When ISIS Hackers Call You Out By Name
Kill lists have traditionally focused on perceived religious deviants and political/economic targets, but a new wave of pro-IS kill lists has embraced random civilians as targets.
Americans are well aware that terrorists wish harm on their country. We've lived through 9/11, San Bernardino, and this week's horrid atrocity in Orlando—ugly reminders that our nationality, genders, and sexualities all make us targets.
However, it's a completely different experience altogether to see Islamic State (IS, ISIS, or Daesh) supporters target you by name. Indeed, something new is happening: Pro-ISIS hacking groups are investing their efforts into a new style of threat, known as "kill lists," comprised of random people's names and information for lone wolf jihadists to attack. Notable of such releases was a recent list of 3,600 New York residents' names and personal information, accompanied by the message:
The list included the targets' email and street addresses, phone numbers, and neighborhoods, prompting FBI visits to presumed teachers, plumbers, mothers, fathers, tennis players, artists—people who may likely go some days forgetting that IS exists. Yet, these people are informed by the FBI that they are wanted dead by ISIS. Imagine their reaction.
It's not only New York residents making it into these emerging pro-IS kill lists either. Others have targeted Texas residents, New Jersey Transit Police, State Department personnel, USF military personnel, and drone operators, among others.
It raises the question: What the hell is going on?
Jihadi kill lists are not by any means new. Such releases have come from al-Qaeda in the Arabian Peninsula, which has in its English-language magazine, Inspire, listed writers and cartoonists "wanted dead or alive for crimes against Islam" (one of the targets of which was killed in the 2015 Charlie Hebdo attacks) and suggested high-profile economic figures in America as targets. Likewise, the issue 14 of Dabiq, IS' English-language magazine, provided a kill list of well-known "imams of kufr [disbelief]" in the West.
Even from pro-ISIS hacking groups, kill lists are not new. The first such list was released in March 2015 and contained information of 100 military personnel.
However, as my organization, the SITE Intelligence Group, showed in a comprehensive report released last week, pro-ISIS hacking groups are releasing these kill lists at an increasing rate. Of roughly 19 such kill lists released since March 2015, nine have come out in the last four months alone.
News reports commonly refer to this new wave of releases as ISIS kill lists. In fact, these lists are not actually coming from official ISIS outlets, but instead by ISIS-supporting hacking groups with varying extents of affiliation to the group. Currently, there are three pro-IS hacking groups releasing kill lists: The Caliphate Cyber Army (CCA), the United Cyber Caliphate (UCC), and the Islamic State Hacking Division (ISHD).
Between March 2 and May 2, 2016, ISIS-affiliated hacking groups released eight kill lists, targeting 56 New Jersey state police officers, 36 Minnesota state police officers, 11 county board members in Tennessee, 3,600 New York citizens, 50 federal government employees, 76 US military personnel, 50 federal government employees, and 1,500 Texas citizens.
Furthermore, while kill lists have traditionally focused on perceived religious deviants, "blasphemers," and political/economic targets, this new wave of pro-IS kill lists has embraced random civilians as targets, as shown in the aforementioned lists of New York and Texas residents.
This past Tuesday, one pro-IS hacking group took kill lists to a new level by releasing one containing 8,300 individuals' names and information, instructing lone wolf jihadists to assassinate them. The names in the list span 21 nationalities, including Canadians, Australians, Estonians, and Indonesians. (We were able to verify that the French police officer killed Monday in a stabbing ISIS claimed responsibility for was not included in the kill list.)
A message accompanying the release read:
As this new kill lists becoming more prolific and wide-aiming, it is important to take a look at them, their data, and who is making them.
What's Important to Know About Kill Lists
The CCA, active at least since December 2014, is one of the most persistently active pro-IS hacking groups. Its hacks are relatively unsophisticated, consisting largely of website defacements. The group has, however, occasionally appeared to obtain data from private servers on multiple occasions. The group's kill lists have targeted New Jersey Transit Police and Minnesota Police.
The UCC is an umbrella group of various hacking entities, including the CCA. Its kill lists include those aforementioned 3,600 New York residents, 1,500 Texans, and 8,300 individuals around the world.
Perhaps the most publicly IS-affiliated group is the ISHD, formerly run by killed IS fighter Junaid Hussain ("Abu Hussain al-Britani"). The ISHD, which released the aforementioned kill list of 100 military personnel as the first such release by a pro-IS hacking group, has also made kill lists of Italian Army officers and various US government personnel.
The CCA has been attributed as a member group of the UCC umbrella of hacking entities, and is thus linked to all other groups under the UCC banner. The ISHD, meanwhile, appears to act formally on its own. However, just as pro-IS media groups do, these groups likely communicate and coordinate behind the scenes.
These new "unofficial" kill lists are nonetheless applications of ISIS's open-ended terror methodology
Does the Unofficial Status of These Lists Make Them Any Less Dangerous?
Not exactly. The line between what is ISIS and what is pro-ISISis often very thin. Unofficial ISIS media organizations are sometimes granted exclusive information and indicate direct contact to ISIS at the organizational level.
One benefit of this official-unofficial coordination is that unofficial channels can use their contacts within ISIS to verify self-proclaimed recruiters, statements, and circulated files, and in turn warn the rest of the community of potential spies, misinformation, or potential malware. With that, if ISIS were in any way disapproving of these lists, it would have disavowed or distanced itself from them by now, as it has done with other pro-ISIS groups and individuals.
To that point, these new "unofficial" kill lists are nonetheless applications of ISIS's open-ended terror methodology. More than any other jihadi group, IS has promoted open-ended lone wolf attacks as a weapon against the West. In a September 2014 audio speech, Islamic State spokesman Abu Muhammad al-'Adnani instructed for attacks against anyone in countries belonging to the American-led anti-IS coalition:
Do not ask for anyone's advice and do not seek anyone's verdict. Kill the disbeliever whether he is civilian or military, for they have the same ruling. Both of them are disbelievers. Both of them are considered to be waging war.
Assessing Kill List Data
Aside from the intent of these lists, there remains another key question: How are these groups obtaining this information?
The data provided in pro-IS "hacks"—commonly comprised of such information as phone numbers and addresses—often turns out to be publicly available. A supposed "hack" by the CCA (then the "Islamic Cyber Army") against US government personnel on September 11, 2015, for example, directly copied purported FBI names and email addresses directly from a previous leak dating back to at least 2007, and presented it as an original release.
But the pro-ISIS kill lists comprised of publicly available information leave plenty of questions unanswered regarding their sources of data. For instance, though much of the information in releases like the UCC's kill list of 3,600 New York residents or 1,500 Texas residents can be found via open source searches online, the sizes of the list makes it questionable that they were manually compiled—especially given the time and labor required to do so. Could these lists have been obtained as a result of hacking?
"Unofficial" pro-ISIS hackers have indeed reached out to outside sources in the past. Most notably, the ISHD's August 11 release of 1,500 military personnel's private information was later found to be obtained by a Kosovar hacker named Ardit Ferizi ("Th3Dir3ctorY"). Ferizi reportedly obtained the military personnel's names after sifting through 100,000 individuals' information obtained from his earlier breach of an unspecified American company.
Furthermore, as most of these hacking groups' general activities include finding vulnerabilities on websites, it cannot be ruled out that these hackers obtained the information in their kill lists themselves. Only three weeks ago, for example, the CCA claimed hacking an Arkansas library database and released a spreadsheet containing their information.
ISIS's unstated but ever-evident embrace of pro-ISIS kill lists isn't surprising when looking at the group's identical embrace of supportive media groups. Pro-ISIS kill lists, just like pro-ISIS videos, infographics, and other materials, come from the same grassroots movement that has made ISIS such a successful organization around the globe.
The increasing production of pro-ISIS kill lists, along with their shifting and outward reaching target spans, should be seen as another display of jihadists' creativity. Just as they have adapted to new methods of exploiting social media, messaging applications, and anonymity-granting software, kill lists are results of the same drive by jihadists to plot, thrive, and terrorize.
Surely, if these new lists were released only three years ago, they would probably be a lot less worrying. Since then, however, ISIS has shown that it has sleeper cells all over the world, and proven itself as a very real danger that cannot be overlooked. That said, heightened alert by government officials and mounting FBI visits to those named in these kill lists accomplish at least a part of pro-ISIS groups' intent: to instill fear.
And, to that point, these kill lists have been an effective and efficient way of doing so.
Rita Katz, executive director of the SITE Intelligence Group, has infiltrated terrorist fronts undercover, testified before Congress and in terrorism trials, and had personally briefed government officials at the White House, as well as investigators in the Departments of Justice, Treasury, and Homeland Security. Her investigations and testimony have driven action by the U.S. government against terror-linked organizations and individuals.
Ms. Katz is the author of TERRORIST HUNTER: The Extraordinary Story of a Woman who Went Undercover to Infiltrate the Radical Islamic Groups Operating in America.