A small but growing number of bloggers who appear to be writing from Cuba are using externally hosted websites to voice dissent and developing inventive ways to circumvent government restrictions on Internet access that limit their freedom to post. While the blogs’ emergence has coincided with the move toward more openness in state media about discussing social and economic problems in the past two years, the bloggers go well beyond that limited criticism by blaming the ruling system rather than individuals or external pressure. The government thus far largely has acted indirectly against the bloggers, warning about the dangers of the Internet and reportedly blocking access to a host website. The bloggers tend to express pessimism about prospects for change under Raul Castro, but they currently are not promoting a specific political agenda or calling for any organized movement against the government. Although readership is mostly international, their on-island audience — including possible imitators — is likely to increase if access to information technology becomes more widespread. See the appendices for details on Internet access in Cuba and the individual blogs discussed.
Cuba’s independent blogs have increased in recent years, providing a forum to voice discontent with current conditions and government policies that goes further than the still-limited discussion of problems in state media.
The number of blogs written by private Cuban citizens began increasing significantly in late 2006 and has gained momentum since. Of the 11 most prominent independent blogs, one began in 2005, three in 2006, three in 2007, and four since the beginning of 2008.
Some readers have questioned the bloggers’ credibility, charging them with being either agents of the Cuban Government or Miami-based Cubans. The personal nature of the postings and the absence of an explicit political agenda, however, bolster their claims to be private citizens.
The increase in independent bloggers parallels a move by state media toward more openness about problems on the island, which began in late 2006 and was further encouraged by Raul Castro’s call for more critical discussion about conditions in Cuba (Cubavision, 26 July 2007, 24 September 2007).
The bloggers demonstrate technological savvy in overcoming the Internet access restrictions to create their blogs, but they appear to have difficulty updating them regularly.
While she has not disclosed details in her blog, Generacion Y’s Yoani Sanchez, Cuba’s most prominent blogger, has described in interviews with foreign outlets how she writes blog entries, saves them on a flash memory drive, and uploads them at an Internet cafe (The New York Times, 6 March; The Wall Street Journal, 22 December 2007).
The apparently short-lived Potro Salvaje — whose title “Wild Colt” appears to mock Communications Minister Valdes’s warning in February 2007 that the Internet was a “wild colt” that needed to be controlled (www.cubaminrex.cu) — began on 11 March to provide explicit instructions to on-island Internet users about methods to bypass restrictions. The blog’s most recent post on 8 April highlighted the importance of the flash drive to transport data from one computer to another on the island.
Although many of the blogs are updated frequently, maintenance can be inconsistent — several have been abandoned or moved without notice. Two of the 11 blogs have not been updated since February 2008, despite having had regular posts prior.
The Cuban Government appears to have taken an indirect approach to limiting the influence of independent bloggers. It has warned of the dangers of the Internet, and bloggers charge it with monitoring the contents of their blogs and making it difficult to access the blogs.
In addition to calling the Internet a “wild colt,” Valdes said it was “a tool for global extermination” (www.cubaminrex.cu). Youth daily Juventud Rebelde has warned that portable storage devices such as flash drives increase vulnerability to computer viruses (17 April), and Fidel Castro asserted in a letter to the National Union of Writers and Artists (UNEAC) Conference that the Internet and other information technologies are invasions of privacy (Granma, 2 April).
In March, several of the blogs that share the Frankfurt-based Consenso Desde Cuba host website claimed the government was obstructing on-island access.
Since its founding in 2012, the National Institute of Justice’s Domestic Radicalization to Terrorism program has sponsored research on how radicalization to terrorism occurs in the United States in order to support prevention and intervention efforts. These projects have taken a variety of approaches to examining the process of radicalization to terrorism, but in spite of this there is substantial overlap in their findings, which collectively provide evidence of the importance of several facilitators of radicalization and the need to take into account how this process unfolds within individuals over time.
Facilitators of Radicalization to Terrorism
Terrorist belief systems or narratives
Activities that demonstrate commitment to a terrorist group or cause
Connections with terrorists in one’s offline social network
Connections with terrorists via the internet and/or social media
At the individual level, the radicalization process often involves embracing a terrorist belief system or narrative that identifies particular others or groups as “enemies” and justifies engaging in violence against them. Individuals may also begin to identify themselves as terrorists, as well as to engage in activities that highlight their commitments to their new beliefs, identities, and/or others who hold them. It is, however, important to note that while these beliefs and behaviors may facilitate the movement to terrorism, this outcome is not inevitable. Those close to these individuals may become aware of the changes that their friends and family members are undergoing and attempt to address them or seek help from others who can. An important implication of this is that trusted information and resources need to be available to assist in this effort. Another is that prevention and intervention efforts may benefit from addressing beliefs that justify violence and helping individuals to develop identities in which these beliefs are not central.
Testing Two Theoretical Perspectives on Radicalization to Terrorism
In their completed NIJ-sponsored research, a team led by the University of Arkansas tested whether role identity theory and framing theory help to explain how individuals and groups radicalize to terrorism (Smith et al., 2016). In doing so, the researchers built on previous research conducted using the American Terrorism Study (ATS) database (e.g., Smith & Damphousse, 2009; Smith, Damphousse, & Roberts, 2006; Smith, Roberts, & Damphousse, 2013) and focused not on testing a complete model of the radicalization process but rather on testing what they viewed to be a crucial component of it: the construction of a terrorist identity. This process is outlined in Figure 2 on page 11.
Several concepts displayed in the figure are central to understanding the analyses the team conducted. The first two are identity salience and identity pervasiveness — both of which are based on the premise that everyone has multiple identities (e.g., as a parent, teacher, musician). If an identity is salient, it is more likely to be brought to bear in a particular situation. If an identity is pervasive, it is more likely to be brought to bear in numerous situations. The researchers hypothesized that individuals with more salient and pervasive terrorist identities would be more likely to engage in terrorism.
This Joint Intelligence Bulletin (JIB) is intended to provide information on Australian national and violent extremist Brenton Tarrant’s 15 March 2019 attacks on two mosques in Christchurch, New Zealand. These attacks underscore the enduring nature of violent threats posed to faith-based communities. FBI, DHS, and NCTC advise federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and private sector security partners responsible for securing faith-based communities in the Homeland to remain vigilant in light of the enduring threat to faith-based communities posed by domestic extremists (DEs), as well as by homegrown violent extremists (HVEs) who may seek retaliation. This JIB is provided to assist federal, state, local, tribal, and territorial counterterrorism and law enforcement officials and private sector security partners to effectively deter, prevent, preempt, or respond to incidents and terrorist attacks in the United States.
(U) Attack Details
(U//FOUO) On 15 March 2019, New Zealand police arrested an Australian national who appeared to be inspired by a white supremacist ideology and who allegedly conducted a shooting attack on two mosques in Christchurch, New Zealand. This attack highlights the enduring threat of violence posed to faith-based communities. There are currently 49 victims deceased, and 20 others are listed as being in critical condition following the attack.
» (U//FOUO) On 15 March 2019, at about 1:40 PM local time, Australian national Brenton Tarrant used firearms to attack the Masjid Al Noor Mosque in the city of Christchurch, New Zealand, before conducting a similar shooting attack at the Linwood Masjid Mosque, approximately four miles away. Tarrant drove to the attack sites and livestreamed a video of the attack. Police also discovered improvised explosive devices in a vehicle connected with the attack. Tarrant is currently the only known perpetrator; however, investigation of his movements and associates continues.
» (U//FOUO) Tarrant disseminated a manifesto prior to the shooting which detailed his concerns of perceived “white genocide.” The manifesto contains a wide range of anti-immigrant and anti-Muslim views. One reason listed as to why he carried out the attack was “to create conflict…within the United States on the ownership of firearms in order to further the social, cultural, political, and racial divide within the United states [sic].”
» (U//FOUO) Tarrant claimed to have been planning the attack for two years and recently relocated to New Zealand to live temporarily while he “planned and trained.” He claimed to have chosen to conduct his attack in Christchurch three months prior to show such attacks could happen anywhere.
(U) Mosque Attacks Could Incite Like-Minded and Retaliatory Attacks
(U//FOUO) We are concerned online sharing of Tarrant’s livestreamed footage could amplify viewer reaction to the violent attack and possibly incite similar attacks by those adhering to violent extremist ideologies in the United States and abroad, as well as retaliatory attacks from HVEs and individuals otherwise affiliated with foreign terrorist organizations. Tarrant appeared to have been influenced by prior attacks by violent extremists in the United States and other countries, and we remain concerned that US-based DEs of similar ideologies could become inspired by this attack. Although most HVEs generally do not mobilize to violence in response to specific events and instead are usually influenced by a confluence of sociopolitical, ideological, and personal factors, exceptions may occur and we remain concerned for the potential of retaliatory attacks by some HVEs, as we have already seen calls for attacks by violent extremists online.
» (U//FOUO) Tarrant claimed Norwegian mass attacker Anders Brevik gave his “blessing” for the attack. Tarrant’s ammunition cases also displayed handwritten names of violent extremists in Canada and elsewhere who previously conducted violent attacks on Muslims or in support of violent extremist ideologies.
» (U//FOUO) An examination of online jihadist media following the mosque attacks indicates various al-Qa‘ida and ISIS supporters are posting attack images to express outrage and are calling upon all Muslims to respond to the New Zealand attacks by launching their own near-term attacks in retaliation.
The FBI has identified successful spearphishing campaigns directed at college and university students, especially during periods when financial aid funds are disbursed in large volumes. In general, the spearphishing emails request students’ login credentials for the University’s internal intranet. The cyber criminals then capture students’ login credentials, and after gaining access, change the students’ direct deposit destination to bank accounts within the threat actor’s control.
In February 2018, the FBI received notification of a spearphishing campaign targeting students at an identified University in the south eastern United States. The campaign occurred in January 2018 when an unidentified number of students attending the University received an email requesting their login credentials for the University’s internal intranet. Using the University’s intranet portal, the cyber criminals accessed a third-party vendor that manages the disbursement of financial aid to students and changed the direct deposit information for 21 identified students to bank accounts under the cyber criminal’s control. The threat actor stole approximately $75,000 from the 21 students. The student accounts were accessed by at least 13 identified US Internet Protocol (IP) addresses.
On 31 August 2018, the Department of Education identified a similar spearphishing campaign targeting multiple institutions of higher education. In this campaign, the cyber criminals sent students an email inviting them to view and confirm their updated billing statement by logging into the school’s student portal. After gaining access, the cyber criminals changed the students’ direct deposit destinations to bank accounts under the threat actor’s control.
The nature of the spearphishing emails indicates the cyber criminals conducted reconnaissance of the target institutions and understand the schools’ use of student portals and third-party vendors for processing student loan payment information. In addition, the timing of the campaigns indicates the cyber criminals almost certainly launched these campaigns to coincide with periods when financial aid funds are disseminated in large volumes.
The FBI recommends providers implement the preventative measures listed below to help secure their systems from attacks:
Notify all students of the phishing attempts and encourage them to be extra vigilant
Implement two-factor authentication for access to sensitive systems and information
Monitor student login attempts from unusual IP addresses and other anomalous activity
Educate students on appropriate preventative and reactive actions to known criminal schemes and social engineering threats
Apply extra scrutiny to e-mail messages with links or attachments directed toward students
Apply extra scrutiny to bank information initiated by the students seeking to update or change direct deposit credentials
Direct students to forward any suspicious requests for personal information to the information technology or security department