- Viral video shows an egg getting a hot makeover Tuesday 7:56 PM
- New Netflix feature broadcasts what you’re watching via Instagram Tuesday 6:11 PM
- Videos show alleged Covington teens harassing women, making rape jokes at march Tuesday 4:13 PM
- MAGA teen gets ‘Today Show’ interview—and people are pissed Tuesday 3:38 PM
- Family says hacker sent fake North Korean missile warning through Nest camera Tuesday 2:42 PM
- This Arizona bill would tax internet porn to fund a border wall Tuesday 2:41 PM
- This meme is asking people how they draw the letter X Tuesday 1:18 PM
- Charlie Kirk’s love of U.S. healthcare system put to the test after back problems Tuesday 1:12 PM
- Fyre Fest caterer who was left broke has received $160,000 in donations Tuesday 12:58 PM
- The YouTuber who taught a dog to give the Nazi salute on command can’t find a job Tuesday 12:24 PM
- The ‘oh yeah yeah’ meme is flooding YouTube—and KSI can’t deal Tuesday 12:20 PM
- Did this d*ck-drawing Instagram star steal her gag from a rival runner? Tuesday 12:00 PM
- Rep. Steve King, best known for his racism, tweets a fake MLK quote Tuesday 11:54 AM
- Facebook is helping husbands ‘brainwash’ their wives with targeted ads Tuesday 11:35 AM
- Twitch streamer Pink_Sparkles responds to gamers who don’t think she belongs Tuesday 11:29 AM
Ghost Security has been flooded with tips following the Paris attacks.
You’ve heard about Anonymous declaring “war on ISIS.” But the group who’s really battling the Islamic State in the wake of Friday night’s attacks on Paris isn’t using Guy Fawkes masks, and they’ve been fighting for more than a year already.
Ghost Security, an online hacktivist collective that works against ISIS’s online presence, describes its members as “international volunteer counterterrorism operatives.” Since the Nov. 13 Paris attacks that left at least 129 people dead and hundreds of other injured, GhostSec has received a flood of thousands of new tips about potential ISIS operatives.
Now the real work has started.
“Things are crazy right now. Our site is blowing up with tips, and our group is proactively looking for current threats.”
“Soon after the attacks, our site was getting close to 300 unique visits per minute,” a Ghost Security operative who goes by the username GhostSecPl told the Daily Dot via Twitter direct message. “Things are crazy right now. Our site is blowing up with tips, and our group is proactively looking for current threats.”
Unlike some Anonymous efforts, like a recent operation that failed to deliver on its promise of outing more than 1,000 members of the Ku Klux Klan, GhostSec gets results. The group is credited with providing information that led to law enforcement disrupting a plot to recreate the Sousse beach massacre in Tunisia that left 38 British tourists dead, according to Michael Smith, COO of Kronos Advisory. A private defense contractor, Kronos often serves as a middleman between law enforcement and Ghost Security, whose members prefer to keep at arms length from police.
“[Ghost Security] have developed very rich knowledge of the Islamic State’s online activities, with focus on its social networks,” Smith told the Daily Dot in a phone interview. “They’ve been very instrumental in helping authorities identify communications about offline activities like recruitments, in some instances actual attack plots, and they’ve been especially useful in terms of things that are more difficult-to-monitor communications platforms like Telegram messenger.”
As a rule, the GhostSec team members intentionally disassociate themselves from Anonymous so that they can cooperate with law enforcement, according to GhostSecPl. Some of its members have, however, identified as Anonymous in the past.
“I would say in the region of 30 percent of the sites reported are genuine extremist activity and less than 10 percent are ISIS.”
Ghost Security works by collecting suspected ISIS Twitter accounts and infiltrating supposed ISIS websites. From there, they report all of the information to Kronos, whose analysts forward the information to law-enforcement agencies like the FBI. Ghost Security uses Kronos as a buffer, allowing them to maintain their anonymity and refrain from interacting with law enforcement directly. The attacks in Paris, however, have called for a different approach. GhostSecPl said the group has been reporting “sensitive tips” directly to police.
“I would say in the region of 30 percent of the sites reported are genuine extremist activity and less than 10 percent are ISIS,” GhostSecPl said. “The numbers are much higher for Twitter handles reported—these can be as high as 70 percent accurate.”
The group’s intensified efforts have also resulted in a number of large-scale, distributed denial-of-service (DDoS) attacks on their website, where Ghost Security keeps an archive of all of the reported data, following the attacks in Paris.
“We get [DDoS attacks] daily and cannot count them effectively,” GhostSecPL said. “The attacks on the site are a mix of layer 7 dos attacks (which make up most of them) or people trying to run repeated SQL injection or XSS attacks on us,” GhostSecPL added, referencing some common but damaging technical attacks on Web properties.
Ghost Security has been working to fight ISIS online for almost a year. Since its inception, the group says, it has reported over 1,000 domains and 10,000 Twitter accounts.
The FBI did not respond to a request for comment.
Illustration by Max Fleishman
Once named one of Forbes’ 20 Under 20 and hired as a staff writer for the Daily Dot when he was still a senior in high school, William Turton is a rising tech reporter focusing on information security, hacking culture, and politics. Since leaving the Daily Dot in April 2016, his work has appeared on Gizmodo, the Outline, and Vice News Tonight on HBO.