‘ISIS Hackers’ Googled Their Hit List; Troops’ Names Were Already on Public Websites

They swore they ‘hacked military servers’ to threaten U.S. troops. Actually, these self-proclaimed ISIS whiz kids basically cobbled together information that was already online. 

So much for ISIS’s super-sophisticated hacker army. 

A group calling itself the “Islamic State Hacking Division” posted the names, addresses, and photos of 100 U.S. service members on Saturday, claiming it had obtained the information by breaching military security. 

As it turns out, the group didn’t need to hack the Pentagon. At least two-thirds of the troops on the ISIS “hit list” had been featured on public Defense Department websites designed to promote the military, The Daily Beast has learned. 

Many service members were quoted or photographed in promotional stories talking about their work, often in the Middle East. Others were featured in news videos or in holiday messages to their families. Some were photographed after they returned home from long missions. Others were spokespeople or official photographers for the U.S. military. 

Several troops featured in pieces talking about their missions in Iraq, Afghanistan and in the U.S.-led ongoing campaign against ISIS. In at least one instance, two of the airmen on the “hit list” were featured in the same July 2012 photograph taken at Barksdale Air Force Base, La. 

In counter-terrorism and cybersecurity circles, there’s been a long-running debate about just how skilled Islamic extremists groups have become in the art of network attack. Not long ago, for instance, hackers claiming to be part of a “Cyber Caliphate” took over the social media accounts of U.S. Central Command. 

This latest stunt initially appeared to be a substantive penetration of Defense Department security. Upon further examination, however, the “hit list” seems to be little more than a bit of creative Googling. 

Still, the idea that that terror groups could be combing through public U.S. military sites for individual targets could lead to a more substantial clampdown on the release of information about the wars. And it suggests the military’s ongoing call for service members to not reveal personal information on public sites may not be enough to fend off such threats. 

The ISIS site begins with a message in Arabic and English and then lists the service members in two-deep boxes. On the left is a photo—usually an unofficial one. To the right of that is the service member’s name, usually alongside his rank, and at least one address below it. “The Islamic State Hacking Division (ISHD) has hacked several military servers, databases and emails and with all this access we have successfully obtained personal information,” the site begins. “We have decided to leak 100 addresses so that our brothers residing in America can deal with you.” 

“And now we have made it easy for you by giving you addresses, all you need to do is take the final step, so what are you waiting for?” the page asked, before listing the troops’ information. 

At least 60 of the troops listed were featured on the Defense Video & Imagery Distribution System (DVIDs), a website created shortly after the 9/11 attacks to promote the U.S. military’s defense efforts to the public. The site is updated daily with videos, photos, and news articles, all produced by Defense Department personnel. At least six other service members were quoted in promotional stories on the U.S. Navy’s official site, navy.mil, or the Air Force’s af.mil. 

The Daily Beast has learned that all of the troops on the ISIS “hit list” who were quoted by the U.S. military were also featured on government websites between 2007 and January 2015. Often, the government sites listed the job descriptions for these troops. The Daily Beast could not determine where the group may have found the other 34 names. 

The Daily Beast is not naming the troops listed as a security precaution. None of the U.S. military websites that featured the service members listed their addresses. But there are a number of public records websites that could produce such information. The purported ISIS site features the middle initial of nearly all 100 listed troops, where the Defense Department sites usually do not, suggesting the creators of the site used several sources of information. 

The photos associated with the troops’ names and addresses, which appear to be accurate, appear to come off social media sites. The list contains five women, with their faces blurred out. At least three of the women appear to be in the military. With the other two, it’s unclear. They are photographed with service members, but they aren’t given a rank and don’t wear uniforms in the pictures. The idea that that terror groups could be combing through public U.S. military sites for targets could lead to a further clamp down on the release of information about the wars. 

Because of that, two defense officials said they did not think the ISIS list was a security breach. But knowledge that purported terror groups are trolling public sites left many service members—particularly those who are public officials—nervous about their security. When the list first appeared online Saturday, defense officials said that they believed some of the troops listed had been named publicly but did not say they had often been on military sites. Defense officials said that 58 of those listed on the site served in the Air Force, 41 in the Navy or Marines, and one from the U.S. Army. 

Pentagon officials declined to comment Monday on the discovery of the “hit list” names on public websites, saying the FBI is leading the investigation. Officials said they still are not certain the “hacking division” webpage is indeed affiliated with the self-proclaimed Islamic State. 

One defense official told The Daily Beast that some of the addresses are not correct. In one instance, the service member listed is no longer in the military. 

Nearly all 100 service members had been notified as of Monday afternoon, said Army Col. Steve Warren, a Pentagon spokesman. And he stressed there was no evidence of a data breach or an imminent threat. 

“We don’t have any evidence of a specific threats associated with this list,” Warren said. 

The Daily Beast

Related posts