Propaganda images reveal how terrorists think

Researchers have used artificial intelligence to analyse over 30,000 propaganda images produced by the Islamic State (IS) between 2014 and 2022. 

17. October 2024
A group of IS soldiers with weapon and an IS flag.
From Diyala, Iraq, in the spring of 2022: a group of IS soldiers swears Bay’ah – an oath of allegiance to the new IS caliph. This is one of the 30,000 IS images that have now been analysed. 

Propaganda is an important part of the operation of a terrorist organisation. They use text, video, audio, and images to not only spread fear, but also to recruit and build their image internationally. By using the internet and social media, even terrorist groups with limited resources can reach a global audience.

Read more

Nærbilde av en antenne i fjellet over Bleik på Andøya. Antennen består av flere hvite antenner som peker mot Bleik.
News

Jamming – a technological cat-and-mouse game

In Russia, most mobile base stations are equipped with jamming equipment. Norwegian authorities could learn from this, says FFI researcher Anders Rødningsby. September 9-13th the world’s largest open jamming test was conducted at Andøya.

For researchers studying terrorist groups, propaganda material is an important source in understanding who the actors are, what they want, and how they operate. The challenge for researchers is the sheer amount of propaganda that is being produced, which makes it almost impossible to get an overview through manual means. 

FFI-Report 2023

Maskinlæring for tematisk inndeling og analyse av propagandabildene til IS (Den islamske staten)

Mathias Bynke, Vidar Benjamin Skretting, Bernt Ivar Utstøl Nødland
Read more
Download

Because IS controlled a large area in Syria and Iraq for several years, they gained more resources and more members who could work as ‘journalists’ or content producers. Propaganda was clearly a prioritised area in the organisation, and the battles they were involved in provided them with plenty of raw material. 

‘IS stood out because their propaganda was better than the content of earlier terrorist groups. They managed to create a “brand” and a linguistic and visual expression that appealed to the youth, combined with extremely brutal content where close-ups of killings were almost a given,’ explains Skretting. 

Although the group is now marginalised in its original core areas in Syria and Iraq, its branches in other parts of the world have made significant progress – especially in Africa. IS still maintains a unified and substantial propaganda apparatus. 

Read more

News

Tested new defense technology during Arctic Strike 2024

The armed forces cannot spend years acquiring and putting into use new equipment in the current situation, says Chief of the Norwegian Army, Lars Lervik. He wants less talk and more action.

IS – a pioneer in terrorist propaganda 

The researchers have based their work on the extensive image material published on IS’s official channels over the years. The dataset, consisting of 30,000 images, was fetched from an IS bot on Telegram. 

‘IS has revolutionised how non-state actors and terrorist groups conduct propaganda. This is considered one of the keys to the group’s success,’ says researcher Vidar Skretting. He co-authored the report with colleagues and AI researchers Mathias Bynke and Bernt Ivar Nødland.

The rise and fall of IS 

In 2013, a group called the Islamic State in Iraq and the Levant (ISIL), managed to occupy large parts of Syria and Iraq. In 2014, they seized Mosul, Iraq’s second-largest city. Shortly thereafter, ISIL declared that they had established a new caliphate, to which all Muslims were obliged to submit. At the same time, they removed the geographical reference from their name and adopted ‘the Islamic State’ as their designation, or IS for short. 

From 2014 to 2018, IS gained international notoriety for its brutal conduct. They implemented a reactionary form of Islamic law and carried out executions and amputations of prisoners, genocides against minorities, public slave trading, and numerous terrorist attacks on civilian targets in the Middle East, Asia, Africa, and Europe. 

At the same time, they wanted to show that they had established a true Islamic ‘state’. The group emphasised creating a civil state apparatus and established institutions for law and order, tax collection, education, and healthcare. In addition to violence and brutality, the ‘civil’ side of IS became a recurring theme in the group’s propaganda production. 

IS reached its territorial peak in 2015, when the group controlled about one-third of both Iraq and Syria. After this, IS was gradually pushed back by an international coalition. The last IS-controlled area was captured by Kurdish forces in early 2019. Thus, IS went from being a state-like entity back to an underground organisation.

A dedicated IS social media 

Initially, IS used established social media platforms like Twitter (X), Facebook, YouTube, and, later, the Telegram app to spread their content. 

‘The spread of propaganda on social media is one of the reasons so many foreign fighters from around the world joined IS,’ says Skretting. 

‘Today, it’s much more difficult for IS to reach out. Major social media platforms remove such content almost immediately after it’s posted. However, IS still manages to disseminate its content effectively through other channels, and it’s relatively easy for sympathisers to find them,’ Skretting adds. 

IS spreads its propaganda through three main channels: ‘private’ social media platforms that they run on their own servers, bots on Telegram, and regular indexed websites. 

‘The private social media platforms IS runs have been active for years. Telegram bots and the indexed websites are regularly taken down by administrators and authorities but are usually reopened by IS under different names shortly thereafter,’ says Skretting. 

Two researchers present at an FFI event.
Mathias Bynke (to the left) and Vidar Skretting (to the right) present their report during an FFI event on 12th of December 2023. Photo: FFI / Anders Halvorsen Fehn.

Sorting 30,000 images 

In their work, the researchers used a machine learning model from OpenAI called Contrastive Language-Image Pre-training (CLIP). The model is trained to compare images with text. 

CLIP has been trained by collecting enormous amounts of images and corresponding captions from the web. By comparing millions of images and captions, the model has gradually learned how images can be described in words and, conversely, how an image might look based on the text describing it. 

By running the 30,000 images through CLIP, the researchers could, for example, ask the model to find all images showing a ‘person praying’ or ‘combat action.’ However, instead of manually defining the categories in which the images should be sorted, the researchers used a clustering algorithm to group the images by theme. 

‘We didn’t know in advance which descriptions would suit various themes. When you provide the CLIP model with a limited number of categories, an image of a man diving into a river could easily end up in the category “image of someone praying”,’ explains Mathias Bynke.

Illustration of the Clip model.
The Clip model.

The CLIP model translates an image into an embedding vector, that is, a sequence of numbers. It also translates the image captions into a sequence of numbers. If you have an image of apples, the number sequence for the image should be approximately the same as the number sequence for the text ‘image of apples.’ 

The number sequence that CLIP generates for each image can be converted into coordinates in a coordinate system. This gives each image a position on a map. Then, an algorithm can cluster these points into groups. You can choose how many clusters you want, and the algorithm organises the images for you. 

When the researchers asked the algorithm to create two clusters, one group was dominated by military images, and the other by civilian images. 

In the end, they settled on 14 different named clusters: combat scenes, soldiers outside combat, enemy bodies, executions and killings, close-ups of individual fighters, weapons, civilian crowds, peaceful scenes, collapsed buildings, civilian casualties, food, public works, crafts and industrial production, and burning cigarette packets.

What have we learnt about IS from the images? 

Once the images were sorted, the researchers wanted to answer the following question: How has IS’s image propaganda evolved from 2014 to 2022, and what does this development tell us about IS as a group? 

‘The images IS publishes, the number of images published, and where they are published give us an indication of what IS is doing, how active they are, and in which areas they’re active,’ says Skretting. 

He believes that insight into the development of terrorist organisations can be important in predicting their direction and strategies: By looking at the images from the African provinces where IS is on the rise, we might gain insight into where IS is heading in the future. 

The analysis shows that in the early years (2014–2018), IS presented itself as both a military organisation and a civil state apparatus. This is linked to their attempt to build a ‘real’ Islamic state. 

Since 2019, the focus has shifted. IS now presents itself almost exclusively as a military movement and insurgent group. 

Two men working.
An example of one of the ‘civil’ images of IS’s Iraq and Syria branch, in the ‘public works’ cluster.

2015 was the year IS was most active in terms of propaganda. Nearly half of all the images in the dataset are from this year, which coincides with the time when IS was at the height of its power in Syria and Iraq. Thus, most of the images in the material are from Syria and Iraq. 

‘The group has been defeated in their previous primary areas but is rebuilding in Africa. We also see this trend in the image material,’ says Skretting. 

Activity was at a low point in 2020 but has since increased. The majority of images are now published in West and Central Africa. These differ from those produced in the Middle East in several ways. 

‘There is much less focus on individual jihadists and martyrs. At the same time, the propaganda images are generally more brutal. They’re dominated by military content, reflecting the fact that they are most active as a military organisation,’ says Skretting. 

Further development of the methods is needed 

The researchers conclude that the combination of CLIP and clustering algorithms is an effective method for quickly analysing large amounts of propaganda images. 

‘The division into clusters was not perfect. A certain proportion of the images appeared misclassified, and we had to implement mechanisms to filter these out. But the method helps to speed up the analysis,’ says Skretting. 

He emphasises that the combination of CLIP and clustering algorithms can be used for more than analysing terrorist images. 

‘The method is relatively simple and scalable. You can easily use it to sort image collections far larger than 30,000 images into thematic clusters. The method is particularly useful if you don’t know a lot about the content of the image material in advance.’ 

The researchers believe we should further develop machine learning methods to map propaganda from state and non-state actors. 

‘This type of method is not only relevant for image analysis but also for getting an overview of large text, audio, and video materials,’ stresses Mathias Bynke. 

Av Espen Hofoss

Terrorisme
Propaganda
Islamic State
FFI-Report 2026

Electromagnetic warfare on the current and future battlefield

The ability to apply electromagnetic warfare (EW) technologies and techniques to monitor, control, and employ electromagnetic energy against one’s adversaries remains an important aspect of the modern battlefield. For military forces in all domains, electromagnetic emissions from sensors and communications transmissions can reveal a unit’s position and expose it to attack. NATO’s multi-domain operations (MDO) doctrine, emphasizing coordination and synchronization of effects across warfighting domains, will increase the need for data sharing and robust communication links amid intensifying competition within the electromagnetic spectrum. Emerging and potentially disruptive technologies (EDTs) will also influence competition in the spectrum. New technologies and tactics will improve the ability to detect emissions and disrupt communications, requiring novel ways for forces to manage their electromagnetic signatures. Technologies such as directed energy weapons will become more relevant tools for disrupting or destroying adversarial systems. This report first explains the fundamental principles of sensing and communication, followed by a description of electromagnetic warfare principles that describe how sensing and communications activities can be disrupted. Four vignettes illustrate today’s EW concepts: a dismounted foot patrol, a mechanized unit, a surface vessel, and a multirole fighter aircraft. Additionally, a brief case study of EW in the Ukraine conflict further illustrates the most current and relevant EW dynamics. The report then evaluates some relevant EDTs such as advances in artificial intelligence applications, autonomous systems, quantum sensing, materials science, and new production methods. These possible innovations are then incorporated into a potential future Arctic battlespace by re-visiting the same four vignettes. The analysis finds that military forces will need to integrate EW even more deeply into their operational concepts. Crucial aspects of military operations such as signature management, secure data-sharing, reliable communications, and force protection will require electromagnetic operations. EW will constitute an important means of creating conditions conducive to safely moving ground forces or massing sufficient effects on the battlefield. Although the exact character of future EW capabilities remains unknown, creating a risk-acceptant culture of concept development and experimentation will prepare our armed forces for the inevitable electromagnetic competition to come.
FFI-Report 2026

Effect of naval sonar exposure on killer whales and humpback whales – 3S-2025 cruise report

3S (Sea mammals and Sonar Safety) is a multidisciplinary and international collaboration that studies how naval sonar affects cetaceans. One of the objectives of phase 4 of the 3S project (3S4) is to investigate if exposure to continuous active sonar (CAS) leads to different types or different severity of behavioural responses compared to exposure to traditional pulsed active sonar (PAS) signals. Another is to investigate empirically if responses from short-duration experiments predict responses from longer-duration exposures conducted over an operationally relevant duration. The 3S-2025 trial was the third and last planned trial under 3S4 where we collected data to address these research questions. The trial took place off the coast of northern Norway in October 2025 using FFI’s research vessel H.U. Sverdrup II. The purpose of this report is to summarize and document the data collected. The experimental design was based on long-duration CAS and PAS exposures to killer whales and humpback whales using real-time GPS location data of multiple tagged subjects. The sonar source vessel was moved to achieve repeated dose escalations over 8 hours, and responses to the first approach will be compared to subsequent approaches in the analysis. Multiple whales were tagged with a mixed-DTAG++ attached with suctions cups, recording high resolution movement, camera and acoustic data. The tag transfers the GPS position of the tagged whales directly to the source vessel and via satellite. Behaviour was recorded for a minimum of 4 hours before exposure, during the 8-hour exposure and for a minimum of 4 hours after exposure. Wildlife Computers Splash10-F-333B Limpet tags, which transfer lower resolution data via the Argos satellites, were also deployed to record natural diurnal patterns of killer whales. In addition to data on animal behaviour recorded by the tags, we also collected data on the prey field in the area using echosounder and collected fish samples. Sound speed profiles were collected to understand how the sonar signals propagate in the area. During the 3S-2025 trial, 18 mixed-DTAG++ and 2 satellite Splash10 tags were deployed to killer whales, and 7 mixed-DTAG++ were deployed to humpback whales. We conducted 4 controlled exposure experiments (CEE), 2 CAS and 2 PAS, on 10 animals (7 killer whales and 3 humpback whales). The CEEs were conducted during both daytime resting (3 experiments) and nighttime feeding behaviour (1 experiment). All CEEs were long duration exposures using the SOCRATES LFAS source transmitting 1.3–2.0 kHz hyperbolic up-sweeps at max energy source level (ESL20s) of 214 dB re 1 μPa2·s·m2 for both CAS and PAS. However, 5 of the 10 tags detached before the start of the second approach. This means that all 10 sonar exposure datasets are useful for the CAS-vs-PAS comparison, but only 5 are useful for the long-duration question. The combination of premature tag release during CEEs, rough weather offshore and fewer animals in the fjords might have been a limiting factor for our data collection. Despite this we were able to reach the target number of tag deployments and CEEs, and complemented the 3S4 dataset by filling important gaps. In total during the three 3S4 trials (3S-2023, 3S-2024 and 3S-2025), we have collected a balanced dataset to address the questions of responses to continuous and pulsed sonar and whether the animals habituate or sensitize to longer duration exposures.
FFI-Report 2026

Nasjonal forsyningssikkerhet i krise og krig – sårbarheter, konsekvenser og tiltak for mat- og drivstofforsyningen

På oppdrag fra Nærings- og fiskeridepartementet har Forsvarets forskningsinstitutt analysert hvordan sivile og militære behov for mat og drivstoff kan sikres når forsyningskjedene forstyrres i krig. Norge er i dag svært avhengig av å importere matvarer, innsatsfaktorer og flere typer raffinerte drivstoffprodukter, og utviklingen mot «just-in-time»-logistikk og økt sentralisering har redusert beredskapsmarginene og forsterket mulige konsekvenser av globale forstyrrelser. Denne studien undersøker derfor hvordan en krig i Norge og våre nærområder kan påvirke nasjonal forsyningssikkerhet, spesielt innen mat og drivstoff. Vi har kartlagt 30 sårbarhetsfaktorer innen fem dimensjoner; 1) innsatsfaktorer, 2) geografi og struktur, 3) regulatoriske forhold, 4) marked og 5) styring og samarbeid. Deretter har vi vurdert mulige konsekvenser av disse sårbarhetene i et mulig krigsscenario. Studien peker på fire sentrale funn: •Norge er avhengig av importert diesel, marin gassolje og flydrivstoff, og har kun ettraffineri. I krig kan gapet mellom tilgjengelige fredstidsvolumer og krigsbehov bli stort. •Energiinfrastruktur og digital infrastruktur er gjensidig avhengige og systemkritiske, ogelektrifisering gjør sårbarheten enda større. Erfaringer fra Ukraina viser samtidig atkraftforsyning er et prioritert mål i krig. •Transportevne er en kritisk sårbarhet, særlig på grunn av få og sårbare transportakser,og begrensede transportmidler i Nord‑Norge og samtidighet med fremføring av militærestyrker. •Matforsyningen er sårbar på grunn av avhengighet av importerte innsatsvarer ogarbeidskraft, som ikke kan erstattes raskt. Studien viser en grunnleggende forskjell i konsekvens for mat og drivstoff. Svikt i drivstoff-forsyningen i krig vil raskt få svært alvorlige konsekvenser fordi den er avgjørende for Forsvarets og alliertes operative evne og påvirker også flere kritiske samfunnsfunksjoner direkte. Svikt i matforsyningen utvikler seg mer langsomt og på kort sikt får forstyrrelser først og fremst konsekvenser for sivilbefolkningen, i form av mangler som kan føre til endringer i befolkningens kosthold. Basert på funnene anbefaler vi 15 prioriterte tiltak. Disse inkluderer å etablere beredskapslagre for mat, drivstoff og innsatsfaktorer; øke og skape mer fleksibel nasjonal produksjon; styrke transportinfrastruktur og nødstrømskapasitet; etablere tydeligere prioriteringsmekanismer mellom sivile og militære behov; og styrke digital sikkerhet og internasjonalt samarbeid, særlig med EU og Norden. Tiltakene må utvikles og implementeres i tett samarbeid mellom myndigheter og næringslivet, og ikke minst andre sentrale aktører i forsyningskjedene til mat- og drivstoff.
FFI-Report 2026

Modelling rebar in reinforced concrete in Impetus

Reinforced concrete is often used in defensive structures. To calculate weapon effects against such structures, it is important to accurately represent the reinforced concrete in numerical models. However, with a complete description of both the concrete and the reinforcement, the time needed for computations increases drastically. Fortunately, the finite element code Impetus includes a built-in rebar model. The model is simplified but reduces the computational time significantly. The purpose of this report is to compare the simplified built-in rebar model to a full 3D model of the rebar. Only impact problems are analyzed in this study. When comparing the two models, the residual velocity after perforation and the visual damage on the rebar are similar. This indicates that the inbuilt rebar model gives reasonable results. As expected, the computational time using the built-in model is significantly shorter compared to using a full 3D model of the rebar. In conclusion, the built-in rebar model in Impetus gives a representative result of impact calculations on reinforced concrete. Its shorter computational time makes it a sensible alternative to full 3D modelling. We have only considered concrete plates with a small amount of reinforcement. We expect the difference in computational time to be even larger for concrete plates with more reinforcement.
FFI-Report 2026

Forsvarets fremtidige militære mobildekning med 5G og 6G

Femte generasjons mobilteknologi (5G) blir en viktig del av Forsvarets informasjonsog kommunikasjonsteknologi (IKT) innen taktisk, kampnær kommunikasjon. Forsvaret planlegger å anskaffe moderne kommersielle 5G-løsninger som er tilpasset militær bruk. Slike løsninger for militær mobildekning vil kunne gi operativ effekt med en gang, men vil også legge til rette for ny funksjonalitet etter hvert som den blir tilgjengelig, inkludert det som kommer med sjette generasjons mobilteknologi (6G), som forventes å nå markedet i 2030. I denne rapporten belyser vi utvalgte løsninger som kan levere militær mobildekning, og som vi tror at Forsvaret vil kunne anvende de kommende årene. Disse løsningene er basert på kommersiell mobilteknologi, men innebærer noen tilpasninger for å kunne dekke militære behov. Vi belyser også ny funksjonalitet som kan komme med videreutviklet 5G og etter hvert 6G, og som kan gjøre militær mobildekning enda mer moderne og robust. Utvalget er basert på vår kunnskap om teknologien, innsyn i markedet og praktisk erfaring med de tekniske løsningene. Blant de utvalgte løsningene for militær mobildekning har vi beskrevet 5G-løsninger som Forsvaret allerede eksperimenterer med og vurderer å anskaffe, som 5G militær nettverksskive, 5G militær dekningsforlengelse (MDF) og militært autonomt 5G-nett. Vi anbefaler at Forsvaret både tar i bruk og fortsetter å videreutvikle disse løsningene. Vi beskriver også nye løsninger som er på vei til markedet, som mobilkommunikasjon fra satellitter eller direkte kommunikasjon mellom brukerenheter. Vi anbefaler at Forsvaret følger utviklingen av disse løsningene og etter hvert vurderer integrasjon med resten av løsningene for militær mobildekning. Hvorvidt nye løsninger realiseres i praksis, er i stor grad betinget av den økonomiske lønnsomheten for de kommersielle aktørene som er involvert. Det at Forsvaret som kunde viser interesse for mobilteknologi, gjør militære bruksområder attraktive for det kommersielle markedet.
FFI-Report 2026

Konteinerorkestrering i kampnære IKT-systemer – en innledende studie

Forsvaret er avhengig av pålitelige tjenester som leverer nødvendig funksjonalitet til enheter i operasjoner. Orkestrering er prosessen med å administrere og koordinere flere programvarekomponenter (konteinere) for å sikre at de fungerer effektivt sammen, skaleres dynamisk og håndteres automatisk. Forsvaret benytter allerede orkestrering, men i denne rapporten skal vi se på orkestrering i kampnære miljøer. Å levere og opprettholde nødvendige tjenester til operative brukere kan være utfordrende fordi omgivelsene de opererer i, ofte er dynamiske og komplekse. I denne studien har vi undersøkt hvordan konteinerorkestrering kan benyttes i kampnær IKT for å levere et bedre tjenestetilbud. Kampnær IKT som er utnyttet i taktiske nett, kaller vi i denne rapporten kampnære miljøer. I rapporten tar vi for oss følgende overordnede forskningsspørsmål: Kan konteinerorkestrering realiseres i kampnære miljøer, og dermed inngå som en teknologikomponent i kampnær IKT? Av eksisterende løsninger for konteinerorkestrering, har vi valgt å se nærmere på Kubernetes, som har en dominerende posisjon og er en de facto-standard. Vi ser på hvordan det kan anvendes i kantprosessering (engelsk: edge computing) i kampnære miljøer. Rapporten gir en innføring i relevante begreper som mikrotjenester og kantprosessering. Vi har i denne innledende studien kombinert undersøkt hvordan Kubernetes kan anvendes i kampnære miljøer. Arbeidet i denne rapporten er inndelt i tre separate innsatsområder: 1) En oppnår innsikt i hvordan Kubernetes kan benyttes kampnært selv med begrensede ressurser. 2) Samarbeid opp mot allierte er viktig for Forsvaret, og vi forklarer hvordan føderering kan bidra til at koalisjonspartnere bedre får utnyttet hverandres ressurser i operasjoner. 3) Ved å styrke Kubernetes med ytterligere automatikk, kan orkestrering bidra til enda bedre ressursutnyttelse og mer effektiv drift i dynamiske miljøer. Dette kan skape økt fleksibilitet for enheter i operasjoner. Funn inkluderer at Kubernetes kan benyttes innad på en kantenhet som har tilstrekkelig med ressurser. Videre vil overføringskapasitet i nettverket avgjøre hvorvidt flere kantenheter kan samarbeide om orkestrering. For å oppnå ytterligere gevinster anbefaler vi videre forskning på flere temaer, inkludert føderering og automatisert orkestrering.