#OpISIS In Depth: Meet The Individuals Doing Battle With ISIS Online

Operation ISIS (OpISIS) is a project, launched by Anonymous hacktivists, for the purpose of countering terrorist activities online. Over time, there have been various Anonymous factions involved in OpISIS, the largest Anonymous operation to date. At this time, the main groups participating in OpISIS are GhostSec, Binary Sec, VandaSec and CtrlSec.

The operation has garnered widespread support, globally and across the political spectrum. It consists of individuals from various parts of the world who are frustrated with world governments’ inability to effectively handle the spread of terrorism online. The op relies on both individuals with technical skills and those with non-technical skills.

Recently, UK Security Minister John Hayes came out publicly in support of the operation, saying that he is “grateful” for the actions of Anonymous for targeting ISIS. Hayes announced to the Commons Home Affairs Committee: “I am grateful for any of those who are engaged in the battle against this kind of wickedness.”

But, there has also been criticism leveled against the operation. Most of the criticism is aimed at Muslim websites, which are not terror-linked, being taken down by a few in the movement. Others have expressed concern that the hacktivisist are interfering with the government’s work, but Western governments have been all but absent in the fight against terrorism online. A lot of surveillance takes place, but little action.

Even FBI Director James Comey, while acknowledging ISIS’ recruitment in the US is a bigger threat than ever, has admitted the FBI has no way of stopping ISIS from recruiting Americans through social media. Similarly, Adm. Michael Rogers, commander of US Cyber Command and director of the National Security Agency, has said that they, “spend a lot of time tracking people that can’t be found.”

On the other hand, law enforcement receive a vast amount of tips and intel from social media users and hacktivists online. Counterterrorism experts have commented that ISIS’ online activity has been countered almost entirely by civilian volunteers.

So, why all the concern regarding ISIS’ online activities?

“Concern regarding ISIS’ continued use of the Internet to raise funds, spy on US, Coalition Forces, spread propaganda and recruit has been heightened. Authorities in the US are well aware of the impact recruitment has had on the battlefield and on ISIS operations, in general. And, in terms of radicalization, the common denominator seen in almost all cases is exposure to jihadist activity online. Simply reading and viewing extremist propaganda can spur the individual on to enlistment.

Almost all of ISIS’ recruitment in the US is done online.”

And, who are the individuals committed to this battle?


GhostSec, a counterterrorism unit within the Anonymous collective, became involved with OpISIS in January, following the Charlie Hebdo attack. The group consists largely of ex-military and IT professionals. According to one of GhostSec’s founding members, who goes by the name Commander Xavior, the group was established in 2014 with a focus on police brutality. But, as Xavier became more and more aware of ISIS, he and the other members made the decision to join the OpISIS movement:

“We were hesitant at first on what we should do because we knew whatever actions we would take was going to be dangerous for our safety as individuals and to the ones that had families. Finally the decision was made as a team to take on ISIS and their propaganda.”

Eventually, GhostSec began collecting actionable intel, engaging in threat analysis, assisting the authorities with high-value targets and communicating terror plots to the authorities. GhostSec has also:

  • Repeatedly issued warnings regarding threats to the West, which originate directly from within ISIS.
  • Warned of threats specific to Christians and Jews, issued by ISIS spokesperson Abu Mohammad al-Adnani.
  • Essentially performed in the same vein as US citizens who mobilized to support the war effort during WWII.
  • Slowed ISIS’ ability to raise funds online, spread propaganda and recruit.
  • Alerted the authorities to ISIS’ spying on U.S. Coalition Forces online.
  • Taken down terrorist sites which spread propaganda, deliver threats and/or recruit.
  • Targeted terror-linked Twitter accounts.

As for future plans and what types of projects GhostSec may have in development, Commander Xavier explained that, “there is an app that was built by some talented individuals but I will not elaborate because it’s not my place to bring it public. I will say that we are not building an application for a unsecure operating system such as Windows. There have been other, less talented groups in the hacker community lately that have attempted writing generic code. They compiled the code it into a elementary GUI with built in keyloggers and designed the applications to expose the end-users true IP.”


BinarySec is an OpISIS group that was formed this year, early in the Spring. The BinarySec website indicates the team assists other operations as much as possible. A BinarySec member, who goes by the name TouchMyTweets, said that they are willing to work with any like-minded OpISIS teams. Currently, the group’s focus is on purging terrorist content from the Internet in order to stem the flow of recruitment. The group estimates the number of terror sites it has taken down to number in the hundreds. They also target terror-linked Twitter accounts.

According to TouchMyTweets, BinarySec team members, “report them to Twitter and have their accounts suspended on a regular basis.” She also discussed the group’s new reporting tool: “We have also developed a reporting bot (@tool_binary), a tool that churns out ISIS accounts in timed increments (we can set this to once an hour, once every half hour etc.) Twitter users who follow this bot are able to use it to report ISIS-affiliated accounts to Twitter and have them suspended.”

TouchMyTweets went on to say:

“Our members have a diverse skill set which they use on different projects. One example I can provide is a domain finder tool one of our members has currently in development, which will make it exponentially easier to locate ISIS websites and their hosts. It’s the ultimate website killer.

Our tool is open source, anyone can look at the code and see there is no malware… We have delayed the launch of a Windows version due to those same security concerns. We do not want any appearance of impropriety.”

She describes BinarySec as being an, “exacting and fiercely loyal group” that feels like family. She says that prospective recruits to BinarySec are heavily vetted before acceptance into the group.


VandaSec is a new OpISIS faction, launched a month ago. The group targets ISIS, Pedophiles and, according to the group, basically “anything wrong.” They also said they report any significant findings to the authorities. VandaSec located and released what they say are the phone numbers of 60 ISIS members. It is a self-contained group of 5, which does not rely on a network of support services.

VandaSec was featured in an article in The Mirror for unveiling an astonishing web of interactions linking extremist social media mouthpieces to the British government. When, asked if there is anything the group would like for people to know about them, the group’s spokesperson replied with: “We are some of the best…”


Members of CtrlSec flag accounts that are suspected to be supportive of ISIS. CtrlSec is not affiliated with Anonymous, but enjoys the support of many Anons and others involved in OpISIS. According to an article in The Atlantic:

“When I asked whether CtrlSec uses algorithms to identify pro-ISIS Twitter activity, he was adamant that it does not. Instead, he insisted, every suspect tweet and Twitter account is tracked down manually by one of the group’s 28 operatives, many of whom can read Arabic. I asked him what criteria these operatives use to determine pro-ISIS sympathies and he replied, “You need two eyes and brain.” When I probed him further, he said, “We are trained to see indicators. … Also, we monitor the well-known accounts to pick up new supporters.” Mikro claimed that CtrlSec identifies 200 to 600 pro-ISIS Twitter accounts a day.

Once the group is satisfied that it has identified a pro-ISIS account, it adds the account in question to its “blacklist,” which it tweets out in automated installments. The group then asks its followers to flag the blacklisted accounts for Twitter.”

Other movements and groups involved in OpISIS include WolfSec, #OpIceISIS and #No2ISIS.

There are also lone operators in OpISIS. One of the most well-known is WauchulaGhost. The former GhostSec member now spends his time working alongside other groups, coaching new Anons and continuing with OpCloudFlare, an operation which monitors Western companies who provide services to terrorists and their supporters.

WauchulaGhost also played a role in organizing the recent “Trolling ISIS” campaign on Twitter. Due to all of this, he has garnered quite a bit of media attention in recent weeks.

OpISIS has been both praised and criticized. Like any human endeavor, it is not perfect. But, it has managed to have more impact on thwarting ISIS online than Western governments have. It would not be unreasonable to ask critics of the movement what they are doing to slow the spread of ISIS.




Journalist @ Daily Kos & Bleeping Computer. System Admin. Researcher, writing a book. https://muckrack.com/candice-lanier https://www.candicelanier.com/

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Candice Lanier

Candice Lanier

Journalist @ Daily Kos & Bleeping Computer. System Admin. Researcher, writing a book. https://muckrack.com/candice-lanier https://www.candicelanier.com/

More from Medium

dApps dMystified

Introduction to Crowdfunding


Crypstation and Xave come together to power our services