Gathering Intel, Disrupting Recruitment & Foiling Terror Plots: #OpISIS’ 7 Month Assault On ISIS

Candice Lanier
7 min readAug 13, 2015


Operation ISIS (OpISIS) consists of Anonymous affiliated hacktivists who launched the op in order to counter the presence of ISIS online. The operation has gone beyond that now, having developed into a force that has had impact on the ground as well as online. Ghost Security (GhostSec) is a faction that works closely with Controlling Section (CtrlSec) under the banner of OpISIS. GhostSec is an internationally-based counter terrorism unit. It’s cyber operations consist of collecting actionable threat intelligence, advanced analytics, cyberwarfare using offensive capabilities,surveillance and providing situation awareness. The group’s mission is,“to eliminate the online presence of Islamic extremist groups such as Islamic State (IS), Al-Qaeda, Al-Nusra, Boko Haram and Al-Shabaab in an effort to stymie their recruitment and limit their ability to organize international terrorist efforts.”

Stated on GhostSec’s website is the message: “Every innocent life that Islamic extremists take only serves to strengthen our power and determination. Those who are lost have become part of us.”

So, why is it so important to combat ISIS online? Now that the terrorist organization is operating on both the surface web and the Darknet, the FBI is concerned about the nature of the group’s Darknet activities and the government’s inability to circumvent them. ISIS is currently using the Darknet to inspire terror attacks around the globe, recruit, boost finances and provide military training. The group has also been found to have access to classified US documents, including detailed missile diagrams, diagrams of weak armor points in US vehicles such as M1 Abram Tanks and Bradley Fighting Vehicles and combat training methods used by coalition forces.

ISIS’ recruitment impacts the battlefield by increasing the number of ISIS fighters. It has also been noted that ISIS has fine-tuned its online presence by enlisting skilled hackers and others with technical expertise. The terrorists’ online activity also serves to inspire ISIS supporters to act, as we have seen in instances such as the Draw Mohammed contest in Garland, TX.

ISIS has little to fear from governments in the West. The FBI, for example, lacks the skills needed to adequately combat ISIS on the Internet. Consequently, OpISIS hacktivists have stepped up to the plate to wreak havoc on ISIS. Since OpISIS’ inception 59,491 terrorist Twitter accounts have been suspended, 1,392 terrorist YouTube videos have been removed and 131 terrorist websites have been taken down.

In addition to that, GhostSec is now in constant contact with the FBI and authorities in other parts of the world, alerting them to serious threats they have uncovered. Sometimes specific individuals are threatened and in other cases a particular area or event has been targeted. In the case of the Garland, TX incident, an OpISIS affiliated Twitter user sent a tweet to the Garland Police Department’s official Twitter account, alerting the agency to a potential ISIS attack in Texas. The tweet was sent days in advance of the attack.

Similarly, in April the pro-ISIS media group, Rabitat al-Ansar, posted the names, phone numbers, addresses and email addresses of Americans, Canadians, and others on Just Paste It. But, this communication was quickly intercepted by a GhostSec operative and the list was turned over to the FBI.

GhostSec also warned of ISIS cells forming in both Egypt and Turkey. Now, both countries are engaged in battling ISIS. And, GhostSec operatives often go undercover into ISIS online forums, posing as potential recruits for the purpose of gathering intel. GhostSec has also brought attention to US companies who provide Internet services to terrorists like ISIS. According to Co-Operations Director WauchulaGhost, CloudFlare, a content delivery network (CDN), is the biggest culprit. CloudFlare CEO Matthew Prince has refused to deny service to these accounts, citing free speech. It’s possible that some of the accounts in question are FBI honeypots, but WauchulaGhost seriously doubts that all 46 accounts are part of a sting operation. At any rate, Prince, who has degree in law, should be aware of the fact that terrorist threats are not protected speech.

WauchulaGhost has also, through #OpCloudFlare, been applying social pressure on presidential candidates who use CloudFlare, asking them to switch to to another CDN. For instance, on many occasions he has sent communications to Donald Trump’s campaign website:

“We are trying to make Mr. Trump aware of a situation regarding the Islamic State Terrorist group. We have sent tweets numerous times but have yet to get a response. Our question to Mr. Trump is simple, Does he support ISIS Terrorists? The reason we ask is this, the company Cloudflare protects Terrorists websites. 46 to be exact. Trump’s campaign site is also behind Cloudflare.”

WauchulaGhost emphasizes that they “are trying to make Mr. Trump aware of a situation regarding the Islamic State Terrorist group. We have sent tweets numerous times but have yet to get a response. Our question to Mr. Trump is simple: Does he support ISIS Terrorists? The reason we ask is this: The company Cloudflare protects Terrorists’ websites. Forty-six, to be exact.” WauchulaGhost has also tried to engage the Trump campaign with a variety of memes and even a video, which have been delivered to the Trump campaign via Twitter.

In recent weeks, GhostSec has focused its attention on the Darknet where ISIS has become active and through which they were able to help the authorities in NYC and Tunisia thwart major attacks. GhostSec member, ISHuntingCIub, came across a tweet that appeared to be a threat from an ISIS supporter in regard to the 4th of July. The FBI and CIA were notified. FBI director James Comey has said that a number of plots surrounding the July 4th holiday weekend were foiled and suspects who were inspired by ISIS were arrested. Comey credited the leads received and the work of the FBI in averting the plots.

In another incident, this one involving Tunisia, the hacktivists were able to assist in the arrests of 17 suspects. GhostSec Co-Operations Director DigitaShadow explained in detail how the situation unfolded. While operating undercover on social media, one of our accounts detected a militant account citing threats against British and Jewish tourists in Djerba, Tunisia.” He said that he and the other operatives took the threat seriously due to the nature of this particular account, the manner in which it was conducting itself and its connection with other high profile ISIS accounts.

And, there was mention of suicide bombings. “We instantly began looking for major events in that area where a suicide bombing would yield the highest amount of casualties. That particular day there was an open market where many tourists visited known as Houmt Souk open market. Next we began searching for other attractions that draw high numbers of British and Jewish tourists to find that at least two churches in the immediate area were holding services which is yet another prime target for causing maximum damage due to the closed quarters of buildings and the high occupancy. All evidence of the plot was collected by us, including social media account names, screenshots, images and detailed maps.” This, too, was communicated to the authorities and a tweet was posted on Twitter.

DigitaShadow continued: “Since our aim is to stop terrorism threats wherever they are found we have multiple government contacts and intelligence contractors we can relay intel to in order to deploy military and police forces if required. On this instance we contacted the FBI.” The intel collected in the Tunisia case was verified by Michael S. Smith II, a cofounder and principal with Kronos Advisory, as being instrumental in thwarting the plot. Smith could not confirm that GhostSec’s intel had helped thwart the attack in New York, but explained to Joshua Philipp at the Epoch Times that, “it’s rare to get feedback on data used for counterterrorism, yet noted he ‘knew there was value’ in the information GhostSec provided.”

I asked DigitaShadow his thoughts on OpISIS at this time. He said:

“For the past seven months we have fought sixteen hours a day, seven days a week to hold back the cancer that is the Islamic State and we have no intentions of stopping until they are on their knees. We intend to expand our operations to be able to detect more threats before they happen and to extend our offensive capabilities even further through purchasing additional equipment to fight harder with. We are open to working with other groups and government entities because this is a war and to emerge victorious we must work together.”

CtrlSec explained that most of the team works in the neighborhood of 12 to 16 hours a day. This exhausting schedule, however, doesn’t pose a problem for CtrlSec as he says he’s grown accustomed to the long hours, Twitter account suspensions and threats from ISIS. It’s all part of his daily routine now.

GhostSec consists largely of ex-military members and individuals with strong backgrounds in computer security. A former Miss Jordan has also joined the ranks of Ghost Security. Lara Abdallat is an accomplished individual with a strong desire to see ISIS defeated. “We won’t stop until our mission is complete,” she is quoted as saying. DigitaShadow is of the same mind as Lara, indicating that, “if the governments of the world are unable or unwilling to fight, then we as citizens are left with little choice. It is everyone’s responsibility to stand up for others in their hour of need and we will respond to that call even if it takes another seven months or seven years. The victims of this war can depend on us to stand beside them.”