Anti-Terrorist Hacker Group Reveals 40 ISIS Websites Protected by US Tech Firm

November 6, 2015 Updated: December 8, 2015

The terrorist organization ISIS is known to promote its activities by exploiting the open nature of the Internet. This includes recruiting through social networks like Facebook and Twitter, and using sites like YouTube to publish propaganda videos. 

It also makes use of available Web services to guard its sites against cyberattacks and hide its locations.

According to information provided by anti-terrorist hacker group Ghost Security(GhostSec), close to 40 pro-ISIS websites are using the services of a Silicon Valley company called CloudFlare. CloudFlare is a content delivery network that provides services to speed up websites and render them virtually immune to distributed denial of service, or DDS, cyberattacks that can overload websites to bring them offline.

Among the sites, 34 are spreading propaganda, 4 are terrorist forums, and 2 offer technical services. A brief perusal of the sites showed they heap praise on ISIS, promote terrorist attacks, and some are used as chatrooms for extremists.

ISIS recruiters on social media often direct people to these websites, according to “WauchulaGhost,” a cyberoperations director with GhostSec.

GhostSec’s attempts to disrupt these sites have run into problems as ISIS recruiters have turned to Web services to block its efforts.

WauchulaGhost said CloudFlare hides the origin of the sites, and “with the site being ‘hidden’ it’s harder to be taken down, not only by us, but by our own government as well.”

Many online efforts used by ISIS go through open services, and this places providers of these services in a difficult spot. Sites like Google regularly index websites both good and bad, and ISIS terrorists can create new Facebook and Twitter accounts as quickly as they’re pulled offline.

According to CloudFlare spokeswoman Daniella Vallurupalli, they’re in a similar position. She said in an email that CloudFlare has more than a million customers, and close to 5,000 new sites register with its services each day.

Digital Counterterrorism

GhostSec is an affiliate of the Anonymous hacker collective. GhostSec launches cyberattacks against ISIS recruiting websites, and occasionally passes information on planned terrorist attacks to government agencies.

WauchulaGhost said when they find information on threats, they forward it to the government, yet noted they “do not work for the gov in any way shape or form.”

“We do this as a free service to not only the USA but to all countries of the world. Ghost Security’s mission is to eliminate the online presence of the Islamic State extremist group,” he said.

Earlier this year, their information helped thwart a planned ISIS terrorist attack in Tunisia, and may have stopped a similar attack on New York City.

The work that GhostSec is doing is … making it harder for people to find ways to communicate with them. We are slowing down their communication process.
— 'WauchulaGhost,' cyberoperations director, GhostSec, anti-terrorism hacker group

Some hacker groups that launch attacks against terrorist websites, however, have had conflicts with CloudFlare over its policy for websites that promote terrorism.

For example, CloudFlare was provided a list of terrorist sites, but its apparent practice is not to revoke service for sites based on content, unless it is ordered to by authorities. Vallurupalli said, “CloudFlare will comply with all valid U.S. court orders and we work with law enforcement authorities and honor valid legal requests.”

CloudFlare’s position was outlined in a Aug. 9, 2013, blog post from CloudFlare CEO Matthew Prince, which Vallurupalli referenced in response to questions about its policies.

“One of the greatest strengths of the United States is a belief that speech, particularly political speech, is sacred. A website, of course, is nothing but speech,” Prince stated.

CloudFlare has been accused of providing service to similar sites in the past. Prince’s response was, “A website is speech. It is not a bomb.”

Prince generally takes a strong stance against censorship, and seems to regard censorship of any kind as a slippery slope, which he prefers to avoid.

He also said CloudFlare does not monitor content of websites using its services, stating, “We do not believe that ‘investigating’ the speech that flows through our network is appropriate. In fact, we think doing so would be creepy.”

Between Speech and Violence

CloudFlare’s stance has concerned many hackers trying to fight digital terrorism. GhostSec, Anonymous, and other groups are launching cyberattacks against ISIS websites in efforts to stop ISIS from spreading its propaganda and recruiting new members.

From their vantage, which includes going toe-to-toe with ISIS recruiters online and at times monitoring terrorist online discussions, the websites used by ISIS aren’t just about speech, but the promotion of violence—and the consequence could be the loss of innocent lives.

Websites used by ISIS aren’t just about speech, but the promotion of violence.

The cyber-campaign, which they call “OpISIS,” runs into trouble when they find ISIS websites that have been rendered immune to their cyberattacks by using CloudFlare.

While CloudFlare doesn’t host the sites directly, WauchulaGhost notes some of the sites use “always-on technology,” which means “even if the site goes offline, a cached copy is on CloudFlare’s servers.”

“If it stores cached content, isn’t it hosting as well?” WauchulaGhost stated.

CloudFlare also offers free services, but according to WauchulaGhost, security certificates (SSL certificates) used by many of the ISIS websites show it is using CloudFlare’s paid services.

WauchulaGhost noted they are seeing more and more about ISIS in the news, and shared their concerns that “if these sites remain up it will just cause more damage, more attacks.”

“The work that GhostSec is doing is slowing down this process,” WauchulaGhost said. “We are making it harder for people to find ways to communicate with them. We are slowing down their communication process.”

Follow Joshua on Twitter: @JoshJPhilipp