Lydia Baccino, Sophia Ritscher, Iris Hautaniemi Forsberg, Martina Schlaverano, Magdalena Breyer, Isaiah Johnson, NORTHCOM and Extremism Teams
Elena Alice Rossetti, Alya Fathia Fitri, Editor; Evan Beachler, Radhika Ramalinga Venkatachalam, Senior Editor
September 9, 2023
Anti-Defamation League Logo[1]
The Counterterrorism Group (CTG) is issuing a FLASH ALERT to all Anti-Defamation League (ADL) employees and law enforcement following threats aimed at ADL staff posted on various social media channels and internet forums. An Extensive ADL employee contact sheet containing personal identifying information, departments, and job descriptions, which has been posted on social media channels and has seen significant engagement through reposts and forwarding. Threatening far-right posts increased after the hashtag “#BanTheADL” gained popularity following Elon Musk’s growing interactions with white supremacists and antisemites calling for removing the ADL from X, formerly Twitter. These posts are the latest example of a series of threats, non-violent, and violent attacks aimed directly at the ADL in recent months. Previous instances include a protest in Florida with chants of “Ban The ADL” and a series of bomb threats directed at two ADL offices. Gab posts have revealed a theory circulating that the “FBI has literally become the armed enforcement wing of the ADL,” furthering anti-government rhetoric.
CTG is on HIGH alert for the safety of ADL employees following the doxing of PII, resulting in severe threats across various social media platforms. The unknown assailants VERY LIKELY belong to the far-right spectrum. These individuals are VERY LIKELY targeting the ADL out of antisemitism. They are VERY LIKELY preparing to take violent measures against the ADL, VERY LIKELY wanting to intimidate ADL employees to prevent them from successfully fighting antisemitism and injustice.
On September 6, an ADL employee contact sheet started spreading again on multiple social media platforms, including far-right channels and other deep/dark web platforms. The list, which had earlier circulated on far-right social media channels in July 2022, contains names, e-mails, telephone numbers, current and previous addresses, departments, and job descriptions of ADL employees. The social media accounts spreading this list had previously expressed antisemitic rhetoric and intention to engage in violent acts against religious and ethnic minorities.[2] Users interacting with the list express an angry, racist, antisemitic, misanthropic viewpoint that vilifies various perceived enemies and calls for violent retaliation outside the law.
There is advocacy of extremist methods and formation of militant groups to dispense "justice." As an employee list got leaked a year ago, this has led users to steadily grow violent rhetoric online, allowing time for groups to form who are willing to act on violence discussed online. The texts indicate an ideological outlook deeply distrustful of fellow humans, government, and modern systems, which could potentially lead to acts of violence by those who share this mindset. Viewpoints indicative of radicalization and the potential for extremist violence by aggrieved individuals are growing in engagement with like-minded individuals who view brutality as the solution to perceived injustices. The underlying tone for these posts expresses a viewpoint that nonviolence does not work against adversaries who are perceived as uncaring, immoral or hateful, and that violence is therefore justified for self-preservation and retribution.
The list’s dissemination comes after a post from Elon Musk on X, on September 4, blaming the ADL for lost advertising revenue.[3] Musk stated, “If this continues, we will have no choice but to file a defamation suit against, ironically, the 'Anti-Defamation' League.”[4] In May 2023, the ADL reported that antisemitism and hate speech had increased on X since Musk bought the social media platform.[5] Previous research by the ADL and the Center for Countering Digital Hate (CCDH) has shown that antisemitic posts increased by over 60 percent in the first two weeks after Musk’s acquisition.[6] In response, Musk filed a lawsuit against the CCDH in August.[7]
Musk liked and responded to a post on X by known Irish white nationalist Keith Woods using the hashtag “#BanTheADL”, which led to the hashtag trending on X and other social media platforms.[8] The hashtag has been gaining attention after mentions by prominent people in the far-right movement, such as Nicholas Fuentes, Andrew Torba, and Alex Jones.[9] In an interview with MSNBC on September 8, ADL CEO Jonathan Greenblatt referred to the “Ban the ADL” chanting by neo-Nazis during a September 3 march in Florida.[10] In July and August, two ADL offices also received fake bomb threats.[11] At the beginning of 2023, the ADL reported that antisemitism in the US was rising, with 3,697 reported antisemitic incidents in 2022. This 36 percent increase from 2021 to 2022 resulted in the highest number of incidents since the ADL began recording these in 1979.
Gab, a social media company frequented by the far-right, has seen its users further the theory that there is a working relationship between the FBI and the ADL, and are warning their followers that people need to be aware of the “Jewish power grab” before it's too late.[12] Gab user has made cyber threats against the organization.[13] Another user has labeled the ADL as a “domestic terrorist organization”[14] and an “anti-white Jewish Supremacy hate group organization.”[15] Responding to Andrew Torba’s post on Gab, a self-declared national socialist who frequently reposts swastikas, shared an image of Adolf Hitler and posted about Jewish propaganda among other antisemitic statements.[16]
Common tactics and techniques discussed across these internet forums include fighting back physically by forming groups or cells to “take matter into their own hands,” becoming their own authority, using firearms and lethal force for home defense, while spreading the word that "Whitey won't take it anymore."[17]
There seems to be a persecution complex and belief that unspecified enemies are constantly tormenting, stealing from, killing and destroying "us," an ingroup the author identifies with. Posts contain different levels of racism and white supremacy, with terms like "Whitey" and disdain for police serving "Diversity". The author seems to glorify violence as a means for an aggrieved white ingroup to retaliate and assert dominance. The vagueness around who exactly the enemies are leaves room for speculation. Based on context clues, probable targets seem to include minorities, Jewish people, liberals, authorities, government and anyone not on board with the author's ideology. Forming militarized groups and cells to dispense violence extrajudicially implies a revolutionary and likely unlawful mindset. The author does not seem to trust or have faith in existing systems for enacting change. There are hints of extremism and radicalization in the belief that taking the law into one's own hands with violence is imperative, and those advocating nonviolence are guaranteeing defeat and enemy success.[18]
Far-right extremists will almost certainly attempt to intimidate and harass ADL employees. They will likely use the list of contacts shared online to dox these employees’ emails and phone numbers. Some militants of white supremacy and far-right forums will likely attack the private homes of doxed ADL members by leaving intimidating messages or vandalizing those addresses.
ADL employees will likely fear violent repercussions from their private information circulating in extremist forums, and minority ADL members will very likely remove their profiles from platforms such as Facebook and LinkedIn as they provide further insight into their private lives. If they start receiving intimidating calls and threats, they will very likely change their phone numbers. To avoid similar incidents in the future, ADL employees will likely undergo additional privacy training, like using aliases, especially when posting about their activities online, as it likely reduces the chance of individuals with malicious intent tracking them.
Social media platforms have a roughly even chance to tighten security protocols after finding extremist content online. The volume of content shared, encryption and privacy rules, alternative platforms, and legal speech protections will likely limit the ability of social media to censor far-right content and will likely create a backlash. For privately owned platforms, such as X, the political and financial risks associated with more intense content censorship will very likely outweigh the gains from shutting down far-right forums, very likely leading to inaction.
Right-wing extremists will likely threaten and target other companies and individuals associated with the ADL. Anti-hate movements and organizations like the CCDH will likely become targets of information leaks and doxing within the upcoming months. This targeting is especially likely in case social media platforms do not tighten control over suspicious and controversial posting, as far-right militants will likely enjoy impunity while continuing to share information and planning attacks. The platform X will likely become suited for attacking associations in conflict with X’s owner, Musk, such as the CCDH, as X will very likely not delete hate posts against these associations.
CTG has gauged the risk of a potential attack based on the Pathway to Violence matrix, which combines studies from academia and the Department of Homeland Security detailing the six phases individuals take before committing acts of violence.[19] It is almost certain that these groups and individuals have voiced personal grievances, violent ideation, and conducted significant research regarding a potential attack. CTG has uncovered evidence to suggest the final phase from the Pathway to Violence matrix, which is the Preparation phase, is very likely being undertaken highlighting the seriousness of this threat. Final indicators of imminent attack will very likely include alerting associates of far-right extremists to keep a low profile before an attack and finally reconnaissance of the intended target, digital or physical. [20]
CTG recommends that all ADL employees receive additional security training to maintain digital and physical privacy. ADL employees who experienced a data leak should temporarily delete their social media and change their privacy settings to reflect their increased risk. Community watch groups and additional physical safety measures, like installing home security systems, should be created to counter possible home invasions and identify intruders. Employees with doxed identities should implement further privacy strategies, like requesting personal information like home addresses being deleted from private databases. CTG also recommends that the ADL hire private armed security to patrol and protect offices around sensitive locations. ADL should contact private satellite companies and those like Google maps and request that their property and employees’ personal residences be blurred
CTG recommends that law enforcement increase the surveillance of and presence at ADL offices, Jewish establishments, and synagogues. These extremist groups and individuals are almost certainly practicing strict Operational Security and it is recommended to notify law enforcement of any unfamiliar vehicles parked near ADL offices, any commercial drone activity, or any suspicious cybersecurity activity, such as Linux or Tor usage in a public wifi-hotspot near ADL locations. It is also recommended to notify any law enforcement of any discovered detailed maps of the local area, or stashed breaking and entering objects like wire cutters and lockpicks. While it is advised to notify law enforcement of any activity, it is NOT advised to actively engage with these groups and individuals on any social media channel in an attempt to discover their plans. CTG recommends ADL personnel evaluate their security at home to ensure detection of suspicious activities or possible threats. CTG encourages the ADL to implement a remote working policy to minimize the threat against ADL employees at the offices and reduce potential casualties in case of attacks against ADL buildings or physical intimidation outside the buildings.
CTG recommends that social media platforms, especially X, review and strengthen their current online safety protocols and accessibility of reporting mechanisms. CTG further recommends that social media platforms increase monitoring of their users, consider deleting posts that could inspire violence, and ban individuals who spread hate speech, violence-inciting, or antisemitic content. Content moderators should implement a collaborative, shared hashing database to track trending terms and monitor the posters and supporters of hate speech.
CTG’s NORTHCOM and Extremism analytical teams will continue to analyze and monitor further developments, such as statements, threats, or attacks by far-right individuals against ADL employees. These teams will work closely with CTG’s Digital Targeter program and the Worldwide Analysis of Threats, Crime, and Hazards (WATCH) team to gather additional information in real-time and warn the public in the event of threat escalation or attacks.
CTG assesses that the current threat climate is HIGH given the increased antisemitic aggression against Jewish individuals and ADL employees.
Digital harassment is a very likely threat since PII about ADL employees is now public. These far-right Telegram groups and individuals likely possess basic cybersecurity backgrounds, are politically educated, and are armed with high-capacity firearms such as AR-15 rifles. There is a roughly even chance that former intelligence officers or military personnel serving in an S2 intelligence battalion assisted in the collection process of PII. These groups and individuals are likely plotting physical aggression towards ADL personnel. CTG did not observe an active plan targeting specific members. Any observed coordination between members is very likely to result in an attack based on their physical and intelligence capabilities.
Current doxed ADL members and their associates are likely at risk. Similar organizations like the CCDH are likely to be targeted for their similar stance against hate speech. Left-leaning politicians, judges, and lawyers will likely be targeted based on past legal cases or stances combating hate speech.
Radical political groups and individuals will likely begin conducting more rudimentary intelligence operations against political enemies and Non-Governmental Organizations (NGOs). NGOs will very likely require counterintelligence operations in response to being the target of hostile investigations from far-right organizations. These operations are very likely to result in more organizations establishing intelligence departments in organizations that require a high-security posture, like Planned Parenthood.
These threats pose actionable dangers to ADL employees and their associates as a result of the exposed PII of ADL employees. Digital platforms such as X, Gab, and Telegram allow these far-right groups and individuals to organize into dangerous cells, very likely increasing their lethality.
Similar harassment has been limited to verbal/digital harassment, unarmed attacks, or bomb threats on ADL locations but has not manifested in mass shooting-style attacks.
This incident appears to be the first documented case of a large number of ADL employees having had their PII leaked and shared on encrypted channels. Far-right groups and individuals will very likely continue to target the ADL through cybersecurity attacks and future investigations. Given their political stances and conflict with X, formerly Twitter, far-right actors are almost certain to continue intelligence operations against the ADL.
Analysis indicates there is a HIGH PROBABILITY of online threats toward ADL employees and Jewish communities. These groups and individuals are VERY LIKELY in the research and planning stages in the pathway to violence spectrum based on gathered information and discussion of small unit tactics.[21] Evidence from a CTG investigation concluded far-right extremists are VERY LIKELY preparing materials before carrying out violent action.[22] Far right extremists are VERY LIKELY to harass doxed ADL employees through acts of physical violence and online intimidation, including attacks on private homes. There is a HIGH PROBABILITY that far-right extremists will target individuals and companies associated with the ADL through information leaks and doxing.
[1] “Anti-Defamation League Logo” by matthewfisher09 licensed under Creative Commons Attribution-Share Alike 4.0 International
[2] Threat Hunter from Telegram
[3] Elon Musk’s X Corp sues anti-hate speech group over Twitter claims, The Financial Times, August 2023, https://www.ft.com/content/96a06e9a-5fc8-4a28-ae10-5aed0138bfa2
[4] Elon Musk blames ADL for lost revenue, says he opposes antisemitism 'of any kind', NBC News, September 2023, https://www.nbcnews.com/tech/tech-news/elon-musk-blames-adl-lost-revenue-says-anti-semitism-kind-rcna103292
[5] Evaluating Twitter's Policies Six Months After Elon Musk's Purchase, Anti-Defamation League, May 2023, https://www.adl.org/resources/blog/evaluating-twitters-policies-six-months-after-elon-musks-purchase
[6] Hate Speech’s Rise on Twitter Is Unprecedented, Researchers Find, The New York Times, December 2022, https://www.nytimes.com/2022/12/02/technology/twitter-hate-speech.html
[7] Elon Musk’s X Corp sues anti-hate speech group over Twitter claims, The Financial Times, August 2023, https://www.ft.com/content/96a06e9a-5fc8-4a28-ae10-5aed0138bfa2
[8] Elon Musk amplifies call by antisemites to ban the ADL from X, The Times of Israel, September 2023, https://www.timesofisrael.com/elon-musk-amplifies-call-by-antisemites-to-ban-the-adl-from-x/
[9] ADL Statement on X/Twitter, Anti-Defamation League, September 2023, https://www.adl.org/resources/press-release/adl-statement-xtwitter
[10] @@JGreenblattADL, X, September 8 2023, https://twitter.com/JGreenblattADL/status/1700175951382872302
[11] ADL Statement on Series of Antisemitic Swatting Incidents Targeting Synagogues, Anti-Defamation League, August 2023, https://www.adl.org/resources/press-release/adl-statement-series-antisemitic-swatting-incidents-targeting-synagogues
[12] User, from GAB via CyberHUMINT
[13] User, from GAB via CyberHUMINT
[14] User, from GAB via CyberHUMINT
[15] Ibid
[16] User, from GAB via CyberHUMINT
[17] Threat Hunter from Telegram
[18] Ibid
[19] The Pathway to Violence, Violence Prevention Training, September 2023, https://vptraining.org/courses/community-member-training/lessons/module-2-notice-and-identify/topics/the-pathway-to-violence/
[20] Ibid
[21] Ibid
[22] Ibid