Islamic State Cyber Warfare & US Civilian Kill Lists

When ISIS Hackers Call You Out By Name

Posted on Site Intelligence February 7, 2017 via Vice Magazine Motherboard

Kill lists have traditionally focused on perceived religious deviants and political/economic targets, but a new wave of pro-IS kill lists has embraced random civilians as targets.

Americans are well aware that terrorists wish harm on their country. We’ve lived through 9/11, San Bernardino, and this week’s horrid atrocity in Orlando—ugly reminders that our nationality, genders, and sexualities all make us targets.

Image: SITE

The list included the targets’ email and street addresses, phone numbers, and neighborhoods, prompting FBI visits to presumed teachers, plumbers, mothers, fathers, tennis players, artists—people who may likely go some days forgetting that IS exists. Yet, these people are informed by the FBI that they are wanted dead by ISIS. Imagine their reaction.

It’s not only New York residents making it into these emerging pro-IS kill lists either. Others have targeted Texas residents, New Jersey Transit Police, State Department personnel, USF military personnel, and drone operators, among others.

It raises the question: What the hell is going on?

Jihadi kill lists are not by any means new. Such releases have come from al-Qaeda in the Arabian Peninsula, which has in its English-language magazine, Inspire, listed writers and cartoonists “wanted dead or alive for crimes against Islam” (one of the targets of which was killed in the 2015 Charlie Hebdo attacks) and suggested high-profile economic figures in America as targets. Likewise, the issue 14 of Dabiq, IS’ English-language magazine, provided a kill list of well-known “imams of kufr [disbelief]” in the West.

Even from pro-ISIS hacking groups, kill lists are not new. The first such list was released in March 2015 and contained information of 100 military personnel.

However, as my organization, the SITE Intelligence Group, showed in a comprehensive report released last week, pro-ISIS hacking groups are releasing these kill lists at an increasing rate. Of roughly 19 such kill lists released since March 2015, nine have come out in the last four months alone.

News reports commonly refer to this new wave of releases as ISIS kill lists. In fact, these lists are not actually coming from official ISIS outlets, but instead by ISIS-supporting hacking groups with varying extents of affiliation to the group. Currently, there are three pro-IS hacking groups releasing kill lists: The Caliphate Cyber Army (CCA), the United Cyber Caliphate (UCC), and the Islamic State Hacking Division (ISHD).

Image: SITE

Between March 2 and May 2, 2016, ISIS-affiliated hacking groups released eight kill lists, targeting 56 New Jersey state police officers, 36 Minnesota state police officers, 11 county board members in Tennessee, 3,600 New York citizens, 50 federal government employees, 76 US military personnel, 50 federal government employees, and 1,500 Texas citizens.

Furthermore, while kill lists have traditionally focused on perceived religious deviants, “blasphemers,” and political/economic targets, this new wave of pro-IS kill lists has embraced random civilians as targets, as shown in the aforementioned lists of New York and Texas residents.

This past Tuesday, one pro-IS hacking group took kill lists to a new level by releasing one containing 8,300 individuals’ names and information, instructing lone wolf jihadists to assassinate them. The names in the list span 21 nationalities, including Canadians, Australians, Estonians, and Indonesians. (We were able to verify that the French police officer killed Monday in a stabbing ISIS claimed responsibility for was not included in the kill list.)

Image: SITE

As this new kill lists becoming more prolific and wide-aiming, it is important to take a look at them, their data, and who is making them.

What’s Important to Know About Kill Lists

The CCA, active at least since December 2014, is one of the most persistently active pro-IS hacking groups. Its hacks are relatively unsophisticated, consisting largely of website defacements. The group has, however, occasionally appeared to obtain data from private servers on multiple occasions. The group’s kill lists have targeted New Jersey Transit Police and Minnesota Police.

The UCC is an umbrella group of various hacking entities, including the CCA. Its kill lists include those aforementioned 3,600 New York residents, 1,500 Texans, and 8,300 individuals around the world.

Image: SITE

Perhaps the most publicly IS-affiliated group is the ISHD, formerly run by killed IS fighter Junaid Hussain (“Abu Hussain al-Britani“). The ISHD, which released the aforementioned kill list of 100 military personnel as the first such release by a pro-IS hacking group, has also made kill lists of Italian Army officers and various US government personnel.

These new “unofficial” kill lists are nonetheless applications of ISIS’s open-ended terror methodology

Does the Unofficial Status of These Lists Make Them Any Less Dangerous?

Not exactly. The line between what is ISIS and what is pro-ISISis often very thin. Unofficial ISIS media organizations are sometimes granted exclusive information and indicate direct contact to ISIS at the organizational level.

One benefit of this official-unofficial coordination is that unofficial channels can use their contacts within ISIS to verify self-proclaimed recruiters, statements, and circulated files, and in turn warn the rest of the community of potential spies, misinformation, or potential malware. With that, if ISIS were in any way disapproving of these lists, it would have disavowed or distanced itself from them by now, as it has done with other pro-ISIS groups and individuals.

To that point, these new “unofficial” kill lists are nonetheless applications of ISIS’s open-ended terror methodology. More than any other jihadi group, IS has promoted open-ended lone wolf attacks as a weapon against the West. In a September 2014 audio speech, Islamic State spokesman Abu Muhammad al-‘Adnani instructed for attacks against anyone in countries belonging to the American-led anti-IS coalition:

Assessing Kill List Data

Aside from the intent of these lists, there remains another key question: How are these groups obtaining this information?

The data provided in pro-IS “hacks”—commonly comprised of such information as phone numbers and addresses—often turns out to be publicly available. A supposed “hack” by the CCA (then the “Islamic Cyber Army”) against US government personnel on September 11, 2015, for example, directly copied purported FBI names and email addresses directly from a previous leak dating back to at least 2007, and presented it as an original release.

But the pro-ISIS kill lists comprised of publicly available information leave plenty of questions unanswered regarding their sources of data. For instance, though much of the information in releases like the UCC’s kill list of 3,600 New York residents or 1,500 Texas residents can be found via open source searches online, the sizes of the list makes it questionable that they were manually compiled—especially given the time and labor required to do so. Could these lists have been obtained as a result of hacking?

Image: SITE

“Unofficial” pro-ISIS hackers have indeed reached out to outside sources in the past. Most notably, the ISHD’s August 11 release of 1,500 military personnel’s private information was later found to be obtained by a Kosovar hacker named Ardit Ferizi (“Th3Dir3ctorY”). Ferizi reportedly obtained the military personnel’s names after sifting through 100,000 individuals’ information obtained from his earlier breach of an unspecified American company.

ISIS’s unstated but ever-evident embrace of pro-ISIS kill lists isn’t surprising when looking at the group’s identical embrace of supportive media groups. Pro-ISIS kill lists, just like pro-ISIS videos, infographics, and other materials, come from the same grassroots movement that has made ISIS such a successful organization around the globe.

The increasing production of pro-ISIS kill lists, along with their shifting and outward reaching target spans, should be seen as another display of jihadists’ creativity. Just as they have adapted to new methods of exploiting social media, messaging applications, and anonymity-granting software, kill lists are results of the same drive by jihadists to plot, thrive, and terrorize.

Surely, if these new lists were released only three years ago, they would probably be a lot less worrying. Since then, however, ISIS has shown that it has sleeper cells all over the world, and proven itself as a very real danger that cannot be overlooked. That said, heightened alert by government officials and mounting FBI visits to those named in these kill lists accomplish at least a part of pro-ISIS groups’ intent: to instill fear.

And, to that point, these kill lists have been an effective and efficient way of doing so.

Ms. Katz is the author of TERRORIST HUNTER: The Extraordinary Story of a Woman who Went Undercover to Infiltrate the Radical Islamic Groups Operating in America.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s