Hacker Leaks Hundreds of IP Addresses, Phonebooks of ISIS Recruiters

August 30, 2016 Updated: August 30, 2016

A hacker who has gained renown for hacking and humiliating ISIS recruiters has struck the terrorist organization again, this time by leaking hundreds of IP addresses and thousands of phone numbers from contact lists of alleged ISIS online recruiters.

“I always said ISIS uses social media as a mega horn and that it was our goal to take that away,” said the hacker behind the leak, WauchulaGhost, who is part of the hacker collective Anonymous.

“We have all seen the fear that Daesh have spread over Twitter, the beheading pictures, videos and threats. Our goal since we started was to try and slow them down,” he said in an interview on Twitter, using “Daesh” to refer to the ISIS terrorist group. Daesh is an alternative name for the group, which ISIS despises since it sounds similar to the Arabic word for “one who sows discord.”

The new leak contains 682 IP addresses, which contain the locations of the accounts used by the ISIS propagandists, and 10,400 phone numbers that WauchulaGhost found stored across 20 of the accounts.

The phone numbers appear to be from the recruiters’ personal phone books. Some appear to be family members, but 11 numbers mention “military” connections on call names. All the phone number lists are in Arabic, except for one that is in Russian.

The accounts are located in many countries throughout the world. These include 219 in Saudi Arabia, 170 in Iraq, 50 in Turkey, and 10 in Palestine. Many others are in the Western world, including 40 in the United States, 11 in the United Kingdom, 9 in Russia, and 7 in Germany.

According to WauchulaGhost, the locations of the accounts should be accurate. “From the chatter I saw while taking the accounts, they weren’t using VPNs or proxies. Other Daesh were telling them to use it LOL.”

WauchulaGhost said the accounts were all ones he had previously hijacked, as part of an operation started by him and four other hackers with Anonymous and the hacker group BinarySec in March. The goal of the operation was to gain control of the mouthpieces ISIS uses to recruit and spread its propaganda.

Under the operation, WauchulaGhost and other hackers have seized control of Twitter accounts used by ISIS recruiters, and then used the accounts to humiliate ISIS and cause distrust and paranoia in its ranks.

WauchulaGhost has also gained renown from some of his more humorous operations. In December 2015, he was a lead member of an online initiative to tease ISIS by altering its recruitment images. This led to images of ISIS fighters wearing miniskirts and holding flowers, or replaced with rubber ducks in photos.

“When we started we knew it wasn’t going to be easy or short-term,” WauchulaGhost said. “It’s definitely a long-term project but at least now we can see a change.”

“Why do we do it? At the time we started, no one was doing their part [on social media],” he said. “Many of us have families and kids to think about. What motivates me? The future, our kids.”

Follow Joshua on Twitter: @JoshJPhilipp