The Unlikely Alliance of Hackers Fighting the Islamic State
9/10/2014
A motley crew of unlikely allies are taking on the Islamic State online, taunting them, taking down Twitter accounts and allegedly jamming the group's communications, among other things.
The covert campaign, which exploits the militants' visible social media presence, involves American hackers, the Syrian Electronic Army, the group Anonymous and Iranians possibly affiliated with the government in Tehran.
In the United States, the mysterious hacker known as "th3J35t3r" (the Jester) claims to have taken down several pages affiliated with the Islamic State, at one point inviting supporters of the group to stay on social media. "Smaller spaces are easier to monitor," he tweeted.
Known for targeting Anonymous and WikiLeaks, the Jester has shown an ability to temporarily disrupt websites, keeping people guessing about his identity and motives. The Jester, who some believe is actually a collection of hackers, often peppers his tweets with pro-American propaganda, earning him the moniker the "patriotic hacker."
On August 20, using the hashtag #ISISmediaBlackout created in the wake of the Islamic State's beheading of American journalist James Foley, he rallied his followers to report pro-Islamic State Twitter accounts as spam so that Twitter would take them down.
After around two hours, he started celebrating, using the military lingo of "tango down," as the accounts got suspended.
After answering an initial message from Mashable establishing contact, the Jester subsequently did not respond to repeated requests for an interview.
Matteo Flora, an IT and open source intelligence expert, told Mashable that at least two of the 19 accounts that were eventually taken down were affiliated with the Islamic State. "He's a digital avenger," Flora said. His operation was “a digital retaliation" that exposed some accounts and "pushed Twitter to act."
While this isn't necessarily sophisticated hacking, taking down Islamic State accounts through such denial of service campaigns forces the militants to start from scratch with fewer followers and a smaller audience to spread propaganda.
J.M. Berger, who writes the influential Intelwire report, noted on Monday that the militants were responding to Twitter suspensions by making the accounts less readily identifiable as Islamic State accounts.
The Islamic State deploys a sophisticated social media strategy, bragging about its bloody exploits, in an effort to boost recruitment and spread propaganda.
Its online visibility, however, makes the group susceptible to surveillance.
U.S. intelligence officials approached a major social media company asking that Islamic State accounts not be taken down
U.S. intelligence officials approached a major social media company asking that Islamic State accounts not be taken down, despite the often bloody and threatening content, so that spies could keep monitoring clues to the group's networks, tactics and goals.
Given that the hackers don't run their own centralized networks, their presence on social media also opens them up to online attack.
"If you can compromise one of the important social media accounts, then you can trick a lot of them into installing some malware," said one security researcher who spoke on condition of anonymity to speak freely. "But other social media accounts will report it and warn people fairly quickly so you've got to act fast," said the researcher who specializes in the Middle East.
Iraqi Army soldiers parade inside the main army recruiting center during a recruiting drive for men to volunteer for military service in Baghdad, Iraq, on June 19.
IMAGE: KARIM KADIM/ASSOCIATED PRESS
The Foreign Connection
One group of hackers involved in the fight against the radicals is the Syrian Electronic Army
One group of hackers involved in the fight against the radicals is the Syrian Electronic Army (SEA), according to a spokesperson for the group. The SEA has long been accused of being affiliated with the regime of Syrian President Bashar al-Assad, which, nominally at least, is at war with the Islamic State.
"We are collecting information, locations [and] details by hacking their Gmail, Twitter and YouTube accounts," said the spokesperson, adding that the group is passing the information on to Syrian officials. He denied a formal relationship with the Syrian government but said the group has "trusted channels to deliver the information."
So far, SEA has identified a series of accounts belonging to Islamic State fighters on the ground, the spokesperson said, though he refused to give more specific details. Gauging the extent and effectiveness of such attacks is difficult but, in theory, the SEA could install malware on the Islamic State computers, perhaps even a Remote Access Tool to siphon off files or eavesdrop on the radicals via their computer or cellphones — something they’ve done in the past.
This June 10, 2011 photo taken during a government organized tour for the media, shows Syrian soldiers standing on trucks chanting slogans in support of Syrian President Bashar al-Assad, as they enter a village north of Damascus, Syria.
IMAGE: AP PHOTO/ASSOCIATED PRESS
Iranian hackers, allegedly affiliated with the government in Tehran, have also lately boasted on local hacker forums of taking on the Islamic State's websites and social media accounts, even discussing ways to pass information to intelligence agencies abroad and ways to disrupt recruitment efforts, according to Ali-Reza Anghaie, a security researcher who tracks Iranian hackers.
The majority of Iranians are Shiites and the Islamic State, which comprises radical Sunni militants, has in particular targeted Shiite muslims, who they consider heretics.
The Iranian hackers "really don’t care who does the dirty work — they just want the dirty work done,"
The Iranian hackers "really don’t care who does the dirty work — they just want the dirty work done,"Anghaie, who is also the co-founder of Carbon Dynamics and a senior analyst at the geopolitical consultancy Wikistrat, told Mashable.
According to Anghaie, many of these hackers appear to be part of the online arm of the Basij, a paramilitary militia affiliated with the Iranian government.
Members of the Iranian paramilitary Basij force attend a parade at the conclusion of a two-day military exercise in Tehran, Iran on April 25.
IMAGE: VAHID SALEMI/ASSOCIATED PRESS
In underground forums, the Iranian hackers have discussed ways to help Basij fighters in the real world.
In underground forums, the Iranian hackers have discussed ways to help Basij fighters in the real world.One plan was to provide the Basiji with "software defined radios" to intercept and record Islamic State cellphone communications. Once intercepted, hackers back home could then crack the encryption and reveal the content of the calls — something security researchers proved was possible years ago.
David Kilcullen, a counterinsurgency expert and former advisor to General David Petraeus during the war in Iraq, said he has seen evidence of Iranian agents setting up a signals intelligence unit near the Baghdad airport that would be able to intercept communications between Islamic State commanders and jam signals. (The Iranian government has a history of setting up surveillance networks for its allies and proxies, including the government in Syria and Hezbollah in Lebanon.)
In this June 30 photo, militants from the Islamic State celebrate the group's declaration of an Islamic nation, in Fallujah, Iraq.
IMAGE: AP PHOTO/ASSOCIATED PRESS
Online supporters of the Islamic State, meanwhile, have launched a group named The Islamic Caliphate State Electronic Army, and claimed to have defaced several websites, according to Helmi Noman, a researcher with the Berkman Center at Harvard University. (The group's Facebook page has been removed or taken down.)
Islamic State hackers reportedly took control of an Anonymous-affiliated account and began tweeting graphic photos of attacks, according to a video posted by an Anonymous-affiliated YouTube account in July.
"This was an unfortunate, unprecedented takeover," a voiceover said in the video, promising retaliation.
At the end of August, a group of Anonymous hackers launched an operation codenamed #OpIceISIS to combat the group through ideological means.
In addition to tweets denouncing the group, the group has circulated a messageto be posted on websites that they deface, and has claimed to have taken over at least one account spreading Islamic State propaganda.
Jihad and Digital Security
Despite these attacks, several self-identified Islamic State supporters, who claim to be fighting in Syria, told Mashable that they aren't too concerned about cyber security.
"We have a team of hackers and computer experts all around the world who would tackle these issues," said one man who goes by the name of Abu Antar, in a chat via Kik messenger, a cellphone app.
"Our issue here is fighting our enemies physically."
"Our issue here is fighting our enemies physically."
Antar declined to give any further details about this alleged team of hackers. (A European researcher, who monitors the Islamic State online, helped identify the sympathizers. Whether they are actual fighters on the ground, however, could not be independently verified.)
One self-described Islamic State member, who goes by the name Abu Turaab, said he is not worried about digital security because all he does on his computer is "browse the Internet and read PDFs." (PDFs, however, can in fact hide malwareand be used to hack into someone's computer.)
Turaab, who claimed to be a Canadian now living in Raqqa, Syria, added that he is aware of applications that allow for more secure, encrypted messages, but said he doesn't use those because he doesn't have any sensitive information on his phone.
Fighters from ISIL during a parade in Raqqa, Syria.
IMAGE: RAQQA MEDIA CENTER/ASSOCIATED PRESS
Another sympathizer, who goes by the name of SayfAd-Din AlBritani, toldMashable that friends had suggested he use Telegram, but that he didn't use the private messaging app or take particular security precautions online. "Whether we lose online or on the battlefield, we have to have patience," he said.
Such sangfroid has already compromised the group.
A laptop belonging to an Islamic State fighter was found by a moderate Syrian rebel group this year and its contents made public. The computer, which contained as many as 146 gigabytes of unencrypted materials in its "hidden files" folder (including documents on how to build biological weapons), was not even protected by a password.
An Iraqi soldier stands guard near a wall in Amirli town of Iraqi Saladin province on August 31, 2014, showing pro-Islamic State graffiti.
IMAGE: ANADOLU AGENCY/GETTY IMAGES
There’s evidence, however, of attempts to improve digital security knowledge among Islamic State fighters.
A document written in Arabic, circulated online and spotted by Dlshad Othman, a Syrian opposition activist and technologist based in Washington D.C., suggests that fighters use the anonymity tool Tor when surfing the Internet. The document also calls on them to install the privacy and anonymity operating system Tails on their computers. (Tails, which has been praised by Edward Snowden and some of the reporters who have worked on his leaked documents, has privacy and security protections enabled by default, such as anonymous browsing through Tor.)
The unnamed author created the document after the identities of certain Islamic State members were compromised, resulting in arrests. The author writes that some "faggots," had "threatened" Islamic State members by saying the radicals would be reported to the "regime of tyrants," according to a translation provided to Mashable.
A similar guide in English has also been posted online by someone who appears to be an Islamic State supporter.
This is clearly an organization that is learning as it goes along, experts say. Laith Alkhouri, a researcher with Flashpoint Partners, a company that tracks online jihadists, said that a lack of caution may not necessarily mean a lack of awareness.
"Many of them talk openly," Alkhouri said. "But that doesn't mean they're not aware they're being watched."
No comments:
Post a Comment