This Is How Anonymous' Fight Against ISIS Hurts Actual Counterterrorism


ISIS' presence on Twitter is being identified and dismantled. Ninety-two hundred accounts were released at once in March. Then, after the Paris attacks, 5,500 accounts went down — another small victory at a time when the world feels hopeless and violated in the face of immense tragedy.

But most of that success is misattributed. It's not Anonymous that's doing the real work of fighting the Islamic State group online — even though the group has been the most bombastic about leading the digital charge. The ISIS campaign can actually be attributed to GhostSecGroup, now called Ghost Security Group, an online counterterrorism squad unaffiliated with Anonymous that works closely with U.S. government agencies. 

The small group of elite, experienced hackers has been working to slowly wear down Daesh's online presence since January, shortly after the Charlie Hebdo massacre.

And though they recognize that Anonymous and #OpISIS are "well intentioned," GhostSecGroup's leadership told Mic that the sudden interest of Anonymous could end up costing innocent lives.

The slow business of counterterrorism: GhostSecGroup operates a two-pronged system. The first is CtrlSec, the arm of the operation run by a European named Mikros. This group deals purely with social media — they don't "hack" Daesh, but instead map out their online communications networks, build extensive weekly lists of online handles and send them off to Twitter, which (according to CtrlSec) bans about 90% of everything CtrlSec send their way.

The numbers are sporadic, but GhostSecGroup told Mic that as of Wednesday, CtrlSec has banned over 110,000 ISIS-affiliated Twitter accounts, many of which are likely repeats of the same jihadis making accounts many times over.

The main GhostSec team targets ISIS-affiliated domains, websites and forums. It's less buzzworthy work, because the goal isn't always just to take down a site, it's slow intelligence-gathering. GhostSec finds Islamic State sites, hacks into the backend and determines if there's any organizing, planning or coordinating. They spend time sorting through the forums and even planting moles in order to extract any information, and then use an intermediary to communicate that information to the FBI and other U.S. government agencies.

This work by GhostSecGroup in the past has been attributed, without government denial or confirmation, with preventing actual terrorist attacks and copycat massacres.

This is where Anonymous can end up doing more harm than good, according to DigitaShadow, the executive director of Ghost Security Group. (All members go by pseudonyms and shield their identities — they may have gone legit, but they still regularly receive credible death threats from ISIS.) 

DigitaShadow told Mic that Anonymous' methodology is just to find one of these sites and use a cheap, rudimentary form of hacking, like a distributed denial of service attack, to bring it down, essentially tearing down a potential source of useful intel.

"When it comes to terrorist attacks, one of the big worries is that you could take down forums and cost someone their lives," DigitaShadow said. "Anonymous has a habit of shooting in every direction and asking questions later."

He also said that there's an issue of picking out the right targets in the first place. GhostSecGroup has a wide network of experts, volunteers and Arabic translators who make sure that any target they end up taking down is an actual ISIS hub.

"Sometimes it's hard to differentiate an insurgent site from an innocent Muslim site," Digita said. "I'm afraid it's a lot of friendly fire."

The underground Twitter wars: Taking down Twitter accounts may seem trivial, but social media is a vital platform for ISIS to spread propaganda and seduce potential recruits with glitzy, violent videos promoting their exploits and developing sophisticated ways of evading detection. For CtrlSec, it's an endless game of Whack-a-Mole, though they say Twitter's gotten better at working with them.

But that work is methodical, and GhostSecGroup has had to distance themselves from their old ties with Anonymous in order to do real counterterrorism work. 

Anonymous is decentralized, often sloppy, and opens up the opportunity for ISIS moles to work their way in. The old mantle of "GhostSec," the name Ghost Security Group originally used when they were affiliated with Anonymous, is still in use by Guy Fawkes-mask-wearing Anons.

The Islamic State group's online presence is migrating away from Twitter as well, to encrypted apps like Telegram, where it can congregate quietly and even raise money. GhostSecGroup has begun using infiltrators to build relationships with jihadists and gain access to their private channels on apps like Telegram.

GhostSecGroup and CtrlSec keep an online form where anyone can report accounts or domain names they think are related to ISIS, and the form generates them about 500 leads a day. These tips are a big part of how CtrlSec builds the lists that they send off to Twitter. Technically, anyone can contribute to them.

Instead, the drum beats loud for Anonymous, which puts out rabble-rousing videos with colorful costumes and the cathartic promise of vengeance. We rally behind them and give them not just attention but credit for doing work that is possibly not theirs. All the while, they trample on the methodical slog of the quiet hacktivists doing the slow work of real counterterrorism.

Get more stories that help you rethink the world by signing up for our daily email newsletter.