DARK NET: Meet The Vigilantes Who Hunt ISIS On Twitter
As ISIS sympathizers turn to Twitter to post terror propaganda, hacktivists devote hours each day to rooting out and reporting these accounts
Before having her first cup of coffee each morning, @TouchMyTweets checks for death threats.
“The first thing I do is check my Twitter and Telegram notifications”—the latter is a cloud-based encrypted chat service—”for any urgent alerts: bomb threats, etc.,” she says. The accounts she monitors are affiliated with ISIS, the global terrorist organization. “If there is nothing urgent, I usually have many direct messages [alerting me to] particularly nasty ISIS supporters who need to be knocked [off Twitter].”
One such ISIS supporter, @Abu_Laptop45, posted a video on January 30 titled “A Message to OpISIS/Anon” that threatened to “break your necks.” The user expressed his disdain for hacktivists like @touchmytweets in an exclusive interview with Vocativ through direct messages on Twitter. “Anonymous has failed in their so-called ‘OpISIS’ battle miserably and is such a joke it’s unbelievable they try and carry on,” the user says. “It’s pretty worthless for them to try and silence what can’t be silenced. They’ve been trying for year … and it hasn’t helped them at all.”
“We are drowning in these people,” says @TouchMyTweets, who is an Anonymous-affiliated hacktivist living in the United States. “It’s a neck-and-neck battle. We try to keep one step ahead of them, but they constantly try to hide from us. I think we are winning that battle personally.”
“We are drowning in these people. We try to keep one step ahead of them, but they constantly try to hide from us.”
After verifying the Twitter accounts belong to ISIS supporters—using posting behavior, who they follow, who follows them—and retweeting them to @support and @security, Twitter’s administration handles, as well as to other hacktivists who also tell Twitter about the accounts, she then checks communal lists for pro-terrorism websites that, too, will be on the daily to-do list of harmful outlets to try to knock offline.
In the case of @Abu_Laptop45, his account was suspended later that day after hacktivists reported him.
For 12 hours a day, she focuses mainly on discovering, verifying and reporting Twitter accounts affiliated with ISIS. She is a member of RoninWolves, a subset gang of seven members that is part of the larger hacktivism umbrella.
Her operation connects with other clusters and teams under popular hashtags such as #OpISIS, which has claimed to have incited the suspension of over 62,000 ISIS-related accounts since its inception in June 2014, although that does not take into consideration if Twitter was already monitoring those accounts. According to a report released by the Center for Middle East Policy at Brookings Institution in March 2015, there were still roughly 46,000 active ISIS support accounts on Twitter, and only 678 confirmed pro-ISIS accounts were suspended between September 2014 and January 2015—a loss of a mere 3.4 percent. Thousands of other accounts were suspended that could not be independently verified as relating to ISIS by the institution.
“Through the internet, ISIS has established the most aggressive and effective global influence operation of a terrorist group in history. They call Twitter a province.”
“Through the internet, ISIS has established the most aggressive and effective global influence operation of a terrorist group in history,” says Michael S. Smith, a founder of Kronos Advisory, an advisory firm that regularly funnels terrorist-related information found online to different government agencies, including the Federal Bureau of Investigation. “They call Twitter a province. It’s a very important tool used to help manage this influential operation.” This aspect of control on the internet is explored in the fourth episode of DARK NET, set to air February 11. The thought-provoking, new eight-part docuseries—developed and produced by Vocativ—airs Thursdays at 11 p.m. ET/PT on SHOWTIME.
According to Twitter, however, they have operations independent of those led by vigilante hacktivism. “We have teams around the world actively investigating reports of rule violations, identifying violating conduct, partnering with organizations countering extremist content online, and working with law enforcement entities when appropriate,” a spokesperson said. When asked about what specific measures they undertake to combat terrorism on their platform, or if they are relying on hacktivists as a means of identifying terror-affiliated accounts, Twitter declined to comment.
But hacktivists still want more specific policies and tools in place from the company. User @Al_Baghdouchy_ of The Varuna Group recommends the company implement algorithms that screen for specific keywords, or photo-recognition software to quickly identify users who have been previously suspended.
Although it is hard to pinpoint exactly how many hacktivists or groups there are—”It’s not like we have meet-ups,” says @TouchMyTweets—hacktivist @yeti_001 estimates that roughly 100 people are working on operations more or less around the clock. “But if you talk about fanatics, then maybe 20,” he says. To many self-proclaimed “ISIS-hunters,” fighting terrorism digitally is a full-time job.
To many self-proclaimed “ISIS-hunters,” fighting terrorism digitally is a full-time job.
Like other at-home digital soldiers, @TouchMyTweets first became involved in hacktivism after an initiative by the popular collective Anonymous. “I was on the fringes for years, but started getting involved after Steubenville,” she says, referring to the 2013 Ohio rape case, where Anonymous released video footage showing of one of the suspects making jokes about the crime. “As a woman, I took a personal interest in that.” From there, she slowly started becoming involved in their efforts in Ferguson, Missouri following the shooting of Michael Brown. After ISIS executed American journalist James Foley in August 2014, she dedicated herself exclusively to the fight against the terror group. “That is what started me on this mission,” she says. “I will do this until it is over—until they are defeated, detained, wiped out.”
Zeus1, a European member of the group Anonymous Operations also known by his Twitter handle @anonzeus3, became involved around the same time, after the siege of Kobani in September 2014, where over 200 Kurds were killed and 300,000 displaced. “I really felt for the Kurds, being overrun with these barbaric terrorists,” he says. When he first joined the Anonymous mission, he targeted ISIS-affiliated websites using denial-of-service attacks alongside other hacktivist collectives like GhostSecurity and BinarySec. They would also report the site to its host en-masse with the hopes of getting it permanently removed. Shortly thereafter, he began working against ISIS on Twitter as well.
Joining an organized effort against ISIS on Twitter is fairly simple. “When I first started, I discovered #OpNewBlood for new members,” Zeus1 says, adding that he studied there and moved on to more formal operations involving attacks on ISIS-related websites, including forums and propaganda platforms. On the Twitter front, bedroom-bound hunters can use popular operation tags—#OpISIS mainly—to become affiliated with the general cause, build clout within the community, make hacktivist friends and perhaps join a specific collective such as RoninWolves, GhostSecurity or Controlling Section. “There is a common thread,” says Zeus1, “and that thread is a real love for doing what we feel is right.”
There are more experienced and sophisticated hackers, though, who troll hacktivists such as @TouchMyTweets because of their more surface-level efforts and relative newbie status. “There’s a lot of in-fighting from hackers,” she says, adding that she can spend hours a day engaged in spats. “It really slows us down and our efforts. Females are subjected to it far more—[doxing] each other based on small disagreements—revealing personal information.”
Although numerous acts of terrorism, such as the mass shooting in San Bernardino, were not carried out directly by ISIS, extremist propaganda on surface-level outlets social media outlets have acted as inspiration for these attacks. “There are lone wolves, and those are the people we are trying to track,” @TouchMyTweets says. “I personally receive dozens of death threats. My main fear is not a personal attack [against me], but an attack on a large group of people.”
Often, merely getting people kicked off of Twitter or temporarily derailing their website is only putting a bandaid on a broken leg.
Often, merely getting people kicked off of Twitter or temporarily derailing their website is only putting a bandaid on a broken leg. They can launch a new Twitter account within minutes, and many tech-savvy ISIS sympathizers use sophisticated means to protect their websites from attack. The spreading of propaganda persists. Because of this, many hacktivists have also started infiltrating websites and chatrooms to gather intelligence and surveil potential lone wolves—even if that means going cloak-and-dagger.
Last summer, @TouchMyTweets took it upon herself to go undercover, “posing as an ISIS [convert] to stalk an ISIS recruit in Afghanistan and an arms manufacturer in Great Britain,” she says. These operations are still ongoing, and require her to enter private chat rooms in Telegram which do not allow members to take screenshots of content. To document her findings, she takes photographs of her phone with a separate camera. “My number one priority is collecting intel such as battle plans and movements or immediate threats to certain geographical areas,” she says. She has yet to find anything worth reporting to federal authorities.
In a separate undercover operation in December 2015, @TouchMyTweets says she and her team channeled information to the Federal Bureau of Investigation, the Federal Aviation Administration, and the Aircraft Owners and Pilots Association (AOPA) of an imminent threat concerning a commercial airplane traveling from San Francisco to Paris. “Within minutes of passing the information, the plane changed course,” she says. The plane, Air France Flight AF083, diverted to Montreal. Federal authorities who receive information directly from hacktivists associated with Anonymous do not confirm whether or not they officially assisted in an counterterrorism operation. “We do not publicly claim that we are responsible for this, but the coincidence was startling,” @TouchMyTweets says. In addition, it has not been confirmed by any federal agency if Anonymous-related hacktivists assisted in reporting the information, or if other organizations had already been tracking the threat.
Middlemen have, however, sprouted up to assist in the transfer of information from hacktivists to law enforcement. Michael S. Smith now verifies information collected by hacktivist collectives and passes it along to specific people in the government. “The amount of information out there is deafening,” says Smith. “Twitter is the most important place online for ISIS to promote propaganda, incite violence and recruit. These tools would make the Nazi Party green with envy.”
But, Smith explains, there is a distinct disconnect between online-only hacktivism—knocking websites offline, suspending accounts, tracking alleged sympathizers—and actually getting information into the hands of people who can cause military-grade change on the ground. “Knocking down Twitter accounts is child’s play,” he says. “The bottom line is, if you want to make an impact, you have to be presenting information that you find to the authorities who will be kicking down doors and conducting airstrikes. This goes beyond the internet.”
“Twitter is the most important place online for ISIS to promote propaganda, incite violence and recruit. These tools would make the Nazi Party green with envy.”
Although many hacktivist collectives like Anonymous are generally anti-government in their outlook and frown on groups like Kronos Advisory, some have begun to collaborate with authorities. In November 2015, the group GhostSecurity, an Anonymous affiliate, branched off and rebranded into Ghost Security Group, which openly funnels information to government agencies and regularly teams up with Kronos Advisory. “Without the assistance of government entities or boots on the ground, our data holds no value so it is critical to coordinate efforts with larger institutions other than ourselves to ensure data found is implemented,” a spokesperson from Ghost Security Group says.
In January, Anonymous began #OpTwitter, an initiative against the social media giant. “A good percentage of these Anons helping have families with kids. Everyone can see these images, including kids,” says user @WauchulaGhost, adding that he was involved with the anti-Twitter campaign for Anonymous from the beginning. Soon thereafter, different clusters of hacktivists started rallying behind the operation. On January 27, an account was created—@UrTwit—to piggyback the operation started by Anonymous. The overall goal of both is to point out security flaws and an overall lackadaisical response to the large amount of active terrorist accounts—the activities of which may have dire consequences.
On January 13, Florida resident Tamara Fields filed a lawsuit against Twitter, saying that the tech giant was partly responsible for the death of her husband, who was killed in an attack by ISIS in November at a police training center in Jordan. The complaint stated, “Without Twitter, the explosive growth of ISIS over the last few years into the most-feared terrorist group in the world would not have been possible.”
When asked for comment, a Twitter spokesperson gave the following statement: “While we believe the lawsuit is without merit, we are deeply saddened to hear of this family’s terrible loss. Like people around the world, we are horrified by the atrocities perpetrated by extremist groups and their ripple effects on the Internet. Violent threats and the promotion of terrorism deserve no place on Twitter and, like other social networks, our rules make that clear.”
But, regardless of Twitter’s efforts, hacktivists are still frustrated with the lack of change on the digital frontline. “Twitter has not permanently solved the problem,” says @Al_Baghdouchy_ “They do nothing to prevent the same users and alleged terrorists from coming back again and again and again.”
With ISIS continuing to rely on visible channels to spread their ideology and recruit new members, they are more integrated into public platforms like Twitter than ever before, inciting worry as to what the future of the social network will look like. Whereas people with ill-intentions used to lurk in the shadows of the internet, such as the deep web, organizations are now shouting from within the comfort of a tweet. And to the hacktivists at war with them, terrorists no longer need to use hard-to-find areas of the Internet to discuss their ideology or plan their next attack. “The deep web is now Twitter,” says @Al_Baghdouchy_