Bad Operational Security – Real Life Example – ISIS ‘fanboys’

How Twitter users tracked down 4 ISIS ‘fanboys’ from a PR campaign gone wrong by Alastair Reid.

From the post:

Militant death cult Daesh released an audio message from spokesperson Abu Muhammad al-Adnani on Saturday, a much-anticipated event among the group’s supporters.

So overcome with excitement where they that some photographed handwritten messages of support and published them to channels on Telegram, the encrypted messaging app where many pro-Daesh communities interact.

The only problem? Many included clues as to their location and have since been tracked down by Twitter users around the world. Eliot Higgins, founder of Bellingcat and a member of the First Draft Coalition, first saw “ISIS watchers” sharing the pictures on social media and corralled his followers into tracking down their location.

Four locations have so far been found, revealing not only the same scenery as in the pictures, but the likely position of the photographer. The locations include a private home, an apartment building and a hotel. Authorities have been alerted.

“There were more images, not that many,” Higgins said, “but the ISIS supporters were retweeting like crazy and trying to get this whole thing trending in Paris and claiming Amsterdam and London.

Ignore the political tone of this post and focus on the breaches of operational security that exposed the posters so quickly.

If I were writing a book on operational security, this would be chapter 2. Chapter 1 would be on not making time stamped chat logs while you are carrying out hacks, etc.

Don’t hold me to the chapter hierarchy, I suspect even dumber mistakes have been made.

Along with the photos themselves, this post would make a great training tool.

Possible homework assignment: Students take “propaganda” photos, exchange them with classmates, attempt to discover location, etc.

Better to discover your inability to maintain operational security in a classroom setting than elsewhere.

Comments are closed.