Last week, a new cyber front emerged in the war against the Islamic State in Iraq and the Levant (ISIL). Anonymous, the hacker collective principally known for its website defacements and account takedowns for political causes, initiated #OpParis, aimed at defeating ISIL online. This is not the first Anonymous campaign against ISIL. Their previous foray several months back, more obviously named #OpISIS, failed to cultivate a strong following or endure. But Anonymous hackers, likely bearing witness to ISIL violence in European neighborhoods in which many likely roost, have energized their legion and drawn interest from media outlets.
Reactions to #OpParis are mixed. It is encouraging to see the collective take on a noble goal in contrast to many of their other campaigns that vary in merit. Everyone hates ISIL and Anonymous has skills. Why shouldn’t the hacker collective join in a campaign to root out evil? And who better for Anonymous to challenge than a terrorist group that so prolifically uses the Internet to radicalize and recruit their foreign fighters and social media fan boys.
Thus far, Anonymous’ primary modus operandi has been to take down ISIL social media accounts and initiate Distributed Denial of Service (DDoS) attacks on key terrorist forums. This immediately raises several issues.
Facebook, Twitter, YouTube and many other social media companies policed ISIL accounts much more aggressively this year. ISIL social media accounts today have a short life span and the effects of continued shutdowns have stunted the group’s propaganda dissemination. So a question naturally arises: Do we need Anonymous to do account shutdowns at this point?
Another clear problem with Anonymous campaign seems to be their targeting. Anonymous claims to have shut down 20,000 ISIL Twitter accounts. Yet J.M Berger, who at the height of ISIL’s online presence conducted the ISIS Twitter Census, estimated there to be roughly 46,000 ISIL Twitter accounts in November 2014. Seeing how social media companies have opened an assault on ISIS accounts this past year, it appears doubtful that 20,000 ISIL Twitter accounts still remain. J.M. Berger, when queried about the claim of 20,000 account takedowns, stated, “I can’t vouch for it, but I can’t totally rule it out. It seems unlikely.” Thus, a second question arises: How does Anonymous know they are targeting ISIL accounts? While the collective clearly brings a wide range of computer skills to the fight, their understanding of terrorism is probably lacking. Combined with the fact that the majority of Anonymous members reside in Europe and North America, it seems doubtful the collective retains sufficient Arabic language skills for properly vetting accounts.
Assuming the collective lacks appropriate counterterrorism research skills and linguistic capabilities, Anonymous must then fall back on technical signatures, like hashtags and keywords to find ISIL accounts. These methods are highly unreliable. In a past campaign against extremists, hackers targeted any website and account using the word “jihad”. Several key research websites used by academics and researchers for studying and developing methods to counter terrorists were taken offline. Without the ability to nimbly identify and accurately assess ISIL accounts, forums and content, the Anonymous campaign will likely result in a lot of digital collateral damage. Their account shutdown carpet bombing campaigns thus far seem to be doing just that. Less than a week into #OpParis, most of the accounts targeted by the collective have nothing to do with ISIL.
Recklessly shutting down social media accounts and closing jihadist forums likely blunts many Western intelligence efforts to infiltrate the group. As arrests have unfolded across France and Belgium, law enforcement and intelligence services have likely relied on undercover social media accounts and forum infiltrations to track down key associates of the Paris attackers and intercept communications about rapidly unfolding plots. Infiltrating these forums can take months and years, a sizeable investigative investment that may be squandered by indiscriminate youngsters who believe they are doing good when they may be actually doing more harm.
Anonymous hacker skills would be of more value if they focused on infiltration and penetration rather than account and forum shutdowns. Hackers in the past have penetrated governments and corporations revealing internal documents and communications. Should hackers focus on ISIL forum administrators, the accounts of key ISIL leaders, and their encrypted communications, Anonymous could expose the group’s inner workings, reveal operational vulnerabilities, illuminate petty terrorist infighting and erode the groups support from international audiences.
Fortunately, a faction of Anonymous seems to be moving in this direction. Ghost Security Group has directed its efforts in just this way seeking to infiltrate, monitor and report rather than destroy ISIL online. DigataShadow, the executive director of the group, told CNN that they have “a lot of counterterrorism experience. We have translators, linguists, research analysts on hand to analyze all the data that we receive.” DigataShadow noted the concerns outlined above: “Anonymous has a habit of shooting in every direction and asking questions later.” The same might be said for ISIL. The two groups seem perfect for each other.
Looking at the bigger picture, Anonymous, as a collective, has been on a downward path for some time. Being anonymous by design, their crew has been vulnerable to infiltration. Their networks have been infiltrated, betrayed from within, and fractured from infighting over direction and fame. This weekend again showed the challenges of trusting Anonymous even when they might have achieved a victory. On Saturday night, an alleged Anonymous account published seven locations and events in five countries that ISIL was planning to attack on Sunday. Media outlets initially attributed the list to Anonymous, but shortly after, Anonymous’ official Twitter account stated, “We did not spread rumors about possible future ISIS attacks, and frankly, we do not know where the rumors come from.”
We did not spread any rumors about possible future ISIS attacks, and frankly, we do not know where the rumors come from.
— Anonymous (@YourAnonNews) November 21, 2015
As cyberwar has expanded, there has been increasing convergence between threat actors. Internet anonymity has allowed nation-states, terror groups, and hackers to swarm together and either deliberately or inadvertently use one another to achieve their goals. When no one knows who is in Anonymous, it becomes an excellent vehicle for a nation-state with ulterior motives to leak intelligence or disseminate propaganda to manipulate their adversaries. As law enforcement scrambled to evaluate the validity of the leaked targets and the plausibility of another wave of ISIL attacks, the alleged Anonymous claim’s validity cannot be confirmed, and may ultimately prove false and only divert precious resources from other meaningful leads. It is possible, though not likely, that ISIL released the list and in so doing, engaged in a form of terrorism without firing a shot.
Of most concern may be that Anonymous efforts, while well intentioned, have drawn the ire of ISIL hackers and propagandists. Terrorist groups have generally trailed other threat actors on the cyber battlefield, but ISIL has changed this trend. Over the past year, ISIL has attempted to create and utilize its own app for communication and dissemination seeking to bypass openly available platforms and their content controls. Anonymous successes in shutting down a few social media accounts have resulted in ISIL issuing a cyber operational security manual and updated guidance to train their supporters on how to protect their accounts from penetration. Then, this past Sunday, in the worst outcome yet from the Anonymous campaign, ISIL retaliated by publishing a targeting list of the names and addresses of current and former CIA and FBI agents in the United States. It may therefore be that the most significant result of the Anonymous campaign is better ISIL cyber capabilities.
Anonymous, in its fight against ISIL, has its collective heart in the right place. #OpISIS before this and now #OpParis will ultimately prove a useful case study in the advance of cyber proxy forces, in this instance a proxy for good rather than bad. The challenges of hacker collective targeting, attribution and direction should be explored and evaluated comparatively to traditional warfare’s utilization of militias and para-militaries. If nothing else, we’ve learned that while ISIL tends to be disgusting and vitriolic, at least Anonymous retains a sense of humor. They have returned one of their classic tactics, “Rick Rolling” ISIL accounts — flooding ISIL hashtags with Rick Astley’s “Never Gonna Give You Up” music video. Just remember, if you’re surfing Twitter this week, and you get “Rick Rolled,” a hacker somewhere might be thinking you’re part of ISIL.
Clint Watts is a Fox Fellow at the Foreign Policy Research Institute in Philadelphia and a Senior Fellow at the Center for Cyber and Homeland Security at The George Washington University. Prior to his current work as a security consultant, Clint served as a U.S. Army infantry officer, a FBI Special Agent on a Joint Terrorism Task Force and as the Executive Officer of the Combating Terrorism Center at West Point.