A new operation against ISIS, started by a small group of hackers, is bringing the online propaganda arm of the terrorist group to its virtual knees.
The plan unfolded in late March, when around five hackers from the groups Anonymous and BinarySec started hijacking Twitter accounts used by ISIS propagandists who spread violent images and promote jihadist ideologies.
After gaining control of the accounts, the hackers get an inside look at the direct messages between the ISIS recruiters and other jihadis, and information on their locations. They also gain temporary control over the mouthpieces used to spread the terrorist organization’s messages.
One of the hackers, who goes by the moniker “The Riddler,” said that over the last three days he personally took over 29 ISIS Twitter accounts. He said his group has gained control over close to 1,000 accounts of terrorist recruiters since the operation started.
“We are hoping by taking Daesh [ISIS] accounts it will show them they are not safe here on Twitter,” said another of the hackers, “WauchulaGhost,” in an interview on Twitter.
Some of the accounts contain virtual treasure troves of data linking ISIS supporters. The accounts also contain access history, which displays the locations of many of the ISIS propagandists. Others contain chat histories and even lists of phone numbers.
One of the hackers, BinarySec admin “JustAnotherNode,” said in an interview on Twitter that by taking over the accounts “we are able to see the complexity of their inner structure and organization.”
Twitter has been fighting a battle of its own against ISIS accounts using its services, claiming in a blog post on Feb. 5 that since mid-2015 it had suspended 125,000 accounts that were “threatening or promoting terrorist acts, primarily related to ISIS.”
Several online groups that are fighting ISIS online, however, believe that Twitter itself is still not doing enough.
For example, Twitter deleted 26,000 pro-ISIS accounts in March, but another 21,000 pro-ISIS accounts were created that same month, according to engadget.
A report released by George Washington University in February noted a similar problem. It stated that close to 2,000 pro-ISIS accounts are active on Twitter each day, and noted that Twitter and Facebook are the two main platforms the group uses to spread its propaganda.
The Riddler said that hackers who are fighting ISIS recruiters online saw this problem, and “BinarySec and few other splintered divisions [of Anonymous] said enough is enough.”
“Suspending them does nothing,” he said in an interview on Twitter. “They come back like fleas.”
WauchulaGhost said he believes that seizing control of the accounts works in concert with other efforts, including reporting accounts to get them banned—which prevents ISIS accounts from developing large followings, since it forces them to repeatedly start from scratch.
Hacking and taking control of the accounts has other benefits. He said it has a psychological impact on ISIS by making its propagandists start to question which accounts are real and which have been breached.
WauchulaGhost said they actively try to feed this paranoia. Sometimes they’ll use the hacked ISIS accounts to send out anti-ISIS information. Sometimes they’ll use the accounts to contact other jihadists to make them question their ideologies.
— WauchulaGhost (@WauchulaGhost) April 12, 2016
He said these operations cause confusion in the ranks of ISIS propagandists, and make them turn on each other.
“We don’t plan on changing the account names or images,” WauchulaGhost said. “We will take them and use them against themselves.”
The hackers don’t always take a discreet approach with breached accounts, however. Sometimes they’ll take the hacked accounts and turn them into jokes, with images making fun of ISIS and other posts mocking the group.
— WauchulaGhost (@WauchulaGhost) April 11, 2016
Sometimes they’ll also leak information from the accounts publicly—including information on the locations of the former account holders.
— WauchulaGhost (@WauchulaGhost) March 26, 2016
The operations don’t come without a degree of risk. WauchulaGhost shared some of the threats he receives, which have included gory images of ISIS fighters beheading people.
For the hackers involved in the operation, however, they see the importance of fighting back against ISIS online recruitment as being worth the risk.
The Riddler said, “we feel success in the work we do because we know it’s making a difference. That’s why we put ourselves at risk.”
WauchulaGhost said the new effort gives them more power over ISIS online operations, noting that they’re also taking over ISIS websites, removing their propaganda videos, and helping suspend large numbers of their social networking accounts.
He added that “by taking control of their Twitter accounts it should make them feel insecure about using social media.”
The team plans to carry out similar operations on other social networks—”what they don’t know is we are everywhere.”