Cyber Incident Victim: Intsights

In late 2017, Iraqi hacker collective Daeshgram executed a disruptive campaign against ISIS communication networks, specifically targeting the group's propaganda distribution channels. After months of monitoring ISIS-affiliated platforms, particularly the encrypted Telegram application used for recruitment and radicalization, the hackers replicated the appearance and functionality of Amaq—ISIS's official news agency—to create counterfeit propaganda sites. They populated these forged platforms with content designed to mock ISIS ideology and interspersed legitimate-looking announcements with pornographic material. One manipulated video replaced an ISIS announcement about a new Syrian media center with explicit content, depicting ISIS soldiers appearing to watch pornography during an official address. Daeshgram further amplified the disruption by directing coordinated traffic floods against authentic Amaq infrastructure, temporarily taking the site offline through denial-of-service tactics.

The operation significantly degraded trust within ISIS supporter networks, as evidenced by internal conflicts over content authenticity. ISIS leadership issued directives warning followers to distrust all Amaq links, acknowledging the infiltration. Supporters engaged in mutual accusations and purged members from communication groups amid confusion over distinguishing legitimate content from Daeshgram forgeries. Paradoxically, ISIS members increased engagement with the compromised links after they were flagged as fraudulent, seeking to understand how the deceptive materials mimicked authentic propaganda. Daeshgram publicly documented these outcomes via their Twitter account while maintaining anonymity, explicitly stating their objectives to Newsweek: undermining Amaq's credibility through content dilution and inducing operational paranoia within ISIS ranks. The campaign achieved measurable disruption to ISIS propaganda dissemination without direct physical confrontation.