Vidhya Ramalingam is the co-founder of Moonshot CVE, a company using technology to disrupt and counter violent extremism globally. She directs overall strategy and oversees campaigns, software development, and digital projects in over 25 countries. Her work is underpinned by over a decade of experience engaging directly with extremists, building new partnerships with activists, and advancing policy design with international governments. She is an expert on white nationalist extremism, and has testified before the U.S. Congress on the global threat posed by white nationalist terrorism. She has held various roles, including Commissioning Panellist for the U.K. security and intelligence agencies and ESRC, Faculty Associate at University of Oxford, and Board Member of Life After Hate. Prior to founding Moonshot, Ramalingam was Senior Fellow on Far-Right Extremism and Intolerance at the Institute for Strategic Dialogue (ISD). She led the European Union’s first cross-government initiative on white nationalist terrorism and extremism, initiated by the Norwegian and Swedish ministries of justice following the July 22, 2011, attacks by Anders Breivik in Norway, and launched by the E.U. Commissioner for Home Affairs. Heading this program from 2012-2014, she worked with over 300 practitioners across 10 European countries to design policy, initiate projects, and build capacity to respond to white nationalist terrorism.
CTC: What led you to start working in the countering violent extremism space, and what for you have been the lessons learned?
Ramalingam: I got into this space just over 10 years ago. My earliest jobs were in the migration space. As someone who grew up as the kid of Indian immigrants in North America, I spent a lot of time thinking about race, identity, migration, and became increasingly fascinated with white supremacy movements, movements that had notions of pure race and pure identity. I started researching and looking into non-violent anti-immigration movements and violent anti-immigration movements.
And I became increasingly frustrated by the unwillingness of so many people that were working against those movements to actually interact with individuals involved in these movements. To my mind, if the ultimate end goal is to change people’s minds, we have to be able to have a conversation with them. You have to be able to talk to them, understand why they’re there.
So I embarked on a project where I essentially carried out field work with a white nationalist movement in Sweden. I spent years learning Swedish and really built up my expertise on Swedish white nationalist movements, far-right movements, and I just started attending rallies, attending demonstrations, starting conversations with people at those demonstrations. And it was a tough experience, especially being a woman of color attempting to interact with largely white male, white nationalist movements. But people opened up to me, and I think people are often surprised at the willingness of people who are in white nationalist movements to talk to individuals that they believe to be the enemy.
I was able to really get to know people that were involved in the movement over the course of 2010 when I was in the field, and that experience for me was transformational. It really showed me that the individuals that get involved in these sorts of movements are human beings with, in many cases, very rational stories as to why they got there and very clear experiences in their lives that led them to believe the things they believed. I started to develop some strong perspectives around how counter-extremism work needed to be delivered and needed to be really focused on human interactions and engagements with individuals involved in these movements to try to get them out.
I concluded that work and entered into the counterterrorism space. It wasn’t until Anders Breivik carried out his attack on Utøya island and Oslo in 2011, killing 77 people, that European governments woke up to the threat of the violent far-right and really started to bring the violent far-right to the table in national security discussions.
And so that was a real turning point for me, especially having worked in the Nordic countries on far-right extremism. I then worked with the Swedish government, the Norwegian government, and a couple of the other Nordic governments to set up the E.U.’s first cross-governmental initiative to build capacity to respond to far-right terrorism. I was working, at that stage, across 10 European countries, working directly with the ministries and the policymakers that were responsible for building up their portfolios on far-right terrorism but also working with local NGOs and with former extremists to build up programs to respond to far-right terrorism. That for me was my real entry point into CVE. I ran that program from 2012 to 2014.
We launched Moonshot CVE in September of 2015, and we launched at a time when there was a real opening for an organization that was going to try to test new things in the online space. And for me, having come from a background where I had facilitated direct conversations with people in white nationalist movements, where I firmly believed that a social-work approach is critical, I really felt that to deliver this work in an online setting, we can’t limit ourselves to ideological counter-messaging online. We need to deliver programs online that recognize that in the 21st century, every single user that exists online is a human being. People’s lives span the online and the offline. And so my co-founder and I wanted to build an organization that could test our theories around the delivery of social work-based approaches in an online setting.
CTC: What goals have you set for Moonshot CVE?
Ramalingam: Moonshot CVE has a very bold mission statement: to disrupt and ultimately end violent extremism. And it’s deliberately ambitious. My co-founder Ross Frenett and I set up the organization three and a half years ago, having worked in the CVE/counterterrorism space for many years, and we saw a gap in the sector for an organization that was institutionally capable of taking risks and innovating in the true sense of the word, trial-testing things that hadn’t been tried before. So often organizations that are delivering CVE programs are incapable of innovating, they’re incapable of testing things not already proven to be effective. We developed a business model that was essentially a social enterprise in nature. We reinvest our own profit into our own R&D programs, our own development of software, our own trial testing, and we manage that risk ourselves. And once we get proof of concept, we can then scale initiatives up with partners who would otherwise be unable to take those risks.
CTC: How does Moonshot CVE work to identify people at risk of violent extremism?
Ramalingam: We find that individuals that are at risk of violent extremism, whether it’s violent white supremacy or jihadism, oftentimes leave behind a trail of clues in the online space, a kind of digital footprint that lets us know they’re getting involved. What we wanted to do with Moonshot CVE was build tools that would help us to automate the process of identifying those sorts of individuals and these communities online. So, we developed software that helps to analyze publicly available clues and processes those clues in hard-to-reach spaces on encrypted platforms, to try to help us scale up the identification of those individuals. That’s our starting point.
But then secondly, we deploy programs that attempt to interact with those communities online in different ways. One way that we interact with those communities online is to develop campaigns that try to ensure that, somewhere in the online journey of that individual, they get offered alternative content, safer content, content that tries to essentially debunk some of these ideologies.
Here I should point out that what we found most effective is content that basically offers them the possibility to change, offers them the possibility to talk to someone. That then leads to another area of programming for us, which is the delivery of social work in the online space, where we facilitate the meeting of social workers and at-risk individuals, starting with conversations online but then transitioning into offline casework with that individual.
CTC: So you’re looking at publicly available social media.
CTC: What is the approach you take to try to get through to at-risk individuals?
Ramalingam: We will never contact an individual at risk as Moonshot CVE. Our team includes social workers, mental health practitioners, and people with counterterrorism and policing backgrounds who have experience interacting with at-risk individuals, but for us, it is so important that the entity that is reaching out to the individuals be one that can work with this person in the long term. For that reason, we always partner with local organizations, whether they are mental health-based organizations on the ground or CVE-based organizations that have trained counselors. We will find those local organizations in any city or country that we’re working in. And we will build the online infrastructure to help that offline organization be connected with the audience that desperately needs them.
The messaging that we’ve found most effective with at-risk audiences are oftentimes messages—either advertisements or direct one-on-one messages—that offer help.
What we’re now doing is building tools that can help scale up personalized messaging from an individual social worker. We are building the tools to get personalized messages from a small cohort of social workers out to tens of thousands of individuals who might be at risk of violent extremism. The technology allows us to scale up the messaging, but there is always a human there ready to respond when somebody at risk actually takes the leap and wants to speak to a social worker.
CTC: And that messaging would presumably contain a way to contact the social workers in question, for potential follow-up.
Ramalingam: Exactly. We’ve done that in different ways. Sometimes the opportunity to speak to a social worker is via a website that offers an anonymous chat function. Sometimes they will be sent to a website that offers a service that they can then choose to take up themselves, a hotline, a phone number they can call. And sometimes it’s an individual conversation with a social worker who informs them personally that they are there to speak to them.
CTC: How receptive have your target audiences been? One might expect those who have gone further down a path of radicalization to be more resistant to this kind of messaging. Is your approach more effective with individuals who have traveled less far down the path of extremism?
Ramalingam: We’re still building the evidence base on this. We’re in the early stages of a lot of this pilot work, and it’s entirely experimental. This work to bridge the online and offline hasn’t been done before in the CVE space, to our knowledge. So we’ll be in a good position in a year’s time to really bring some evidence to the table on that.
But what I can say is there is long-standing evidence from across the sector that social work interventions, face-to-face, are effective. There is also evidence that individuals who ultimately leave these movements have oftentimes spent years questioning the movement themselves, feeling unhappy or unsatisfied, and thinking about leaving. These individuals can oftentimes feel trapped in the movement. So it’s really important to us, as an organization, not to exclude individuals that are deeply imbedded in the movement from prevention and interventions programs. Because you just never know if any one individual has been looking for a way out but hasn’t been able to find it. And we want to make sure that they get offered that opportunity.
CTC: In what parts of the world are you operating?
Ramalingam: We deliver programming globally. We focus on methodologies and technologies that can be deployed in any location. We’ve had programs that have been live, at this stage, in over 25 countries and across different forms of extremism, including in North America and Europe. We have a large program of work on global jihadism, but we also have a large program of work on global far-right and white nationalist extremism. We do work on Buddhist extremism in Myanmar, Hindu nationalist extremism in India, and ethno-nationalist violence in the Balkans. So we’re not really bound by any geography. What that means is that when we set up these programs in any new country, we need to find the right local partners that can manage that risk on the ground and manage that casework on the ground. That’s the critical prerequisite for us to deliver online intervention programs.
CTC: With the appropriate cultural understanding and language skills.
CTC: What type of approach has proved effective in your messaging efforts?
Ramalingam: We’ve managed to build up some evidence around the efficacy of social support messaging with audiences that are at risk of violent extremism. Historically, the CVE sector has focused on the idea of ideology-based counter narratives, and promoting these online to deconstruct extremist narratives. In the last two years, we’ve been testing mental health-based messaging. This includes messaging that says “do you feel anxious?” or “do you feel hopeless” and offers support with dealing with mental and social health issues. We’ve tested that messaging with violent extremist audiences, and then we’ve also tested it with comparison groups to make sure that we have a baseline to compare against. Consistently in nearly every geography that we test in, both with neo-Nazis and jihadi audiences alike, we find that the extremist audience is disproportionately likely to engage with that mental health and social support messaging than a comparison group.
In 2017, we found this with neo-Nazis in the U.S. who were 48 percent more likely to engage with that sort of mental health messaging than a comparison group. And then we found that globally with jihadist audiences, that they were 47 percent more likely to engage with that content than a control group. So for us, one of the great successes from our programs over the last few years has been building up the evidence base around the effective social service messaging with at-risk audiences.
CTC: So what you are saying is that engaging on the mental health aspect rather than tackling the ideological aspect has proved a particularly effective way to begin a conversation with people who have gone down the extremism path.
Ramalingam: Exactly. I’m always cautious when I explain this because I want to avoid misinterpretations of this data. What I’m not saying here is that violent extremists are disproportionately likely to have mental health issues. We don’t have an evidence base around that. But what we have evidenced is that mental health-based messaging is an effective opening; it’s a way for us to start a conversation, to start interacting with this audience, and perhaps more effective than ideology-based messaging, which can oftentimes make the individual feel cornered or on the defensive. And so we have been building up an evidence base around this for the last few years.
CTC: What does success look like to you?
Ramalingam: What success looks like depends on the aim and scale of every project. So there will be projects that we run where success will be measured with really small numbers; it’s about intensive engagement with a small number of individuals who are truly at risk. And that’s where the online intervention work that we run will really be focused. Now, we’re a three-and-a-half-year-old organization. We’re now in the midst of several multi-year pilot programs, online intervention pilot programs, but we’re too early in the life cycle of those programs to be able to report on the efficacy. I’ll be upfront about that because this is such experimental work. So we’ll be building that evidence base over the course of this year and the next year. But it is very early days. We’ve only just kicked off those programs now.
CTC: In the online space in the United States, how energized are violent far-right extremists and jihadi extremists?
Ramalingam: The numbers we’re dealing with are a lot larger depending on the form of extremism. For the past few years, we have been were tracking violent far-right searches on Google, and we found over 200,000 searches across the U.S. in the year 2017 aligned with the violent far-right, and then if you look at 2018, that number skyrocketed. Now, that is not even comparable to the scale of the jihadist audience. We saw less than 40,000 searches by the jihadist audience that same year in the United States. Violent far-right audience have been far more brazen and more open online, broadcasting their beliefs and intent, as compared to the jihadist audience.
CTC: And when you’re saying search for violent far-right content, the nature of the searches suggests that people want to actually find that content because they’re sympathetic toward it, right?
Ramalingam: Exactly. So these are individuals that are searching for information on how to join the KKK or information related to killing ethnic minorities.
CTC: How do you obtain this data?
Ramalingam: To do this, we needed to find creative ways to gather this data at the scale we require for CVE work. One of the reasons why we set up this company was that so many of the off-the-shelf tools—social media analytics tools that have been available, big data analytics tools—aren’t necessarily suitable when you’re doing CVE work. We are looking for small audiences, engaging in niche destructive behaviors. So we’ve had to build these tools ourselves. We’ve been tracking data on searches related to violent far-right and jihadist content across America since 2017. What it’s allowed us to do is actually measure some real shifts and changes in behaviors because we’re building longitudinal datasets. So, an example is post-Charlottesville, we saw a 400-percent increase in Google searches by individuals in the United States indicating a desire to get involved with these sorts of violent far-right movements.
CTC: And this is the aggregate data you’re talking about.
Ramalingam: Exactly. It is important to say that we’re not looking at IP addresses. We’re not looking at any user’s search histories. But what we are looking at is what types of searches are taking place and where are those searches taking place broadly speaking. And this just lets us paint a better picture of risk across the country. We’ve released some of that analysis publicly.1
CTC: When it comes to identifying individual at-risk people, you’re dealing with what they’re posting socially on their Facebook and Twitter accounts and other similar publicly facing social media, right?
Ramalingam: Exactly. And we actually hold ourselves to very high standards when it comes to data privacy. We’re a European company, and we’re bound by GDPR,a so all of our tools and analysis are entirely GDPR-compliant. When we are looking at search data, we are accessing any information which would allow us to identify individuals. We use search data to be able to inform our campaign work. We have a partnership with Google on a methodology called the Redirect Method where we run campaigns to reach individuals that are searching for violent extremist content on their platform and try to offer them advertisements that give them alternatives. And so the data around what types of things people are searching for related to the violent far-right or jihadist propaganda is really important to inform those campaigns.
CTC: Can you speak to the kind of software you’ve managed to develop that allows you to identify at-risk individuals at scale?
Ramalingam: I mentioned earlier that individuals at risk of violent extremism oftentimes leave behind these kind of digital footprints, these kind of trails of clues letting us know that they’re involved. And that’s often in the form of comments, information that they’re posting, photos that they’re posting, etc. What we’ve done at Moonshot CVE is we’ve built up some really robust databases of risk indicators online. That includes everything from links that are being shared to specific pieces of propaganda, jihadist anasheed, white power music that advocates violence. We’ve built up, at this stage, databases into the millions of those indicators.
And our databases are coded in a risk-sensitive way. We ensure that we are differentiating between individuals that are engaging with an indicator that is very low risk versus those that are engaging with an indicator that indicates intent to carry out violence. That database of indicators is really what drives any of the tools that we’ve created. It helps us find individuals that are engaging with any of those indicators on any social media platform, whether it’s the widely known ones—Facebook, Twitter, etc.—or more niche platforms, and enables us to assess risk.
CTC: So, you’re looking at combinations of words and phrases that suggest that people are sympathetic to one of these extremist ideologies.
CTC: Can you also assess risk based on the type of pictures being posted on a particular account?
Ramalingan: We do have images in some of our databases, but images are notoriously more challenging to work with than text when you’re building these tools. We often bring on human analysts to support this work and review image-based content.
CTC: When you’re looking out for danger signs of people online, if through those searches you see something that you assess to be a danger to public safety, that is something you would presumably alert to the security services of the relevant country, right?
Ramalingam: Where it is safe and humane to do so, yes, absolutely. Most of our work is governed by the same principles that would apply to social workers. We handle and manage data securely, and we don’t share personally identifiable data with governments or intelligence agencies and do not carry out surveillance on their behalf. While that’s very much the case, if we are operating in a context where we believe it is safe and humane to do so, if we do come across an individual that we believe poses an immediate threat, if there’s intent or an indication that they’re planning an imminent attack, we will immediately reach out to law enforcement to ensure they can respond.
CTC: When it comes to the right-wing extremism/terrorism space, what are the trends that you’re seeing in terms of the size and nature of this threat since the Breivik attack in 2011?
Ramalingam: One message that I would want to get across is that these movements have always existed. They’ve persisted over the past many decades. The change that I’ve seen in recent years is that these movements have become more brazen. They’re starting to feel like their ideologies are more acceptable in the mainstream. They’re more willing to put their beliefs into the public domain without fear of retribution or attack. And so that brings us into dangerous context, where individuals that are on that cusp of carrying out an act of violence feel that they have a real community behind them. The online communities where these sorts of pieces of propaganda and comments are shared, spaces like 8chan or 4chan or some corners of Reddit, they are not geographically bound. They offer these kinds of borderless communities for like-minded individuals, and those sorts of communities are particularly dangerous because individuals that may just be keyboard warriors, not necessarily planning to carry out an attack, might inadvertently be fueling that one individual in the group who has been considering taking action.
CTC: What lessons can the counterterrorism community draw from the terrorist attack on mosques this past March in Christchurch, New Zealand?
Ramalingam: It’s a terrible tragedy. I think in many ways, it reinforces what many of us have been pushing for in the counterterrorism community for years now: that this is not just a domestic terror threat; this is a global terrorism threat. The perpetrator in this attack clearly drew inspiration from an international cast of far-right extremist characters, a set of so-called heroes that he worshipped. He referenced a lot of cultural icons that he believed were his inspiration. And it wasn’t just Anders Breivik that he mentioned and sought to mirror; there were also mentions of a number of other right-wing terrorists from across the globe that he indicated had been an inspiration for him.
I think it’s important to remind ourselves that this is not the first time that a white nationalist has migrated across borders to carry out an attack. There was a key example of that in 2013 when a Ukrainian-born terrorist Pavlo Lapshyn arrived in the U.K. and within five days, had murdered an 82-year-old Muslim man. He went on then to plan three attempted bombings against mosques in the weeks that followed.b The attacker in Christchurch actually wrote that Ukrainian terrorist’s name on his weapon,2 reminding us that there’s some symmetry between these actions and the actions that have been taken by other international far-right extremists, terrorists. So I think this is a real reminder and a wake-up call for the counterterrorism community that we are not just dealing with a domestic, homegrown terror threat when it comes to far-right extremism. We need to see this as a global movement that constitutes a global threat, and that really needs to drive our response moving forward.
And it requires a different kind of response. The threat from right-wing terrorism has often been downplayed. One reason is it’s oftentimes not been seen as a terrorism issue but as an issue of community violence and hate crime. So it has often fallen between the gaps, between different policy instruments.
What incidences like this have taught us is that while global networks of violent far-right extremists are oftentimes disorganized and lack capacity, we are nevertheless dealing with a global network of individuals that are increasingly sharing and disseminating violent extremist content, and encouraging and inspiring one another. These networks are decentralized and often leaderless, but that can make perpetrators all the more difficult to track.
CTC: And given that Breivik appears to have inspired to some degree the Christchurch attacker,3 there must be a concern that there could be a rolling snowball effect with these attacks, that one inspires another, and a mythology starts to be built around these violent acts and the perpetrators.
Ramalingam: There is absolutely a danger of that. Many of the perpetrators in the more recent far-right terrorism incidents that have taken place have left behind manifestos, which are intended to inspire others, other likeminded individuals. It is not just Brenton Tarrant, the perpetrator of the Christchurch attack, but also Breivik’s manifesto and Dylann Roof’s manifesto. This has now become a common means through which individuals are able to share their kind of motivating message to other likeminded individuals. And we do need to be concerned about, in the immediate aftermath of these attacks, how that information travels and who’s interacting with that information and glorifying the acts that have just taken place. So there is a need for some real rapid response work in the aftermath of these events to mitigate the possibility for immediate copycat attacks to take place.
CTC: Are you detecting that more of the violent far-right focus is now directed against Muslims? Has an Islamophobic element come to the fore, as a unifying issue for far-right violent extremists?
Ramalingam: I think Muslims are a very convenient target for white nationalist extremist movements that deem a number of different communities enemies. Generally in white nationalist ideology, it’s not just Muslims that are the enemy, but also Jewish communities, black American communities, and even particular white communities they believe to be ‘traitors.’ Given the scale of Islamophobia and just how mainstreamed Islamophobia has become in Western societies, Muslims are a very convenient target for these movements because they believe that they will have wider support for their actions. Now that obviously isn’t matched by reality, but that is certainly a belief within some white nationalist communities.
CTC: What is your concern about the potential for a vicious cycle of violence to gather force, in which jihadis and far-right violent extremists feed off each other’s attacks?
Ramalingam: While I do think there is a risk of a kind of cyclical reciprocal radicalization, I don’t want to overstate the relevance of jihadist attacks as a motivation for far-right terror attacks. This has been a pervasive problem in the United States and Europe long before ISIS. We need to see the attack in Christchurch in the context of, for example, the attack that took place in Pittsburgh last year on a synagogue, the attack that took place in Charleston in 2015, which was an attack against the black American community. While there is certainly a risk of reciprocal acts of violence, we need to ensure we see white nationalist violence not simply as a response to jihadist extremism.
CTC: You advise the U.K. government on countering violent extremism. What is your assessment of the evolving challenge posed by violent right-wing extremism in the U.K.?
Ramalingam: I think the evolution of the far-right in the U.K. has mirrored other countries like the United States where these groups have become more brazen and more open and more willing to put their beliefs into the public domain. And we’ve certainly seen that in the U.K., a key example is the terrorist organization called National Action, who were leafletting across U.K. university campuses and posting documents which named individual targets on their website. Groups like this have become far more open and far more brazen than they would have been in the years prior. They feel emboldened by what they perceive to be wider acceptance of their ideology, and that has certainly served as an inspiration. The U.K. government has taken proportionate action to respond. The banning of National Action [in December 2016] was an unprecedented move when it comes to violent far-right extremism in the U.K., and that was an important step. But there’s still a huge amount more that needs to be done.
CTC: How, in your view, can the international community and different communities make progress when it comes to the right-wing extremism threat? What needs to happen for this to no longer be a rising concern but something that is losing momentum?
Ramalingam: In order to solve this problem, we need to recognize far-right terrorism as a global threat and need to adequately adjust our policy mechanisms and the investment that’s placed in tackling this issue. But we also need to stop seeing the internet as a barrier. The problem of right-wing extremism will not be solved by removing individual pieces of content from the internet, piece by piece. We need to take some responsibility and start delivering proactive methods in the online space because if you take down a piece of content, the user who posted it still exists. And so it’s not enough for us to turn our blame to technology companies.
We need to start creating opportunities for us to actually use their platforms to reach communities that are engaging with this sort of activity online. We will need support from those technology companies to do that effectively. The need to recognize far-right terrorism as a global threat does not just apply to governments; it also applies to the global technology companies, Google, Facebook, Twitter, etc. We need to be actively investing in long-term solutions online rather than simply seeing the internet as a barrier.
CTC: Is there anything else that you feel is important to get across?
Ramalingam: Despite the tragedy that took place in New Zealand, I remain overwhelming optimistic about what is possible, especially in the new digital era. I firmly believe that while the internet is certainly littered with comments made by internet users that are supporting the actions of an individual like the perpetrator in the Christchurch attacks, every individual that has posted that content has just put information into the public domain that tells us they’re at risk. And that means it’s an opportunity for us to find them, to interact with them, to offer them alternatives, to challenge them, and try and engage them in social work. So I see the online space as fundamentally creating an opportunity for us to prevent terrorism and to interact with people who might be at risk. So, if there’s one message to end the interview on, it’s one of optimism that there’s a lot we can do here. And there’s a lot still to be done. We just need to get working.CTC
[a] Editor’s Note: GDPR refers to General Data Protection Regulation, which according to the European Commission created “one set of data protection rules for all companies operating in the EU, wherever they are based” and gave people more control over their personal data. “2018 reform of EU data protection rules,” European Commission website (accessed May 2019).
[b] Editor’s note: For more on the Lapshyn case, see Graham Mackllin, “The Evolution of Extreme-Right Terrorism and Efforts to Counter It in the United Kingdom,” CTC Sentinel 12:1 (2019).
 See “Testimony of Vidhya Ramalingam, Founder & Director, Moonshot CVE, Before the House Committee on Foreign Affairs Hearing on ‘Examining the Global Terrorism Landscape,’” U.S. House of Representatives Document Repository, April 30, 2019.
 Mike Eckel, “Christchurch Attacks: Why Are The Names Of A Georgian King And A Ukrainian Extremist Written On The Guns?” Radio Free Europe Radio Liberty, March 15, 2019.
 Pierre-Henry Deshayes, “Breivik’s shadow hangs heavy over Christchurch attack,” Agence France-Presse, March 15, 2019.