Hacking group find link between unused UK government IP address and ISIS twitter accounts
16/12/2015: Hackers have claimed to have discovered a number of IP addresses linked to the Department of Work and Pensions being used by ISIS to run a number of social network accounts.
Hacking group VandaSec passed on the details to the Daily Mirror. The group uncovered evidence that at least three terrorist-supporting Twitter accounts can be traced back to IP addresses connected with the department headed by Tory MP Iain Duncan Smith. At the time, the DWP denied owning the IP addresses associated with the accounts.
The UK government later admitted that it had sold a large number of IP addresses that it owned to Saudi Telecom, but didn’t reveal how much it had made from the deal.
The Cabinet Office spokesman told the Mirror the government has “sold a number of these addresses to telecoms companies both in the UK and internationally to allow their customers to connect to the internet.”
11/12/2015: Anonymous has started a campaign of trolling against ISIS today as part of its ongoing “war” against the terror group.
The hacker group announced the “day of rage” earlier this week in a posting on Ghostbin. It has encouraged internet users to ridicule ISIS via social media by posting mocking photos of the group.
“They thrive off of fear, they hope that by their actions they can silence all of us and get us to just lay low and hide in fear,” said Anonymous.
“But what many forget – and even they do – is that there are many more people in the world against them than for them. And that is the goal of this mass uprising, on December 11th we will show them that we are not afraid, we will not just hide
in our fear, we are the majority and with our strength in numbers we can make a real difference,” it added.
The hackers have said that people should use the hashtags #Deash and #Deashbags when making derogatory postings about ISIS.
08/12/2015: Hackers have uncovered a hidden Android app used by ISIS to spread propaganda videos.
The app comes from the Amaq News Agency, a distribution channel used by terrorists to spread recruitment and propaganda messages.
It featured videos of beheadings and speeches from key ISIS leaders, as well as offering translations in multiple languages.
The software – which is not available through google Play and must instead be manually installed – was discovered by the Ghost Security Group (GSG)while searching for ISIS-related sites.
The group describes itself as a “counter-terrorism network that combats extremism on the digital front lines of today using the internet and social media as a weapon”.
While GSG was initially formed by Anonymous members as a splinter group, it actually has a far more organised structure than its forebear, with clearly-divided hierarchies within its ranks.
It also has partnerships with military movements like the Iraqi Peshmerga and has previously worked with organisations like the CIA.
Other ‘hacktivist’ groups like GhostSec are calling for traditional security forces to become much more involved in the cyberwar against ISIS.
Not to be confused with GSG, GhostSec is a collective much more closely aligned with Anonymous, although with similar aims to GSG.
In a recent interview with Sky News, individuals claiming to be GhostSec members Comedi, Ransacker and TorReaper appealed for help in the fight against online terrorism.
Although the group claims that it can keep an ISIS site down for months through DDoS attacks, it said that the speed at which new sites are set up and their increasingly sophisticated defences are making their task more difficult.
“The only break we get is when we’re working or sleeping”, the hackers said. They claim that when it comes to fighting ISIS on the web, government security personnel “are either ignoring it, don’t know how to do it, or they don’t have the time or the manpower”.
07/12/2015: Anonymous has called for the internet to target ISIS in an international “trolling day”.
An anonymous post requests that on 11 December, anti-ISIS protesters and internet users band together to ridicule the group.
The plan mostly revolves around mocking ISIS on social media, with a list of instructions for attacking the group on Twitter, Instagram, Facebook and YouTube, as well as offline protests and demonstrations.
While the group has lately become known for slightly more sophisticated hacking operations, this particular plan of attack evokes Anonymous’ roots as puerile internet pranksters.
Suggestions include referring to ISIS members as “Daeshbags”, tagging them in pictures of goats “with captions talking about their wives”, and making YouTube videos “to mock and belittle Isis members”.
There are also darker, less juvenile tactics mentioned, such as posting mocking photos of dead or captured terrorists.
Some, however, are of a more positive nature, like the suggestion that supporters print out pages “showing how ISIS does not represent Islam”, reminiscent of the incident in London which inspired the hashtag #YouAintNoMuslimBruv.
The post urges those not affiliated with Anonymous to join in, stating that “anyone can do this” and it “does not require any special skills”.
The goal, it says, is to show ISIS that the terrorist group’s scare tactics will not work, stating that “they thrive off of fear [and] hope that by their actions they can silence all of us and get us to just lay low and hide”.
“On December 11th we will show them that we are not afraid,” the post says. “We will not just hide in our fear, we are the majority and with our strength in numbers, we can make a real difference. We will mock them for the idiots they are.”
30/11/2015: The hacking collective Anonymous has turned its ire on a new target in its war on ISIS; cloud provider CloudFlare.
The vigilante hackers have accused the firm of using its technology to shelter up to 40 websites that the collective has deemed ‘pro-ISIS’.
CloudFlare uses a cloud-based content delivery network to stop websites being taken offline by malicious threat actors.
One of the main things it defends against is Distributed Denial of Service (DDoS) attacks, a favourite technique of Anonymous.
“Once again, @CloudFlare have been found to be providing services to pro #IslamicState websites”, an Anonymous-affiliated account tweeted.
The tweet references an incident in 2013 when CloudFlare had similar claims levelled at it, this time due to its hosting of a mujahideen site with ties to Al Qaeda.
CloudFlare CEO Matthew Prince swiftly dismissed these accusations as “armchair analysis by kids”, calling them “hard to take seriously” in a conversation with The Register.
He cited the fact that Anonymous itself uses his company’s services, and has not had their websites removed despite the controversy the group is often mired in.
He also stated that there would be no mileage in these sites for CloudFlare as he “should imagine those kinds of people pay with stolen credit cards”.
26/11/2015: ISIS has been dealt another blow in its war with Anonymous.
Isdarat, a site supposedly used to disseminate pro-ISIS news and propaganda, was hijacked to display a mocking message and a banner ad for an online Viagra and Prozac pharmacy.
“Too Much ISIS”, the message read. “Enhance your calm. Too many people are into this ISIS-stuff. Please gaze upon this lovely ad so we can upgrade our infrastructure to give you ISIS content you all so desperately crave.”
Responsibility for the stunt was claimed by GhostSec, an Anonymous-affiliated hacktivist collective.
Reports suggest that the site was targeted after hackers discovered its .onion address on the anonymous Tor network.
18/11/2015: Islamic State has released guidelines to its members about how to protect themselves against hacks via their Twitter, Facebook and email accounts.
The news comes after Internet collective Anonymous vowed revenge on ISIS following the recent atrocities in Paris and exposed 800 Facebook, Twitter and email accounts linked to ISIL members.
Islamic State offshoot ISIL distributed five points of guidance for members, detailing measures they can take to resist attacks from the hacker group.
The message was sent via Telegram, which is an encrypted instant messaging app via the Khalifa news channel, which experts believe is an unofficial pro-ISIS news source.
Researchers at the International Centre for the Study of Radicalisation, based in London translated the message as saying: “The #Anonymous hackers have threatened in a new video release that they will carry out a major hack operation operation on the Islamic state (idiots).”
It went on to say members should not open links they receive from unknown sources, use a VPN and change their IP address constantly, avoid talking to people they don’t know on Telegram and block them, avoid talking to people via DM and change usernames on social media so they are not identical to email addresses.
Anonymous sent out a warning immediately following the Paris attacks, with various members of the group, many dressed in its quasi-uniform of Guy Fawkes mask and hoodie, posting videos to YouTube declaring their intentions to launch “massive cyber attacks” against the terrorist organisation.
One, emblazoned with the slogan “we are uniting humanity”, stated that Anonymous will be targeting social media accounts linked with ISIS recruitment and propaganda.
Anonymous’ structure and hierarchy – or lack thereof – means that no one individual can speak for the group. This particular motion, however, has proved understandably popular, with multiple affiliated Twitter accounts banding together to pledge their support via the #OpParis hashtag.
Anonymous has reminded the world that it’s been at war with ISIS for “quite some time already”, and the announcement echoes the action taken against Islamic State following the Charlie Hebdo massacre in January 2015.
Social media and other internet tools are becoming an increasingly important part of both terrorist operations and the fight against them.
For example, Anonymous has recently claimed the so-called ‘Cyber Caliphate’, an ISIS hacking group supposedly behind many security intrusions, operates out of a single IP address in Kuwait.
It also claimed that many of their attacks were also fakes, in which they release publicly-available information and claim that it’s been hacked.