The Islamic State of Iraq and Syria (ISIS), also known as the Islamic State of the Levant (ISIL), the Islamic State (IS) or the Daesh, was originally formed as an Iraqi branch of Al Qaeda in 2004. It has since developed into an independent organization that is more radical in its views and more technologically sophisticated in its use of social media and the internet. In summer 2014, ISIS leader Abu Bakr al-Baghdadi declared a global jihad. He called on all Muslims to join his cause by either travelling to Iraq or Syria or by supporting the jihad locally. The call specifically focused on recruiting technically skilled and sophisticated individuals, such as engineers, hackers, and doctors, to join the cause.

ISIS leader Abu Bakr al Bagdadi avoids public exposure and he relies on ruthless violence to assert his power. Bagdadi is the supreme religious and political leader within ISIS. In 2014, he personally issued the call for all “true Muslims” to join in a global caliphate. The caliph has unchecked authority, but it relies on regional deputies to oversee its regions and manage the imposed administration in each region. The Shura Council can theoretically depose the caliph; however, such an action is unlikely since all members were appointed by Abu bakr al-baghdadi. ISIS also has a Sharia Council and councils who are responsible for security, military affairs, media, and finances. Many of the top administrative positions in the bureaucracy are held by foreign fighters. ISIS keeps detailed records of its operative and it claims to directly control the actions of its fighters and the residents of its territories. Its ability to direct and control its affiliates abroad is unclear. ISIS attempts to govern its territories with an active militia, a court system, school services, and local governments. Subjects remain loyal out of fear of harsh punishments, such as lashings, stonings, and executions.

When it separated from Al Qaeda in 2014, ISIS seized territories in Iraq and Syria, and declared a global caliphate. It attempted to justify the declaration in the first issue of its propaganda magazine, Dabiq, by outlining steps to ferment local chaos and shaming other jihadist groups that do not attempt to capture and rule territories.

ISIS has a strong online presence that heavily recruits and promotes “lone-wolf” actions through social media. Their radical beliefs are spread by a diverse, unregulated band of digital zealots across conventional social media such as Twitter, Facebook, and Tumblr, and on less conventional channels such as forums and message boards. Members target lonely and misguided individuals, regardless of their initial beliefs, by offering a sense of community and by glamorizing the fight, actions, and lifestyle of the movement. ISIS poses an active cyber threat by working with lone hackers, hacker groups, and by appropriating open source online materials. Some members are technically sophisticated enough to promote the message and culture by defacing websites, social media accounts, and other media channels with text, images, and videos, glorifying the agenda of the group. The technical tools, techniques, and procedures of the group are rapidly escalating as its membership and resources increase. Increases in ISIS online activity tends to coincide with major current events. The group capitalizes off the chaos that it creates, such as launching a major Twitter campaign after the Paris attacks, as well as by turning global events, such as the Syrian refugee crisis, to its advantage.

ISIS encourages young supporters to tweet, blog, and otherwise share their reactions, opinions, and views. The group calls new recruits to conduct domestic lone-wolf attacks using novel mechanisms, such as the hashtag “#FightforHim” following the Paris attacks. The success of the ISIS propaganda campaign is influencing how other groups use the internet. In much the same manner that newspapers’ popularity declined in favor of online media, static propaganda publications are declining in favor of robust, dynamic multi-platform campaigns.  Their social media campaigns are widespread, resilient, and adaptive. ISIS content is constantly removed from conventional social media; however, they have or had a presence on Facebook, Twitter, Tumblr, Instagram, Friendica, Diaspora, and other outlets. Their videos are edited, clear, and include special effects. Video content has been released on YouTube, IS-tube, Dailymotion, personal blogs, and on other media hosting networks. They have released podcasts and interviews on Ask.FM, Mixir, Paltalk, and other channels. ISIS has also used more conventional media outlets, such as Al-Battar Media, Dawla Media, and Al-Platform Media, to spread its message. Their regular publications, Kybernetiq and Dabiq, feature coherent, well-written content, clear editing skills, and are available in multiple languages. These publications can be found with a Google search, through resilient hosting links on Twitter, on Pastebin, and on Much of the content conveyed in these campaigns is defensive encryption techniques and operational security strategies meant to engender a sense of beneficial paranoia in its audience.

Through their social media gauntlet, ISIS has acquired a small, but significant following of technology savvy script kiddies and wannabe hackers. These recruits typically end up as members of the Cyber Caliphate, the dedicated hacker division of the Islamic state of Iraq. ISIS has also aligned with a few pre-established groups. The Terrorist Team for Electronic Jihad, an anti-Israel and anti-Westerner collective, have pledged support for ISIS. The group mostly attacks websites and operates a few social media pages. The Army of the Electronic Islamic State of the Levant, with around 150 members, also supports ISIS. The Army has launched cyberattacks against Arab media outlets on behalf of ISIS.

Portions of AnonGhost, a Palestinian hacktivist group, support ISIS. AnonGhost is sophisticated enough to launch DDoS attacks and employ preconfigured tools. In their #OpIsrael campaign, they flooded Israeli websites with TCP, UDP, and HTTP traffic. The tool was publically released on their Facebook page, featured a YouTube tutorial, and operated through a proxy. Interestingly, in AnonSec’s #OpNasa publication, the group, which was founded by former AnonGhost administrator MrLele, mentions AnonSec’s opposition to ISIS. AnonSec was revealed to have infiltrated NASA public systems in early 2016 and attempted to seize command of a drone. The insider perspective demonstrates that AnonGhost support for ISIS is not universal within the group. It is likely that some AnonGhost members are native to territories that have been terrorized by ISIS or that they hold ideologies different from the radicals.

Defaced websites are often reconfigured to feature the flag of ISIS and phrases like “Hacked by the Islamic State”. The defacements are meant to scare Western businesses and organizations more than recruit new followers. Website defacement often occurs through widely publicized vulnerabilities, such as an outdated WordPress plugin. Those affected range from businesses, to schools, to individual users. By inconveniencing small targets, ISIS creates a sense of fear and xenophobia in the target population that it can leverage to recruit Muslims and social outcasts who are disenfranchised by cultural stigmas. Screenshots, recordings and lists of defaced and targeted websites have been found on forums, such as Aliyyosh, an Arab hacker forum. Stolen Personal Identifiable information belonging to Israelis and Western and American Jews has also been discovered on the forums. In March 2015, a list of names, units, addresses, and photographs of over one hundred U.S. military personnel, supposedly involved in the bombing of ISIS targets, was posted online. The list did not suggest that ISIS had compromised any secure systems; instead, it is believed that the group created the list from open source information and social media profiles. Since then, ISIS has published similar lists with members of various government agencies, such as a collective 100 employees of the State Department, and of private individuals, such as a list of 3000 New York City residents. The Cyber Caliphate publishes these lists in the hopes that local recruits will conduct lone-wolf attacks on the targets. As with website defacement, their goal is to create widespread fear and xenophobia that will polarize society.

So far, ISIS has dedicated much of its offensive cyber capabilities to compromising and hijacking specific social media accounts belonging to individuals, businesses, and government organizations. Targets have included the Twitter and YouTube accounts of U.S. Military Central Command and Newsweek magazine.  In a few instances, ISIS has shown more sophisticated capabilities, such as the use of malware, preconfigured tools, or insider threats. In the former case, ISIS created spear-phishing emails that appeared to oppose ISIS, and sent them to an anti-ISIS group, the Raqqa is being Slaughtered (RSS) opposition group. The emails contained malware that returned the victim’s IP address and geolocation information to ISIS.

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from Youtube
Consent to display content from Vimeo
Google Maps
Consent to display content from Google