Did Terrorists Use Twitter to Increase Situational Awareness?

Those who are still skeptical about the value of Twitter for real-time situational awareness during a crisis ought to ask why terrorists likely think otherwise. In 2008, terrorists carried out multiple attacks on Mumbai in what many refer to as the worst terrorist incident in Indian history. This study, summarized below, explains how the terrorists in question could have used social media for coor-dination and decision-making purposes.

The study argues that “the situational information which was broadcast through live media and Twitter contributed to the terrorists’ decision making process and, as a result, it enhanced the effectiveness of hand-held weapons to accomplish their terrorist goal.” To be sure, the “sharing of real time situational information on the move can enable the ‘sophisticated usage of the most primitive weapons.'” In sum, “unregulated real time Twitter postings can contribute to increase the level of situation awareness for terrorist groups to make their attack decision.”

According to the study, “an analysis of satellite phone conversations between terrorist commandos in Mumbai and remote handlers in Pakistan shows that the remote handlers in Pakistan were monitoring the situation in Mumbai through live media, and delivered specific and situational attack commands through satellite phones to field terrorists in Mumbai.” These conversations provide “evidence that the Mumbai terrorist groups understood the value of up-to-date situation information during the terrorist operation. […] They under-stood that the loss of information superiority can compromise their operational goal.”

Handler: See, the media is saying that you guys are now in room no. 360 or 361. How did they come to know the room you guys are in?…Is there a camera installed there? Switch off all the lights…If you spot a camera, fire on it…see, they should not know at any cost how many of you are in the hotel, what condition you are in, where you are, things like that… these will compromise your security and also our operation […]

Terrorist: I don’t know how it happened…I can’t see a camera anywhere.

A subsequent phone conversation reveals that “the terrorists group used the web search engine to increase their decision making quality by employing the search engine as a complement to live TV which does not provide detailed information of specific hostages. For instance, to make a decision if they need to kill a hostage who was residing in the Taj hotel, a field attacker reported the identity of a hostage to the remote controller, and a remote controller used a search engine to obtain the detailed information about him.”

Terrorist: He is saying his full name is K.R.Ramamoorthy.

Handler: K.R. Ramamoorthy. Who is he? … A designer … A professor … Yes, yes, I got it …[The caller was doing an internet search on the name, and a results showed up a picture of Ramamoorthy] … Okay, is he wearing glasses? [The caller wanted to match the image on his computer with the man before the terrorists.]

Terrorist: He is not wearing glasses. Hey, … where are your glasses?

Handler: … Is he bald from the front?

Terrorist: Yes, he is bald from the front …

The terrorist group had three specific political agendas: “(1) an anti-India agenda, (2) an anti-Israel and anti-Jewish agenda, and (3) an anti-US and anti-Nato agenda.” A content analysis of 900+ tweets posted during the attacks reveal whether said tweets may have provided situational awareness information in support of these three political goals. The results: 18% of tweets contained “situa-tional information which can be helpful for Mumbai terrorist groups to make an operational decision of achieving their Anti-India political agenda. Also, 11.34% and 4.6% of posts contained operationally sensitive information which may help terrorist groups to make an operational decision of achieving their political goals of Anti-Israel/Anti-Jewish and Anti-US/Anti-Nato respectively.”

In addition, the content analysis found that “Twitter site played a significant role in relaying situational information to the mainstream media, which was monitored by Mumbai terrorists. Therefore, we conclude that the Mumbai Twitter page in-directly contributed to enhancing the situational awareness level of Mumbai terrorists, although we cannot exclude the possibility of its direct contribution as well.”

In conclusion, the study stresses the importance analyzing a terrorist group’s political goals in order to develop an appropriate information control strategy. “Because terrorists’ political goals function as interpretative filters to process situational information, understanding of adversaries’ political goals may reduce costs for security operation teams to monitor and decide which tweets need to be controlled.”


See also: Analyzing Tweets Posted During Mumbai Terrorist Attacks [Link]

13 responses to “Did Terrorists Use Twitter to Increase Situational Awareness?

  1. Pingback: Cyberculture roundup: New Laws on Privacy issues, Iranian presidential candidate does Reddit AMA, CISPA on the agenda… « Erkan's Field Diary

  2. Pingback: Twitter bei Terror-Attacken als Instrument der Angriffsplanung?: eine Analye des Anschlags in Mumbai 2008 | Wirtschaftsprofiling und Unternehmenssicherheit

  3. Great summary, Patrick. This evolution of social media usage is a bit scary. I seem to remember there was a similar thing in the 2011 London Riots, too. Would be interested on your thoughts as to how we can continue to use social media as a helpful organising tool in crises, without opening it up to such nefarious exploitation. Do you think it can be done?

    • Hi Julia, thanks for reading and writing in.

      Your question is a very good one. I don’t think we can completely eliminate risk. But we can develop and adopt guidelines based on best practices, etc. Which is why I’ve been collaborating with the ICRC to introduce said guidelines into their data privacy & protection principles. The resulting document will be launched in Geneva in April. I believe that following these guidelines will provide us with “sign posts” on how we can continue to use social media in a way that minimizes threats & risks. But again, I don’t believe we can ultimately eliminate these entirely. Crisis Mapping can be risky business.

      Here are some links that may be of interest to you:


      I obviously don’t have all the answers. So I’d love to get any thoughts you might have on how we can minimize the risk you describe.

      Thanks again for reading and writing in!

      • Hey Patrick, thanks for the links — I will have a read.

        I like the idea of guidelines. If you combine that with Twitter’s verification feature, and ideas like the #mythbuster tag used in Qld’s floods in 2011, you can go part of the way to mitigating the risk. I think the benefits of crowd source vs the challenge of validating of trusted sources is tricky to achieve, especially when you factor in varying levels of user expertise. I, for example, rarely use Twitter socially, so I’m far from an expert user; but I relied heavily on it during the floods. You combine novice users who have a total lack of expertise around privacy/security, and that has the potential to create a problematic flow of information ripe for exploitation.

        Anyway, thanks for the reply. I will have a bit more of a read and a think and hopefully have some fresh ideas to share.

  4. Twitter’s feed view doesn’t let you see verification. To prevent spread of false info, what if you could run a portal off Twitter’s API that pulled in the “trustworthiness” of a source (or even at a basic level — whether they are a verified user)? Some kind of eBay style approach that allows you to crowd-source a user’s trustworthiness.

    Or the flip-side, some kind of hashtag that only broadcasts your messages to verified / secure accounts and their like friends? But then the risk becomes that you limit Twitter’s usefulness. Tough problem to solve for sure!

    • Hi Julia, good thinking, you may find some of posts here of interest:


      Storyful takes a similar approach to the one you describe and I’m hoping to work on a related project that would help accelerate the identification of trusted vs untrusted users. If the project moves forward, I should have an update by mid-2013 in case you want to check in again later.

  5. Pingback: ICT 4 War | Let them talk

  6. Pingback: Analyzing Tweets Posted During Mumbai Terrorist Attacks | iRevolution

  7. Pingback: Cyberculture roundup: New Laws on Privacy issues, Iranian presidential candidate does Reddit AMA, CISPA on the agenda… « Erkan's Field Diary

  8. People’s desire to be the first to tweet “Breaking news” seems to overshadow common sense that they may be putting lives in danger.
    Watching the situation in Nairobi unfold, I was amazed (but not surprised) to see people tweeting the locations of those in hiding, and positions of the police (as we also saw during the Boston marathon situation). Does the need to be seen as “on top of the situation from another country really take precedence over people’s safety??
    People were calling for a media blackout during the Westgate attack, as the terrorists were said to be watching the monitors in the mall, but anyone that uses Twitter knows that info flows faster there – so of course they will watch that stream as well (and given they were live-tweeting the attack…it’s obvious they do)
    I think it’s high time for some modified user regulations in situations like these – the technology is putting lives at risk, and just as social sites are obligated to protect viewers from harm from things like pornography, so too should they be mandated to protect in life threatening situations. It’s a tall order, but obviously the general population can’t use the service intelligently during these times.

  9. …..We are glad that the Kenya Government gave a blackout to info by moving the press almost half a Kilometre away. I think it helped immensely in keeping the terrorists in the dark

  10. Pingback: Forensics Analysis of #Westgate Tweets | iRevolution

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s