Hunters Take Down Terrorists On The Internet

Freelancers are hunting down terrorist content across social media platforms and messaging apps, doing a job the tech companies don't. 

'Colonel Kurtz' used to spend hours playing social games like Farmville. Now he hunts terrorists on the Internet. 

The pseudonymous 41-year-old, who runs his own construction company, is one of dozens of volunteer “hunters” to dedicate hours each day trying to identify and infiltrate terror groups online and block the spread of their propaganda.

“We’re trying to save lives and get this crap off the net to keep the next vulnerable kid from seeing propaganda and thinking it’s cool,” said Kurtz.

These hunters plug a gap in social media companies’ ability to keep terrorists off their networks by obsessively tracking and reporting Isis’s most prominent recruiters and propagandists across private messaging apps like Telegram and WhatsApp and public networks like Twitter, Facebook and YouTube. Some of them also provide valuable tip-offs of credible threats to law enforcement.

This type of hunting originated in 2014, when hacktivist collective Anonymous declared “war” on Islamic State with the #OpIsis campaign. The loosely affiliated army of digital activists set out to expose and report Isis supporters on social media, and hack or take down their websites.

Kurtz became a hunter following the November 2015 Paris attack. He had been watching the France-Germany friendly football match online when it was disrupted by loud explosions. That day seven attackers carried out mass shootings and suicide bombings that killed 129 people in France’s capital. After writing an angry Facebook post about the attack, Kurtz was contacted by a friend and member of Anonymous asking if he’d like to help out with #OpIsis. “It took me a few days to figure things out and after a few weeks I was dropping accounts like flies,” he said.

Out of Anonymous’ #OpIsis there have emerged more considered, organized groups including Ghost Security Group, KDK and a “drama and ego-free” group that Kurtz formed in 2016 after getting tired of the Islamophobia and inaccuracy within the operation.
“Everyone was in cowboy mode,” he said. “People were censoring the wrong accounts using bots and innocent Muslims were getting taken down. Nobody took the time to verify if it’s a real jihadi or sympathiser account.”
Kurtz’s group is known by its approximately dozen members as the Hellfire Club, although they don’t brand themselves as such externally. “We find promoting a name brings drama,” he said.

The Hellfire Club is made up of around a dozen members based in the US, Europe, Middle East and Indonesia who, depending on their employment status, spend between four and fifteen hours per day tracking Isis online. 
They communicate via a private Twitter group, posting screenshots of chatter from Isis Telegram channels they have infiltrated, Twitter accounts, YouTube videos and Facebook pages. Because they have infiltrated private Isis channels, they often get advance notice of planned operations and communications campaigns.

‘Our guys are going deep undercover’

Kurtz believes he and his fellow hunters are far more skilled than the algorithms and low-paid content moderators used by the technology companies. Because they track terrorist activity across platforms they can see how the same players pop up again and again under different user names, alerting their disciples to their new online personas via private messaging apps.
The hunters’ claims are validated by the fact that intelligence agencies ask them for help in identifying jihadists, including an Indian radical who was living in Raqqa and going by the name Winds of Victory. “I found him on Telegram in five minutes,” said Kurtz.
“I’m not going to say we are Delta Force or Seal Team 6 but our guys are going deep undercover,” he said.
Sometimes it’s not hard at all. On Twitter, for example, jihadists will create new accounts with the same username and a number indicating the “version” of the account. So if @jihadi_144 is taken down, he or she will pop up with @jihadi_145 minutes later. One Isis spokeswoman, known as Aisha, has had more than 400 accounts to date.
“A lot of what is going on at the social media companies is rhetoric,” said Eric Feinberg, a security researcher and member of the Hellfire Club. “They are not correlating the data like we do.”

Feinberg has developed software to pick up communications strands and behavioral patterns used by Isis across different platforms. He’s exasperated by the social media companies’ lack of action.
“Are you telling me they can’t figure out if there’s an Isis logo in the profile of a YouTube account or Facebook account?”
Within the larger hunting community, there is a clear divide: those who believe they need to collaborate with law enforcement and those who, in the spirit of Anonymous’s anarchic, anti-capitalist origins, call such collaborators “fed fags”.
“Once you cross the threshold from Anonymous to working with the feds, you have to put your big boy pants on,” said Quev, another Hellfire Club member. “Otherwise what are you actually doing? Getting tweets taken down.”
“There is no way to do anything meaningful without collaborating with law enforcement – anything else is just child’s play,” said the terrorism analyst Michael Smith, who has studied Islamic extremists’ use of social media for years and who has close ties to several government agencies.

Smith helped some credible groups including Ghost Security Group establish points of contact with government officials. These hunters become “pocket sources” for federal investigators, operating without service agreements or guarantees of compensation for their efforts.

It’s not always clear if the hunters are having a real impact beyond whack-a-mole account takedowns, although some groups have claimed credit for thwarting serious terror threats.

Kurtz said he called the FBI in November 2015 about a Brazilian Isis sympathiser called Ismail Abdul Jabbar al-Brazili after he threatened to carry out a suicide bombing. A few months later, al-Brazili was one of 10 arrested for plotting a terror attack at the Rio Olympics.
“Did my intel lead to that arrest? I don’t know. I’d like to think I contributed.”
If hunters don’t collaborate closely with intelligence agencies, their rogue efforts can be counter-productive or even dangerous. Smith describes a “serious incident” in 2015 when MI5 sent police to an undercover hunter’s house believing him to be a terrorist. Even though Isis has been weakened in recent months, Kurtz is not slowing down.
“It’s not just Isis, but the ‘alt-right’ in America. I think they are just as dangerous,” he said, adding that he will report neo-Nazi accounts when he comes across them.
“I don’t think we’ll ever be able to ride off into the sunset. You just replace one evil with another.”

Guardian

You Might Also Read: 

Facebook Deploys AI To Block Terror Propaganda:

Twitter May Introduce A 'Fake News' Flag:

 

« British Innovation Lags Behind France & Germany’s
WannaCry Drives Cyber Insurance »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Dark Reading

Dark Reading

Dark Reading is the most trusted online community for security professionals.

Cypress Semiconductor

Cypress Semiconductor

Cypress is a semiconductor design and manufacturing company providing embedded devices for secure IoT applications.

Fenror7

Fenror7

Fenror7 lowers the TTD (Time To Detection) of hackers, malwares and APTs in enterprises and organizations from 300 days on average to 24 hrs or less.

Kenna Security

Kenna Security

Kenna Security is a risk intelligence & vulnerability management platform that helps prioritize and remediate vulnerabilities.

Haventec

Haventec

Haventec’s internationally patented technologies reduce cyber risk and enable pervasive trust services with a decentralised approach to authentication.

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

SWEDAC is the national accreditation body for Sweden. The directory of members provides details of organisations offering certification services for ISO 27001.

Practical Assurance

Practical Assurance

Practical Assurance helps companies navigate the rough terrain of information security compliance.

Fiserv

Fiserv

Fiserv offers a wide array of Risk & Compliance solutions to help you prevent losses from fraud and ensure adherence to regulatory and compliance mandates.

BlackDice Cyber

BlackDice Cyber

Threat Intelligence is only part of the solution. Our solution matches threats to vulnerabilities and automatically takes remedial action against compromised apps, devices and websites.

DTS Systeme

DTS Systeme

DTS Systeme is an IT service provider with a focus on the core areas of datacenter, technologies and IT security.

Strac

Strac

Eliminate Personal Data Risks from your business. Our Dataless SaaS removes the need to manage sensitive data across web, mobile apps, servers and communication channels.

Legit Security

Legit Security

Legit Security's mission is to secure every organization's software factory by protecting the pipelines, infrastructure, code and people for faster and more secure software releases.

Oregon Systems

Oregon Systems

Oregon Systems is a Regional Leader & Distributor with value added services for OT, IoT, IIoT & IT Cybersecurity products, Solutions & professional services throughout the middle-east region.

Securance Consulting

Securance Consulting

Since 2002, Securance has empowered enterprises to assume proactive security, compliance, and risk management strategies.

Cyberplc

Cyberplc

Cyberplc is a global cybersecurity consulting firm providing services to government, the public sector and enterprises.

Obscure Technologies

Obscure Technologies

Obscure Technologies is a firm of experts, specialised in brokering the best security solutions to market.