Hyderabad, India — When ISIS identified a promising young recruit willing to carry out an attack in one of India’s major tech hubs, the group made sure to arrange everything down to the bullets he needed to kill victims.
For 17 months, terrorist operatives guided the recruit, a young engineer named Mohammed Ibrahim Yazdani, through every step of what they planned to be ISIS’ first strike on Indian soil.
They vetted each new member of the cell as Yazdani recruited helpers. They taught him how to pledge allegiance to the terrorist group and securely send the statement.
And from Syria, investigators believe, the group’s virtual plotters organized for the delivery of weapons as well as the precursor chemicals used to make explosives, directing the Indian men to hidden pickup spots.
Until just moments before the arrest of the Indian cell, last June, ISIS’ cyberplanners kept in near-constant touch with the men, according to the interrogation records of three of the eight suspects.
As officials around the world have faced a confusing barrage of attacks dedicated to ISIS, cases like Yazdani’s offer troubling examples of what counterterrorism experts are calling enabled or remote-controlled attacks: violence conceived and guided by operatives in areas controlled by ISIS whose only connection to the would-be attacker is the internet.
In the most basic enabled attacks, ISIS handlers acted as confidants and coaches, coaxing recruits to embrace violence. In the Hyderabad plot, among the most involved found so far, the terrorist group reached deep into a country with strict gun laws to arrange for pistols and ammunition to be left in a bag swinging from the branches of a tree.
For the most part, the operatives who are conceiving and guiding such attacks are doing so from behind a wall of anonymity. When the Hyderabad plotters were arrested last summer, they could not so much as confirm the nationalities of their interlocutors in ISIS, let alone describe what they looked like. Because the recruits are instructed to use encrypted messaging applications, the guiding role played by the terrorist group often remains obscured.
As a result, remotely guided plots in Europe, Asia and the United States in recent years, including the attack on a community center in Garland, Tex., were initially labeled the work of “lone wolves,” with no operational ties to ISIS, and only later was direct communication with the group discovered.
While the trail of many of these plots led back to planners living in Syria, the very nature of the group’s method of remote plotting means there is little dependence on its maintaining a safe haven there or in Iraq. And visa restrictions and airport security mean little to attackers who strike where they live and no longer have to travel abroad for training.
Close examination of both successful and unsuccessful plots carried out in ISIS’ name over the past three years indicates that such enabled attacks are making up a growing share of the operations of the group.
“They are virtual coaches who are providing guidance and encouragement throughout the process — from radicalization to recruitment into a specific plot,” said Nathaniel Barr, a terrorism analyst at Valens Global, who along with Daveed Gartenstein-Ross of the Foundation for Defense of Democracies in Washington wrote one of the first articles discussing the virtual plotters.
“If you look at the communications between the attackers and the virtual plotters, you will see that there is a direct line of communication to the point where they are egging them on minutes, even seconds, before the individual carries out an attack.”
Detailing this kind of plot direction has become a critical focus of counterterrorism officials in the United States and Europe, as they try to track terror planners who pose a lasting threat and to unravel the criminal networks that the group uses as middlemen to facilitate attacks.
Yazdani’s case presents one of the most detailed accounts to date of how ISIS is exporting terrorism virtually. This style of attack has allowed the terrorist group’s reach to stretch into countries as disparate as France and Malaysia, Germany and Indonesia, Bangladesh and Australia. And plots have been discovered in multiple locations in the United States, including in Columbus, Ohio, the suburbs of Washington and upstate New York.
“I fear this is the future of ISIS,” said Bridget Moreng, an analyst whose research on the virtual plotters was recently published in Foreign Affairs.
Until roughly a year ago, ISIS recruiters aggressively pushed the message that going to Syria was a spiritual obligation.
The recruiters hid within an ocean of 2.3 billion live social media accounts, flooding the internet with romanticized videos of life inside the so-called caliphate, as well as brutal execution videos, using them as clickbait to lure potential recruits.
One of the ISIS’ most influential recruiters and virtual plotters was known by the nom de guerre Abu Issa al-Amriki, and his Twitter profile instructed newcomers to contact him via the encrypted messaging app Telegram. Among those who sought him out, asking for instructions on how to reach Syria, was Yazdani, who had convinced himself that it was his religious duty to move his family to the “caliphate.”
By 2015, Amriki was one of close to a dozen cyberplanners based in Syria or Iraq who were already actively recruiting volunteers abroad, according to a tally based on investigation records from North America, Europe and Asia.
Initially, they made little effort to hide, posting grandiose threats against the West on public social media feeds. They were sometimes discounted as mere cheerleaders for the terrorist group.
But by the late spring of 2015, they were considered enough of a threat that both American and British intelligence began tracking their movements, methodically targeting them with airstrikes and killing several since then.
New York Times