By Deric Lostutter

It’s been two days since the Paris attacks that claimed the lives of hundreds of innocent concert goers. The entire world stood still in silence for the first time since 9/11. Friends and family divided over the acceptance of Syrian refugees into the United States and other countries as a result of a coordinated ISIS attack meant to divide us and fill us with fear. Does that mean they are winning?

Anonymous says no, and they will hunt ISIS down to the end of the Earth.

As a former operative in the hacker/activist group myself, I knew just were to find the people lurking in the dark corners of the internet, and monitored their chat in real time as they took down website after website, which they claimed were used to recruit people to ISIS and spread propaganda to instill fear in those that seen it.

I spoke with a 19 year old American Anonymous hacker named “Vex” via IRC chat in the #OpParis channel using the handle “flyingnimjeh”.

[14:54] (FlyingNimjeh:) Okay. So you are a hacker/activist in OpParis correct?
[14:55] (Vex:) Yes you could say that.
[14:55] (FlyingNimjeh:) What made you get involved in OpParis?
[15:00] (Vex:) Well for around 2 months I was on OpIceIsis working on taking down, defacing Isis sites that would lead to the recruitment of vulnerable people. The night of the attack I was shocked and we all scrambled to the chat to figure out what was going on, we all sat in OpParis looking for leads to the attack, Isis people claiming responsibility and what not. I believe I got in OpParis because I suffer
[15:00] (Vex:) watching France go though isis attacks and other countrys. Im trying to do what I can from where I’m at.

Just one day after the attacks on Paris, Anonymous reportedly took down 3,824 ISIS Twitter Accounts.

I continued my interview with Vex, who claimed to have taken down 24 sites himself, defacing, or destroying the integrity and design of well over half.

[15:01 ] (FlyingNimjeh:) How many sites would you say that you have personally taken down or defaced in the name of the Anonymous operation?
[15:03] (Vex:) Overall I think on my own I have taken down around 20 sites and left around 14 defaced.
[15:05] (FlyingNimjeh:) Are you American? and how old are you? what do you think the age range of the operatives in this operation is?
[15:07] (Vex:) I myself am American. I am 19, but I believe the age range for this operation and most of our operations range from 16 or 17 to 36 or 40

Anonymous comes in all shapes and sizes, old and young alike participate in cyber-attacks, civil disobedience, and activism. During the OperationPayback campaign, people ranging in age from 20-60 years old were charged with participating in the distributed denial-of-service, or DDOS attacks of PayPal, MasterCard, and Visa in response to their attacks on WikiLeaks.

Vex went on to tell me what the goal of OpParis is, to him at least;

[15:09] What is the next big move for this operation? What is the end goal?
[15:14] Right now parts of the operation are to be kept silent about due to recent Isis hacks, but what I can say is we are working a huge, growing list of Isis social media accounts. Taking them off social media. End goal I would say Is take them off our internet and let it be known to them that recruiting people for isis through our web is not okay, and we will find every last one and expose them.

I continued to ask questions, wondering if any of these sites were based in the United States. Vex had resolved some of the registrar information and found that the majority of the ISIS websites they were targeting were protected by CloudFlare, a United States based company out of San Francisco, California, who has raised millions of dollars in mitigating DDOS attacks.

Vex informed me that despite their efforts at reporting the accounts to CloudFlare, the American company continued to protect the recruiting websites of ISIS.

[15:46] (FlyingNimjeh:) Have you uncovered any United States connections, or are any of the sites used to recruit being hosted in the United States?
[15:49] (Vex:) Yes, but very few. Most sites by Isis I have found to be hosted in Rome and France
[15:56] (FlyingNimjeh:) What connections?
[17:28] (Vex:) So far I cannot say we have found “connections” persay, although we are(America) shipping weapons to “guns for hire” but what I do know is that these Isis members are registering hosts with US servers
[17:31] (FlyingNimjeh:) do you have an example site with a US server?
[17:31] (Vex:) Let me see if I can dig one out of the wreckage for you.
[17:32] (FlyingNimjeh:) ok. imgur any screenshots of registrar information if you can
[17:37] (Vex:) Putting into Imgur now 🙂
[17:39] (Vex:) http://imgur.com/XCzMphR
[17:39] (Vex:) this is the sites adress: www.islamic-dw.com
[17:45] (Vex:) Also something might peak your interest here. CloudFlare is Protecting 70% of these sites AFTER reporting them.

Vex confirming that a United States company protecting ISIS assets may be a huge implication for the company, and it’s shareholders and business partners. Damning evidence that may skew the public as to who is on who’s side in the fight against terrorism.

I asked Vex if he has been involved in any other operations, and where he learned his skills before signing off.

[17:49] (FlyingNimjeh:) How did you learn your skillset? and have you been involved in any other operations?
[17:53] (Vex:) Since I was a young kid I was drawn to code, picked it up by myself I guess. Later on when anonymous hit big we started making tutorials for new members so they could help, thats when I got more developed in “hacking”. OpKKK, OpIceIsis, OpNimir, OpSandra, OpBaltimore, OpDeathEaters to name a recent few
[17:56] (FlyingNimjeh:) has cloudflare responded to anyones inquiry thus far as to why the continue to protect the websites of these extremists?
[17:56] (Vex:) No responce so far.

Vex confirmed that CloudFlare has not responded to any of the groups reports about ISIS websites under their protection.

I have placed a call to CloudFlare for comment, and was told they could not comment on the matter and to email [email protected] I am currently awaiting reply.

by Virgil Vaduva

Updated at 2:12 PM EST.

In what appears to be an all-out fear mongering and intimidating announcement, IC3, the Internet Crime Complaint Center, which is a website maintained by the FBI, issued an emergency alert stating that “family members of law enforcement personnel and public officials are also at risk for cyber attacks and doxing activity.”

While re-packaging the announcement as a brand new Internet Security emergency, the fear-mongering is little more than a copy and paste from an announcement made in January 26, 2011 by  the United States Computer Emergency Readiness Team (US-CERT) emergency “Security Tip” titled “Staying Safe on Social Networks.”  While masquerading as a “national emergency,” the emergency alert is little more than a poorly-written list of activities or steps that anyone could take to increase their online privacy rather than just law enforcement or police officers.

Without citing any specific threat, Mindi McDowell wrote in 2011 that law enforcement personnel are at risk of having personal information unveiled and exposed on social media networks and other public web sites. Yesterday, April 21 2015, the FBI, using their IC3 website issued a newly re-packaged alert re-stating the same warning, with the exception of going into a bit more detail but still not quoting any credible threat and sticking to very generic language:

“Recent activity suggests family members of law enforcement personnel and public officials are also at risk for cyber attacks and doxing activity. Targeted information may include personally identifiable information and public information and pictures from social media Web sites.”

To make matters worse for the average reader of this release, the IC3 advisory is even explaining “doxing” as being one of the main reason for issuing this advisory, except doxing is a perfectly legal activity and it largely involves gathering publicly and legally available information about a particular topic or individual. Their alert however defines doxing as follows:

“The act of compiling and posting an individual’s personal information without permission is known as doxing.”

Not only is this blatant fear-mongering on the part of FBI and Homeland Security, but as I mentioned above, doxing is in fact completely legal activity and it involves little more than the simple ability to use online search tools like Google and other search engines to find and compile information legally available!

The brand new “fake” security alert was picked up by other government agencies and was sent out to millions of information security and IT professional subscribers late yesterday:

IC3, NCCIC and US-CERT have all been tasked with maintaining awareness about ongoing cyber threats to our national defense systems and Internet infrastructure, however it appears that these organizations and the alerting mechanisms they are using to create awareness about serious threats are now being used to instigate fear about actual legal activities which are being used every day by millions of Americans for research work.

One notable FBI case related to doxing was the case of the Steubenville, Ohio rapists who were exposed by an Anonymous hacker Deric Lostutter. Working under the handle KYAnonymous, Lostutter was interviewed for this article related to doxing and said,

“…as far as the legality of doxing goes, it is perfectly legal should you use data gathered from public sources such as google, spokeo, linkedin etc. The problem the feds have with the practice is they dont hold the people who leave all of their information freely on the internet accountable. When the FBI raided me in april of 2013, I explained to agent bixby of Ohio that Spokeo had an address that I lived at that was a safe house. He stated “well that just seems illegal”. Seeming illegal and being illegal are two different things. It was my fault, as it is the fault of the target, that the information is publicly obtainable. Information on the internet grows exponentially.”

In that case, Lostutter claims to have spent a substantial amount of time researching legally accessible information which was publicly available to identify the rapists and expose them. Shortly thereafter he was raided by an FBI SWAT team, arrested and his computer equipment was confiscated. As a result he is now facing more time in prison than the rapists he helped expose.

His closing statement to TruthVoice about doxing and his message to the FBI was,

“I can find anything out, about anyone, dead or alive. cop or not. all legal, they can suck my left nut“

Unfortunately FBI’s methodology of pushing announcements about doxing via emergency notifications channels may be having the opposite effect and may be detrimental to maintain awareness about Information Security topics by lowering the bar for what constitutes a true cyber security emergency and desensitizing the security industry to real threats and risk factors.

If the folks at Homeland Security, IC3 and NCCIC (who are largely former law enforcement officers) truly believe doxing to be such a danger to the general public, they should issue a general advisory for all Americans who may be at risk of having their privacy violated, not just to cops or current law enforcement members.  The issuance of this alert is illustrating that the current channels used for emergency alerts are little more than a joke and are now seemingly being used for what appears to be political motives and reasons.

You can read the original advisory here: https://www.us-cert.gov/ncas/tips/ST06-003

You can read the re-packaged advisory here: http://www.ic3.gov/media/2015/150421.aspx

Virgil Vaduva is a Libertarian security professional, journalist, photographer and overall liberty freak.  He spent most of his life in Communist Romania and participated in the 1989 street protests which led to the collapse of the Ceausescu regime. He can be reached at vvaduva at truthvoice.com.