We all have seen and felt the pain of senseless tragedies such as the one in El Paso, Texas too many times. Our hearts go out to each of the victims, their families and their communities. We all ask ourselves after each man-made tragedy we observe, what can we do to stop the next one? The DigitalStakeout team works tirelessly with our customers to help detect content like the 8chan manifesto that may indicate a threat to their people, places and assets.

We go to extraordinary lengths to collect data responsibly to protect privacy while trying to reduce risk for our customers and those they are responsible to protect – physical and digitally. When one of these events occur, we must learn and adapt. While we will never be able to detect or prevent many incidents, preventing or changing the course of events for just one incident is worthy of our investment.

In this post, we’re going to discuss the manifesto timeline before police began receiving reports of an active shooter just after 10:30 a.m Mountain Daylight Time (MDT).

Could the Active Shooter Threat Be Detected with Dark Web Monitoring?

There is reporting suggesting the Manifesto posted on 8chan was posted by the shooter. To determine the possibility the manifesto was posted before 10:30 a.m MDT, we have to ask a few questions.

Who wrote the post?
The name of the account is Anonymous.

Is there any non-public information or identifying information in the record of the post?

What time was the post created?
The unixtime in the source data of the 8chan post is 1564848920.

Is this timestamp before the incident?
Yes, the timestamp of the post is Saturday August 03, 2019 10:15:20 (am) MDT.

Is there a PDF or Document that can be analyzed? Yes, a PDF was uploaded to 8chan.

When was the manifesto written?
The pdf meta-data shows the manifesto was created at 2019:08:03 10:02:34 (am) MDT.

Was there a specific location or places mentioned in the Manifesto?
There is are 5 mentions of Texas in the manifesto. No other local city or point of interest was mentioned.

13561044 manifesto 8chan

13561044 8chan post source JSON

 9af46a61-b863-11e9-0000-488eb1aa1099 8chan manifesto pdf meta-data

9af46a61-b863-11e9-0000-488eb1aa1099 8chan manifesto pdf meta-data

Monitoring Threats on Digital Channels Before They Become Physical

Based on the timeline, this creates 15 minutes of opportunity to mitigate a threat in Texas. While this is a very short time and just one data point, it is a data point prior to the incident. Being able to detect and action this type of threat among a lot of social media noise would require a very precise and practiced workflow.

While reacting to a post in 15 minutes is not practical in most settings, we hope this information sheds light on the fact that in some cases threats can be detected on digital before they become physical. To take advantage of these types of opportunities and to get into a defensive posture, organizations will have to have a well planned and practiced 24×7 real-time threat intelligence collection, alert and response capability.

The work continues on our side to collect dark web data faster, detect threats more reliably and ultimately help reduce the pain and suffering these senseless acts of violence yield on everyone. Our automated discovery capabilities are being updated to detect important patterns and language in the 8chan manifesto.

If you are not a customer and need to monitor dark sites like 8chan and others for threats, we hope you can join us to help make DigitalStakeout better to protect what matters the most to you.