KALYPTO (IN)SECURITY

Research, demonstrations, and popcorn

Paris, ISIL, and Anonymous

On Friday a group of radical Islamists attacked Paris.  This was a very low-tech, high-coordination attack.  The group attacked six locations simultaneously and killed over 120 people.  I can’t give an exact number because everywhere you look, you will see different numbers.  You will also see those numbers increase as some of the critical condition victims pass away.

Unfortunately for the world, this was not a one-off attack.  This is just one of many cells carrying out an attack in the location they were given.  In the past month we have seen attacks in Lebanon, Paris, and Iraq just by ISIL alone.   There have been other attacks this month (more than 20 actually), but the deadliest attacks have been executed by ISIL.

What is ISIL/ISIS?

ISIS and ISIL are essentially the same thing.  The reason for the different naming conventions is based on the actual meaning of the group.  The full name is “The Islamic State of al-Sham.”  When calling the group ISIS, al-Sham is interpreted as Syria (the last S in ISIS).  When referring to it as ISIL, you are actually including more than just Iraq and Syria.  The L in ISIL stands for Levant; an area that covers parts of Egypt, Turkey, and Syria.  To be direct, ISIL is a more accurate naming convention, which is why the U.S. President only refers to them as ISIL.

What happened in Paris?

I am not even going to touch that other than what I discussed in the opening paragraph because that could be an entire book of its own.

What does Anonymous have to do with this?

To be frank… Anonymous has nothing to do with this.  They have decided to attack every website, social media profile, and blog they can find that supports ISIL in an attempt to “wipe ISIS off the internet.”  This is pro-Anonymous propaganda that has nothing to do with the terrorism spread by radicals.  It is ridiculous.

ISIL uses the internet a lot.  They use it for a variety of reasons.  Everything from propaganda, to communication, to sharing their favorite recipes (bomb, not dinner).  Other than propaganda, very little of this is done on public sites that just anyone can find.  Most of these sites are either on Darknet (TOR hidden services, I2P, etc.), hidden on servers/routers that have been hacked, or hidden on servers they own that are hosting legitimate public content.

Removal of public communication for ISIL will accomplish one thing… it will annoy them.  Nothing can stop someone from making 1000 twitter IDs.  Nothing can stop someone from making 1000 websites.  It’s like a Hydra from Greek mythology.  If you cut the head off, two more grow in it’s place.

So, what to do?

The problem with ISIL is that they do not have a defined area where they all congregate and are all in one place that may be bombed.  Sure, as their name indicates, they have a specific region of the world where they mostly live, but there are far more innocents in that area than there are terrorists.  Bombs are not an option.

There are cases where taking down sites and social media accounts is a good tactic.  While it will not interrupt their operations or hinder their ability to communicate with each other… it does have the possibility of negatively impacting their ability to spread propaganda.

So, what do you do about the Darknet and hacked servers?  Can you take them down? 

Of course… but you don’t want to.  If you know where someone is meeting to plan something horrendous, do you make them move and hide, or do you infiltrate their location and learn as much as you can?

When someone like Anonymous tries to take down a location that is hosting legitimate operational content for ISIL, taking it down can actually hinder the investigations and operations of counter-terrorism organizations.  There are other ways of learning things than just taking content down.  Weaponizing a document and having it spread throughout an organization is a great way to find out who is involved and how far the web spreads.  Taking down that document prevents that.

Final Thoughts:

If you are a member of a civilian counter-terrorism group, I urge you to be judicious in your decisions about attacks.  If you are attacking a twitter handle because they are spreading propaganda… go for it.  No one cares, not even ISIL.  If you are attacking a server that hosts legitimate content… please consider sending it to the FBI.  They can disseminate the information to the other organizations that actually handle content like that (CIA, DC3, NSA, etc.).  If you want to stay anonymous but still report it… post it on Pastebin with a #FBI hashtag.

Remember to use your noggin.

anonymousisilisisparisterrorism

Kalypto • November 17, 2015


Previous Post

Next Post