Hacktivists began #OpISIS in earnest after January’s attack on satirical magazine Charlie Hebdo and vowed to step up online operations against the terrorist group after November’s Paris attacks.
“These attacks cannot remain unpunished. Anonymous from all over the world will hunt you down,” Anonymous hackers vowed in a statement then. “You should know that we will find you and we will not let you go.”
“We will launch the biggest operation ever against you. Expect massive cyber attacks. War is declared. Get prepared.”
As sites have been overwhelmed by jihadist propaganda — they use WordPress blogs, Tumblr feeds, Telegram Messenger, Facebook accounts and more — Twitter has been trying to suspend those claiming loyalty to ISIS, al-Qaeda and other groups. Jihadis and their fans use Twitter to disseminate propaganda including daily newsletters, weekly newspapers, magazines, gory videos, photo essays and official statements including attack claims. ISIS even has its own app.
Non-hackers best described as concerned counterterrorism citizens help the #OpISIS/#OpDaesh effort by reporting jihadist accounts to Twitter support or to counterterrorism hackers via the hashtags or online tip boxes.
Once Twitter suspends an account, it usually doesn’t take long for that jihadist to pop back up with a new account. Other pro-ISIS users spread the word that someone got suspended and is using a new name. New accounts are often slight variations on the original username; a number at the end can indicate how many times the user has had to create a new account after being taken off the site.
Hackers haven’t just been infiltrating ISIS accounts, but leaving some classic calling cards, reaping information about interconnected jihadis, and using their own networks for targeted online hits on terrorists.
1. They change the Twitter user’s name, backdrop
It sends a message to keep an account up and running while taking away the jihadist’s control and leaving the mark of the good guys. All of his followers get to see that he’s been jacked. Note the redesigned ISIS flag.
2. They root out the users intelligence officials really need to know about right about now
Digging into the origin of online communications, they expose which supporters or operatives are nestled in pockets across Europe — or are claiming to be in Syria when they’re really in Wichita.
Interesting….This guy appears to be from Germany @haassn541. IP=84.201.12.53 #OpISIS #Anonymous #GhostOfNoNation pic.twitter.com/BVXCPdMcE1
— WauchulaGhost (@WauchulaGhost) April 13, 2016
3. They kill all types of terrorist communications
Like any press office uses the full gamut of tools to reach the widest audience possible, terror groups embrace traditional media as well as social media. The daily ISIS report is broadcast via radio each day as well as distributed in words and pictures online. This day, they had problems.
http://93.186.115.138/ ISIS Radio #OFFLINE #OpIsis pic.twitter.com/GsKlk5yIvN — OpISIS (@TeamDestroyISIS) March 25, 2016
4. They’re claiming website scalps
With that broad communications strategy, terror groups set up websites bursting with propaganda. Amaq Agency, the official wire service of ISIS, had a site set up on a WordPress blog for a substantial time. Cutting off their communications means finding everywhere they lurk on the web.
islamic state website: https://t.co/9lIaNF6hxg is #offline #BinarySec #OpISIS #TheWarIsOn pic.twitter.com/4Zyyn7k1AJ
— Rebirth (@CallMeRebirth) May 13, 2016
5. #OpISIS/#OpDaesh isn’t just about ISIS
Al-Qaeda, the Taliban, Al-Shabaab, Boko Haram … while web companies are overwhelmed as it is by the ISIS threat, other terror groups are making the most of the focus on their Islamic State brethren. Hackers have a more holistic view of taking down terror.
official #taliban website has been down for 9 hours. it won’t be coming back up anytime soon#GhostSec — Paladin (@virussec) May 17, 2016
6. They’re not just taking out fanboys — sometimes the fish are big
This account was hijacked well before a drone strike connected with a certain terror leader’s car, but the New World Hackers took down an apparent official Twitter account of now-late Taliban leader Mullah Mansour. Some of the accounts he followed? Xinhua News, Turkish President Recep Tayyip Erdogan, Al-Jazeera, the United Nations and Amnesty International (the Taliban often post statements countering allegations from human-rights groups about their violent acts).
7. They share hit lists
No hacker is an island when it comes to #OpISIS, and while there are disagreements and clashes between some of the parties involved there’s ultimately a unity of purpose.
4 ISIS databases dump by #BinarySechttps://t.co/w5Oz0k7Ffbhttps://t.co/uWzoHzB0Kahttps://t.co/gHpUcfYVqZ#OpISIS pic.twitter.com/RCMBpca051 — Scrub (@Scrub_exe) April 6, 2016
8. They take hits from ISIS and shake ’em off
The Islamic State has their own hacking division, so a head-to-head hackathon isn’t unexpected. They try to dox — expose identifying information of — their hunters. Their fanboys try to get the hunters suspended or smear them online. Nice try.
It’s now quite obvious that #ISIS #Daesh has decided to turn #Anonymous own weapons at the anons that is hunting them. It will not succeed! — 1∏7ΞΓςΣρτ0®•Anon (@_1N73RC3P70R_) May 20, 2016
9. They share the good news
If ISIS has their own PR operation touting executions and towns terrorized, the Anons have their own victories to brag about.
The stats you have all been waiting for 🙂 Happy hunting!@CtrlSec @Ctrlsec_FR @KatNarv @CtrlSec_DE @Ctrlsec_AR pic.twitter.com/H8uf6SscVo — CtrlSec (@CtrlSec) February 7, 2016
10. They let ISIS know it’s not just between the hacker and the hacked
Not all of the hackers involved in taking down terror groups agree on taking information gleaned to intelligence agencies. But counterterrorism agencies are getting a much-needed hand from many of them.
To all the #Daesh accounts I have taken & those that will be taken. Please read image. #OpISIS #GhostOfNoNation pic.twitter.com/Ce8him9iSI — WauchulaGhost (@WauchulaGhost) April 7, 2016
Join the conversation as a VIP Member