The world faces a wide array of threats, ranging from natural disasters and human conflicts to technological risks, with terrorism standing out as a particularly pressing concern. Terrorism databases document between 7,000 to 10,000 attacks annually, resulting in over 20,000 fatalities. These attacks are motivated by factors such as ongoing conflicts, repression under authoritarian regimes, and economic and political grievances. Despite continuous efforts in counterterrorism, these groups persist in posing significant challenges, indicating that current strategies have not adequately addressed their activities.
Terrorism databases are crucial in countering terrorism by recording current attacks and providing details on recent trends. One prominent open-source database is GRID (the Global Terrorism and Trends Analysis Center (GTTAC) Records of Incidents Database), accessible on the GTTAC website. GRID offers real-time data on global terrorist attacks and groups. This article emphasizes the critical importance of collecting open-source data on terrorism, with a focus on GRID’s insights and examples from jihadist groups, including ISIS and Al Qaeda affiliates, as well as Iran-backed militia groups.
Terrorism databases rely significantly on open sources, particularly reputable media outlets, to ensure objectivity and minimize bias in their data collection. This approach is crucial because authoritarian regimes often exert control over media channels, using them to portray political dissenters and opposition groups as terrorists. These regimes manipulate information, providing minimal or fabricated evidence to justify their accusations. As a result, databases prioritize sourcing information from credible media outlets that uphold journalistic standards, ensuring they provide verified and balanced reports on terrorism incidents worldwide.
Despite using open sources, terrorism databases often report different numbers of terrorist attacks. For instance, according to the Global Terrorism Index, there were 3,955 incidents resulting in 6,701 deaths in 2022, whereas GRID reported 7,341 incidents with 21,943 fatalities for the same year. These discrepancies arise mainly from differences in how databases define terrorism and collect data. Some databases include all instances of violence and conflicts involving state actors and terrorist groups, regardless of the initiator.
Others focus specifically on violence in conflict zones and prioritize reporting on jihadist terror groups, possibly overlooking incidents involving revolutionary, left-wing, ethnonationalist, and separatist terrorism. Understanding these varying criteria and methodologies is essential for accurately interpreting global terrorism data. It highlights the importance of carefully assessing different sources to understand terrorism trends and inform effective counterterrorism strategies comprehensively.
Efforts to establish terrorism event databases began in the late 1960s, coinciding with advancements in satellite and portable video technology. One of the earliest databases, ITERATE, was founded in 1968 and updated until 2020, providing quantitative coding for international terrorist attacks. The RAND Corporation also pioneered terrorism databases, starting with the “Chronology of International Terrorism” in 1972, which covered events from 1968 to 1997, focusing primarily on international incidents. Another early database, established in 1970 with funding from Pinkerton Global Intelligence Service (PGIS) and expanded in the mid-1970s, tracked terrorist attacks. PGIS stood out among early databases for its comprehensive coverage of domestic and international terrorist incidents.
Since 1982, the US Department of State has annually published reports on international terrorism titled “Patterns of Global Terrorism,” starting from 1983. These reports detail global terrorist incidents by year, date, region, and the groups involved, offering valuable insights into terrorist organizations, US policies, and counterterrorism efforts. In 2004, responding to congressional concerns about data quality, the National Counterterrorism Center (NCTC) launched the Worldwide Incidents Tracking System (WITS). By 2005, WITS significantly improved terrorism reporting by sourcing data from various channels such as commercial news services, the US Government’s Open-Source Center, and local news websites in multiple languages. From 2004 to 2011, WITS recorded nearly 80,000 terrorist attacks, marking a substantial expansion in coverage compared to earlier databases.
In June 2012, the Department of State enlisted the National Consortium for the Study of Terrorism and Responses to Terrorism (START) to assemble a Statistical Information Annex dataset and generate an additional report for the Department’s yearly Country Reports on Terrorism. START utilized its Global Terrorism Database (GTD) to compile the Annex from 2012 to 2017. Since 2012, the GTD team has automated their data generation processes. They rely on primary sources like Reuters, Agence-France Presse, Lexis/Nexis, and Factiva, which are assessed for their contribution quality. Their machine-learning model evaluates document relevance to terrorism.
In August 2018, the Department of State granted a contract to the Development Services Group (DSG), which partnered with the Terrorism, Transnational Crime and Corruption Center (TraCCC) at Schar School of Policy and Government at George Mason University to create the GTTAC database (GRID) for the Annex of Statistical Information. This database compiles global terrorism incidents using extensive open-source intelligence from multimedia data aggregators. GTTAC employs Python tools on a Linux platform for tasks like text analysis, predictive modeling, and feature extraction. Furthermore, GTTAC’s proficient analysts, equipped with language skills and regional knowledge, contribute to researching incidents reported in multiple languages such as Spanish, French, Farsi, Turkish, Russian, Arabic, and various African tribal languages. GRID categorizes incidents, perpetrators, attack methods, weapon use, and targets using ontologies. After automated processes compile the data for review, the database aggregates global terrorism incidents based on regional and geographic criteria.
GRID’s Definition of Terrorism and Variables
The annual Annex of Statistical Information classifies an incident as terrorism under Title 22, Section 2656f, of the U.S. Code if it meets specific criteria. These criteria include: a) the violent act being motivated by political, economic, religious, or social objectives; b) the act demonstrating an intent to coerce, intimidate, or communicate a message to a wider audience; and c) the act violating international humanitarian law by targeting non-combatants. GRID records incidents that satisfy all three criteria and relies solely on credible, independent sources for reporting incidents, omitting those reported by terrorist media or incidents with unclear or conflicting information.
The variables are categorized into 13 groups in GRID: incident identification, incident and publication dates, incident summary, incident location, perpetrator information, casualty details, weapon types, logistics types, tactic types, victim types, intended victim types, facility types, and source and publication details. The incident location for GRID covers the entire world. Syria, Iraq, and Yemen in the Middle East; India, Pakistan, and the Philippines in Asia; Nigeria, Democratic Republic of Congo, Somalia, and the Sahel countries in Africa; and Colombia in Latin America are several countries with the most attacks.
GRID’s perpetrator field covers over 900 non-state actors, including Foreign Terrorist Organizations (FTOs) like Al Qaeda and ISIS and their affiliates. Perpetrators are categorized into groups such as religious-jihadist, ethnonationalist/separatist, left-wing, anarchist, and right-wing extremists. The database also tracks Iran-backed militia groups in the Middle East, such as the Houthis, Kata’ib Hezbollah, Islamic Resistance in Iraq, and Hezbollah, which collectively accounted for six percent of attacks in 2022. GRID focuses explicitly on significant events such as the October 7 terror attacks by Hamas and the ongoing threat posed by Iran-backed militia groups in the region. For example, Hezbollah conducted 268 attacks in the first quarter of 2024. GRID’s Individual perpetrator category monitors self-radicalized assailants, also known as lone actors, who are inspired by terrorist ideologies but not directed by any terrorist groups. GRID has documented lone actor attacks in Australia, the United States, and several European Union countries so far. Furthermore, GRID tracks far-right extremist groups in the Western world motivated by anti-immigrant, white supremacist, misogynistic, anti-abortion, and anti-government ideologies.
Figure 1 below shows the top 10 perpetrators with the highest number of incidents recorded by GRID from January 2018 to May 2024, totaling more than 52,500. The largest category is “Unknown,” indicating that media sources have not attributed these incidents to a specific organization. GRID tracks these attacks based on their location, tactics, targets, victims, and types of weapons used. Before their takeover in 2021, the Taliban conducted intense attacks, making them the most active group in terms of incidents, followed by ISIS, Al-Shabaab, and the Houthis. The leftist and Maoist groups are still active globally, with CPI-Maoist in India and CPP/NPA in the Philippines having carried out the most attacks.
Casualty details in GRID include information about victims killed, wounded, and kidnapped. GRID has recorded decreasing numbers of terrorist attacks and casualties since 2020, according to Figure 2 below. Most deaths are recorded in the countries where ISIS and Al Qaeda-affiliated groups operate.
The Weapon field in GRID is categorized into seven groups, each with subcategories: firearms, explosives, incendiary devices, unmanned aerial vehicles (UAVs), melee weapons, fake weapons, vehicles, and weapons of mass destruction (WMDs). The firearms category enables GRID to track fully automatic guns and heavy weaponry, while the explosives category includes IEDs, rockets, mortars, grenades, mines, and missiles. The UAVs category records both civilian and military drones. It should be noted that GRID places specific emphasis on tracking WMDs. So far, GRID has recorded chemical and biological attacks in the Middle East and Africa. GRID allows for the comparison of weapon types across categories of terrorism. For example, according to Figure 3 below, jihadist terror groups, predominantly composed of Al Qaeda and ISIS affiliates, employ more firearms and explosives compared to Iran-backed terror groups. However, the use of drones stands out as a primary weapon type for Iran-backed militia groups, who employed drones in 383 attacks from 2018 to 2023.
The Logistics field in GRID is designed to add specificity to attacks by detailing how weapons reach their targets. It focuses on the transport methods rather than the weapons or tactics themselves. GRID categorizes logistics into vehicles, mail/postage, hand-propelled, kite, balloon, slingshots, aerosols, and animal-borne methods. Vehicles are the primary transport method used by terrorist groups to reach their targets. According to GRID, jihadist terror groups employed vehicles in 2,478 attacks, while Iran-backed militia groups used vehicles in 637 attacks from 2018 to 2023.
The Tactics field in GRID aims to differentiate between tactics used by various terrorist groups and to identify emerging trends. GRID categorizes tactics broadly to encompass a wide range of strategies employed by terrorist groups worldwide. Under tactic types, the trauma category records incidents such as gender-based violence, rape, mutilations, suicide attacks, kidnappings, hostage-taking, hijackings, car rammings, assassinations, executions, stabbings, and residential area burnings. The assault category includes shootings, storming, and bombings. Covert tactics encompass booby-trapping, ambushes, sabotage, mine/IED planting, and disguise/infiltration. GRID’s coordinated category tracks complex coordinated terror attacks (CCTAs). Additional tactic type categories record extortion and cyber attacks. A comparison between Iran-backed and jihadist terror groups reveals that jihadist groups employ more tactics categorized under assault, coordinated, covert, and trauma, as seen in Figure 4 below.
GRID categorizes the Victim field into actual and intended categories, which share identical groupings and subcategories. The general population category includes victims identified by gender, religion (Muslim, Christian, Jewish, Hindu, Buddhist, and Other), race or ethnicity, LGBTQIA status, refugees/IDPs, and students/children. In contrast, the government category encompasses civil servants, diplomatic personnel, heads of state/royalty, intelligence officers, judiciary members, law enforcement personnel, and legislators. Additionally, GRID classifies victims into military, political, and profession categories, each with various related subcategories. GRID’s data comparison of Iran-backed and jihadist terror groups reveals that jihadist groups predominantly target military personnel, whereas Iran-backed groups primarily target the general population, as seen in Figure 5 below.
Finally, the Facility type field aims to track incidents where terror groups target specific locations. Its broader subcategories include commercial (individual retail, offices, tourist facilities), Culture (media, religious sites, tourist sites), government (buildings or vehicles, diplomatic, law enforcement & intelligence), infrastructure (agriculture & food, communications, construction, education, healthcare, land transport, maritime & fishing, private property, public places, relief, utilities & mining), and military (foreign, multinational, national). When comparing Iran-backed militia groups and jihadist terror groups in Figure 6, it becomes evident that jihadist groups primarily target infrastructure, military, and government buildings. In contrast, Iran-backed groups tend to focus more on infrastructure and military facilities.
In conclusion, terrorism databases are crucial in documenting current terrorist attacks and forecasting future trends. They rely on open-source data, which is considered the most reliable source, particularly because authoritarian regimes frequently produce biased reports and manipulate media to falsely accuse regime opponents of terrorism. Contrary to the belief that terrorist threats are localized to their regions of origin, terrorism databases highlight emerging groups globally. These databases, like GRID, not only focus on threats posed by jihadist groups such as Al Qaeda and ISIS but also monitor active left-wing terrorist groups and far-right extremists. GRID, developed by GTTAC, stands out as one of the largest and most esteemed databases, utilizing advanced machine learning and human analysis techniques. It serves as a critical tool for comprehensively tracking terrorist attacks from various perspectives.
