In November 2015, the media reported that ISIS has spent over a year developing a “ 24-hour ISIS cyber help desk ”, across a series of forums, applications, and social media platforms, to assist its followers in remaining anonymous and instructing them on basic hacker tools, techniques, and procedures. The ISIS cyber help desk campaign is intended to spread  the Jihadist message to new jihadists recruits, spread greater fear, and increase the number of attacks against foreign nations. The primary function of the ISIS cyber help desk was to instruct perspective jihadists in the use of encryption and other secure communication applications to evade law enforcement and intelligence authorities. The group using ISIS cyber help desk promotes the use of deep web forums and secure platforms to obfuscate their activities so that they can covertly plan jihadists recruitment, propaganda, and terror campaigns without worrying that signal intelligence or other indicators will expose their operations.

Supposedly, the ISIS cyber help desk is staffed 24-hours a day by at least six senior operatives who possess enough knowledge to answer questions on a variety of technical and non-technical subjects. Observed communications suggest that the core ISIS members behind the help desk possess at least collegiate or masters level training in information technology. Other less technical members, located across the globe, also assist in answering questions in a timely manner. Consequently, a community has formed since last year. The Counter Terrorism Center (CTC), an independent research organization at the U.S. Military Academy at West Point, monitored the communications for over a year and assessed participation based on log-off times and the Muslim hours of prayer. They found that members signed on from across the globe.

The moderators regularly use social media to distribute YouTube videos and tutorials on how to use applications such as Metasploit or Kali Linux to conduct attacks against vulnerable websites and applications. ISIS even communicates instructions, such as “how to not be hacked by Anonymous”, across platforms such as Telegram. ISIS relies on these platforms for jihadists recruitment and propaganda. Recently, ISIS has favored Twitter and other “more privacy protective” platforms over those owned by Facebook. According to Monika Bickert, who oversees the team that responds to Facebook complaints of nudity, extreme content, or Terrorism, “One thing we’ve heard time and time again from academics is if you want to find terrorists online or those supporting terrorist ideologies, the best thing is to find their friends. So when we become aware of an account supporting terrorism, we look at associated accounts so we can remove them immediately.”

Law enforcement, Twitter, and collectives such as Anonymous, actively attempt to disrupt or take down ISIS accounts in an attempt to erode its influence. Nevertheless, new ISIS accounts continue to appear almost as fast as they are taken down because the ISIS cyber help desk now distributes a manual to teach new members how to use login verification options, how to disable GPS tagging on photographs and posts, and how to securely message on the platform.

The Counter Terrorism Center obtained more than 300 pages of training documents instructing would-be jihadists in digital operational security. The tutorials and documents are distributed on the forums and through persistent links on social media platforms such as Twitter. One such document was a 34-page operational security manual written by a Kuwaiti cyber-security firm, Cyberkov, for journalists and activists operating in Gaza. The manual details avoidance and secure use of social media platforms, anonymous internet browsing through applications like Tor, and disposable and anonymous email clients. The manual discusses the use of encrypted mobile communication through Blackphone, Cryptophone, or the Silent Circle applications. Further, the guide details how to communicate and send photos within smaller groups (up to 80 people) in a vicinity of 200 meters of less, using the Firechat application, for when an internet connection is not available. The guide covers the use of end-to-end encryption of non-stored instant message applications such as Apples iMessage or Wickr, respectively. ISIS distributed the manual to new recruits in online forums and likely in real world training. TheCounter Terrorism Center finding is troubling because it shows that ISIS is now sophisticated enough to recognize its intellectual deficiencies and to locate and appropriate pertinent information to serve its purpose. In this manner, any information security whitepaper, journal, or publication (including this work) may be acquired by the terrorists and perverted to serve their needs.


Over time, the ISIS cyber help desk establishes personal connections with perspective recruits through the sense of community and mentorship. ISIS leverages that connection to draw in new recruits and to persuade them to participate in additional recruitment, fundraising, and potentially, even attacks. FBI Director James Comey has repeatedly voiced concerns over ISIS’s increasing ability to hide its recruitment and communications in secure or dark areas of the internet. As a result, the FBI and other intelligence agencies must learn and understand how the latest secure communication tools function to understand how ISIS communication is occurring. Todd Helfrich (Anomali) confirms, “ISIS and other terrorist organizations have proven their ability to operate in the physical world while coordinating and communicating using new encrypted and pseudo-anonymous channels.” The terrorists’ ability to migrate to new applications or communication channels faster than law enforcement can understand the applications or can devise a means of data collection, poses a serious problem to national security.

In the age of information, knowledge is power. The advent of the secure and obscure forums that collectively amount to the cyber help desk should worry global intelligence organizations because ISIS now has the capability to educate its zealots in cyber terrorism and espionage. They can now securely coordinate and communicate with one another as fast as information can flow through the wire instead of the previous rate of person-to-person espionage. Their network of voluntary and paid operatives expands across the globe. The leadership of ISIS can gather information, plan attacks, and issue commands without leaving their hiding places. In this manner, an attack conceived in Syria, could be organized, communicated, and implemented in France, the United Kingdom, or the United States, in a matter of hours or days.

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from Youtube
Consent to display content from Vimeo
Google Maps
Consent to display content from Google