Hunters Take Down Terrorists On The Internet

Freelancers are hunting down terrorist content across social media platforms and messaging apps, doing a job the tech companies don't. 

'Colonel Kurtz' used to spend hours playing social games like Farmville. Now he hunts terrorists on the Internet. 

The pseudonymous 41-year-old, who runs his own construction company, is one of dozens of volunteer “hunters” to dedicate hours each day trying to identify and infiltrate terror groups online and block the spread of their propaganda.

“We’re trying to save lives and get this crap off the net to keep the next vulnerable kid from seeing propaganda and thinking it’s cool,” said Kurtz.

These hunters plug a gap in social media companies’ ability to keep terrorists off their networks by obsessively tracking and reporting Isis’s most prominent recruiters and propagandists across private messaging apps like Telegram and WhatsApp and public networks like Twitter, Facebook and YouTube. Some of them also provide valuable tip-offs of credible threats to law enforcement.

This type of hunting originated in 2014, when hacktivist collective Anonymous declared “war” on Islamic State with the #OpIsis campaign. The loosely affiliated army of digital activists set out to expose and report Isis supporters on social media, and hack or take down their websites.

Kurtz became a hunter following the November 2015 Paris attack. He had been watching the France-Germany friendly football match online when it was disrupted by loud explosions. That day seven attackers carried out mass shootings and suicide bombings that killed 129 people in France’s capital. After writing an angry Facebook post about the attack, Kurtz was contacted by a friend and member of Anonymous asking if he’d like to help out with #OpIsis. “It took me a few days to figure things out and after a few weeks I was dropping accounts like flies,” he said.

Out of Anonymous’ #OpIsis there have emerged more considered, organized groups including Ghost Security Group, KDK and a “drama and ego-free” group that Kurtz formed in 2016 after getting tired of the Islamophobia and inaccuracy within the operation.
“Everyone was in cowboy mode,” he said. “People were censoring the wrong accounts using bots and innocent Muslims were getting taken down. Nobody took the time to verify if it’s a real jihadi or sympathiser account.”
Kurtz’s group is known by its approximately dozen members as the Hellfire Club, although they don’t brand themselves as such externally. “We find promoting a name brings drama,” he said.

The Hellfire Club is made up of around a dozen members based in the US, Europe, Middle East and Indonesia who, depending on their employment status, spend between four and fifteen hours per day tracking Isis online. 
They communicate via a private Twitter group, posting screenshots of chatter from Isis Telegram channels they have infiltrated, Twitter accounts, YouTube videos and Facebook pages. Because they have infiltrated private Isis channels, they often get advance notice of planned operations and communications campaigns.

‘Our guys are going deep undercover’

Kurtz believes he and his fellow hunters are far more skilled than the algorithms and low-paid content moderators used by the technology companies. Because they track terrorist activity across platforms they can see how the same players pop up again and again under different user names, alerting their disciples to their new online personas via private messaging apps.
The hunters’ claims are validated by the fact that intelligence agencies ask them for help in identifying jihadists, including an Indian radical who was living in Raqqa and going by the name Winds of Victory. “I found him on Telegram in five minutes,” said Kurtz.
“I’m not going to say we are Delta Force or Seal Team 6 but our guys are going deep undercover,” he said.
Sometimes it’s not hard at all. On Twitter, for example, jihadists will create new accounts with the same username and a number indicating the “version” of the account. So if @jihadi_144 is taken down, he or she will pop up with @jihadi_145 minutes later. One Isis spokeswoman, known as Aisha, has had more than 400 accounts to date.
“A lot of what is going on at the social media companies is rhetoric,” said Eric Feinberg, a security researcher and member of the Hellfire Club. “They are not correlating the data like we do.”

Feinberg has developed software to pick up communications strands and behavioral patterns used by Isis across different platforms. He’s exasperated by the social media companies’ lack of action.
“Are you telling me they can’t figure out if there’s an Isis logo in the profile of a YouTube account or Facebook account?”
Within the larger hunting community, there is a clear divide: those who believe they need to collaborate with law enforcement and those who, in the spirit of Anonymous’s anarchic, anti-capitalist origins, call such collaborators “fed fags”.
“Once you cross the threshold from Anonymous to working with the feds, you have to put your big boy pants on,” said Quev, another Hellfire Club member. “Otherwise what are you actually doing? Getting tweets taken down.”
“There is no way to do anything meaningful without collaborating with law enforcement – anything else is just child’s play,” said the terrorism analyst Michael Smith, who has studied Islamic extremists’ use of social media for years and who has close ties to several government agencies.

Smith helped some credible groups including Ghost Security Group establish points of contact with government officials. These hunters become “pocket sources” for federal investigators, operating without service agreements or guarantees of compensation for their efforts.

It’s not always clear if the hunters are having a real impact beyond whack-a-mole account takedowns, although some groups have claimed credit for thwarting serious terror threats.

Kurtz said he called the FBI in November 2015 about a Brazilian Isis sympathiser called Ismail Abdul Jabbar al-Brazili after he threatened to carry out a suicide bombing. A few months later, al-Brazili was one of 10 arrested for plotting a terror attack at the Rio Olympics.
“Did my intel lead to that arrest? I don’t know. I’d like to think I contributed.”
If hunters don’t collaborate closely with intelligence agencies, their rogue efforts can be counter-productive or even dangerous. Smith describes a “serious incident” in 2015 when MI5 sent police to an undercover hunter’s house believing him to be a terrorist. Even though Isis has been weakened in recent months, Kurtz is not slowing down.
“It’s not just Isis, but the ‘alt-right’ in America. I think they are just as dangerous,” he said, adding that he will report neo-Nazi accounts when he comes across them.
“I don’t think we’ll ever be able to ride off into the sunset. You just replace one evil with another.”

Guardian

You Might Also Read: 

Facebook Deploys AI To Block Terror Propaganda:

Twitter May Introduce A 'Fake News' Flag:

 

« British Innovation Lags Behind France & Germany’s
WannaCry Drives Cyber Insurance »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Imperva

Imperva

Imperva is a leading provider of data and application security solutions including DDoS protection, Web application security, Data security and Cloud security.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

Kirkland & Ellis

Kirkland & Ellis

Kirkland & Ellis LLP is an international law firm with offices in the USA, Europe and Asia. Practice areas include Data Security & Privacy.

Atos

Atos

Atos provides a unique Cyber Security end to end solution with a data-centric and pre-emptive security approach.

CSIRT Malta

CSIRT Malta

CSIRT Malta supports critical infrastructure organisations in Malta on how to protect their information infrastructure assets and systems from cyber threats and incidents.

National Cyber Security Centre (NCSC) - Netherlands

National Cyber Security Centre (NCSC) - Netherlands

NCSC Netherlands coordinates enhancing the cyber resilience of the Netherlands in the digital domain.

GMV

GMV

GMV is a technological business group offering solutions, services and products in diverse sectors including Intelligent Transportation Systems, Cybersecurity, Telecoms and IT.

oneM2M

oneM2M

oneM2M is a global organization creating a scalable and interoperable standard for communications of devices and services used in M2M applications and the Internet of Things.

DataPassports

DataPassports

DataPassports is a data-centric security and privacy solution that enforces privacy and security from end-to-end with transparent protection of data at the source.

NexGenT

NexGenT

NexGenT have combined military-style training with decades of network engineering and cyber security experience into an immersive program to get people into cyber security fast and effectively.

Cyber Chasse

Cyber Chasse

Cyber Chasse is an IT consulting and staffing company offering a full range of cybersecurity solutions, contract staffing services and online training courses.

Josef Ressel Centre for Intelligent & Secure Industrial Automation

Josef Ressel Centre for Intelligent & Secure Industrial Automation

The Josef Ressel Centre for Intelligent and Secure Industrial Automation investigates the fundamentals of digital assistants for industrial machines that enable intelligent and secure operation.

CDS

CDS

CDS is a strategic change agency enabling organisations and businesses to create and build better services to meet the evolving needs of customers, employees and citizens.

D.med Software

D.med Software

D.med Software is a company with a focus on cybersecurity for embedded software and cloud applications for the medical industry.

Sababa Security

Sababa Security

Sababa Security is the first Italian innovation cyber security vendor, that provides security products, training, and managed services to protect diverse IT and OT environments.

ERCOM

ERCOM

Ercom, a subsidiary of the Thales Group, is a French company known for its mobility security solutions.