ISIS ‘Kill Lists’ Increasingly Target U.S. Civilians

Report: Calls for random attacks by hacking groups illuminate ‘evolving terror threat’

ISIS fighters
Islamic State fighters / AP
June 28, 2016

Pro-ISIS hacking groups have started including American civilians along with military, government, and law enforcement personnel on "kill lists," consistent with the terror group’s effort to expand attacks to random targets and instill fear in the public, according to a new report.

The SITE Intelligence Group, an organization that monitors jihadist propaganda, examined eight lists recently circulated online by pro-ISIS hacking groups, including some that name random civilian targets.

"These lists, with targets spanning drone operators to random civilians, appear to have achieved at least part of their presumed intentions: heightened alert by government workers, FBI visits to startled civilians, and significant media attention," SITE wrote in its report.

Eight lists released over the course of two months this year have targeted federal government employees, military personnel, state and local government officials, and random residents of New York and Texas. While most of the kill lists have not been pushed through official ISIS channels, fighters and supporters of the terror group have promoted the targets through social media.

"This embrace of random targets, though new within the context of hackers’ kill lists, is nonetheless consistent with IS’ methodology, and demonstrates application of attack instructions from IS’ leadership and affiliates," the report explained, using another name for the Islamic State, or ISIS.

ISIS has inspired self-radicalized terrorists who have launched attacks inside the United States. Omar Mateen, a U.S. citizen, pledged allegiance to the terror group during conversations with 911 operators during a gun attack that killed 49 victims at an Orlando gay club earlier this month. The couple who opened fire on a San Bernardino, California, holiday party last December are also believed to have pledged support to ISIS.

The FBI declined to comment specifically on investigative matters related to the kill lists but said that the agency routinely notifies people and organizations of information collected during investigations that could be "perceived as potentially threatening in nature."

"Potential threats may relate to individuals, institutions, or organizations, and are shared in order to sensitize potential victims to the observed threat, and to assist them in taking proper steps to ensure their safety," Matthew Bertron, a representative for the FBI’s National Press Office, told the Washington Free Beacon.

Kill lists from pro-ISIS hacking groups have become increasingly abundant since the so-called Islamic State Hacking Division called for attacks on 100 military personnel in March of last year, and later released lists targeting 10 Italian Army officers and over 1,000 military and government personnel. While this particular hacking group—once headed by ISIS fighter Junaid Hussain before he was killed in an airstrike—has focused on military and government personnel, others have emerged to target civilians and local officials.

A pro-ISIS group called the United Cyber Caliphate, for example, released five different target lists between March and May of this year. The lists publicized personal information about 11 Tennessee state county board members; 3,600 New York citizens; and 1,543 Texas residents, according to SITE’s report. Two lists each separately included information about 50 federal government employees, including workers from the Departments of State, Defense, and Navy.

While the list of New York residents was removed from the hosting site where it was posted, the lists with information on individuals in Tennessee and Texas remained online.

Another group named the Caliphate Cyber Army also released two lists, one of which called for attacks on 56 New Jersey state police staff and another that targeted 36 Minnesota state police officers.

While inactive between September 2015 and May of this year, the Islamic State Hacking Division also recently released names and personal information of 76 U.S. military personnel who work with drones.

"In just over a year, kill lists from pro-IS hacking groups have not only become more abundant, but have also expanded in terms of target selection," the SITE report stated. "Between March and May of this year, kill lists by these groups have expanded beyond conventional criteria to random civilian targets, instructing to ‘shoot them down.’"

The lists are consistent with ISIS ideology supporting attacks on all non-Muslims living in countries at war with the terror group, according to SITE.

"This shift in target selection shows a new method in serving a long-standing function of IS and other jihadi groups: instill widespread fear into governments and the public," the report stated. "As IS spokesman Abu Muhammad al-‘Adnani stated in a September 2014 speech, Muslims should kill any non-Muslim living in countries warring with the group, with no distinction of ‘whether he is a civilian or military.’"

The promotion of the lists also highlights ISIS militants’ exploitation of social media to recruit and inspire attacks, regardless of the fact that the pro-ISIS hacking groups do not appear to be publicly coordinating with one another.

"Given the power and ease of social media, along with the increasing ubiquity of Internet access and smart phones, every IS supporter can act as their own online media group, recruitment office, or fundraising organization. Likewise, every IS-supporting hacker can use their skills to serve the group’s goals, whether they be a fighter or a supporter in non-combat zones," the report stated.

The SITE Intelligence Group could not confirm that the groups obtained the information by hacking into government or other private systems but said that it was both possible and plausible. The report noted that some of the information on the lists is available through public channels though they "appear to be compiled via non-public sources, especially when factoring what would be immense labor and difficulty required to manually compile the information via those public sources."

The Islamic State Hacking Division is believed to have obtained data for its list targeting over 1,000 U.S. military personnel from Ardit Ferizi, a Kosovo citizen who hacked into a U.S.-based company’s servers to harvest the information. The Justice Department charged Ferizi with computer hacking, identity theft, and providing material support to ISIS last October.

Published under: ISIS