In the wake of the Paris attacks, the hacktivist group Anonymous declared war on ISIS, stating that, “We are going to launch the biggest operation ever against you. Expect many cyber attacks. War has been declared. Get ready. We don’t forgive and we don’t forget.” The group also promised that, “Anonymous from all over the world will hunt you down. You should know that we will find you and we will not let you go. We will launch the biggest operation ever against you . . . the French people are stronger than you and will come out of this atrocity even stronger.”
And Anonymous made good on some of its threats as it claims to have shut down thousands of Twitter accounts used by ISIS operatives.
In addition to Anonymous, a smaller Internet group has also emerged - with a different strategy. This group claims they already stopped one terror attack before it even started.
This group, known as the Ghost Security Group, claims they were tired with unsophisticated Anonymous tactics, so they made a clean break.
The Ghost Security Group’s executive director (anonymously) states that, “They [Anonymous] don’t have any counterterrorism experience whatsoever. We felt that not enough was being done and the Charlie Hebdo attack [in France] made it clear that ISIS was not confined to the Middle East.”
The director says its volunteers live in the Middle East, Europe and the United States and include linguists and “people familiar with intelligence gathering techniques.”
Instead of trying to shut down accounts by flooding websites with too much traffic (known as DDoS attacks), Ghost Security Group members operate more like spies. They watch suspected ISIS Twitter accounts and sneak into militant message boards to discover information, which they then forward to law enforcement.
The executive director notes that, “We would much prefer to stop attacks than shut down websites. I don’t think DDoS attacks do a huge amount of damage to [ISIS]. Anonymous are hitting some extremist forums that have intelligence value, but we would like forums to stay online so we can see what people are saying and gather intelligence from them.”
The group claims that it already stopped one attack from taking place in Tunisia by listening to online jihadi chatter indicating that terrorists planned to attack a specific location on the island of Djerba.
Michael Smith, chief operating officer of security consulting group Kronos Advisory, works with the group. He says that Ghost Security Group operatives watch for and save tweets that sometimes only exist for minutes before being deleted.
Smith notes that, “They are not just identifying channels [of communication], they have put together a list of accounts which are utilized by people with influence. These people have saved lives.”
Smith says he works with the group to pass along the information the group gathers to security services. The group came to him after realizing they could not pass along the information to the authorities without raising all sorts of questions.
The director notes that, “We have data. We can’t do anything with that data unless we work with the U.S. government. They have the guns and the boots on the ground, they can disrupt terrorist operations.”