Why Every Security Professional Should be Aware of the QAnon Threat

November 2020

QAnon is gaining in notoriety. The movement’s actions and messaging is increasingly being picked up by the mainstream media and although there may be more prominent threats circling, every security professional should be aware of QAnon because it is indicative of why at-risk entities should have robust protective intelligence.

The catalyst behind the QAnon movement originated in 2017, when an anonymous user claiming to have high level vetting clearance made a series of posts on 4Chan announcing that Hillary Clinton was due to be arrested, and that President Donald Trump was leading an effort to call to challenge influential heavyweights such as Barack Obama, Hillary Clinton and George Soros. Now, the main drive of the movement is that President Trump is leading a secret campaign against “elite Satan-worshipping paedophiles” in powerful positions.

What might seem like farfetched conspiracy theories have been accepted, in part at least, by thousands across the globe.

Intelligence and motivation

The nature of this movement brings unique considerations for intelligence and security operators.  The motivators of its followers are not, in any sense, materialistic but are rooted in a social justice which supersedes state and federal laws, social conformity and even religion. This is well demonstrated in an early incident now known as “Pizzagate”.

After the DNC emails were hacked and released by Wikileaks, an online theory emerged suggesting that the reference to “Pizza” in John Podesta’s emails was in fact code relating to child sex trafficking. In response to these allegations, Edgar Maddison Welch armed himself with an AR15 and effectively raided the pizzeria in question. Prior to the raid he was reported to have said that he needed to sacrifice “the lives of a few for the lives of many” and to fight “a corrupt system that kidnaps, tortures and rapes babies and children in our own backyard.”. Whilst Walsh was reported to have been a deeply religious man, his motivation was not religiously motivated. He was motivated to challenge a “corrupt state” and believed he would genuinely discover, and thus protect, sex trafficked children.

The author of QAnon has set forth that it is the duty of the people to challenge the state and be “prepared to fight”. Another interesting element to the QAnon threat vector is that the theory itself is self-fulfilling in the sense that any contest to its legitimacy is used as support for a ‘coverup’.

Armed Incidents

There have been a number of further armed incidents connected to the following of the QAnon conspiracy, recently resulting in the arrest of Joshua Macias and Antonio LaMotta, who travelled to Philadelphia carrying a homemade AR-15 style rifle and 117 rounds of ammunition with no weapons permits during the recent election. This demonstrates the ability for the online community to enable real world aggressors.

In responding to this new threat, security and intelligence operators must extend their awareness of the operating environment, on and offline. This means utilizing an intelligence resource to obtain a detailed understanding of the movement, and how it nominates targets.

Threat Responsive Intelligence

As always, the security function should be threat responsive which means that operators should:

  1. Audit online activity to identify active threats from the group or against individuals.
  2. Consider political exposure to the principle, especially liberal leaning exposure.
  3. Familiarise themselves with the logos associated with the movement.
  4. Familiarise themselves with terminology associated with the movement such as “Where we go one, we go all!” and “#TheGreatAwakeningWorldWide”.
  5. Understand the firearms code in the relevant state.
  6. Familiarise themselves with the theory so as to attempt to de-escalate responsibly.

Why Utilize Specialist Threat Intelligence Sources?

When developing intelligence there are some important considerations:

  • Develop a system to provide early warning of threats and reputational issues that can be addressed in their infancy, reducing or eliminating damage to personnel, brand, and share price.
  • Reduce the sheer amount of ‘noise’ and irrelevant data, to ensure a short, sharp, quality document either daily, or weekly.
  • Utilize relevant search terms, keywords, names, and references. AI systems can help adapt and minimize false positive threat notifications.
  • Ensure output is produced and processed by a trained analyst, and is not an automated data dump, nor a cut, paste and send product.
  • Consider utilizing specialists to conduct long-term covert penetration of threat groups to develop an OSINT, HUMINT, and closed-source information channel. Contact ETS to learn more on this unique resource that ETS currently provides clients at risk from protest and extremist groups.

Utilizing Intelligence to Design Security Commensurate with Risk

Defined intelligence allows practitioners to scale their team accordingly, without it they are guessing from purely imagined scenarios. Without responding to emerging trends in the threat environment, close protection teams risk becoming stagnant and unresponsive to current issues.

The design of the security detail should then consider threats, specific and general, and how those threats may manifest themselves. Only on considering these can the team plan accordingly and deploy suitable resources.

Specialists in Unison

Quintel Intelligence and ETS Risk Management have partnered together for over 8 years.

Quintel’s Risk Investigations offering provides services to high profile persons that require a discrete and specific consideration rather than a simple open source opinion piece masquerading as a client focused product. Working with ETS protective security services, the teams are able to focus on their areas of specific expertise to deliver a high quality service.