Hacker-activists across the world have launched an online war against the so-called Islamic State, targeting the web-savvy jihadists’ vast Internet network of supporters and suspected sleeper cells.
But bureaucracy at a wary FBI and stringent US laws against hacking are slowing these efforts to take down the IS web forums and social media accounts, experts and analysts say. As a result, they say, the jihadists are opting to base their web operations on US-hosted sites in order to take advantage of US legal protections.
Various groups of anonymous citizen hackers are taking on the jihadists, including Ghost Security, an alliance of 12 like-minded hackers with military and intelligence backgrounds. Known as GhostSec, the group seeks to monitor and flag various web forums and social media accounts allegedly used by the group to communicate to its followers.
Using a network of activists from across the Arab world, the online vigilantes say they have racked up some major victories. Since January, GhostSec says it has brought down or disrupted 133 IS-linked websites with Distributed Denial of Service (DDOS) attacks, and reported some 60,000 IS-linked accounts to Twitter, which then suspended them.
Under US law, DDOS attacks are a federal crime should authorities prove malicious intent. But, more than disrupting IS communication and propaganda channels, GhostSec says its hacking-campaign has saved lives.
Most recently, through monitoring IS Facebook and Twitter accounts, the group in July uncovered a plot targeting British tourists and Jewish residents on the Tunisian island of Djerba, according to the head of GhostSec’s operations, who asked not to be named. After GhostSec says it forwarded the information to the FBI and private intelligence firms, Tunisian authorities arrested 17 plotters, an incident confirmed by intelligence analysts.
For GhostSec hacktivists, it is all part of what they are calling a “second front” against IS. Lara Abdallat, a Jordanian former beauty queen and fashion designer, now spends several hours a day tracking IS social-media accounts. “They are committing crimes that are against Islam – they are destroying the image of our religion, and I wanted to do my part to stop them,” she says.
FBI wary of hackers
But hackers and analysts say US laws and a lack of coordination with federal authorities are preventing even greater gains against IS.
The FBI remains wary of anonymous hacker groups and skeptical of their tip-offs, forcing groups such as GhostSec to go through third-party intelligence firms to provide federal officials with information gathered from IS sites.
“When it comes to data that is being combed by GhostSec adhering to a plot or a threat including criminal activity, the FBI evaluates it with a degree of skepticism; they prefer to work directly with sources rather than anonymous groups,” says Michael S. Smith II, an adviser to Congress whose security firm, Kronos, has acted as a go-between for GhostSec and the US authorities. [Editor's note: This line has been amended to clarify Mr. Smith's background.]
“There is a sense of distrust between the two parties.”
Moreover, the Computer Fraud and Abuse Act (CFAA) criminalizes the distribution of malicious code or the unauthorized altering of US-hosted computers and servers. With many of GhostSec’s members operating from within the US or fearing US prosecution, the hacktivists instead alert concerned US authorities and web administrators to take down IS-linked web forums and social media accounts themselves.
Going through the proper legal channels at times takes weeks, hackers and security analysts say, allowing Islamic State plenty of time to successfully communicate and broadcast its message to its followers.
US has 'abysmal record'
While US hacking laws seek to prevent malicious hackers from committing crimes ranging from espionage to identity theft, analysts say these legal protections have led IS to use US-hosted websites as its channel of choice to reach out to its followers.
“More and more, the IS is utilizing social media platforms and web servers based in the US as it is clear to the strategists that the US has an abysmal record in disrupting forums,” Mr. Smith says.
FBI officials declined to discuss the agency’s alleged cooperation with hacker-activists, citing the sensitivity surrounding ongoing operations.
The officials referred instead to recent statements to Congress made by FBI Director James B. Comey warning that “changing forms of Internet communication are quickly outpacing laws and technology designed to allow for the lawful intercept of communication content.”
Internet freedoms 'an obstacle'
The growing gap, dubbed “Going Dark” by the FBI, reportedly is being taken advantage of by IS followers who are using strong encryption and US-hosted sites protected by current laws that prevent agents from accessing them, even with a warrant.
The gap allegedly has forced authorities to rely more on information coming in from hacktivists such as GhostSec.
FBI officials based in the Middle East say the growing disconnect between Internet communications capabilities and legal jurisdiction has even prevented monitoring and counter-terrorism activities in the Arab world, where US allies find themselves unable to take down websites hosted in America.
“The issue of social media and Internet freedoms has been an obstacle in fighting IS,” says an FBI agent based in the region.
However David Fidler, adjunct senior fellow for cybersecurity at the New York-based Council on Foreign Relations, says groups such as GhostSec will have to continue their campaign on the fringes of the law.
Counter the message, not just delivery
“Yes, the CFAA restricts hackers acting as vigilantes, but many experts believe that is appropriate,” he says in an email. “ISIS abuses the freedoms the US protects in the realm of speech. What is being guarded against is the US government abusing those freedoms in response to the cynical and venal behavior of ISIS.”
Even if provided with the full legal tools, counter-terrorism analysts doubt whether hacktivists can truly deter IS’s online reach. And while data-mining and monitoring may help in deterrence of potential attacks, analysts say it does not go far enough to counter the jihadist narrative.
“Monitoring is good, it is needed, but it is only a tactic – it does not curb the wider comprehensive strategy or the narrative and appeal of groups such as IS,” says Ali Soufan, a former FBI special agent and CEO of Soufan group, a security intelligence firm.
“I disagree that these guys [IS] are geniuses,” he says. “They are effective in taking a unified message and decentralizing its delivery. In addition to countering the delivery, we must also counter the message.”