Going about my normal online routines over the course of the last several weeks I keep picking up more and more “chatter” surrounding the alleged return of a group of hackers known as the United Cyber Caliphate (UCC), a group largely thought to have disbanded dating back to July 2016. Once comprised of a much larger group of international hackers including Anon Ghost, Ghost Squad Hackers, E-Security Team, Caliphate CyberArmy, Sons Caliphate Army and many others, the group has traditionally had a mixed reputation amongst the digital underground or individual hacking circles around the web.
I say this because the group largely splintered and broke apart from one another over allegiances to the Islamic State and terrorism, which was largely supported by some members of the Caliphate whilst others were simultaneous fighting to destroy them/it. Ironically, whats particularly interesting about the alleged rise or return of the UCC in 2019 is that, once again, there appears to be two different factions fighting over control of the group and its official title – one side fighting for terrorism and the another against. As the old saying goes, the more things change, the more things basically say the same.
For example, already this month Express.co in the United Kingdom and the Washington Post in the United States have both covered new reports featuring the UCC – hinting at the groups possible return to the hacking scene this year. Even the international Terrorism Research and Analysis Consortium (TRAC) is coming out with new warnings about the group, going as far as to post a newly received message from the Munashir Cyber Section of the new UCC reading “MESSAGE TO KUFFAR IN THE WORLD. You were the first to fight us so we will soon fight. Fight you from all fronts and we will fight you, with cyber attacks and real attacks, remember this O Salibris!! There is no safe place. The whole world is threatened. Wait and we are waiting. Soon.”
Comprising information from a number of various international sources, allegedly, the 2019 version of the United Cyber Caliphate comprises of the following factions/groups: Islamic Intelligence, Caliphate Cyber Army, Ghost Caliphate Section, SONS Caliphate Army, Anon Terror, Fighter Muslim Cyber Caliphate, Team System DZ and Anshar Caliphate Army. The groups is now also flying operations under a new “flag,” a bouillabaisse of all the aforementioned groups logo’s put together into one…
UCC Logo 2019:
Before I continue, what makes me qualified to cover this article here today? Well, I am glad you asked! Not only was I heavily entrenched in #OpISIS throughout the course of 2015 and 2016, but I am also the founder of the Anonymous Intelligence Agency (AIA) – an intelligence gathering organization formed to pick up the slack and take on tips after Ghost Security Group sold out to the FBI to make their millions. I was also to original publisher of the doxx of the UCC in July 2016 and have had regular contact with several of the groups former and current members over the years.
Learn More – Anonymous Intelligence Agency: https://roguesecuritylabs.ltd/anon-intell
With that established, before writing this article here today I had been doing some research into these matters dating back to November 2018, after publishing the identities of ISIS members in Yemen for S1ege of Ghost Squad Hackers. What I have discovered since this time is that dating back to Donald Trumps declaration of victory over the Islamic State at the tail end of 2018, Islamic State propaganda, chatter and online activity has once again started exploding as we’ve entered into 2019. I am also certain that this is no coincidence, and knowing full well that all US Government agencies hunting/tracking ISIS’s online presence would be shutdown also didn’t help matters. For example, Trump declared victory over ISIS on the 19th, then the Government was shutdown on the 22nd, and by mid-January 2019 reports about ISIS related terror activity spreading online had began circulating all around the world – such as was documented in the stories provided above.
Before moving forward, in 2015 Anonymous hackers launched something known as “Operation Ice ISIS” (#OpISIS) – going as far as to publicly delete hundreds of thousands Islamic State Facebook profiles, Twitter accounts, YouTube pages and websites offline, ultimately forcing the group and many of its core members off the ClearNet and onto more encrypted/private lines of communications. I bring this up because as I was going about investigating ISIS accounts and terror related activity at the time, I remember coming across thousands upon thousands of ISIS web pages, accounts and online profiles that hadn’t been used in years – seemingly abandoned dating as far back as 2012 and 2013. At the time I guess I just assumed that their creators had either been killed in the War or deserted the profiles entirely, and therefore didn’t register them as “active threats” – instead choosing to only focus on reporting/closing more active accounts and users.
Learn More – #OpISIS 2015/2016: https://anonhq.com/?s=OpISIS
Tying this back into events currently unfolding in the here and now, intelligence researchers around the world have begun discovering that ISIS members are once again jumping back online, using many of the old terror accounts created/abandoned and left ignored by international authorities years ago. Not only this, but ISIS hackers have also begun hacking old accounts belonging to random Twitter users whom haven’t used there accounts in years, some dating as far back as 2009, simply to use the accounts to Anonymously spread propaganda and/or recruit new members online. However, it remains unknown if these tactics are merely opportunistic or designed as part of a much larger, long term online strategy for the terror group.
Regardless, as was first reported by TechCrunch on January 2nd 2019, “Hackers are using a decade-old flaw to target and hijack dormant Twitter accounts to spread terrorist propaganda.” Explaining how “the recent resurgence in hijacked accounts appears to be hackers exploiting Twitter’s legacy lack of email confirmation,” allowing for “many older Twitter accounts to be easily hijacked by creating the email address used to initially register the Twitter account.”
Hackers spread ISIS propaganda by hijacking dormant Twitter accounts Hackers are exploiting an old flaw to hijack dormant Twitter accounts to spread ISIS propaganda. An investigation from TechCrunch found that the impacted accounts appear to have been overtaken in recent day…
— Speed News (@Speed_News_) January 4, 2019
Outside of that, more in depth research into the matter has revealed that some of ISIS’s most elite or core members have primarily shifted all of their communications over to a peer-to-peer networking system/application known as ZeroNet, which essentially allows users to create web pages as if they existed on the “DarkNet,” but which are actually hosted on the “ClearNet.” Researching the design a little further, ZeroNet works by assigning the location of a web page with a unique “Bitcoin Address,” rather an a custom “URL Address” – something typically/historically standard on the ClearNet. This is done to assure that only the people who know the proper sequence of letters, numbers and symbols contained within the Bitcoin address will ever be able to find or access the website. In other words, to paraphrase Pirates of The Caribbean, it is essentially a website which can not be found except for those whom already know where it is 😉.
The application itself is also built in Python, something incredibly unique for a website or web hosting client, further allowing users to route all of their activity through Tor network relays to obscure their activity and identities.
2) #ISIS-linked entities have exploited ZeroNet for years, but a major change came when #ISIS’ ’Amaq News Agency, an official media arm of ISIS, announced its blog on the network in December. This was essentially a nod to the ISIS community to do the same. https://t.co/lChYWI3Q9S pic.twitter.com/o1r6CIHIpa
— Rita Katz (@Rita_Katz) January 29, 2019
In a private message, a former/founding member of the UCC dating back to 2015 and one of many parties currently attempting to re-establish the group headed into 2019 told Rogue Media Labs that “the UCC is making a return.” Explaining that “some of tour members support ISIS, but most of us do not. We do not work for or with ISIS directly.” They explain how it is their mission to defend Muslim communities around the world and empower them to fight back against Zionism and retaliate for open displays of Xenophobia. However, they want to make it crystal clear that they “do not support terrorism.” Another hacker once loosely affiliated with the UCC and some of its former members also told Rogue Media Labs that many of the modern partners attempting to re-establish the UCC are “all just skids.” Adding that any of its members whom actually possessed any real skills were all doxxed by Ghost Squad Hackers back in 2016 – the same event ultimately leading to the groups demise.
It is also important to distinguish that there are two entirely separate groups of people fighting for the naming rights belonging to the United Cyber Caliphate in 2019, and the groups listed by the Terrorism Research and Analysis Consortium (TRAC) only tell half the story. The other groups fighting for control of the group are not related to or with these people, instead comprising of various independent Muslim hackers once affiliated with other groups – though primarily AnonGhost. Consequentially enough, they are far less extremist than the groups published by TRAC and there are far less of them, though its suspected that they are much more skilled.
For the time being, the “Anonymous Intelligence Agency” is continuing to monitor the situation, and in light of the recent surge in UCC and Islamic State activity across the web has officially decided to re-open our international tip line. If anyone reading this article comes across or knows anyone whom has or will come across any suspicious or terror related activity online, please submit any/all information via the email address provided below. The emails will be forwarded to a secure location, obscuring the source/end destination, ensuring that all sources remain anonymous.
Submit Tips/Information: Tips@AnonIntell.Org