By Shalini S
The post originally appeared in Scroll.in on 29th November 2015.
While hacktivists help limit the presence and effect of militant groups online, their operations are marred by legal, ethical and privacy concerns.
The Islamic State of Iraq and Syria, better known as ISIS, has been receiving increasing attention, particularly after the recent Paris attacks, and the sporadic news that the militant group was trying to recruit Indian youth through social media. The recent news about some Indian hackers joining Anonymous – a loosely connected international network of activist and “hacktivist” entities around the world – in its cyber operation, #OpISIS, against ISIS’ online presence, was widely celebrated.
In an operation called #OpParis launched under the umbrella of #OpISIS, Anonymous and other hacktivist groups such as CtrlSec and GhostSec directly attacked ISIS’ presence on internet platforms to diminish its online following, disrupt its recruitment drives, and inhibit its dissemination of extremist propaganda.
While Anonymous has been widely lauded for #OpISIS, the operation, much like the collective, is marred by legal and ethical ambiguities. In limiting the presence and effect of extremist groups online, the operations of collectives like Anonymous may become indispensable to law enforcement. However, there is currently a lack of engagement on the possibility of constructively employing the abilities of such unregulated groups within a legally permissible framework.
It is interesting to note how Indian hacktivists are extending advanced technical cooperation to aid the numerous strategies employed by Anonymous to cripple the general outreach of ISIS. Multiple news reports have suggested that Anonymous and other hacktivist groups associated with #OpISIS, are themselves taking down ISIS’ social media accounts. However, this is not accurate as members of Anonymous only monitor social media platforms, identify accounts of ISIS members and recruiters, and report them to the social networking service for suspension.
Legal and strategic issues
Most social networking sites have amended policies to account for increasing social media presence of terror organisations. They suspend user accounts hosting content that “promotes terrorism”. However, these platforms cannot conceivably monitor each account and so allow individual users to report accounts that violate their policies.
To guarantee takedown through increased reporting, Anonymous is also releasing lists of identified accounts publicly and urging other users to report them. Even though new accounts can be opened easily, suspension of existing accounts that have amassed sizeable followers derails ISIS’ social media recruitment drives. While #OpISIS is arguably aiding law enforcement and social networks by ensuring the implementation of existing policies by vehemently flagging violators, experts on Nato, the intergovernmental military alliance, suggest that the operation is a hindrance to the strategised tracking of terrorists by intelligence agencies.
In addition to reporting accounts that share extremist content, Anonymous and its associate hacktivist groups are also attempting to cripple the reach of extremist websites by launching distributed denial-of-service – better known as DDOS – attacks, against them. Such attacks flood the servers of the targeted website beyond capacity with malicious traffic, making it unavailable for public viewing. As this effectively leads to unregulated censorship of online content, it is illegal in most countries. Even in countries that allow blocking and delisting of websites that engage in digital terror propaganda, only internet service providers are commonly allowed to block websites on the request or order of an administrative or judicial authority.
Indian hackers that are aiding Anonymous have also launched DDOS attacks against websites hosting extremist content. To foil future attacks, they are also tracking and spying on personal chats of suspected members and recruiters of extremist groups. Additionally, Indian hacktivists are also engaged in the illegal act of spreading spyware to track the location of suspected ISIS associates. While this monitoring by hacktivists groups may intend to aid law enforcement, it is patently illegal and therefore, principally problematic. Thus, it is critically important to examine how hacktivist cooperation in such operations can be formally endorsed or they must be subjected to regulation of some manner.
The most problematic part of Anonymous’ operation is the leaking of personal information of suspected members or recruiters of ISIS, illegally obtained by hacking personal accounts. Evidently, the hacktivist group is engaged in the illegal act of gaining unauthorised access to private user information. Further, a publication of such personal information by non-law enforcement entities is a possible infringement of privacy rights of these individuals.
Even if public interest is cited in justifying the act, we must be mindful that Anonymous is not infallible and has mistakenly identified innocent people as extremists in the past. Considering the nature of the imputed allegations and plausible repercussions, the publication of personal information of suspected extremists must be viewed more seriously. Personal information that Anonymous gained access to is certainly valuable, but must be verified independently by law enforcement authorities.
Law of the land
Hacktivist attacks are generally distinguished from cybercriminal activity as they are often employed to voice civil protest and therefore considered morally defensible. But the law recognises no such distinction and some parts of Anonymous’ operation falls outside the purview of legal permissibility. The effect of employing extra-legal means (described above) to censor extremist content and presence online must be necessarily examined to construct an informed response.
The organisational structure of Anonymous, which lacks a central command and definitive membership, makes it near-impossible to correctly pursue action against verifiable members, if deemed necessary. Regardless, it is important to realise that the impact of our response to Anonymous’ operation today is bound to shape the manner in which hacktivism is construed tomorrow.
With extremist organisations pushing their agenda online, there is a growing need to formally streamline expertise of these individuals and collectives, who have hitherto worked outside the scope of the law. They can be urged to inform larger campaigns against terror groups by working with intelligence agencies instead of operating separately.
Newer reports have claimed that a separate hacker group is engaged in identifying accounts associated with digital currency platform Bitcoin of suspected terror affiliates in order to potentially hamper their financial transactions. Such unconventional engagement in anti-terror programs might even prove beneficial in inhibiting terror organisations’ access and control of financial and physical resources. Nevertheless, we must remain cautious in our reaction to acts of such unorganised groups, as it is likely to shape both the future treatment of hacktivism and the fight against terrorism.