinated terrorist plots. The overwhelming majority of those that are currently disrupted are instead lone actors who seem to be inspired by groups, but have no real link to them. Police and intelligence services say the violent Islamist threat is the biggest terrorist problem they face. However, this does not appear to be translating into arrests or Prevent referrals, which instead suggest the growing threat of the extreme right wing. While the Home Office does not report ideology on arrest, the number in prisons identified as extreme right wing in prison is growing. In addition to this, there is a rise in cases that are identified as not having any clear ideological foundation. Whether any of this decrease in threats from Islamists is related to Prevent is difficult to know – a programme based around stopping things from happening is always going to struggle to prove its effectiveness.

The bigger question in some ways is a more existential one about Prevent. The initial concept of the UK’s counterterrorism strategy was to try to develop a programme which would seek to stop people from being drawn towards terrorist ideas and groups in the first place. It was an attempt to get ahead of the problem, rather than continually managing it – which is largely the role of the other three Ps in the strategy.

Yet, this pre-emptive approach was something that had never really been tried before. The UK had developed robust approaches to countering terrorism and defending targets to counter the threats of Irish-related terrorism and the various Middle Eastern factions that had launched attacks in the 1970s. But none of these sought to stop people from being drawn towards extremist ideas. It was more a case of disrupting networks and stopping people. De-radicalisation was also not something that had been tried with great vigour. In other forms of criminal behaviour, work had been done (and is being done) to try to stop people from choosing paths of crime and to rehabilitate them afterwards. But with terrorism, such an approach was new.

Two decades on from its inception, there are people who have abandoned extremist ideas, though in many cases they have done this as a result of their own choice and agency – sometimes prodded along by Prevent programmes. It is also likely that Prevent has steered some people away from bad choices, or that contact with the programme alone has scared them off the path they were on. Talk to people who have been engaged with by Prevent in communities, and you often find far more positive stories than media reporting would suggest. Surveys suggest attitudes in the broader public (amongst Muslim communities as well as the general public) are more positive than is suggested by the few voices that tend to dominate the public conversation. But it sometimes feels like another branch of social services, rather than a specific programme that is trying to stop terrorist incidents.

The problem Prevent is trying to deal with is a complex one. As we are learning with Sir David Amess’s murderer, in some cases, perpetrators stew in their ideas for some time, lashing out years after their first curiosity in extremist ideas arose. In many ways, this case is typical of a cohort that appeared around the fringes of the Syria traveller phenomenon – young men who often became radicalised alone (or started down the path alone), connected with others in person and online, and then sought to go to Syria. And in some cases – like this one – they failed to make it.

There were consistent warnings expressed by authorities at the time that the frustrated traveller community was of high concern. These were individuals who were radicalised enough to want to go and join Islamic State, but who were stumped by often quite simple hurdles in getting there. Their radicalisation did not decrease as a result of the failed journey (and might actually have gotten stronger), and they continued to be drawn to a group which would shout about people doing things at home if they could not come and join them in the Levant. It appears in this case that it took the perpetrator almost five years to decide to move towards action.

It is not entirely clear that Prevent would have been an effective vehicle to stop a culprit like this. Effective Prevent interventions require some agency and engagement by the individual. If they have no interest in being de-radicalised, then it is difficult to get them to move on from extremist ideas – imagine someone pressuring you to reject a strong belief you hold. In this case, the man was so committed that he kept the ideas to himself and launched an action years after he had first explored them. It is possible that consistent engagement by authorities during this time might have shifted him from this path – but it may have been difficult to tell whether he was someone who could be moved by this consistent level of engagement or if this would have been an appropriate use of potentially considerable public funds (or how many other cases might on paper look like this one but never materialise into an attack).

As with any major public incident, there is an eagerness to understand what went wrong and what needs to be changed as a result. The murder of an MP is a mercifully rare event, and merits attention to understand what went wrong. But it is equally clear that we need to think a bit harder about what our expectations are with Prevent, and some thought needs to go into whether it can ever be entirely foolproof in protecting society from terrorists. The answer to dealing with the reality of extremist tendencies might lie in some fundamental changes to our society. It is unclear that Prevent will be able to address this.

Been a bit slow in posting of late, lots going on. New book, radio documentary replaying, and lots of projects am late on as well as new ones starting up. That on top of life has been keeping me occupied. But need to catch up here and plan for the next wave. First up, a new journal piece for Current History, the oldest current affairs journal which have written a few times before though mostly focused on China and connectivity in Central and South Asia.

“Perpetrators no longer seemed to have a coherent motivation based on only one ideology (or any external direction), but often created highly idiosyncratic ideologies that pulled in ideas from a wide range of sources.”

The Evolving Terrorism Threat in Europe

Europe: March 2022

Two decades on from September 11, 2001, the terrorist threat in Europe has been almost entirely transformed. Far from mass casualty spectaculars like the public transportation attacks in Madrid in 2004 and London in 2005, the greater danger now is isolated individuals murdering politicians or stabbing random people in public places. Yet the dwindling scale of terrorism has only made plots harder to detect.

This was pointed out in the latest annual threat assessment by Europol (the European police coordinating agency), which noted that “more jihadist terrorist attacks were completed than thwarted” during 2020, the last year of reporting. Though less directly lethal, these low-scale attacks pick at social divisions in a way that can be even more dangerous than the large-scale, spectacular attacks directed by al-Qaeda or Islamic State (ISIS).

Europe has always seemed to be a secondary battlefield in the war on terrorism. But whereas the United States appears to have insulated itself from the threat at this point, Europe continues to confront a scenario that is noticeably more complicated and chronic. Terrorism’s evolving presence still poses a deep threat to European society.


In the immediate aftermath of the 2001 attacks on America, Europe became a key battlefield in the “Global War on Terrorism.” Revelations that a substantial part of the logistics, planning, and even recruitment for the al-Qaeda attacks had happened in Europe awakened the continent to a threat that it had inadvertently hosted. But only a few months later, Paris became a springboard for a follow-up attack on the United States. On December 22, as the world was just starting to return to normal, a radicalized young Briton, Richard Reid, unsuccessfully tried to bring down a transatlantic flight to Miami with a bomb concealed in the heel of his shoe. Reid was part of a two-man teamof Britons who had been sent by the al-Qaeda leader responsible for 9/11, Khalid Sheikh Mohammed. His co-conspirator, Saajid Badat, had backed out at the last minute.

From a European perspective, these two failed attackers were in many ways even more terrifying than the 9/11 group, for which the blame could be laid on foreign shores. The notorious Hamburg cell that produced key 9/11 hijackers Mohammed Atta and Ziad Jarrah was, for the most part, made up of foreigners like them who were in Europe studying or seeking employment. Similarly, Europe was simply a backdrop for the planning meetings that took place in Spain, or the network in the United Kingdom that facilitated the dispatch of a pair of suicide bombers to Afghanistan to carry out the assassination of leading Taliban adversary Ahmed Shah Masood. In all these elements of the attack plan, Europe served as a convenient staging point for the conspirators, who drew on the continent’s Middle Eastern population.

These communities were the product of trends that had been playing out for some time. As authoritarian Arab countries cracked down on dissidents, many fled to Europe’s more liberal and protective environment, from where they could agitate for change back home. This diaspora was a constant source of tension between Arab and European governments. Arab authorities lobbied their European counterparts to crack down; Europeans pushed back, claiming that these dissidents were simply calling for legitimate political rights, in ways that were legally protected in Europe. The dissidents were often harbored in the former colonial powers that had once ruled their home countries, giving a historical resonance to the clash.

For more, go either to Current History or get in touch or download it here.