Hunters Take Down Terrorists On The Internet

Freelancers are hunting down terrorist content across social media platforms and messaging apps, doing a job the tech companies don't. 

'Colonel Kurtz' used to spend hours playing social games like Farmville. Now he hunts terrorists on the Internet. 

The pseudonymous 41-year-old, who runs his own construction company, is one of dozens of volunteer “hunters” to dedicate hours each day trying to identify and infiltrate terror groups online and block the spread of their propaganda.

“We’re trying to save lives and get this crap off the net to keep the next vulnerable kid from seeing propaganda and thinking it’s cool,” said Kurtz.

These hunters plug a gap in social media companies’ ability to keep terrorists off their networks by obsessively tracking and reporting Isis’s most prominent recruiters and propagandists across private messaging apps like Telegram and WhatsApp and public networks like Twitter, Facebook and YouTube. Some of them also provide valuable tip-offs of credible threats to law enforcement.

This type of hunting originated in 2014, when hacktivist collective Anonymous declared “war” on Islamic State with the #OpIsis campaign. The loosely affiliated army of digital activists set out to expose and report Isis supporters on social media, and hack or take down their websites.

Kurtz became a hunter following the November 2015 Paris attack. He had been watching the France-Germany friendly football match online when it was disrupted by loud explosions. That day seven attackers carried out mass shootings and suicide bombings that killed 129 people in France’s capital. After writing an angry Facebook post about the attack, Kurtz was contacted by a friend and member of Anonymous asking if he’d like to help out with #OpIsis. “It took me a few days to figure things out and after a few weeks I was dropping accounts like flies,” he said.

Out of Anonymous’ #OpIsis there have emerged more considered, organized groups including Ghost Security Group, KDK and a “drama and ego-free” group that Kurtz formed in 2016 after getting tired of the Islamophobia and inaccuracy within the operation.
“Everyone was in cowboy mode,” he said. “People were censoring the wrong accounts using bots and innocent Muslims were getting taken down. Nobody took the time to verify if it’s a real jihadi or sympathiser account.”
Kurtz’s group is known by its approximately dozen members as the Hellfire Club, although they don’t brand themselves as such externally. “We find promoting a name brings drama,” he said.

The Hellfire Club is made up of around a dozen members based in the US, Europe, Middle East and Indonesia who, depending on their employment status, spend between four and fifteen hours per day tracking Isis online. 
They communicate via a private Twitter group, posting screenshots of chatter from Isis Telegram channels they have infiltrated, Twitter accounts, YouTube videos and Facebook pages. Because they have infiltrated private Isis channels, they often get advance notice of planned operations and communications campaigns.

‘Our guys are going deep undercover’

Kurtz believes he and his fellow hunters are far more skilled than the algorithms and low-paid content moderators used by the technology companies. Because they track terrorist activity across platforms they can see how the same players pop up again and again under different user names, alerting their disciples to their new online personas via private messaging apps.
The hunters’ claims are validated by the fact that intelligence agencies ask them for help in identifying jihadists, including an Indian radical who was living in Raqqa and going by the name Winds of Victory. “I found him on Telegram in five minutes,” said Kurtz.
“I’m not going to say we are Delta Force or Seal Team 6 but our guys are going deep undercover,” he said.
Sometimes it’s not hard at all. On Twitter, for example, jihadists will create new accounts with the same username and a number indicating the “version” of the account. So if @jihadi_144 is taken down, he or she will pop up with @jihadi_145 minutes later. One Isis spokeswoman, known as Aisha, has had more than 400 accounts to date.
“A lot of what is going on at the social media companies is rhetoric,” said Eric Feinberg, a security researcher and member of the Hellfire Club. “They are not correlating the data like we do.”

Feinberg has developed software to pick up communications strands and behavioral patterns used by Isis across different platforms. He’s exasperated by the social media companies’ lack of action.
“Are you telling me they can’t figure out if there’s an Isis logo in the profile of a YouTube account or Facebook account?”
Within the larger hunting community, there is a clear divide: those who believe they need to collaborate with law enforcement and those who, in the spirit of Anonymous’s anarchic, anti-capitalist origins, call such collaborators “fed fags”.
“Once you cross the threshold from Anonymous to working with the feds, you have to put your big boy pants on,” said Quev, another Hellfire Club member. “Otherwise what are you actually doing? Getting tweets taken down.”
“There is no way to do anything meaningful without collaborating with law enforcement – anything else is just child’s play,” said the terrorism analyst Michael Smith, who has studied Islamic extremists’ use of social media for years and who has close ties to several government agencies.

Smith helped some credible groups including Ghost Security Group establish points of contact with government officials. These hunters become “pocket sources” for federal investigators, operating without service agreements or guarantees of compensation for their efforts.

It’s not always clear if the hunters are having a real impact beyond whack-a-mole account takedowns, although some groups have claimed credit for thwarting serious terror threats.

Kurtz said he called the FBI in November 2015 about a Brazilian Isis sympathiser called Ismail Abdul Jabbar al-Brazili after he threatened to carry out a suicide bombing. A few months later, al-Brazili was one of 10 arrested for plotting a terror attack at the Rio Olympics.
“Did my intel lead to that arrest? I don’t know. I’d like to think I contributed.”
If hunters don’t collaborate closely with intelligence agencies, their rogue efforts can be counter-productive or even dangerous. Smith describes a “serious incident” in 2015 when MI5 sent police to an undercover hunter’s house believing him to be a terrorist. Even though Isis has been weakened in recent months, Kurtz is not slowing down.
“It’s not just Isis, but the ‘alt-right’ in America. I think they are just as dangerous,” he said, adding that he will report neo-Nazi accounts when he comes across them.
“I don’t think we’ll ever be able to ride off into the sunset. You just replace one evil with another.”

Guardian

You Might Also Read: 

Facebook Deploys AI To Block Terror Propaganda:

Twitter May Introduce A 'Fake News' Flag:

 

« British Innovation Lags Behind France & Germany’s
WannaCry Drives Cyber Insurance »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DoD Cyber Crime Center (DC3)

DoD Cyber Crime Center (DC3)

DC3 is a US Department of Defense (DoD) center of excellence for Digital and Multimedia forensics.

Cyber adAPT

Cyber adAPT

Cyber adAPT offers a leading network threat detection platform (NTD) to the enterprise and ODM/OEM markets.

Shadowserver Foundation

Shadowserver Foundation

Shadowserver Foundation aims to improve internet security by raising awareness of compromised servers, malicious attackers and the spread of malware.

Adlink Technology

Adlink Technology

ADLINK is a leading provider of embedded computing products and services for applications including IoT and industrial automation.

SAASPASS

SAASPASS

SAASPASS is a full-stack identity and access management solution, a single product which allows you to manage all your digital and physical access needs securely and conveniently.

Smoothwall

Smoothwall

Smoothwall develop intelligent web filtering, Monitoring and security solutions designed to protect users worldwide.

Combined Selection Group (CSG)

Combined Selection Group (CSG)

CSG are Global Talent Experts, we operate across 7 specialist sectors, including Information Technology and Cybersecurity, and take a pro-active approach to executive search and headhunting.

Security Engineered Machinery (SEM)

Security Engineered Machinery (SEM)

SEM provides comprehensive end-of-life solutions for the protection of sensitive information in government and commercial markets.

Innovasec

Innovasec

Innovasec provide information security consulting and training services.

Security Alliance

Security Alliance

Security Alliance provide bespoke cyber intelligence consulting and research services.

Institute for Security and Technology (IST)

Institute for Security and Technology (IST)

The Institute for Security and Technology's goal is to provide the tools and insights needed for companies and governments to outpace emerging global security threats.

Moviri

Moviri

Moviri combines security technology engineering, intelligence expertise and our data science DNA to help companies manage digital risk end-to-end.

Technivorus Technology

Technivorus Technology

Technivorus is a deep-tech firm delivering customized Cybersecurity, Digital Marketing, Web & App Development, and multifarious IT services for businesses across the globe.

Oleria Security

Oleria Security

Oleria is the only adaptive and autonomous security solution that helps organizations accelerate at the pace of change, trusting that data is protected.

DataProof Communications

DataProof Communications

DataProof Communications is Cybersecurity Company specialising in cybersecurity operations, incident management and response best practices and technologies.

Simbian

Simbian

Simbian, with its hardened TrustedLLM system, is the first to accelerate security by empowering every member of a security team from the C-Suite to frontline practitioners.