6 June marked five months since the U.S. Capitol was attacked. Posts regularly collected from far-right communication channels during that time suggests that there has been a significant shift in the far-right’s strategic behavior within cyberspace. In an effort to support the Biden Administration’s “first ever national strategy for countering domestic terrorism,” the purpose of this paper is to help decision-makers and security forces understand this developing phenomenon within the American far-right online community. Routine monitoring of encrypted and unencrypted far-right communication channels indicates that due to their fear of increased scrutiny following the events of 6 January, members of the far-right have attempted to consolidate their security and increase the difficulty of tracking their communications.
This article will demonstrate how immediately after the 6 January attacks, far-right users on multiple sites became concerned about the potential for being tracked online or removed from various platforms. In response to this fear, members of the far-right began engaging in a simultaneous defensive and offensive strategy. Defensively, far-right actors worked to secure existing lines of communication while locating and migrating to more secure communication platforms. Concurrently, they also began implementing an offensive strategy to counter potential investigators by doxing specific individuals while organizing “mass reporting” campaigns to de-platform others.
Although these changes in strategy, at first, appeared to only be in response to the increased scrutiny from the Capitol attack, their continued use suggests that they may be a permanent or semi-permanent shift in the broader far-right strategy in cyberspace. Security forces and decision-makers in the United States must recognize this shift and implement new methods to monitor far-right actors online.