Just days after the attacks in Paris, ISIS became the target of one of the world's biggest vigilante anti-terrorism campaigns. In a widely distributed video, a figure wearing a Guy Fawkes mask publicly declared war on ISIS, promising that "Anonymous from all over the world will hunt you down." ISIS had already been a favored target for Anonymous groups, with #OpISIS kicking off in January, but the horrifying attacks drove thousands of new eyes to the cause. By Monday, Pastebin was filled with more campaigns, including #OpExposeIsis, #OpIceIsis and #OpPrayForParis, filling up the site's Trending page for days afterwards.
But while the new activists have inspired a lot of activity, there are real questions about whether they're helping the broader fight against ISIS or simply muddying the waters. Intelligence agencies and journalists often track the group's online footprint, looking for insights into the group's larger movements, but Anonymous' stated goal is to drive the group out of online spaces entirely. Reconciling those two goals now seems harder than ever.
"I certainly want people to take interest in these issues. The problem is when you take action."
So far, online campaigns have focused on reporting Twitter accounts, websites, and IP addresses run by the group. Typically, the end result is deletion, either by Twitter, Telegram, or an angry webmaster. By that measure, the campaigns have been successful: the secure-messaging app Telegram reported blocking 78 ISIS-related channels this week, and a group called CntrlSec says it's contributing to the suspension of more than 72,000 Twitter accounts since they began their campaign in January.
That's good news if your goal is chase terrorists out of public spaces on the internet — but some groups have more sophisticated goals. A firm called Ghost Security Group has been working with an intelligence advisor named Michael S. Smith II in a long-standing effort to provide tips to US agencies, a partnership first reported by Foreign Policy. Smith collates Ghost Security's tips and forwards them along to US Intelligence officials, where they can be used to inform the larger campaign against the terror group.
Notably, Ghost Security vigorously rejects the Anonymous label, despite often being associated with the group in press accounts. "We are in no way affiliated with Anonymous," they told The Verge in a statement. Smith also distanced himself from the noisier campaigns, which he sees as disrupting more important intelligence work. "I don't want to discourage anyone. I certainly want people to take interest in these issues," he told The Verge. "The problem is when you take action."
"Data mining is essential to our operational success."
It's unclear how useful the intelligence has been — Ghost Security cited six different prevented attacks leading to more than 450 targeted suspects since the beginning of the year, while Smith focused on a single Tunisian attack that was prevented in July — but Smith says the group has gotten a real response from intelligence agencies. "The feedback that we are getting is very positive," Smith says. "They've been building out a knowledge base that's really useful to intelligence officers."
In some sense, dropping the Anonymous label is a necessary political play: if you want the FBI to take your information seriously, you're better off ditching the Guy Fawkes mask. But there's also anxiety that ongoing account takedowns may make their work harder to do. While Ghost Security wouldn’t directly criticize the campaigns, their own materials clearly emphasize monitoring accounts instead of taking them down. "Data mining is essential to our operational success," one section reads. "Ghost Security Group is also capable of infiltrating enemy communications via social media and other platforms for data collection purposes."
Each Twitter account brought down by #OpISIS is one that can't be used as a lead for groups like Ghost Security, and brigading ISIS websites makes it far harder for investigators to slip in unnoticed. For most intelligence officers, ISIS's online presence is a potential goldmine of information on the group's larger tactics — a goldmine that's potentially threatened by online activists' recent campaigns.
As a result, US intelligence has often quietly requested that services not remove ISIS-related accounts. In other cases, agencies like the State Department have gone head to head with ISIS accounts, treating Twitter as a safe space to argue and engage with radicals.
There's also reason to believe ISIS is changing its online habits based on the new campaigns. A recent unconfirmed posting instructed fighters to avoid people they don't know on Telegram and make sure their Twitter username is different from their email to avoid easy intelligence tracking. It's rudimentary advice, but suggests in the group may be changing tactics in the face of the new onslaught.
But that doesn’t mean there’s no place for vigilantes in the fight against ISIS. As Smith points out, local contacts are a time-honored part of intelligence work — and when it comes to the internet, groups like Ghost Security may be as close to local contacts as we can get. "Counter-terrorism work has always relied on outside support," Smith says. "It's never just the agent. There are always tips and things like that."