Hunters Take Down Terrorists On The Internet

Uploaded on 2017-07-31 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

Freelancers are hunting down terrorist content across social media platforms and messaging apps, doing a job the tech companies don't. 

'Colonel Kurtz' used to spend hours playing social games like Farmville. Now he hunts terrorists on the Internet. 

The pseudonymous 41-year-old, who runs his own construction company, is one of dozens of volunteer “hunters” to dedicate hours each day trying to identify and infiltrate terror groups online and block the spread of their propaganda.

“We’re trying to save lives and get this crap off the net to keep the next vulnerable kid from seeing propaganda and thinking it’s cool,” said Kurtz.

These hunters plug a gap in social media companies’ ability to keep terrorists off their networks by obsessively tracking and reporting Isis’s most prominent recruiters and propagandists across private messaging apps like Telegram and WhatsApp and public networks like Twitter, Facebook and YouTube. Some of them also provide valuable tip-offs of credible threats to law enforcement.

This type of hunting originated in 2014, when hacktivist collective Anonymous declared “war” on Islamic State with the #OpIsis campaign. The loosely affiliated army of digital activists set out to expose and report Isis supporters on social media, and hack or take down their websites.

Kurtz became a hunter following the November 2015 Paris attack. He had been watching the France-Germany friendly football match online when it was disrupted by loud explosions. That day seven attackers carried out mass shootings and suicide bombings that killed 129 people in France’s capital. After writing an angry Facebook post about the attack, Kurtz was contacted by a friend and member of Anonymous asking if he’d like to help out with #OpIsis. “It took me a few days to figure things out and after a few weeks I was dropping accounts like flies,” he said.

Out of Anonymous’ #OpIsis there have emerged more considered, organized groups including Ghost Security Group, KDK and a “drama and ego-free” group that Kurtz formed in 2016 after getting tired of the Islamophobia and inaccuracy within the operation.
“Everyone was in cowboy mode,” he said. “People were censoring the wrong accounts using bots and innocent Muslims were getting taken down. Nobody took the time to verify if it’s a real jihadi or sympathiser account.”
Kurtz’s group is known by its approximately dozen members as the Hellfire Club, although they don’t brand themselves as such externally. “We find promoting a name brings drama,” he said.

The Hellfire Club is made up of around a dozen members based in the US, Europe, Middle East and Indonesia who, depending on their employment status, spend between four and fifteen hours per day tracking Isis online. 
They communicate via a private Twitter group, posting screenshots of chatter from Isis Telegram channels they have infiltrated, Twitter accounts, YouTube videos and Facebook pages. Because they have infiltrated private Isis channels, they often get advance notice of planned operations and communications campaigns.

‘Our guys are going deep undercover’

Kurtz believes he and his fellow hunters are far more skilled than the algorithms and low-paid content moderators used by the technology companies. Because they track terrorist activity across platforms they can see how the same players pop up again and again under different user names, alerting their disciples to their new online personas via private messaging apps.
The hunters’ claims are validated by the fact that intelligence agencies ask them for help in identifying jihadists, including an Indian radical who was living in Raqqa and going by the name Winds of Victory. “I found him on Telegram in five minutes,” said Kurtz.
“I’m not going to say we are Delta Force or Seal Team 6 but our guys are going deep undercover,” he said.
Sometimes it’s not hard at all. On Twitter, for example, jihadists will create new accounts with the same username and a number indicating the “version” of the account. So if @jihadi_144 is taken down, he or she will pop up with @jihadi_145 minutes later. One Isis spokeswoman, known as Aisha, has had more than 400 accounts to date.
“A lot of what is going on at the social media companies is rhetoric,” said Eric Feinberg, a security researcher and member of the Hellfire Club. “They are not correlating the data like we do.”

Feinberg has developed software to pick up communications strands and behavioral patterns used by Isis across different platforms. He’s exasperated by the social media companies’ lack of action.
“Are you telling me they can’t figure out if there’s an Isis logo in the profile of a YouTube account or Facebook account?”
Within the larger hunting community, there is a clear divide: those who believe they need to collaborate with law enforcement and those who, in the spirit of Anonymous’s anarchic, anti-capitalist origins, call such collaborators “fed fags”.
“Once you cross the threshold from Anonymous to working with the feds, you have to put your big boy pants on,” said Quev, another Hellfire Club member. “Otherwise what are you actually doing? Getting tweets taken down.”
“There is no way to do anything meaningful without collaborating with law enforcement – anything else is just child’s play,” said the terrorism analyst Michael Smith, who has studied Islamic extremists’ use of social media for years and who has close ties to several government agencies.

Smith helped some credible groups including Ghost Security Group establish points of contact with government officials. These hunters become “pocket sources” for federal investigators, operating without service agreements or guarantees of compensation for their efforts.

It’s not always clear if the hunters are having a real impact beyond whack-a-mole account takedowns, although some groups have claimed credit for thwarting serious terror threats.

Kurtz said he called the FBI in November 2015 about a Brazilian Isis sympathiser called Ismail Abdul Jabbar al-Brazili after he threatened to carry out a suicide bombing. A few months later, al-Brazili was one of 10 arrested for plotting a terror attack at the Rio Olympics.
“Did my intel lead to that arrest? I don’t know. I’d like to think I contributed.”
If hunters don’t collaborate closely with intelligence agencies, their rogue efforts can be counter-productive or even dangerous. Smith describes a “serious incident” in 2015 when MI5 sent police to an undercover hunter’s house believing him to be a terrorist. Even though Isis has been weakened in recent months, Kurtz is not slowing down.
“It’s not just Isis, but the ‘alt-right’ in America. I think they are just as dangerous,” he said, adding that he will report neo-Nazi accounts when he comes across them.
“I don’t think we’ll ever be able to ride off into the sunset. You just replace one evil with another.”

Guardian

You Might Also Read: 

Facebook Deploys AI To Block Terror Propaganda:

Twitter May Introduce A 'Fake News' Flag:

 

« British Innovation Lags Behind France & Germany’s
WannaCry Drives Cyber Insurance »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Exploit Database (EDB)

Exploit Database (EDB)

The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers.

FireEye

FireEye

FireEye delivers unmatched detection, protection and response technology through an extensible and flexible cloud-based XDR platform.

European Council on Foreign Relations (ECFR)

European Council on Foreign Relations (ECFR)

ECFR is a pan-European think-tank conducting research and promote informed debate on European foreign policy. Cyber security is becoming an intrinsic element of foreign policy debate.

Sonatype

Sonatype

Sonatype protects the world's enterprise software from security, compliance, licensing risks, while reducing application development and deployment time.

ITrust

ITrust

French cybersecurity pure player since 2007. ITrust offers its Cyber expertise services and develops disruptive products in Cyber/Artificial Intelligence.

AAROH

AAROH

AAROH helps customers in Government, Law Enforcement, and Enterprises to identify, prevent, detect, resolve and protect from threats, crimes, breaches & fraud.

Absa Cybersecurity Academy

Absa Cybersecurity Academy

Absa Cybersecurity Academy is an initiative aimed at empowering marginalised South African youths to become certified cybersecurity specialists.

CIBR Warriors

CIBR Warriors

CIBR Warriors are a leading cyber security and networking staffing company that provides workforce solutions with businesses nationwide in the USA.

BreachLock

BreachLock

Breachlock delivers the most comprehensive Penetration Testing as a Service (PtaaS) powered by Certified Hackers and AI.

Cognyte

Cognyte

Cognyte is a global leader in investigative analytics software that empowers a variety of government and other organizations with Actionable Intelligence for a Safer World.

RNTrust

RNTrust

RNTrust provide solutions to meet today’s digital challenges utilizing digital technologies and services to make you more secured in digitally connected environment.

Fireblocks

Fireblocks

Fireblocks is a digital asset security platform that helps financial institutions protect digital assets from theft or hackers.

Bastion Networks

Bastion Networks

Bastion are a security-focussed managed solution provider and consultancy. We work with advanced cyber security vendors to produce managed security solutions to protect from online threats.

COGITANDA Dataprotect

COGITANDA Dataprotect

COGITANDA are a group of companies focused on dealing with cyber risks, managing them and insuring them.

Tanzania Industrial Research and Development Organization (TIRDO)

Tanzania Industrial Research and Development Organization (TIRDO)

TIRDO is a multi-disciplinary research and development organization.

AUCyber

AUCyber

AUCyber is a leading provider of managed cyber security solutions and consultancy services, specialising in supporting Australian organisations and Government agencies.