ISIS Actively Recruiting Non-Muslim American Teen Girls for Marriage, Domestic Attacks

man in hoodie on laptop

Hackers targeting the Islamic State are witnessing a chilling trend on the rise: recruiters preying on young teen American, non-Muslim girls to convince them to be ISIS sex slaves or to conduct attacks at home.

In a lengthy conversation with PJM today, BinarySec operatives described these girls reaching out to members of the group of Anonymous hacktivists and security analysts through Twitter when they've realized they're in too deep and their lives are in danger.

It's on the social media platform that these recruiters, with accounts cloaked in innocent avatars of babies or kitten photos, are finding their targets and moving in.

"The most disturbing thing, other than the usual gore videos, is the targeting of young teen girls," said a BinarySec operative who goes by the name AnonyMissy. "The number of 13- to 15-year-old American non-Muslim girls being targeted for recruitment has definitely gone way up."

"I used to have one girl every three weeks or so contact me in a panic when she realizes she's in over her head; now it is every week," she added. "They seek out the lonely. Invite them to Skype chat. The recruiters are men and women."

The founder and main coder of BinarySec, who goes by the name Binary, seconded that ISIS is targeting young teen girls to "recruit them for whatever they can do."

"I've seen them recruited to launch attacks on U.S. soil, I've seen them recruited for marriage purposes, and even sex slave purposes," Binary said. "ISIS members when targeting out a female seek the lonely. They start by sending them little cutesy type of stuff, like messages."

The recruiters use what is known as "sock" accounts on Twitter. "They tend not to tweet anything out ISIS-related. They look almost normal," Binary said. When they use an image of a baby as their profile photo, it's almost always white. "I think they may think it helps them blend in. But it really sticks out like a sore thumb."

Binary added that the group has "intel to believe there are recruiters on U.S. soil," though they're "mostly overseas."

AnonyMissy noted that "it is very subtle" by recruiters "in the beginning -- just being friends, chatting with the lonely gals."

"Depends on the girl, by the time she realizes after a month or so that she has been brought into an ISIS group,  she's been befriended by women and bonds of trust have been built," she said. "She has isolated herself from 'infidel' friends and family. Lonely teen girls seeking acceptance, they are easy targets."

"Once they realize it's real, and in exchange for all of that attention they need to travel or steal -- or worse -- they end up in my [Twitter direct message] asking for advice."

Binary said they've seen American girls make it to the travel planning stage, with ISIS concurrently trying to convert the girl and bring her into the fold with a gang mentality of having a family, a place to belong. If a girl tries to back out of the new relationship, it can mean trouble. "The ISIS members start making threats, even death threats."

Asked if girls had revealed details to the hackers about what ISIS recruiters had demanded they do, Binary replied, "Very much so."

"I've had a girl who told me they asked her to blow up a major place in her town, which I won't specify for her safety. And they even forwarded her bomb instructions."

AnonyMissy noted that "by the time these girls realize they are in trouble, the jihadis have all of their info."

"I'm usually contacted after they cannot get rid of the recruiters," she added. "I would be very interested to see how many missing or 'runaway' teen girls were chatting, knowingly or not, with ISIS recruiters before they disappeared. And does anyone even know to look?"

"...I've mostly been told about them being taught to steal to get money to travel. Beyond that, because they are children, I put them in touch with law enforcement to protect them."

BinarySec operatives devoted to the #OpISIS mission are divided into those gathering intel and the "weaponry" section.

"The intel's job is to scour any possible ISIS websites, determine if they are ISIS-related or Islamic extremist-related and maintain a target list for weaponry. When this is done, our weaponry division starts scouring websites for vulnerabilities. If none are found then we flood the website with traffic and tell the host to take it down," Binary said.

"We will always go to the company and usually they are pretty good about removing it. However, there are a handful of companies who refuse to remove it. So we just continuously [denial-of-service attack] the website until they do."

Of those who refuse to take terrorist propaganda and communications down: "Some are U.S companies. Some are foreign. It's a mixture of both."

A BinarySec operative going by the name Zombie Ghost said the group does "work through official channels where we can."

"We have actually developed some good working relationships with some web hosts and they will take down material we identify quickly. There are other content delivery services like [U.S. company] CloudFlare who have made public statements they will not remove ISIS materials and in these cases we have to look at alternative methods," Zombie Ghost said.

Those without a drop of hacking skills are helping in the #OpISIS effort by reporting jihadist accounts or materials spotted online. Hacktivist groups involved in the fight each take reports via website forms or Twitter messages.

"We depend heavily on the non-hacker community to assist us with removing Twitter accounts, especially. We can't be everywhere, and this is a volume issue. Through our bot @tool_binary anyone can look through ISIS accounts and report the ISIS materials to have them removed; they don't have to be technically inclined," Zombie Ghost said. "Most hosts don't really review the material they host. They depend on people reporting the ISIS sites to them and the responsible ones will remove it."

AnonyMissy called the latest Twitter update "a great hindrance to having accounts removed."

"ISIS run block lists and import them up to new accounts. Prior to this update, even blocked, we could still see and report the accounts; now the accounts have no reporting option available if you are blocked," she said. "Obviously, the accounts that are blocking #OpISIS are typically more active than accounts that are not."