Ghost Security

Last updated

Ghost Security, also known as GhostSec, is a self-described "vigilante" group that was formed to attack ISIS websites that promote Islamic extremism. [1] [2] It is considered an offshoot of the Anonymous hacking collective. [3] [4] According to experts of online jihad activism, the group gained momentum after the Charlie Hebdo shooting in Paris in January 2015. [2] The group claims to have taken down hundreds of ISIS-affiliated websites or social media accounts and thwarted potential terrorist attacks by cooperating with law enforcement and intelligence agencies. [5] The group uses social media hashtags like #GhostSec - #GhostSecurity or #OpISIS to promote its activities. [3]

On 14 November 2015, Anonymous posted a video [6] announcing its "biggest operation ever" against the terrorist group [7] [8] in response to the attacks in Paris, taking down 3,824 pro-ISIS Twitter accounts [9] and doxxing recruiters. [10] A message posted by an ISIS-affiliated account on encrypted chat service Telegram replied defiantly to Anonymous by providing instructions on how to respond to a potential cyberattack. [11] [12] On 25 November, an ISIS WordPress dark web site was reportedly hacked by GhostSec, which replaced the site with an advert for Prozac. [13]

GhostSec found information related to planned terrorist attacks in New York and Tunisia and passed this information on to law enforcement authorities. [14] In the wake of the cooperation with law enforcement, GhostSec decided to "become legit" to more efficiently combat ISIS. The group renamed itself "Ghost Security Group" and by November 2015 ended its association with Anonymous. Those of the members who opposed this development re-formed under the old name of "GhostSec" and maintained Anonymous ties. Both groups continue to operate against ISIS. [15]

Lara Abdallat is one of the only members of Ghost Security Group whose identity is public. [16]

Ghostsec also has involvement in the recent Russia-Ukraine conflict, with the groups involvement dating back to the first signs of aggression in 2022. Since their involvement Ghostsec has carried out numerous attacks on the Russian government, one notable one being on July 20th 2022. [17] The Gysinoozerskaya Hydro-Power Plant suffered a attack resulting in a spew of fire shutting down the power plant. The group carried out the attack in support of Ukraine's struggle against Russia, with precise timing in order to avoid unnecessary casualties. [18]

As of August 2023 GhostSec has been active in the Middle East, particularly relating to the Islamic Republic of Iran. In August of 2023, they breached Fanap Behnama and exposed over 20gb of data from facial recognition to the software's own source code. [19]

See also

Related Research Articles

<span class="mw-page-title-main">Hacktivism</span> Computer-based activities as a means of protest

Internet activism, hacktivism, or hactivism, is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hacker culture and hacker ethics, its ends are often related to free speech, human rights, or freedom of information movements.

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, and programming scripts can all be forms of internet terrorism. Cyberterrorism is a controversial term. Some authors opt for a very narrow definition, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

<span class="mw-page-title-main">Anonymous (hacker group)</span> Decentralized hacktivist group

Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.

The Jester is a self-identified grey hat hacktivist. He claims to be responsible for attacks on WikiLeaks and Islamist websites. He claims to be acting out of American patriotism.

Jake Leslie Davis, best known by his online pseudonym Topiary, is a British hacktivist. He has worked with Anonymous, LulzSec, and other similar groups. He was an associate of the Internet group Anonymous, which has publicly claimed various online attacks, including hacking HBGary, Westboro Baptist Church, and Gawker. They have also claimed responsibility for the defacing of government websites in countries such as Zimbabwe, Syria, Tunisia, Ireland, and Egypt.

<span class="mw-page-title-main">LulzSec</span> Hacker group

LulzSec was a black hat computer hacking group that claimed responsibility for several high profile attacks, including the compromise of user accounts from PlayStation Network in 2011. The group also claimed responsibility for taking the CIA website offline. Some security professionals have commented that LulzSec has drawn attention to insecure systems and the dangers of password reuse. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. One of the founders of LulzSec was computer security specialist Hector Monsegur, who used the online moniker Sabu. He later helped law enforcement track down other members of the organization as part of a plea deal. At least four associates of LulzSec were arrested in March 2012 as part of this investigation. Prior, British authorities had announced the arrests of two teenagers they alleged were LulzSec members, going by the pseudonyms T-flow and Topiary.

Teamp0ison was a computer security research group consisting of 3 to 5 core members. The group gained notoriety in 2011/2012 for its blackhat hacking activities, which included attacks on the United Nations, NASA, NATO, Facebook, Minecraft Pocket Edition Forums, and several other large corporations and government entities. TeaMp0isoN disbanded in 2012 following the arrests of some of its core members, "TriCk", and "MLT".

Anonymous is a decentralized virtual community. They are commonly referred to as an internet-based collective of hacktivists whose goals, like its organization, are decentralized. Anonymous seeks mass awareness and revolution against what the organization perceives as corrupt entities, while attempting to maintain anonymity. Anonymous has had a hacktivist impact. This is a timeline of activities reported to be carried out by the group.

<span class="mw-page-title-main">Israeli Elite Force</span>

Israeli Elite Force (iEF) is a hacktivism group founded two days before OpIsrael on April 5, 2013, that is responsible for multiple high-profile computer attacks and large scale online vandalism. Targets include ISPs, domain registrars, commercial websites, educational institutions, and government agencies. The group's core members are: mitziyahu, Buddhax, amenefus, bl4z3, r3str1ct3d, Mute, Cyb3rS74r, Oshrio, Aph3x, xxtr, Kavim, md5c, prefix, Cpt|Sparrow, gal-, gr1sha, nyxman and TheGodOfHell.

Junaid Hussain was a British black hat hacker and propagandist under the nom de guerre of Abu Hussain al-Britani who supported the Islamic State of Iraq and the Levant (ISIL). Hussain, who was raised in Birmingham in a family originally from Pakistan, was jailed in 2012 for hacking Tony Blair's accounts and posting his personal information online. Hussain left the UK around 2013 for Syria.

<span class="mw-page-title-main">Islamic State Hacking Division</span>

The Islamic State Hacking Division (ISHD) or The United Cyber Caliphate(UCC) is a merger of several hacker groups self-identifying as the digital army for the Islamic State of Iraq and Levant (ISIS/ISIL). The unified organization comprises at least four distinct groups, including the Ghost Caliphate Section, Sons Caliphate Army (SCA), Caliphate Cyber Army (CCA), and the Kalashnikov E-Security Team. Other groups potentially involved with the United Cyber Caliphate are the Pro-ISIS Media group Rabitat Al-Ansar (League of Supporters) and the Islamic Cyber Army (ICA). Evidence does not support the direct involvement of the Islamic State leadership. It suggests external and independent coordination of Pro-ISIS cyber campaigns under the United Cyber Caliphate(UCC) name. Investigations also display alleged links to Russian Intelligence group, APT28, using the name as a guise to wage war against western nations.

<span class="mw-page-title-main">Phineas Fisher</span> Hacktivist

Phineas Fisher is an unidentified hacktivist and self-proclaimed anarchist revolutionary. Notable hacks include the surveillance company Gamma International, Hacking Team, the Sindicat De Mossos d'Esquadra and the ruling Turkish Justice and Development Party three of which were later made searchable by WikiLeaks.

Ghost Squad Hackers ("GSH") is a hacktivist group responsible for several cyber attacks. Former targets of the group include central banks, Fox News, CNN, the United States Armed Forces and the government of Israel. The group is led by a de facto leader known as s1ege, and selects targets primarily for political reasons. The group forms a part of the hacktivist group Anonymous.

Lara Abdallat is a Jordanian activist, hacker, and former beauty queen.

The Katiba des Narvalos is a non-partisan collective constituted from citizens from all venues of life, dedicated to fighting jihadism on social networks and more generally on the Internet. Their tactics comprise parody, as to discredit jihadist propaganda; surveying and reporting offending accounts; and infiltrating cyber-jihadist networks as to prevent terrorist attacks.

<span class="mw-page-title-main">Cyber Partisans</span> Belarusian hacktivist group

Cyber Partisans is a Belarusian decentralized anonymous activist/hacktivist collective emerged in September 2020, known for its various cyber attacks against the authoritarian Belarusian government. The group is part of the broader Belarusian opposition movement.

<span class="mw-page-title-main">IT Army of Ukraine</span> Ukrainian cyberwarfare volunteer group

The IT Army of Ukraine is a volunteer cyberwarfare organisation created at the end of February 2022 to fight against digital intrusion of Ukrainian information and cyberspace after the beginning of the Russian invasion of Ukraine on February 24, 2022. The group also conducts offensive cyberwarfare operations, and Chief of Head of State Special Communications Service of Ukraine Victor Zhora said its enlisted hackers would only attack military targets.

References

  1. "Beauty Queen and Vigilante Female Hackers Declare Online War on ISIS". MSM.com. Retrieved 26 July 2015.
  2. 1 2 Gladstone, Rick (25 March 2015). "Behind a Veil of Anonymity, Online Vigilantes Battle the Islamic State". The New York Times . Retrieved 26 July 2015.
  3. 1 2 "Ghost Security Hackers, Offshoot Of 'Anonymous,' Claim They Disrupted ISIS Attack By Intercepting Twitter Messages". International Business Times . September 2015. Retrieved 15 November 2015.
  4. "Anonymous vs. the Islamic State". Foreign Policy. Retrieved 15 November 2015.
  5. "Can Cyber Activists Chase ISIS off Twitter?". The Atlantic. 8 October 2015. Retrieved 15 November 2015.
  6. Anonymous réagit aux attentats de PARIS 13/11/15, YouTube
  7. "Anonymous Declares Cyber War on ISIS. Why It Matters". Fortune. Retrieved 18 November 2015.
  8. "Anonymous 'declares war' on Islamic State". BBC. 16 November 2015. Retrieved 17 November 2015.
  9. Cimpanu, Catalin (16 November 2015). "One Day Later, Anonymous Already Takes Down 3,824 Pro-ISIS Twitter Accounts – Update". softpedia.
  10. Griffin, Andrew (17 November 2015). "'Operation Isis' Anonymous activists begin leaking details of suspected extremist Twitter accounts". The Independent.
  11. "'Idiots': ISIS responds to Anonymous threatening its 'biggest operation ever' against it". Business Insider. Retrieved 18 November 2015.
  12. Reisinger, Don. "ISIS Calls Anonymous 'Idiots' As Cyber War Heats Up". Time . Retrieved 18 November 2015.
  13. Cuthbertson, Anthony (25 November 2015). "Hackers replace dark web Isis propaganda site with advert for Prozac". International Business Times. Retrieved 25 November 2015.
  14. Cuthbertson, Anthony (22 July 2015). "Anonymous affiliate GhostSec thwarts Isis terror plots in New York and Tunisia". International Business Times. Retrieved 3 November 2016.
  15. Smith IV, Jack (4 December 2015). "Anonymous Divided: Inside the Two Warring Hacktivist Cells Fighting ISIS Online". Mic . Retrieved 3 November 2016.
  16. White, Mark (11 November 2015). "Digital vigilantes: the online fight against Islamic State". The Sydney Morning Herald. Retrieved 21 November 2019.
  17. Karmakar, Tista (20 July 2022). "Exclusive: GhostSec has taken the responsibility for the recent Russian ICS attack with zero causality". The Tech Outlook. Retrieved 21 July 2023.
  18. Bussoletti, Francesco (21 July 2022). "Ukraine, Anonymous cyber warfare against Russia becomes more aggressive". Difesa e Sicurezza (difesaesicurezza.com). Retrieved 21 July 2023.
  19. Woollacott, Emma. "Hacktivists Breach Iranian Surveillance System". Forbes. Retrieved 31 December 2023.