On 22 June 2016, a pro-ISIS hacking group called the United Cyber Caliphate (UCC) published a “hit list” on their private Telegram channel that included the names, addresses (both physical and e-mail), and other personal information about several thousand people around the world along with an exhortation for the “wolves of the Islamic State” to “kill them immediately.”
The list caused a good deal of consternation across the globe, with news outlets from countries such as India, Australia, Canada, and the United States charting exactly how many of their citizens’ names were on the list:
A pro-ISIS hacking group called the United Cyber Caliphate distributed the list. The list includes names, addresses, and email addresses belonging to 8,318 people.
The names and addresses belong to people living in the United States, Australia, Canada, Belgium, Brazil, China, Estonia, France, Germany, Greece, Guatemala, Indonesia, Ireland, Israel, Italy, Jamaica, New Zealand, South Korea, Sweden, Trinidad, and Tobago. Vocativ reports of the 7,848 Americans listed, 1,445 had addresses in California, 643 in Florida, 341 in Washington, 333 in Texas, 331 in Illinois, and 290 in New York.
But as with a previously issued ISIS “kill list,” the most recent example seems to be little more than a group of names and addressed randomly compiled from information openly posted the Internet (through social media and other sources), not a list of persons whom ISIS operatives have reason, means, and opportunity to murder. In fact, as Vocativ observed, the list appears to have been assembled from a single Excel business spreadsheet found online:
An online group calling itself the “Cyber Caliphate Army” is distributing a “kill list” on social media; the list includes over 4,000 names, addresses and emails of people the group wants targeted and killed. At least half the people on the list are American. But while the “army” claims to have found this list thanks to their superior hacking abilities, Vocativ has found an Excel file online with exactly the same names and details — a database that is easily found using search engines, no hacking necessary.
The group, which supports the Islamic State, published the list on its Telegram channel. “O wolves of the Islamic State, [this is a] very important list, kill them immediately.”
Vocativ discovered the same list of names on a business platform resembling LinkedIn, created in 1999.
The self-declared hackers took the list as it is, changed some colors, and added their own threatening language. There is nothing that distinguishes this set of names as worthy of attention, certainly nothing that might make them targets of ISIS. In the past other groups affiliated with the Islamic State have released contact details for logical targets like police officers and military officials. This list, however, is so random that it appears to be little than an attempt by the group to prove that it has hacking abilities.
The Wall Street Journal similarly reported that although such lists are by necessity taken seriously by law enforcement and counter-terrorism officials, the lists appear to be nothing more than reproductions of data about unrelated people gathered from public websites, and authorities don’t necessarily believe they “pose an actual threat”:
Islamic State has begun distributing increasingly long “kill lists” of ordinary Americans purportedly encouraging its followers to target those individuals, vexing authorities who are at odds over whether the lists pose an actual threat or are merely scare tactics.
Often the lists aren’t even the product of hacks but rather involve gathering data from public-facing websites. A list distributed late last month contained the names of more than 2,000 New Yorkers, while another listed about 1,500 Texans. None of the people had known connections to government or to issues that the terror group cares about, according to counterterrorism officials.
That development is sparking a debate among counterterrorism officials about whether the government should keep notifying all the individuals identified. While ISIS has distributed kill lists for more than a year — typically over Twitter and other social-media platforms — officials say such lists are increasing greatly in size and have moved from targeting dozens of military or government officials at a time to thousands of ordinary citizens.
With the number of names growing, counterterrorism officials are having to weigh which lists deserve more attention and concern than others, according to Thomas Galati, chief of intelligence for the New York Police Department. While there are other lists with more logical targets than the latest ones, they all have to be given credence, Mr. Galati said.
“They’re putting out the lists that they are finding online and they’re sending it to their followers and they are saying these are good people for you to attack,” Mr. Galati said. “You can’t discount it.”
Investigators said [a previous] list appears to have been taken from publicly available information, and that they know of no connection among the people or any connection that those people might have to the U.S. government. Many of the emails on the list were for past college accounts, or older Internet service providers, suggesting the information was years old, according to officials.
Nevertheless, dozens of investigators spent a week individually notifying the people on the list. Among veteran counterterrorism officials, there is disagreement about how seriously the U.S. government should respond to such lists, officials said. Within the NYPD, many officials believed the list didn’t call for notifications of individuals because there was no credible threat to their safety, while at the FBI a number of officials argued that they should be notified out of an abundance of caution, the officials said.
A SITE Intelligence Group report similarly noted that such lists seem primarily intended as a means of spreading fear, generating media attention, and demonstrating the loyalty and hacking prowess of ISIS supporters:
Recently released “kill lists” associated with the Islamic State (IS, also known as ISIS) have
highlighted an evolving and increasingly implemented terror tactic. These lists, with targets
spanning drone operators to random civilians, appear to have achieved at least part of their
presumed intentions: heightened alert by government workers, FBI visits to startled civilians,
and significant media attention.
Kill lists have long been released officially by jihadi groups, but it wasn’t until recently that
self-proclaimed hacking groups began releasing their own kill lists. Last year, a pro-IS
hacking group by the name “Islamic State Hacking Division” (ISHD) released a list of 100
military personnel in March of 2015, marking the first such list produced by a jihadi hacking
entity. The group followed up with another list of 100 U.S. military personnel on September
11 of that year.
The increasing emergence of pro-IS hacking groups and related kill lists mirrors activity happening elsewhere in the pro-IS community online. IS owes much of its growth to the grass-roots media machine run by its fighters and supporters. Given the power and ease of social media, along with the increasing ubiquity of Internet access and smart phones, every IS supporter can act as their own online media group, recruitment office, or fundraising organization. Likewise, every IS supporting hacker can use their skills to serve the group’s goals, whether they be a fighter or a supporter in non-combat zones.