The Islamic State (ISIS) is no longer limited to waging war on the ground. It has been silently building an army of ‘online jihadis’ through a carefully crafted digital manual. ISIS’s propaganda magazine Voice of Khurasan has been playing a vital role in fulfilling ISIS’s dream of recruiting jihadis worldwide using social media and other online means.
Started in Issue 27 of the magazine, the series titled Light of Darkness serves as a step-by-step guide for radicalisation, digital security, and covert operations in cyberspace. The series, whose five parts have been published so far, teaches ISIS supporters how to remain anonymous online, evade intelligence agencies, use encrypted platforms, and recruit new members without detection.
These chapters highlight the importance of “cyber jihad” and digital warfare and how an ‘untraceable’ network of online jihadis can continue ISIS operations globally. This particular section in several issues of the magazine is not merely limited to preaching ideology but aims to train recruits in practical tactics such as hiding digital footprints and communicating securely to spread ISIS propaganda and facilitate terror funding.
The series lays the foundation for a self-sustaining, decentralised terrorist network, which is highly problematic and must be addressed by security agencies to ensure online jihadis are stopped before they act from behind the shadows of the internet.
As the use of social media, messaging apps, and darknet platforms increases, ISIS is evolving. The terror outfit is moving from traditional armed insurgency to a sophisticated online battleground. Until a decade ago, online warfare occurred only between enemy nations. However, with the involvement of terror outfits like ISIS in online warfare, the methodology of the war against terrorism must change sooner rather than later.
The Light of Darkness series is a chilling revelation of how terrorism is adapting to the modern age, turning digital spaces into recruitment hubs and training camps. Each of the five chapters published to date focuses on a different aspect of ISIS’s digital strategy, ranging from radicalisation and encryption to recruitment.
The origins – Justifying online jihad and cybersecurity concerns
The first part of the Light of Darkness series was published in the 27th issue of Voice of Khurasan. It set the stage for digital jihad, its importance, and how ISIS sympathisers can navigate the cyber world safely. This was not a traditional recruitment or ideological piece. Instead, it focused on rationalising the use of the internet for jihadist activities while addressing concerns about digital safety.
The author acknowledged that there was a divide within jihadist circles over the use of the internet. One segment was completely against it, believing that the internet is a dangerous space where operatives can be easily tracked. Others, however, saw it as a necessary battlefield, crucial for spreading ISIS propaganda and coordinating operations. The author argued that, though security concerns were valid, completely avoiding the internet was not the solution, especially when it comes to interacting with ISIS sympathisers in the modern world. The message was clear: learn how to use the internet safely and turn it into a tool for ISIS’s “cause”.
The first chapter in the series served two key purposes. First, it justified why ISIS and its sympathisers should not shy away from engaging in online operations, explaining how digital space can be used as a battlefield where ideology can spread faster than through traditional methods. Second, it laid down the foundational need for cybersecurity, introducing the concept of protecting one’s digital footprint. Notably, the emphasis on cybersecurity was not about protecting personal privacy in the conventional sense. Rather, it was about hiding jihadist activities from government surveillance.
The author referred to government agencies tracking jihadi activities online as Tawagheet (tyrannical rulers, referring to Western and allied governments). The idea was to reinforce a paranoid but strategic mindset, emphasising that government agencies are constantly monitoring every aspect of the internet. Therefore, hiding behind firewalls, fake accounts, and encryption was presented as a necessity for survival. The chapter also encouraged ISIS sympathisers to self-educate about digital literacy. It was suggested that every jihadist should study cybersecurity, learn about cyber threats, and understand how to protect their online identity. This was not just about avoiding arrests; it was about creating a sustainable online presence that could spread propaganda and coordinate activities without being easily detected.
The dangers of digital footprints and online surveillance
The second part of the series was published in the 34th issue. It mainly focused on digital footprints, online surveillance, and the need for extreme caution in internet usage. While the first part justified the need for a jihadist online presence, the second part was specifically designed to provide guidelines on how to avoid detection by intelligence agencies, corporations, and other entities.
The author explained how every activity on the internet leaves a trace, which can be used in the future against the person who published it. Furthermore, the article stated that posting on social media, using search engines, or even clicking on certain links accumulates digital footprints, which can expose an individual’s identity, location, and activities.
The article specifically discussed government surveillance and claimed that intelligence agencies worldwide actively monitor social media, communication platforms, and online transactions. The idea was to warn ISIS sympathisers that their online activity could lead to their arrest. It cautioned that many online services, including free educational courses and religious forums, require users to register with personal information, which could be used by authorities to build digital profiles of potential jihadists.
To counteract these risks, the guide recommended several privacy-enhancing techniques. It advised jihadists to minimise personal data sharing, avoid using real identities, and refrain from posting content that could reveal their locations or activities. It suggested using encrypted communication channels and anonymising tools such as VPNs and Tor to obscure online movements.
The article drew a historical parallel, arguing that just as early Muslims had to conceal their movements to survive, today’s digital warriors must do the same to avoid being tracked and arrested. The author concluded with a call for continuous vigilance, urging supporters to educate themselves on evolving cybersecurity risks to ensure their survival in the digital space.
Social media as a battlefield – Control, surveillance, and counterstrategies
The third part of the series was published in the 36th issue. It focused on the role of social media in jihadist operations. The author warned readers that social media platforms are both a tool and a trap, providing opportunities for spreading messages while also exposing users to surveillance and censorship. This part examined how Western governments and tech companies monitor and restrict ISIS content, while also outlining strategies to evade detection and continue digital operations.
The author argued that platforms like Facebook and Twitter were designed as tools of surveillance, citing the Cambridge Analytica scandal, where a simple quiz was used to collect user data. The article claimed that social media companies collect data on their users, flag suspicious accounts, and collaborate with intelligence agencies to track online jihadist activities. It framed this as a direct attack on jihadists, portraying account suspensions, bans, and reduced content reach as deliberate acts of oppression against the Islamic cause. One of the most important security recommendations in this chapter was minimising personal exposure on social media. The article advised jihadists never to share real names, locations, or identifiable information online. It warned that even casual posts, photos, or interactions could reveal crucial details. The article primarily focused on avoiding data leaks across different platforms, as such leaks could potentially help intelligence agencies trace jihadist activities.
Advanced online security – Protecting jihadist communications
The fourth part of the series was published in the 39th issue. In this article, the focus shifted to reinforcing digital security and maintaining anonymous communications. This chapter provided detailed guidance on encryption, secure browsing, and privacy-enhancing tools, ensuring that jihadists could continue operating online without exposing themselves to intelligence agencies. It also discussed how Western governments and tech companies monitor and restrict ISIS content, while outlining strategies to evade detection and continue digital operations.
Another major focus was privacy settings and social media account management. The author urged jihadists to regularly update their privacy settings, reviewing what information was publicly available on their profiles. It encouraged the use of disposable email addresses and anonymous accounts, warning against linking any jihad-related activity to personal identities. The article also highlighted the importance of reading app permissions carefully, cautioning that many applications request unnecessary access to contacts, location, and personal data, which could be exploited by intelligence agencies.
The article introduced privacy-focused browsers and search engines, recommending the use of Tor and VPNs to mask online activity. It explained how Tor routes internet traffic through multiple layers of encryption, making it harder to trace the user’s actual location. It also suggested combining Tor with VPNs for an added layer of security.
A critical aspect of this chapter was password management and multi-factor authentication. It advised using unique, complex passwords for each account and warned against reusing credentials. It also recommended password managers to securely store login information, ensuring that passwords were not written down or saved in unencrypted files. Additionally, it stressed the importance of enabling two-factor authentication (2FA) wherever possible to prevent unauthorised access to accounts.
The author also covered secure messaging practices, highlighting the importance of encrypted apps like Telegram and Signal. It was explained how these platforms provide end-to-end encryption, preventing third parties from intercepting communications. However, the author warned that simply using encrypted messaging apps was not enough—users needed to take extra precautions, such as enabling disappearing messages, avoiding group chats with unknown individuals, and frequently clearing chat histories.
Telegram and the illusion of privacy
The fifth part of the series was published in the most recent issue, the 43rd. It mainly focused on messaging apps, specifically Telegram, which is among the most widely used communication platforms for jihadists. The article primarily examined whether Telegram could truly be trusted by jihadists and provided best practices for maintaining anonymity on the app.
The article began by acknowledging Telegram’s reputation for strong privacy features, particularly end-to-end encryption, secret chats, and limited cooperation with Western intelligence agencies. It positioned Telegram as a preferred platform for jihadist communications, given its ability to host large private groups, anonymous channels, and self-destructing messages. However, the author also warned that Telegram’s policies were changing, advising readers to be cautious about assuming that the app was completely secure.
The author’s key concern was that Telegram had stated it might share user information with authorities if a government order was served. The author warned that, although Telegram had historically resisted some takedown requests, it had shown signs of cooperation with authorities in cases involving terrorism-related activities. This signalled a potential future crackdown on pro-ISIS content, making it risky to rely solely on Telegram for communication.
The article provided detailed operational guidelines on how to use Telegram while minimising risk. It recommended measures such as using secret chats instead of regular chats, hiding phone numbers and using disposable SIM cards when registering accounts, enabling two-step verification (2FA) to prevent account hijacking, avoiding unnecessary exposure in public groups where infiltration by intelligence agencies was a possibility, and using VPNs to mask IP addresses while accessing Telegram.
The case of Mehdi Masroor Biswas
A striking example of an online jihadist operating in India was Mehdi Masroor Biswas, who played a crucial role in spreading ISIS propaganda and recruiting jihadists through social media. Between 2012 and 2014, Mehdi, under the Twitter handle “@ShamiWitness”, became one of ISIS’s most influential digital operatives in India. Unlike traditional jihadists, Mehdi never engaged in direct combat but instead leveraged social media as a tool for radicalisation, recruitment, and operational support for ISIS.
Mehdi Masroor Biswas was an engineer in Bengaluru who led a double life as a jihadist propagandist. Through his social media activity, he translated and disseminated ISIS’s battlefield updates, glorified terrorist attacks, and encouraged Islamists from Western countries to join the terror group. He facilitated communication between jihadist recruits and ISIS networks, effectively making Twitter a recruitment hub for aspiring terrorists. His content was not only radical but also inciteful, targeting non-Muslims, particularly Hindus, with hate-filled propaganda.
By the time of his arrest in December 2014, Mehdi had amassed 17,700 followers, including active jihadists fighting in Syria and Iraq. His digital influence was so significant that his Twitter account was regarded as one of the key English-language sources for ISIS propaganda. His conviction was seen as a major breakthrough in counterterrorism efforts, but as he was released in December 2024, it raised concerns about the potential resurgence of his online jihadist activities.
conclusion
The Light of Darkness series revealed a sophisticated blueprint for online jihad, instructing ISIS supporters on how to engage in digital operations while avoiding detection. It is not merely an ideological manifesto but a technical training manual, equipping jihadists with the skills to communicate securely, operate anonymously, and evade intelligence agencies.
