Lydia Baccino, Sophia Ritscher, Iris Hautaniemi Forsberg, Martina Schlaverano, Magdalena Breyer, Isaiah Johnson, NORTHCOM and Extremism Teams
Elena Alice Rossetti, Alya Fathia Fitri, Editor; Evan Beachler, Radhika Ramalinga Venkatachalam, Senior Editor
September 9, 2023
Anti-Defamation League Logo[1]
The Counterterrorism Group (CTG) is issuing a FLASH ALERT to all Anti-Defamation League (ADL) employees and law enforcement following threats aimed at ADL staff posted on various social media channels and internet forums. The Telegram channel “Cali Cyberwaffen” published an extensive ADL employee contact sheet containing personal identifying information, departments, and job descriptions, which has seen significant engagement through reposts and forwarding. The perpetrators uploaded the spreadsheet as a .csv file titled “F*ckTheADL.csv.” Threatening far-right posts increased after the hashtag “#BanTheADL” gained popularity following Elon Musk’s growing interactions with white supremacists and antisemites calling for removing the ADL from X, formerly Twitter. These posts are the latest example of a series of threats, non-violent, and violent attacks aimed directly at the ADL in recent months. Previous instances include a protest in Florida with chants of “Ban The ADL” and a series of bomb threats directed at two ADL offices. Gab posts from the user “KeepNHGranite” have revealed a theory circulating that the “FBI has literally become the armed enforcement wing of the ADL,” furthering anti-government rhetoric.
CTG is on HIGH alert for the safety of ADL employees following the doxing of PII, resulting in severe threats across various social media platforms. The unknown assailants VERY LIKELY belong to the far-right spectrum. These individuals are VERY LIKELY targeting the ADL out of antisemitism. They are VERY LIKELY preparing to take violent measures against the ADL, VERY LIKELY wanting to intimidate ADL employees to prevent them from successfully fighting antisemitism and injustice.
On September 6, an ADL employee contact sheet started spreading again on multiple social media platforms, including far-right Telegram channels and other deep/dark web platforms. The list, which had earlier circulated on far-right social media channels in July 2022, contains names, e-mails, telephone numbers, current and previous addresses, departments, and job descriptions of ADL employees. The social media accounts spreading this list had previously expressed antisemitic rhetoric and intention to engage in violent acts against religious and ethnic minorities.[2] The list’s dissemination comes after a post from Elon Musk on X, on September 4, blaming the ADL for lost advertising revenue.[3] Musk stated, “If this continues, we will have no choice but to file a defamation suit against, ironically, the 'Anti-Defamation' League.”[4] In May 2023, the ADL reported that antisemitism and hate speech had increased on X since Musk bought the social media platform.[5] Previous research by the ADL and the Center for Countering Digital Hate (CCDH) has shown that antisemitic posts increased by over 60 percent in the first two weeks after Musk’s acquisition.[6] In response, Musk filed a lawsuit against the CCDH in August.[7]
Musk liked and responded to a post on X by known Irish white nationalist Keith Woods using the hashtag “#BanTheADL”, which led to the hashtag trending on X and other social media platforms.[8] The hashtag has been gaining attention after mentions by prominent people in the far-right movement, such as Nicholas Fuentes, Andrew Torba, and Alex Jones.[9] In an interview with MSNBC on September 8, ADL CEO Jonathan Greenblatt referred to the “Ban the ADL” chanting by neo-Nazis during a September 3 march in Florida.[10] In July and August, two ADL offices also received fake bomb threats.[11] At the beginning of 2023, the ADL reported that antisemitism in the US was rising, with 3,697 reported antisemitic incidents in 2022. This 36 percent increase from 2021 to 2022 resulted in the highest number of incidents since the ADL began recording these in 1979.
Gab, a social media company frequented by the far-right, has seen its users further the theory that there is a working relationship between the FBI and the ADL. An original post by the user “KeepNHGranite” states, “Every grandstanding ‘clean up the FBI’ Republic politician and every Discount Code Conservative influencer that fails to mention the ADL’s direct influence over the FBI is lying to you by silence or omission… The FBI has literally become the armed enforcement wing of the ADL.”[12] A user interacting with this post named “Agent156,” who has swastikas in their handle, has encouraged this anger and is warning their followers that people need to be aware of the “Jewish power grab” before it's too late. This user states in their post “can enough people be made aware of the jew power grab before the Jews complete the power grab… sooner is better than later because it will be easier to halt it than to coup and rollback on it.”[13] Friggenbozo, a Gab user, calls themselves a “haxor,” an informal term used among coders, that describes their hatred for the ADL and explains how as a haxor they will do what they do best and ends their post stating “watch how fin annoying I can be.”[14] Another user, BiggJimJones, labeled the ADL as a “domestic terrorist organization”[15] and an “anti-white Jewish Supremacy hate group organization.”[16] Responding to Andrew Torba’s post on Gab, a self-declared national socialist who frequently reposts swastikas, shared an image of Adolf Hitler and stated, “Many warning have been given unfortunately Jewish propaganda has Americans calling our parasitic enemy our greatest ally.”[17]
Far-right extremists will almost certainly attempt to intimidate and harass ADL employees. They will likely use the list of contacts shared online to dox these employees’ emails and phone numbers. Some militants of white supremacy and far-right forums will likely attack the private homes of doxed ADL members by leaving intimidating messages or vandalizing those addresses.
ADL employees will likely fear violent repercussions from their private information circulating in extremist forums, and minority ADL members will very likely remove their profiles from platforms such as Facebook and LinkedIn as they provide further insight into their private lives. If they start receiving intimidating calls and threats, they will very likely change their phone numbers. To avoid similar incidents in the future, ADL employees will likely undergo additional privacy training, like using aliases, especially when posting about their activities online, as it likely reduces the chance of individuals with malicious intent tracking them.
Social media platforms have a roughly even chance to tighten security protocols after finding extremist content online. The volume of content shared, encryption and privacy rules, alternative platforms, and legal speech protections will likely limit the ability of social media to censor far-right content and will likely create a backlash. For privately owned platforms, such as X, the political and financial risks associated with more intense content censorship will very likely outweigh the gains from shutting down far-right forums, very likely leading to inaction.
Right-wing extremists will likely threaten and target other companies and individuals associated with the ADL. Anti-hate movements and organizations like the CCDH will likely become targets of information leaks and doxing within the upcoming months. This targeting is especially likely in case social media platforms do not tighten control over suspicious and controversial posting, as far-right militants will likely enjoy impunity while continuing to share information and planning attacks. The platform X will likely become suited for attacking associations in conflict with X’s owner, Musk, such as the CCDH, as X will very likely not delete hate posts against these associations.
CTG recommends that all ADL employees receive additional Operational Security training to maintain digital and physical privacy. ADL employees who experienced a data leak should temporarily delete their social media and change their contact details. Community watch groups and additional physical safety measures, like installing home security systems, should be created to counter possible home invasions and identify intruders. Employees with doxed identities should implement further security strategies, such as temporarily staying with friends and family or in hotels and switching cell phone numbers. CTG also recommends that ADL employees instruct their children to take additional safety precautions when separated from their parents.
CTG recommends that law enforcement increase the surveillance of and presence at ADL offices, Jewish establishments, and synagogues. Individuals at these locations should increase their situational awareness and immediately report suspicious behavior to local authorities. CTG encourages the ADL to implement a remote working policy to minimize the threat against ADL employees at the offices and reduce potential casualties in case of attacks against ADL buildings or physical intimidation outside the buildings.
CTG recommends that social media platforms, especially X, review and strengthen their current online safety protocols and accessibility of reporting mechanisms. CTG further recommends that social media platforms increase monitoring of their users, consider deleting posts that could inspire violence, and ban individuals who spread hate speech, violence-inciting, or antisemitic content. Content moderators should implement a collaborative, shared hashing database to track trending terms and monitor the posters and supporters of hate speech.
CTG’s NORTHCOM and Extremism analytical teams will continue to analyze and monitor further developments, such as statements, threats, or attacks by far-right individuals against ADL employees. These teams will work closely with CTG’s Digital Targeter program and the Worldwide Analysis of Threats, Crime, and Hazards (WATCH) team to gather additional information in real-time and warn the public in the event of threat escalation or attacks.
CTG assesses that the current threat climate is HIGH given the increased antisemitic aggression against Jewish individuals and ADL employees.
Digital harassment is a very likely threat since PII about ADL employees is now public. These far-right Telegram groups likely possess basic cybersecurity backgrounds, are politically educated, and are armed with high-capacity firearms such as AR-15 rifles. There is a roughly even chance that former intelligence officers or military personnel serving in an S2 intelligence battalion assisted in the collection process of PII. These groups are likely plotting physical aggression towards ADL personnel. The CTG did not observe an active plan targeting specific members. Any observed coordination between members is very likely to result in an attack based on their physical and intelligence capabilities.
Current doxed ADL members and their associates are likely at risk. Similar organizations like the CCDH are likely to be targeted for their similar stance against hate speech. Left-leaning politicians, judges, and lawyers will likely be targeted based on past legal cases or stances combating hate speech.
Radical political groups will likely begin conducting more rudimentary intelligence operations against political enemies and Non-Governmental Organizations (NGOs). NGOs will very likely require counterintelligence operations in response to being the target of hostile investigations from far-right organizations. These operations are very likely to result in more organizations establishing intelligence departments in organizations that require a high-security posture, like Planned Parenthood.
These threats pose actionable dangers to ADL employees and their associates as a result of the exposed PII of ADL employees. Digital platforms such as X, Gab, and Telegram allow these far-right groups to organize into dangerous cells, very likely increasing their lethality.
Similar harassment has been limited to verbal/digital harassment, unarmed attacks, or bomb threats on ADL locations but has not manifested in mass shooting-style attacks.
This incident appears to be the first documented case of a large number of ADL employees having had their PII leaked and shared on encrypted channels. Far-right groups will very likely continue to target the ADL through cybersecurity attacks and future investigations. Given their political stances and conflict with X, formerly Twitter, far-right actors are almost certain to continue intelligence operations against the ADL.
Analysis indicates there is a HIGH PROBABILITY that online threats toward ADL employees and Jewish communities will continue to increase, gathering more attention and fueling antisemitism. The ADL and Jewish communities will VERY LIKELY experience a surge in threats toward their infrastructure and individuals as the ADL scrutiny in far-right media and online extremist communities continues to increase. Far-right extremists are VERY LIKELY to harass the doxed ADL employees online and physically through acts of violence and intimidation, including attacks on private homes. There is a HIGH PROBABILITY that far-right extremists will target individuals and companies associated with the ADL through information leaks and doxing.
[1] “Anti-Defamation League Logo” by matthewfisher09 licensed under Creative Commons Attribution-Share Alike 4.0 International
[2] Threat Hunter from Telegram
[3] Elon Musk’s X Corp sues anti-hate speech group over Twitter claims, The Financial Times, August 2023, https://www.ft.com/content/96a06e9a-5fc8-4a28-ae10-5aed0138bfa2
[4] Elon Musk blames ADL for lost revenue, says he opposes antisemitism 'of any kind', NBC News, September 2023, https://www.nbcnews.com/tech/tech-news/elon-musk-blames-adl-lost-revenue-says-anti-semitism-kind-rcna103292
[5] Evaluating Twitter's Policies Six Months After Elon Musk's Purchase, Anti-Defamation League, May 2023, https://www.adl.org/resources/blog/evaluating-twitters-policies-six-months-after-elon-musks-purchase
[6] Hate Speech’s Rise on Twitter Is Unprecedented, Researchers Find, The New York Times, December 2022, https://www.nytimes.com/2022/12/02/technology/twitter-hate-speech.html
[7] Elon Musk’s X Corp sues anti-hate speech group over Twitter claims, The Financial Times, August 2023, https://www.ft.com/content/96a06e9a-5fc8-4a28-ae10-5aed0138bfa2
[8] Elon Musk amplifies call by antisemites to ban the ADL from X, The Times of Israel, September 2023, https://www.timesofisrael.com/elon-musk-amplifies-call-by-antisemites-to-ban-the-adl-from-x/
[9] ADL Statement on X/Twitter, Anti-Defamation League, September 2023, https://www.adl.org/resources/press-release/adl-statement-xtwitter
[10] @@JGreenblattADL, X, September 8 2023, https://twitter.com/JGreenblattADL/status/1700175951382872302
[11] ADL Statement on Series of Antisemitic Swatting Incidents Targeting Synagogues, Anti-Defamation League, August 2023, https://www.adl.org/resources/press-release/adl-statement-series-antisemitic-swatting-incidents-targeting-synagogues
[12] Daniel Concannon, from GAB via CyberHUMINT
[13] Agent156, from GAB via CyberHUMINT
[14] Friggenbozo, from GAB via CyberHUMINT
[15] BiggJimJones, from GAB via CyberHUMINT
[16] Ibid
[17] @Chrome_Vanadium, from GAB via CyberHUMINT