The Islamic State, or ISIS, as well as other terrorist groups, use the internet – and more specifically, social media – as a public relations outlet. They release their public campaigns through services like Twitter, Facebook and Instagram to provide propaganda designed for mass consumption to gain or maintain support. For instance, after the attacks in Paris, ISIS sympathizers were using the hashtag باريس_تشتعل# (parisonfire) to express support. In other cases, ISIS members participate in online chats about Islamist beliefs and practices or post video of military-style training and assaults or even executions.
For ISIS, social media is a marketing plan, a way to release information to supporters. One analysis found Twitter to be the service most often used, not only during actual combat through photos, but also off the battlefield to send messages and gain followers when internet access is not available. Additionally, ISIS members use Twitter to send traffic to blogs, videos, Instagram and other sites.
While world governments debate how best to deal with the ISIS threat, the diffuse global community of internet hacktivists is using its talents to help neutralize the Islamic militant organization. Since at least June 2014, and ramping up efforts after the massacre at Charlie Hebdo, the activist hacker group Anonymous has focused one of its “operations” on taking down ISIS. Hashtags #OpISIS, #OpParis and #OpIceISIS have all been in use at various times by the group.
Working for the most part independently, Anonymous members’ #OpISIS is having some success. Since the November 13 attacks, Anonymous claims to have taken down thousands of Twitter accounts. But while the goals are noble, the techniques do raise some legal and safety questions.
Hacktivists fighting terrorism online
Anonymous works as a leaderless organization of hackers. Anyone who’d like to can join up. Generally once an “operation” is publicly listed by any anon (a self-identified member of Anonymous), it’s a rallying call for any hacktivist who wishes to take part. In another context, the lack of command personnel and leadership would be an issue, but for anons, having one person lead an “op” would slow progress toward the end goal. Anonymous is difficult to pin down in terms of membership, too, which can expand and contract depending on active operations and their objectives.
Goals of an Anonymous op include bringing attention to the issue, taking or destroying targeted data, denial of service and public identification of their targets. Given the nature of the internet, Anonymous members are located globally and have round-the-clock access to their targets. If one goes to sleep in Italy, another is waking up to continue the attack from the Americas.
Anonymous has several types of attacks in its toolkit. “Doxing” relies on releasing private information to the public. An example of this kind of attack (not carried out by Anonymous) was the release of names of people signed up on the Ashley Madison dating site for married people.
A denial-of-service attack simply overloads the target services so that the page, site or server cannot respond. As an example, in 2012 #OpMegaupload included denial of service to websites of the MPAA, RIAA, BMI, US Department of Justice, US Copyright Office and the FBI as a protest against the takedown of the Megaupload sharing site. Although these services were eventually restored, the sites were unavailable for some period of time.
An account breach means the hacktivists have gained access to a target account, usually email, social media or the server hosting a website. They can then take it over, shut it down or release all the information to the public. Anonymous took this course in an attack on the US Department of Justice in 2013.
Does ISIS care?
Since ISIS has a major propaganda campaign using social media and the internet to enlist fighters and raise support, it stands to reason that Anonymous hacktivists can disrupt their recruitment and outgoing news pipelines by messing with their accounts on popular services like Facebook, Twitter and Instagram.
Various sites that Anonymous uses have already started posting target email, Twitter, Facebook, Google+, web and other accounts, sites and services of ISIS members.
ISIS is not a newcomer to this kind of internet conflict, but it doesn’t have the sheer volume of people with technical skills that Anonymous does. In a statement on the messaging app Telegram, ISIS called Anonymous hackers “idiots” – but proceeded to provide English and Arabic instructions to followers on how to avoid hacks.
ISIS isn’t known to hold back from targeting any perceived enemies. But Anonymous members are somewhat sheltered in terms of direct danger from terror groups by their anonymity and lack of close physical proximity to the primary conflicts in Iraq and Syria. A terrorist group like ISIS will seek higher-profile and higher-impact targets – pilots, troops, random civilians, important local leaders. They’re looking to grab attention and headlines and increase web traffic – the most impact for the fewest resources. Targeting hackers, although possible, would have a much smaller effect for their propaganda since Anonymous members are already so difficult to track and not widely known.
Anonymous are outlaws too
Anonymous typically operates its attacks outside the scope of legality. Members are usually up-to-date on the latest vulnerabilities in software. In contrast, law enforcement must pull together specialized teams or a task force to gather the same technical ability. Anonymous doesn’t follow any rules when it comes to taking on ISIS. Most agencies of various Western governments have some legal process to follow, whether taking on ISIS on the battlefield or in cyberspace. In the United States, this is typically a warrant.
Anonymous does not wait for the justice system to act. If Anonymous feels that a specific server needs to be taken down, they simply launch the attack. It allows them to work quickly – but this lack of legal process is also a point of concern. In at least one case, Anonymous members outed the wrong person.
Anonymous could interrupt a legitimate law enforcement or security agency investigation or intelligence gathering. Of course the FBI, CIA, MI5 and other agencies monitor social media accounts for intelligence purposes. They collect and mine social media data, searching for intel on terrorist planning and activities. Anonymous can short-circuit this process.
And remember, the legal process used by most Western countries centers on prosecution. Prosecutors need evidence to build a legal case; when a server has been crippled or evidence has not been seized correctly, conviction becomes more difficult. In fact, the largest threat to Anonymous members comes from law enforcement since they consistently break national and international laws in their hacks.
Anonymous has attempted to take on ISIS before this latest flurry of activity. The real question is what effect, if any, will actions by Anonymous have on ISIS operations. While it’s possible that ISIS communications and propaganda efforts can be disrupted, there is little method for determining the extent of any disruption. Without being able to easily and accurately measure that impact, it will be difficult for Anonymous to claim any sort of victory beyond closed social media accounts. And it’s all too easy for an ISIS sympathizer to just move on and open a new one.