Hunters Take Down Terrorists On The Internet

Freelancers are hunting down terrorist content across social media platforms and messaging apps, doing a job the tech companies don't. 

'Colonel Kurtz' used to spend hours playing social games like Farmville. Now he hunts terrorists on the Internet. 

The pseudonymous 41-year-old, who runs his own construction company, is one of dozens of volunteer “hunters” to dedicate hours each day trying to identify and infiltrate terror groups online and block the spread of their propaganda.

“We’re trying to save lives and get this crap off the net to keep the next vulnerable kid from seeing propaganda and thinking it’s cool,” said Kurtz.

These hunters plug a gap in social media companies’ ability to keep terrorists off their networks by obsessively tracking and reporting Isis’s most prominent recruiters and propagandists across private messaging apps like Telegram and WhatsApp and public networks like Twitter, Facebook and YouTube. Some of them also provide valuable tip-offs of credible threats to law enforcement.

This type of hunting originated in 2014, when hacktivist collective Anonymous declared “war” on Islamic State with the #OpIsis campaign. The loosely affiliated army of digital activists set out to expose and report Isis supporters on social media, and hack or take down their websites.

Kurtz became a hunter following the November 2015 Paris attack. He had been watching the France-Germany friendly football match online when it was disrupted by loud explosions. That day seven attackers carried out mass shootings and suicide bombings that killed 129 people in France’s capital. After writing an angry Facebook post about the attack, Kurtz was contacted by a friend and member of Anonymous asking if he’d like to help out with #OpIsis. “It took me a few days to figure things out and after a few weeks I was dropping accounts like flies,” he said.

Out of Anonymous’ #OpIsis there have emerged more considered, organized groups including Ghost Security Group, KDK and a “drama and ego-free” group that Kurtz formed in 2016 after getting tired of the Islamophobia and inaccuracy within the operation.
“Everyone was in cowboy mode,” he said. “People were censoring the wrong accounts using bots and innocent Muslims were getting taken down. Nobody took the time to verify if it’s a real jihadi or sympathiser account.”
Kurtz’s group is known by its approximately dozen members as the Hellfire Club, although they don’t brand themselves as such externally. “We find promoting a name brings drama,” he said.

The Hellfire Club is made up of around a dozen members based in the US, Europe, Middle East and Indonesia who, depending on their employment status, spend between four and fifteen hours per day tracking Isis online. 
They communicate via a private Twitter group, posting screenshots of chatter from Isis Telegram channels they have infiltrated, Twitter accounts, YouTube videos and Facebook pages. Because they have infiltrated private Isis channels, they often get advance notice of planned operations and communications campaigns.

‘Our guys are going deep undercover’

Kurtz believes he and his fellow hunters are far more skilled than the algorithms and low-paid content moderators used by the technology companies. Because they track terrorist activity across platforms they can see how the same players pop up again and again under different user names, alerting their disciples to their new online personas via private messaging apps.
The hunters’ claims are validated by the fact that intelligence agencies ask them for help in identifying jihadists, including an Indian radical who was living in Raqqa and going by the name Winds of Victory. “I found him on Telegram in five minutes,” said Kurtz.
“I’m not going to say we are Delta Force or Seal Team 6 but our guys are going deep undercover,” he said.
Sometimes it’s not hard at all. On Twitter, for example, jihadists will create new accounts with the same username and a number indicating the “version” of the account. So if @jihadi_144 is taken down, he or she will pop up with @jihadi_145 minutes later. One Isis spokeswoman, known as Aisha, has had more than 400 accounts to date.
“A lot of what is going on at the social media companies is rhetoric,” said Eric Feinberg, a security researcher and member of the Hellfire Club. “They are not correlating the data like we do.”

Feinberg has developed software to pick up communications strands and behavioral patterns used by Isis across different platforms. He’s exasperated by the social media companies’ lack of action.
“Are you telling me they can’t figure out if there’s an Isis logo in the profile of a YouTube account or Facebook account?”
Within the larger hunting community, there is a clear divide: those who believe they need to collaborate with law enforcement and those who, in the spirit of Anonymous’s anarchic, anti-capitalist origins, call such collaborators “fed fags”.
“Once you cross the threshold from Anonymous to working with the feds, you have to put your big boy pants on,” said Quev, another Hellfire Club member. “Otherwise what are you actually doing? Getting tweets taken down.”
“There is no way to do anything meaningful without collaborating with law enforcement – anything else is just child’s play,” said the terrorism analyst Michael Smith, who has studied Islamic extremists’ use of social media for years and who has close ties to several government agencies.

Smith helped some credible groups including Ghost Security Group establish points of contact with government officials. These hunters become “pocket sources” for federal investigators, operating without service agreements or guarantees of compensation for their efforts.

It’s not always clear if the hunters are having a real impact beyond whack-a-mole account takedowns, although some groups have claimed credit for thwarting serious terror threats.

Kurtz said he called the FBI in November 2015 about a Brazilian Isis sympathiser called Ismail Abdul Jabbar al-Brazili after he threatened to carry out a suicide bombing. A few months later, al-Brazili was one of 10 arrested for plotting a terror attack at the Rio Olympics.
“Did my intel lead to that arrest? I don’t know. I’d like to think I contributed.”
If hunters don’t collaborate closely with intelligence agencies, their rogue efforts can be counter-productive or even dangerous. Smith describes a “serious incident” in 2015 when MI5 sent police to an undercover hunter’s house believing him to be a terrorist. Even though Isis has been weakened in recent months, Kurtz is not slowing down.
“It’s not just Isis, but the ‘alt-right’ in America. I think they are just as dangerous,” he said, adding that he will report neo-Nazi accounts when he comes across them.
“I don’t think we’ll ever be able to ride off into the sunset. You just replace one evil with another.”

Guardian

You Might Also Read: 

Facebook Deploys AI To Block Terror Propaganda:

Twitter May Introduce A 'Fake News' Flag:

 

« British Innovation Lags Behind France & Germany’s
WannaCry Drives Cyber Insurance »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CloudEndure

CloudEndure

CloudEndure offers Disaster Recovery and Continuous Replication for the Cloud.

Vade Secure

Vade Secure

Vade Secure provides protection against the most sophisticated email scams such as phishing and spear phishing, malware and ransomware.

IT Association of Slovakia (ITAS)

IT Association of Slovakia (ITAS)

ITAS is a professional association of domestic and foreign companies operating in the field of information and communication technologies

Veriato

Veriato

Veriato develops intelligent solutions that provide companies with visibility into the human behaviors and activities occurring within their network, making them more secure and productive.

Information System Authority (RIA) - Estonia

Information System Authority (RIA) - Estonia

RIA ensures the interoperability of the state’s information system, organises activities related to information security, and handles security incidents in Estonian computer networks.

CPP Group UK

CPP Group UK

CPP Group UK develops products to help insurers add further value to their products and services through its innovative suite of new products in FinTech, InsurTech and cyber security.

Red Piranha

Red Piranha

Red Piranha's Crystal Eye Unified Threat Management Platform is designed for Managed Service Providers and corporations that need extreme security that is both easy to use and affordable.

CyberNews

CyberNews

Cybernews.com is a research-based online publication that helps people navigate a safe path through their increasingly complex digital lives.

Tego Cyber

Tego Cyber

Tego Cyber delivers a state-of-the-art threat intelligence platform that helps enterprises deploy the proper resolution to an identified threat before the enterprise is compromised.

VectorRock

VectorRock

Save Your Business From Cyber Criminals. We specialize in uncovering cyber risks which threaten your organization and fixing them.

Onyxia Cyber

Onyxia Cyber

Onyxia's unique dynamic cybersecurity platform identifies gaps and prioritizes recommendations for proactive cybersecurity strategy, performance, remediation and management.

Cyber Ranges

Cyber Ranges

Cyber Ranges is the next-generation cyber range for the development of cyber capabilities and the validation of cyber security skills and organizational cyber resilience.

Theta

Theta

Theta is a New Zealand owned technology consultancy. Our team of over 330 experienced professionals help organisations transform with technology.

SalvageData Recovery Services

SalvageData Recovery Services

Since 2003, SalvageData has been providing high-quality data recovery with the certifications needed to work with any storage media manufacturer.

Internet Initiative Japan (IIJ)

Internet Initiative Japan (IIJ)

IIJ is one of Japan's leading Internet-access and comprehensive network solutions providers.

Strobes Security

Strobes Security

Strobes is among the world’s first cybersecurity platforms specifically designed for end-to-end continuous threat exposure management.