Capitol Hill riot crackdown leaves extremists searching for more secure messaging platforms, US intel memo says

The bulletin shows how law enforcement officials are looking to track any efforts by far-right extremists to cloak their communications following the insurrection.
U.S. Capitol, Jan. 6, 2020
Supporters of President Donald Trump gather outside the U.S. Capitol on Jan. 6. (Brett Davis / Flickr)

A law enforcement crackdown on domestic terrorists following the Capitol Hill riot will likely lead some violent extremists to turn to communications platforms they perceive to be more secure to discuss their activities, according to a U.S. intelligence bulletin obtained by CyberScoop.

The arrests of Jan. 6 rioters could deter some domestic violent extremists (DVEs), but “lead others to adjust their tactics and to lessen law enforcement scrutiny,” says the Jan. 13 memo from the Department of Homeland Security, FBI and the National Counterterrorism Center. The document is marked “For Official Use Only” and was distributed to state and local law enforcement agencies.

The bulletin shows how law enforcement officials are looking to track any efforts by far-right extremists to cloak their communications on encrypted platforms following the insurrection. Some of the would-be usurpers have reportedly turned to encrypted messaging platforms Telegram and Signal after crackdowns on other media. Twitter has made more of an effort to purge such extremists from its platforms, and in the days following the riot, U.S. tech firms effectively shut down Parler, a preferred right-wing app.

The popularity of both Telegram and Signal has surged amid broader public interest in encrypted messaging platforms. There were 17.8 million downloads of Signal in the Google and Apple stores from Jan. 5 to Jan. 12, compared to just 285,000 the previous week, according to analytics firm Sensor Tower. It is unclear what fraction of that traffic is driven by far-right extremists. There are other possible reasons for the flurry of Signal and Telegram downloads, including an unpopular new privacy policy from rival app WhatsApp.


The bulletin also warns that the Capitol Hill insurrection, which left five people dead in a failed effort by a pro-Trump mob to overturn the election of Joe Biden, “very likely will serve as a significant driver of violence for a diverse set of DVEs.” That includes people who falsely claim that the election was marred by fraud, adherents of the QAnon conspiracy theory that social media platforms have struggled to contain, as well as white nationalists and other racist terror groups. Such extremists could exploit upcoming events — including armed gatherings in the days prior to Biden’s Jan. 20 inauguration — to justify violence, according to the memo.

“Amplified perceptions of fraud surrounding the outcome of the General Election and the change in control of the Presidency and Senate,” paired with long-running anti-government grievances, “very likely will lead to an increase in DVE violence,” the U.S. intelligence analysis reads. The New York Times reported on the memo on Wednesday evening.

For months, President Donald Trump repeated the falsehood that the election was stolen from him. In reality, election officials, federal courts and outside experts found no evidence of widespread fraud in an election that Biden won by 306 to 232 in the Electoral College, and by more than 7 million in the popular vote.

But the violence inspired by false claims of electoral fraud lives on, and looks likely to be a threat to elected officials for the foreseeable future.

“The shared false narrative of a ‘stolen’ election and opposition to the change in control of the executive and legislative branches of the federal government may lead some individuals to adopt the belief that there is no political solution to address their grievances and violent action is necessary,” the intelligence bulletin concludes.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts