Anonymous division, GhostSec, has recently been monitoring ISIS' online and social communications as part of the Op Isis (#OpISIS) campaign with one team member telling SCMagazineUK.com that it plans to attack hundreds of ISIS websites in the coming days.
He/she said that the group has tired of CloudFlare's ‘blatant protection' of terrorist sites, publishing a list revealing how the CDN and DNS provider was being used by numerous ISIS websites.
“It will be a huge campaign where we will take down the ISIS sites they [are] protecting,” said the member. “All of GhostSec is dedicated to this, [its] gonna be huge.”
“Take a look at the content, [it's] vile. If Facebook and Twitter can remove ISIS content when reported why should CloudFlare not?”
In conversation, the team member said that Anonymous had scoped over 140 sites by Wednesday, but believes that there are around 460 in total online. Most of these are used for recruitment although ISIS is also increasingly active on social media - Europol director Rob Wainwrights recently claimed that there are 50,000 Isis Twitter accounts, sending out up to 100,000 Twitter messages each day.
The Anonymous spokesperson was reluctant to go into detail on the nature of the attack, only to say that it would largely be using DDoS attack “using a routing vulnerability to find the hosts so we can attack them.”
The list of targets provided to SC shows that sites were hosted in the US and UK, with around half of all sites (the spokesperson said between 40 to 60 percent) protected by CloudFlare, the free used for performance and security.
UK hosts included Webhosting UK Ltd, Digital Ocean, Heart Internet Ltd UK and Cageprisoners Ltd, while Turkey accounted for 10 percent of sites.
Matthew Prince, CEO of CloudFlare, said on a call with SC that CloudFlare doesn't directly host sites or their content and stressed that removing its service from these sites would only makes sites slower and more vulnerable to attack.
He said that hacktivist demands to terminate their services was “kind of a strange request” when the firm believes in the due process of going down proper law enforcement channels rather than listening to the ‘mob rule'.
He also added that there was some irony, given that Anonymous has ‘on and off' used the CloudFlare network since it launched in 2010.
“Should Google be forced to remove these sites from their search results?” He added, if they were, the internet would “not be a version of the internet you'd want to live with.”
Prince said that CloudFlare would honour the law enforcement requests, but crucially added: “We've never been asked to terminate any sites by law enforcement”
“In four years of CloudFlare, never has any law enforcement ever said ‘terminate that site'. I think the reason for that is because they're savvy to the fact that if they did that, the content wouldn't go away. In some instances, we at times have had requests to not terminate access to sites. You can imagine reasons why law enforcement would want to keep them on the network rather than not on the network.” One of these, he said, would be to see when CloudFlare customers were logging in and using the service.
“It's not as if the CIA isn't aware what sites ISIS is using – not as if GCHQ isn't aware what is good and what is bad.”
Prince, who has had some strong words on censorship in the past, added that this was not a case of CloudFlare profiting as ‘vast majority' of customers are on free versions. Nonetheless, he supports the right of critics to yell – “yell all they want” – and says that CloudFlare has in the past been criticised for provided services to pro and anti-Israel sites, as well as the city of Ferguson. He admits that some of the content is “distasteful or maybe even illegal” but says that the latter is for law enforcement to decide.
“This is just the consequence of building a service that is extremely widely used around the world,” said Prince, who added that the UK government, FBI and major companies are just some with more than five percent of internet traffic flowing through.
Responding to the news, Jonathan Davies, co-founder of Pervade Software, said in an email to SC that the attacks against ISIS websites is a new and emerging trend.
“There is a strong trend recently of cyber-hacktivists joining the fight on terror. On the one hand this could be helpful, keeping teams such as CyberCaliphate at bay but on the other hand the weapons that these Anonymous hackers are creating could one day be turned against the governments and industry of western countries.
“These cyber-wars breed some very sophisticated toolsets that industry will not even be able to see let alone prevent, I am very worried that the average company, charity and public sector IT teams do not have the visibility of their own networks required to detect these kinds of attacks and that could prove catastrophic should these tools fall into the wrong hands.”
He added: “If CloudFlare start blocking certain content they would take on a huge financial burden due to the workload that would involve. Other companies such as Google, Facebook and Twitter are all forced to take that burden on however; I cannot see why CloudFlare should be any different.”