The So-Called "ISIS Hacking Division"

Many media outlets, including the New York Times reported Saturday that ISIS has released the names and addresses of 100 service members on a website and urged followers to find and kill them. It's far from certain this release has any official connection to ISIS. Instead of "ISIS Urges Sympathizers to Kill U.S. Service Members It Identifies on Website", the headline should be "Group Supporting ISIS Urges Killing of U.S. Service Members Named in Internet Posting."

The release was announced Friday night on Twitter and uploaded to PasteBin, the site used by many groups to post messages. [More...]

In January, there was a hack of Centcom twitter accounts attributed to ISIS because the hacker identified himself as the Caliphate Hacker. But the Caliphate Hacker ended up being a loner with no official connection to ISIS. The Caliphate Hacker was merely a supporter of ISIS. Some media outlets, in their rush to blame ISIS, claimed that the "Caliphate Hacker" was a British ISIS fighter in Syria, who before leaving to join ISIS, actually was a hacker who worked with the Anonymous- connected Team Poison.

After the media began attributing the Centcom hack to him, he tweeted that neither he nor ISIS had anything to do with the release and that the so-called Califphate Hacker was an independent group that supports ISIS but is not affiliated with ISIS. (I've blacked out his twitter handle.)

He also correctly pointed out that the media has been wrong about him before. On one occasion he was falsely reported killed in a drone strike and on another the media reported he was Jihadi John.

One journalist later traced "The Califphate Hacker" to a sole Algerian supporter of ISIS.

As to the current posting, the Pentagon points out it's not really a hack. According to the Times:

One Defense Department official, who was not authorized to speak publicly, said that most of the information could be found in public records, residential address search sites and social media.

....The officials said the list appears to be drawn from personnel who have appeared in news articles about airstrikes on the militant group. Some of the names also appear to be drawn from the Defense Department’s own official reports on the campaign against the Islamic State, also known as ISIS and ISIL.

It is a doxxing -- a release of personal information consisting of names, photos, addresses, phone numbers etc. of military members, most of which is publicly available.

As I was reading the release Friday night, a few things struck me. First, the notice says the list is old and may not be current. "NOTE: A few of the addresses may not be current due to some of the database entries being outdated." I read a reply by one person claiming to be on the list who says he is a former military member who once served in the Middle East, has been home for a while and hasn't lived in the state attributed to him in years.

Second, the list claims the names represent pilots who attacked ISIS at Kobane, and not all the names on the list appear to have been involved in the fairly recent Kobane air strikes. Here's a tweet from the group mentioning Kobane:

Third, ISIS usually makes its own graphics. The graphic used of a black gun laying on a knife is all over the internet (mostly on Russian sites.)

Lastly, and I don't know why the media doesn't mention this, below the last military names and photos, the author writes " Lets see what contractor instructors in the department of defence are up to..." Under that, are two emails with the subject line "Getting the names of Imans."

(Sidenote: it seems the author is British, Canadian or Australian (or at least not American) as we spell defense differently.)

The date of the emails is 2008. One is from a "Joel Mowbray" to someone in Egypt named Samer Ibrahim. In it, Mowbray asked Ibrahim to go around to mosques in Egypt and collect the names of Imans so Mowbray's group could start a database of their names making it easier to find the radicalized ones.

One more important thing: Whenever you go to a mosque, I want you to get the name of the imam leading prayers or giving the sermon. But I also want you to give me the names of all the imams at each mosque you visit, even if you only bought materials. The reason is that we want to start a private database of radicalism in Egypt, mosque -by-mosque. And the most valuable part will be linking specific imams to radicalism. And when you take down the name, make sure you type in the correct Arabic spelling, as well as the
English transliteration for me. Thanks!

Ibrahim replies "I will do that." Since the reply email from Ibrahim is shown as from "me" to Mowbray and includes Mowbray's email to him, it seems Ibrahim's email is the account that was compromised.

Under the emails, there is a reprint of a posting Ibrahim put on his FB page, telling friends in a prayer group that his social media and email accounts had been hacked. He says "Not for distribution to Disbelievers or Muslims." Ibrahim says in the message he even had to cancel a trip to Turkey to work on some project because of the hacking. .

I don't know if "Joel Mowbray" is the same Joel Mowbray who is a conservative author and outspoken critic of CAIR. (I never heard of him before Saturday, so maybe there's more than one person with that name who is interested in Egyptian affairs and the war on terror.) I have no idea who Samer Ibrahim is, although putting two and two together from the posting, it would seem he's a defense contractor in Egypt who belongs to a religious Christian prayer group and is close to Mowbray (Mowbray seems to be dictating to him, not asking.)

Why would the group claiming to be the ISIS Hacking Division include a 2008 email between Mowbray and Ibrahim and the information about Ibrahim being hacked in its list of doxxed names posted on the internet? I don't have a clue. But finding the hackers of Ibrahim's accounts could lead authorities closer to the "Isis Hacking Division."

Perhaps it's this simple: The group was privy to information hacked from Ibrahim in 2008, used his contacts (and prayer group list) to get more contacts and then scoured social media and the internet to get addresses, phone numbers and branch of the military to go with the names.

If so, and again, I'm guessing, this strikes me as the work of some ISIS fanboys with too much time on their hands who were privy to some names (possibly from outdated material hacked much earlier by others) and they then searched publicly available information for personal details to go with the names. If so, there was no no "hack" of privileged defense department materials.

At least more media articles are now referring to the group that doxxed the military members as one that claims to be with ISIS, or one that sympathizes with ISIS, rather than stating as fact that it was ISIS who posted it or ISIS approved. ISIS has official communication channels, and it's dangerous to attribute material to ISIS without being sure that it is an official ISIS communication.

That said, what's most troubling about the doxxing, is that it really doesn't matter if it's ISIS or not. Anyone using ISIS' name and calling for lone wolf attacks on a specific group of military personnel is going to attract the attention of looney wolves, who like the media, may automatically assume it's a communication and directive directly from ISIS, and in their warped mind, carry it out.

I agree with the Pentagon: Military members need to be more cautious about what they post on their social media pages. At a minimum, they need to understand how FB and Twitter work, and how to fine tune their privacy settings. If a looney wolf kills a member of the military in this country, the repercussions will be felt by all of us: The tragedy will be used to justify more electronic monitoring and privacy intrusions on everyone and there will be calls to step up the military fight against ISIS in Iraq and Syria, using the lone or looney wolf attack as proof ISIS is a threat to us here. Getting into a full blown war over the actions of ISIS supporters, fanboys and looney wolves, rather than the actions of ISIS, is not in anyone's best interest.

< The Mess in Yemen | Ted Cruz Announces Presidential Bid >
  • The Online Magazine with Liberal coverage of crime-related political and injustice news

  • Contribute To TalkLeft

  • Display: Sort:
    ISIS vs group suppotting. (none / 0) (#1)
    by Abdul Abulbul Amir on Mon Mar 23, 2015 at 09:37:07 AM EST

    That seems like a distinction without a real difference, as ISIS seems more than happy to take support from all comers.  Tellingly, no "official" ISIS spokes-dirtbag has denounced this action.

    According to the NYT, IS has franchises, as (none / 0) (#2)
    by oculus on Mon Mar 23, 2015 at 10:23:57 AM EST
    did AQ.  But IS does not require the AQ's  "multi-year application process."

    each "franchise" must be formally (none / 0) (#4)
    by Jeralyn on Mon Mar 23, 2015 at 11:29:18 AM EST
    accepted after making "Bayat" to ISIS as Boko Harem in Nigeria was last month. If this was the work of one of them, it would have said so. There are many reminders put out that individual fighters and supporters do not speak for ISIS.

    You can fine tune your privacy settings (none / 0) (#3)
    by Militarytracy on Mon Mar 23, 2015 at 10:26:47 AM EST
    But they can find you through your kids use of social media, and there you are on "the friends" list. We keep photos minimum, my husband asked this of us all eight years ago.  Glad I listened. Someone I went to high school with though just complained about a month ago that I didn't provide enough photos. And it is almost impossible for kids to grasp the danger.  Not sure when everyone will get it. They may never.

    Soldier names are fairly easy to find though through everyday news stories.  I suppose those stories will now disappear in order to protect people, but it will isolate the military in civilian life even more.

    I view all this as mostly attempted intimidation though.