Executive Summary: Since April, unidentified assailants partially damaged or destroyed over 70 communications masts across the UK. The attacks were inspired by an online conspiracy theory linking 5G communications to the ongoing coronavirus pandemic. Whilst these incidents were not treated as terrorism, they illustrate the potential for conspiracy theories, disseminated online, to incite violence offline. Conspiracy theories popular on a number of online forums have also been linked to several high-profile attacks in the United States, underscoring the potentially deadly impact conspiracy theories can have. However, whilst conspiracy theories may incite violence, organisations can monitor the spread of theories to accurately assess the risks to their businesses.
By Callum Yourston, Analyst: Risk Awareness Team – SOLUTIONS division
14 July 2020
Since April, unidentified attackers have damaged or destroyed over 70 mobile phone towers across the United Kingdom. Police linked these attacks to an online conspiracy theory propagated on several blogs that links the spread of the COVID-19 virus to 5G signals. As well as targeting infrastructure, some 40 telecoms engineers have been attacked or threatened, with one being hospitalised by a stabbing attack.
Whilst none of these incidents have been classed as terrorist in nature, it is clear that ideas within the internet zeitgeist can have destructive offline consequences. Indeed, the Federal Bureau of Investigation in the United States last year released an intelligence bulletin warning that conspiracy theory-driven extremists are a domestic terror threat.
The arson attacks in the UK are hardly the first incidents where conspiracy theories have provoked violence. Online conspiracy theories in the United States have had violent and sometimes deadly offline consequences. In 2016, a gunman opened fire in a pizza restaurant in Washington DC, ascribing his motives to the debunked ‘Pizzagate’ conspiracy theory. This theory falsely claimed that the restaurant was harbouring a child sex abuse ring led by Hilary Clinton.
Separately, authorities linked the attacker responsible for the Tree of Life synagogue shooting in Pittsburgh in October 2018 to several online conspiracy theories involving prominent Jewish figures in American politics. The gunman killed 11 people in this incident. Neither of the attackers in these incidents were charged with terrorist-related offences, although many academics and former government officials agree that authorities should charge the Pittsburgh synagogue attack with an act of domestic terrorism.
As exemplified by the Pittsburgh attack, far-right terrorism often sits at the intersection of conspiracy theory and political ideology. Forums popular with right-wing extremists such as Gab and 8chan disseminate bizarre falsehoods like ‘Pizzagate’ alongside what amounts to white nationalist doctrine. Largely unmoderated and accessible globally, these forums can facilitate the spread of radical, violent ideas across borders as seen with the increasing ubiquity of the ‘great replacement theory’ amongst far-right thinking across the West.
While the distinction between conspiracy theory-driven terrorism and other violent ideologies is often blurred, incidents like the recent attacks against telecoms infrastructure demonstrate that online falsehoods with no relation to established schools of political thought are capable of galvanising violence.
While organisations rarely receive warning that they are to be attacked, many are cognizant that terrorists and other bad actors wish them harm. By monitoring the spread of online conspiracy theories, security conscious organisations can identify warning signals that their assets may be at risk. However, tracking malicious chatter across different online channels is challenging and dedicated intelligence tools are beyond the means of many companies.
Nonetheless, undertaking periodic security risk assessments can help organisations identify potential threats and inform whether their existing security posture is appropriate. Of course, preventing all attacks, even with prior knowledge that a business or organisation maybe higher risk provided through predictive intelligence, is impossible, having appropriate security protocols in place can lessen the impact that a terrorist attack can have on businesses as well as save lives. This can include staff training, having an appropriate in/evacuation plan in place and following the advice of the government and national counter-terrorism police.