Digital Communities as Enablers of Terrorism: The Involvement of Online Decentralized Communities as Promoters of Lone-actor Terrorism in Europe

Introduction
Over the past half-decade, several European lone-actor attacks have followed an increasingly recognizable pattern: a manifesto or pre-attack text is posted to an online imageboard or messaging channel, the attack is live-streamed or performatively documented, and the perpetrator signals allegiance to a transnational canon of prior attackers. At first glance, these incidents may look erratic and solitary. In practice, however, they are shaped by online communities that provide a source of identity, scripts, and status incentives, as well as operational know-how. 

Through this brief, I argue that lone-actor terrorism is solitary in execution but socially embedded, as online ecosystems provide belonging, accessible scripts, and performative incentives that help explain recent cases, such as those in Halle (2019), Bærum (2019), and Bratislava (2022). A review of these cases underscores the importance of disrupting harmful replication channels enabling the circulation of manifestos, spectacle-based livestreams, and associated “saint” cultures, which have increasingly proliferated within online communities (Europol 2025).


Concepts and literature
Recent research shows that lone actors are rarely isolated in any meaningful way. They learn from others, borrow ideas, and take cues from communities, which some scholars call the collective dynamics of “scattered attacks” (Malthaner, O’Connor, and Lindekilde 2024). In this view, “lone” attacks are socially embedded and spread through imitation and diffusion (ibid). European policy analysis reaches a similar conclusion: many lone actors maintain interpersonal or operational ties and radicalise across both online and offline settings (Europol 2025; Schuurman et al. 2018).

A key change in the last decade is the move from traditional media coverage to a more “direct-to-audience” communications environment, meaning attackers can now reach audiences directly without the involvement of journalists or editors, by livestreaming their assaults, posting first-person videos and manifestos, and spreading content across Telegram channels and imageboards in real time. Platforms make it easy to stage violence for viewers (for example, through livestreaming), to archive violent content so it can be recirculated, and to reward imitation and replication of actions through visibility and status. Research on radicalization and platform governance shows that these online ecosystems make it easier for individuals to engage with extremist content, creating self-reinforcing cycles and inspiring copycat behavior (Europol 2025; Conway et al. 2019; Whittaker 2022). Additional research on gamification, which refers to the adoption of game-like features such as scoring systems, rankings, and achievement rewards in non-gaming contexts, shows how these norms have influenced extremist behaviour, turning acts of violence into performances and spectacles designed to be watched, rated, and imitated by a community, encouraging activity (Lakhani and Wiedlitzka 2023; Whittaker 2022).

At the same time, far-right groups use manifestos as adaptable blueprints that outline their grievances, identify potential targets, and signal how audiences are meant to engage with their message (Ware 2020). Since the Christchurch attack in 2019, this “script kit” has circulated widely. In Europe, the Halle attacker combined a manifesto with a livestream, while the Bærum perpetrator wrote his own text and attempted to broadcast his assault. The Bratislava shooter drew inspiration from accelerationist communities, including Terrorgram, which are online networks that advocate using violence to speed up social collapse and inspire further attacks (Koehler 2019; Burke 2019; Kriner 2022).


Positioning the analysis
This brief seeks to bring together three central themes that shape current discussions on the ever-evolving nature of terrorism: the role of media and communication technologies in enabling extremist violence, the complex and layered nature of radicalization, and the EU’s broader “anticipate, prevent, protect, respond” framework. Viewing a pattern of lone-actor terrorism through an ecosystem-based perspective suggests that prevention and disruption policies should prioritize the earlier-mentioned replication channels, including the rapid removal and hashing of attack media, limits on glorification, and targeted interventions that address identity and belonging, rather than treating lone-actor threats purely as individual psychological issues. 


Halle, Germany (2019)
The Halle synagogue attack on 9 October 2019 is widely viewed as a direct European adaptation of the Christchurch “script.” The perpetrator, a 27-year-old German man, attempted to enter a synagogue during the Jewish holiday of Yom Kippur, live-streaming his assault on Twitch using a head-mounted camera. When his initial plan failed, he killed two bystanders nearby. His manifesto, posted on a gaming platform before the attack, included technical specifications for homemade weapons, references to online gaming culture, and antisemitic conspiracies (Koehler 2019).

This case shows how digital platforms serve both as instruction manuals and as performance stages. The attacker explicitly sought an audience, referring to potential viewers as “spectators,” and copied the structure of Christchurch by combining a self-produced manifesto with a live broadcast. The format reproduced the “first-person-shooter” visual aesthetic common to gaming subcultures, underscoring how gamification is applied through the incorporation of subcultures and media performance in extremist practice (Lakhani and Wiedlitzka 2023; Lakhani, White and Wallner 2022).

Notably, the livestream gained over 2,200 views before it was removed, and copies circulated across alternative chat platforms such as Telegram and 4chan (Europol 2025). This demonstrates the resilience of replication channels, as violent media continues to circulate within the ecosystem through re-uploads, memes, and narrative reframing. In this sense, the Halle attacker exemplifies a “networked” lone actor who is operationally independent yet symbolically embedded within an online community that provides recognition and validation (Malthaner, O’Connor, and Lindekilde 2024).


Bærum, Norway (2019)
Just weeks after Halle, the Bærum attack in August 2019 followed a remarkably similar structure, though the assault was less lethal. The perpetrator, a 21-year-old Norwegian, murdered his stepsister before attempting to attack a mosque in the Oslo suburb of Bærum. Hours before, he had posted an announcement on EndChan, referring to himself as a “saint” in the tradition of Christchurch shooter Brenton Tarrant and expressing hope that others would follow his example (Burke 2019).

While his livestream failed to connect, the intent to broadcast and to situate himself within a transnational “canon” of attackers underlines how the aesthetic of participation is as important a consideration as operational success. The Bærum case also highlights how identity is constructed within the ecosystem: the attacker’s language, memes, and references were borrowed almost verbatim from online far-right communities, showing that these platforms function as spaces of belonging and performance rather than isolated echo chambers (Whittaker 2022).

In investigative reporting, Norwegian authorities described the attack as ideologically shallow but socially embedded in digital subcultures (Dalgaard-Nielsen et al. 2020). This aligns with the broader research literature, showing that digital networks act as connective tissue linking otherwise isolated individuals (Whittaker 2022). While not coordinated in the conventional sense, these actors operate through shared vocabularies, icons, and rituals that produce the impression of a global movement (Kriner 2022).


Bratislava, Slovakia (2022)
The Bratislava shooting of October 2022 marks a more recent evolution of the same pattern. The perpetrator, a 19-year-old Slovak, carried out a targeted attack on an LGBTQ+ bar, killing two people before taking his own life. Prior to the attack, he released a lengthy manifesto online and shared it across multiple Terrorgram channels, explicitly dedicating his act to previous “saints” such as Tarrant and the Halle attacker (Kriner 2022; Macklin 2024)

The Bratislava case highlights the increasing influence of accelerationist communities, as these groups use memes, stylised propaganda, and violent manifestos to celebrate prior attackers and invite imitation (Hoffman and Ware 2024; Kriner 2022). Terrorgram’s media ecosystem has refined this process into a stylized propaganda loop, creating and circulating  “saint posters,” tribute videos that glorify previous attackers, and gamified leaderboards that rank perpetrators by the scale or impact of their violence, all of which reinforce a shared visual culture and encourage future imitation.

Here, the ecosystem not only provides ideological motivation but also practical guidance. The Bratislava attacker’s writings contained step-by-step operational references, echoing how Terrorgram channels compile guides, manifestos, and visual propaganda into comprehensive “libraries” for aspiring attackers (Whittaker 2022). This demonstrates the blurring of lines between radicalisation, tactical instruction, and media performance.

From a counter-terrorism perspective, the Bratislava attack illustrates how patterns of violent behavior and attack planning now move easily across borders and languages through online platforms. The ideas, manifestos, and visual materials linked to one attack can quickly appear in new contexts, where they are adapted and reused by others. Once this type of content enters decentralized networks such as Telegram, it becomes very challenging to remove completely. Copies are shared, reposted, and translated by users who want to keep the material alive, allowing it to circulate long after the original event. According to Europol’s Terrorism Situation and Trend Report 2025, far-right terrorism in Europe remains relatively limited in scale, but the symbolic and online afterlives of these attacks give them a noticeably outsized influence, shaping narratives, inspiring imitation, and sustaining extremist communities well beyond the immediate casualties (Europol 2025).


Shared mechanisms
Across these three individual cases, several shared mechanisms emerge. Each perpetrator treated their attack as both an act of violence and a form of communication, aiming to inspire imitation rather than achieve a traditional political goal. All three were influenced by online communities that rewarded recognition and shared practical knowledge. Their manifestos served as scripts, and their attempted livestreams were broadcasts to a virtual audience.

The 2019 Halle, Bærum, and 2022 Bratislava incidents show how the far-right lone-actor threat in Europe operates less as isolated incidents and more as distributed performances within a global online ecosystem, underscoring how counter-terrorism efforts must move beyond individual profiling toward disrupting the social and technological infrastructures that make such replication possible (Malthaner, O’Connor, and Lindekilde 2024; Europol 2025).


Policy implications

• Countering lone-actor terrorism in Europe requires a broader strategic approach rather than a purely operational one. As online ecosystems have become central to how contemporary extremist ideas spread and take root, policy responses must enhance efforts to address the social and communicative environments that sustain them, not only the individuals involved.

• Prevention strategies should focus on reducing the appeal of extremist narratives by challenging the sense of recognition and belonging these digital spaces provide. Efforts that promote credible counter-narratives, strengthen digital resilience, and engage vulnerable audiences, who often are pre-emptively identifiable, can help limit the influence of extremist communities.

• Governments and institutions should adopt a more coordinated and adaptive information strategy. This includes developing consistent and impactful public communication after attacks to prevent glorification and avoid turning perpetrators into active symbols or martyrs. By framing such acts as failures rather than victories, authorities can weaken the symbolic rewards sought by future attackers.

• Finally, the EU’s wider security framework should place greater emphasis on the ecosystem dimension of radicalisation. Understanding and addressing these interconnected environments is key to preventing imitation and sustaining long-term resilience against the lone-actor threat.

Conclusion
The three cases demonstrate how online ecosystems serve as both incubators of violent intent and amplifiers of extremist actions. Each attacker acted alone in practical terms but within a shared digital subculture that provides ideological framing, recognition, and social validation. The “lone” nature of their violence proves to be an illusion. As the research argues, such actors are part of collective dynamics of scattered attacks, connected through digital communities that communicate norms, scripts, and moral justifications (Malthaner, O’Connor, and Lindekilde 2024).

Across all three cases, the communication logic of terrorism has shifted from seeking traditional media coverage to directly producing and controlling one’s own narrative. The attackers in both the Halle and Bærum cases explicitly attempted to broadcast their actions as live performances, while the Bratislava shooter used existing accelerationist networks to circulate his materials. This shows how extremist subcultures now operate as propaganda systems, capable of generating, distributing, and sustaining attack-related content without reliance on mainstream media (Whittaker 2022).

A second common feature lies in the process of identity formation. Within online ecosystems, potential attackers do not view themselves as isolated individuals but as members of a symbolic community of members that venerates previous perpetrators. “Saint” cultures on platforms such as Terrorgram provide a ready-made framework for belonging and recognition. By mimicking the language, imagery, and behavioural scripts of prior attackers, individuals can transform personal alienation into participation in what they perceive as a struggle across national borders (Hoffman and Ware 2024; Kriner 2022).

Finally, these incidents reveal the gamification of violence as a unifying dynamic with shared recognition. The notion of “high scores,” the design of visual propaganda, and the celebratory circulation of attack videos turn violence into a performative act of achievement (Lakhani and Wiedlitzka 2023). In this sense, radicalisation is not only ideological but aesthetic and interactive, relying on audience engagement, feedback, and replication. The performative reward structure of these ecosystems replaces more traditional notions of organisational command with social incentive, sustaining extremist activity even in the absence of formal networks.

These mechanisms point to a form of networked lone-actor terrorism that is sustained less by direct recruitment and more by imitation, performance, and recognition. The online ecosystem functions as a distributed “mentor”, guiding both ideology and means, and understanding this dynamic is essential for any effective policy response.

Bibliography
Burke, Jason. 2019. “Norway Mosque Attack Suspect ‘Inspired by Christchurch’, Court Told.” The Guardian, 11 August. 

Conway, Maura, Moign Khawaja, Suraj Lakhani, Jeremy Reffin, Andrew Robertson, and David Weir. 2019. “Disrupting Daesh: Measuring Takedown of Online Terrorist Material and Its Impacts.” Studies in Conflict & Terrorism 42 (1–2): 141–160.

Dalgaard-Nielsen, Anja, Morten Løw Hansen, Jacob Aasland Ravndal, Jakob Ilum, Helge Renå, Jørn Rye Eriksen, and Bushra Ishaq. 2020. Evaluering av politiets og PSTs håndtering av terrorhendelsen i Bærum 10. august 2019. Oslo: Politidirektoratet og Politiets sikkerhetstjeneste.

Europol. 2025. European Union Terrorism Situation and Trend Report (TE-SAT) 2025. The Hague: Europol. 

Hoffman, Bruce, and Jacob Ware. 2024. “Ropes, Accelerationism, and the Enduring Legacy of The Turner Diaries.” The Hague: International Centre for Counter-Terrorism.

Koehler, Daniel. 2019. “The Halle, Germany, Synagogue Attack and the Evolution of the Far-Right Terror Threat.” CTC Sentinel 12 (11).

Kriner, Matthew. 2022. “Analysing Terrorgram Publications: A New Digital Zine.” London: Global Network on Extremism and Technology.

Lakhani, Suraj, and Susanne Wiedlitzka. 2023. “‘Press F to Pay Respects’: An Empirical Exploration of the Mechanics of Gamification in Relation to the Christchurch Attack.” Terrorism and Political Violence 35 (7): 1586–1603.

Lakhani, Suraj, Jessica White, and Claudia Wallner. 2022. The Gamification of (Violent) Extremism. Luxembourg: Publications Office of the European Union.

Macklin, Graham. 2024. “Evaluating ‘Transnationalism’ as an Analytical Lens for Understanding REMVE Terrorism.” CTC Sentinel 17 (11). 

Malthaner, Stefan, Francis O’Connor, and Lasse Lindekilde. 2024. “Scattered Attacks: The Collective Dynamics of Lone-Actor Terrorism.” Perspectives on Politics 22 (2): 463–480.

Schuurman, Bart. 2020. “Research on Terrorism, 2007–2016: A Review of Data, Methods, and Authorship.” Terrorism and Political Violence 32 (5): 1011–1026.

Schuurman, Bart, Edwin Bakker, Paul Gill, and Noémie Bouhana. 2018. “Lone-Actor Terrorist Attack Planning and Preparation: A Data-Driven Analysis.” Journal of Forensic Sciences 63 (4): 1191–1200.

Ware, Jacob. 2020. “The Violent Far-Right’s Increasing Use of Terrorist Manifestos.” ICCT Policy Brief. The Hague: International Centre for Counter-Terrorism.

Whittaker, Joe. 2022. Online Radicalisation: What We Know and What We Don’t. Luxembourg: Publications Office of the European Union.