The terrorist organization ISIS established its first official website on the Darknet in mid-November, and its supporters were quick to praise the new site on their Twitter accounts and spread details on how to access it.
The Darknet is an Internet that exists beneath the Internet, that is not indexed by search engines and can only be accessed using specialized tools. By hosting the site on the Darknet, the ISIS users would be more difficult to track, and it would give them an online base that is virtually immune to cyberattacks.
Just a week after ISIS supporters announced the bulletin board website, however, anti-terrorist hackers took it offline and replaced it with a link to an online Viagra and Xanax seller—with a message stating “Enhance your calm. Too many people are into this ISIS-stuff.”
— רוח רפאים בעילום שם (@IsraelsACG) November 21, 2015
While most of us have become numb to hackers launching attacks on websites, this attack was unique. There are only two known hackers capable of carrying out such attacks on Darknet websites. One goes by the name “TorReaper.” The other calls himself “Commander Xavior.”
“This is big in our world,” said TorReaper, the Web administrator for the GhostSec anti-terrorist hacker group, who codes most of the group’s cyberweapons.
TorReaper said in an interview on Twitter that such attacks are “a bit of a speciality of mine,” and noted that now Commander Xavior is “crushing it too.”
Fighting ISIS Online
Several groups of hackers are targeting the online presence of ISIS. Most have aligned under the banner of the hacker collective Anonymous, and having a loose-knit structure means that their skills also vary.
The hackers with GhostSec are among the more skilled in the online operation, which they call #OpISIS.
According to TorReaper, ISIS runs close to 160 websites on the surface Internet, and around nine on the Darknet. Already, however, GhostSec has taken offline close to 120 of the surface websites and three of the Darknet sites, TorReaper said.
They and other hackers also actively report Twitter accounts, YouTube videos, and other social media accounts being used to spread ISIS propaganda.
By forcing ISIS supporters to repeatedly start from scratch, the hackers make it more difficult for the terrorist organization to establish credible voices online, and more difficult to have social media accounts with large followings.
“The Internet is 80 percent of their recruitment,” TorReaper said. “They recruit on average 20 westerners per day to the Caliphate.”
“If we kill their Internet recruitment, we cut that number dramatically,” he said. “With their lack of organization they cannot achieve much without numbers.”
Shift to the Darknet
TorReaper was launching cyberattacks against Darknet sites, even before he joined in with the attacks against ISIS.
“I was a gun for OpDeathEaters,” he said, referring to another cyberattack campaign aimed at shutting down child pornography websites and exposing pedophiles.
Many of the worst websites for child pornography are on the Darknet, and many of them feature extreme instances of child abuse. TorReaper honed his skills by taking these websites offline, noting “I still keep 3–4 sites offline every day … The deep Web sites are literally the worst things I have ever seen.”
“That was my main op before Charlie Hebdo,” he said, referring to the Jan. 7 terrorist attack, where two Islamist gunmen murdered 12 people at the Paris office of the satirical weekly magazine Charlie Hebdo.
While TorReaper is casual about his ability to take Darknet websites offline, it’s regarded as a cutting-edge technique in the cybersecurity community.
“TorReaper is able to take down Tor sites. This is a very, very new phenomena,” said Jonathan Davies, director of engineering at Pervade Software, during a presentation at the Security & Policing Expo 2015.
Tor is one of the main tools used to access Darknet websites. The online privacy tool is able to conceal a user’s identity and grants access to websites that are otherwise inaccessible.
The cyberattack method developed by TorReaper has many cybersecurity experts interested. The advanced attack can hit websites hosted on many types of servers and doesn’t leave error logs saying the websites were attacked.
Davies said that TorReaper is a “right-wing hacker,” which means “you don’t need to worry about him taking down your corporate or government networks.” He added, however, that if the attack method fell into the wrong hands, it could cause trouble.
On the other side, ISIS is growing its presence on the Darknet—and this could also spell trouble. A stable Darknet site could have given ISIS what it currently lacks: a resilient and secure website they can use to recruit members and promote their operations.
Yet, TorReaper said he’s not letting up. He said he developed a special system to launch the cyberattacks, and “I can just leave it running as long as I want.” He adds, “once I held down the ISIS movie release site by myself for 90 hours from my cell phone.”