Using Open Source Web Intelligence (WEBINT) to Identify Potential Terror Organization Recruits Originating from European Countries

bluedownloadUnlike in the past, today’s terror organizations are using public social networks to run recruitment campaigns that specifically target Westerners. The recent success of one such organization to recruit thousands of members into its ranks—and specifically the alarming number of recruits that originated from countries outside its theater of operations—is of great concern for global law enforcement and intelligence agencies.

One key challenge is to identify these so-called “terror tourists”: local promoters and recruiters who may act as a catalyst in the expansion and import of terror activities into their respective homelands.

OpenMIND™ is an end-to-end WEBINT solution that leverages unique harvesting capabilities alongside embedded intelligence and task-oriented analytics to provide end users with comprehensive situational awareness. OpenMIND empowers investigators and analysts to scour masses of publicly shared data from the surface, deep and dark web, and multiple languages, using a wide array of analytics to highlight extremist group supporters, recruiters and recruits.


Defining Parameters for Monitoring and Alerting

An analyst assigned to monitor the web for impending violent civil unrest uses OpenMIND’s out-of-the-box data collection templates to automatically monitor and analyze publicly shared discussions in known publicly shared radical forums, blogs and social networking accounts. The analyst sets alerting criteria to ensure that he is immediately notified whenever a threshold is reached (e.g., when language describing or related to the planning of a violent protest is detected; when a known extremist or a political VIP is named or referenced; when there is a substantial spike in the number or frequency of posts).

Identifying Potential “Terror Tourists” From London


OpenMIND’s Source Development module has an intuitive workflow that enables intelligence operators to establish an extensive coverage base consisting of relevant online communities and discussions.

An OpenMIND analyst initiates an investigation to find terrorism-related online recruitment propaganda. He chooses to focus on social network accounts, pages and groups, and begins by entering relevant terms into OpenMIND’s Source Development module. Doing so reveals several accounts showing terrorism-related activity across multiple social network platforms.

Then, using varied analysis widgets and filtering tools (e.g., social influence metrics, country, language, etc.), the analyst quickly zooms in on the six most prominent social pages and groups (i.e., those that have the highest numbers of members and levels of social interaction), instantly flagging them for in-depth analysis.

OpenMIND automatically processes the data and extracts entries (e.g., names, locations, indicative text, contact details, etc.), publicly shared attributes (e.g., hometowns, current locations, education, workplaces, etc.) and metrics (i.e., social engagement levels), and categorizes them into facets. The analyst uses these facets to identify ten users who a) are active in more than one terrorism-related account; b) share content (including text and images) in support of terror activities; and c) have indicated London as their hometown. This combination of activity, metadata and shared content leads the analyst to further investigate these accounts as potential terror organization recruits.

Day of the Event: Real-time Geospatial & Temporal Analysis

On the day of the event, the analyst sets a geo-fence around the protest area in order to monitor in real time photos, videos and text publicly shared by participants and bystanders via smart phones and other devices. The analyst visualizes the incoming information as individual geography-based clusters, and adds data layers (e.g., topics; hashtags; user accounts; indicative text) to each in order to generate a 360-degree view of all relevant data. Leveraging this visualization, the analyst correctly assesses the physical trajectory of the protest and its potential for turning violent.

A closer look at a cluster located approximately two miles west of the event’s epicenter reveals the use of violent terminology, such as “counter-protest” and “clash”; images depicting hostility between factions of protesters; and two highly active forum users who are inciting others to engage in physical confrontation.

As the analyst monitors the protest in real time, OpenMIND provides actionable insights to support the activities of forces on the ground that proceed to block key routes (to contain the protest) and identify and apprehend those responsible for promoting violence.

OpenMIND’s reports and stored content later serve as post-event intelligence during debriefing and legal procedures.


OpenMIND’s intuitive, faceted navigation enables users to easily pinpoint social user accounts with attributes of interest.


A suite of metrics, graphical layouts and conditions (AND, OR, NOT, etc.) helps OpenMIND users to generate valuable insights from a social network map—insights that would be unreachable using standard search engines.

Learn how OpenMIND leverages the deep web

Inquiry Form >>