Hackers Trace Locations of ISIS CyberCaliphate, Say Their Cyberattacks Are Fake

Hackers Trace Locations of ISIS CyberCaliphate, Say Their Cyberattacks Are Fake
Iraqi security forces and Shiite fighters gather next to a mural showing the emblem of ISIS on April 1 in Tikrit, after retaking the city from ISIS. (Ahmad Al-Rubaye/AFP/Getty Images)
Joshua Philipp

The hacker collective Anonymous has uncovered interesting findings on ISIS terrorist hackers with the “CyberCaliphate.” Anonymous was able to trace the location of CyberCaliphate, and has new information on how the group operates.

Anonymous was able to trace the operations of CyberCaliphate to a single IP address in Kuwait.

“They operated under about 10 [Twitter] accounts. Each with different names,” said “JhonJoe,” a hacker with Anonymous, in an interview over Twitter.

According to JhonJoe, they’ve been keeping an eye on CyberCaliphate accounts running on Twitter. He said the terrorist hackers post “all day, every 10 minutes,” which suggests they’re running the operations as a full-time job.

The ISIS accounts last about eight hours before they’re suspended by Twitter, and after about 10 suspensions, JhonJoe said “they disappear for a few weeks, only to re-emerge.”

When the accounts re-emerge, they use a different name, yet keep the CyberCaliphate banner. JhonJoe said they trace to the same IP address in Kuwait.

According to JhonJoe, they were tipped off to the location of the IP address by an independent security contractor who had been hired to conduct an investigation after one of his client’s details were published by CyberCaliphate.

“We ran our own investigation a few weeks later and got the same result,” JhonJoe said.

Most people who are privy to online security use a proxy to hide their locations. This basically means they bounce their connection off a different IP address, which makes it appear they’re operating from the different address.

JhonJoe said they’re fairly certain the Kuwait IP address is the final location of CyberCaliphate, however. The ISIS hackers were using a proxy, but Anonymous was able to trace their locations beyond the proxy.

“We went through a proxy already and could not detect the Kuwait one as a proxy,” JhonJoe said, “so it’s safe to say that it’s not.”

The finding aligns with previous information released by Anonymous. In September, JhonJoe provided Epoch Times with phone numbers and home addresses of ISIS online recruiters, that Anonymous tricked them into providing during a sting operation.

The home addresses of the ISIS recruiters are based in countries including Kuwait, Iraq, Turkey, and Indonesia.

Fake Cyberattacks

Anonymous is also claiming that CyberCaliphate fakes most of its cyberattacks—at times releasing public information and claiming they stole it through hacking, and at other times taking credit for cyberattacks carried out by groups of hackers they have no connection to.

CyberCaliphate does this to make it appear ISIS has skilled operatives. On one side it helps ISIS with recruitment, and on the other it helps with intimidation.

“They posted hundreds of pieces of claimed hacks, but they were all public info looked up on Google,” JhonJoe said.

“Their funniest and most laughable was when they leaked the location of every McDonald’s in England,” he said.

Another time, CyberCaliphate copied and pasted the names and phone numbers of U.S. members of Congress—which is available on the U.S. House of Representatives website—and claimed it got the information by hacking U.S. congressional servers.

In another faked attack, CyberCaliphate claimed it hacked an Israeli wedding decorations website. According to JhonJoe, however, the site had been hacked by a Tunisian hacking group “with a far different aim than ISIS,” and the CyberCaliphate tried taking credit for it.

Sometimes it'll also find an active, small business, he said, “make a replica site of it, then email the owner and say they hacked it.”

While many in the hacker community roll their eyes at the fake cyberattacks of CyberCaliphate, many people—and many news organizations—are fooled by them.

The problem is, it’s not easy seeing through CyberCaliphate’s claims unless you’re watching which groups are launching each cyberattack, what information has already been leaked, and what information is publicly available.

“They fool a lot of people,” JhonJoe said.

CyberCaliphate used to carry out more legitimate cyberattacks, but according to JhonJoe, most of the real cyberattacks were carried out by one ISIS operative—who was recently killed.

The online terror group was allegedly started by ISIS member Junaid Hussain. The 21-year-old hacker, originally from Birmingham, England, was killed in an airstrike in Syria in late August.

Before his death, Hussain was a leading member of CyberCaliphate.

Joshua Philipp is senior investigative reporter and host of “Crossroads” at The Epoch Times. As an award-winning journalist and documentary filmmaker, his works include "The Real Story of January 6" (2022), "The Final War: The 100 Year Plot to Defeat America" (2022), and "Tracking Down the Origin of Wuhan Coronavirus" (2020).
Related Topics