Cyber Incident Victim: sgtbilko420
Date:
Nov 2017
Location:
Iraq
Summary
Iraqi hackers known as Daeshgram infiltrated ISIS communication networks by inserting pornographic content into propaganda materials and creating counterfeit versions of its official news platforms to undermine credibility. The group flooded ISIS-linked sites with traffic to force outages and distributed fabricated content mimicking the terror organization's messaging, causing internal disputes among supporters who questioned the authenticity of materials and purged members from communication channels. These actions aimed to induce paranoia and erode trust within the extremist network while publicly exposing the infiltration through affiliated social media channels.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late 2017, Iraqi hacker collective Daeshgram executed a disruptive campaign against ISIS communication networks, primarily targeting the group’s propaganda dissemination channels on Telegram. The hackers spent months studying ISIS’s operational patterns before infiltrating their systems, with a focus on mimicking Amaq—ISIS’s official news agency—to create counterfeit propaganda content. They replicated Amaq’s digital infrastructure, including near-identical websites and messaging formats, but inserted fabricated material designed to undermine ISIS’s ideological messaging. One notable action involved embedding pornographic imagery into an official ISIS video announcement about a new media center in Syria; the altered footage showed ISIS fighters appearing to watch explicit content instead of receiving the intended message. Daeshgram further amplified their disruption by flooding Amaq’s platforms with traffic, temporarily forcing the site offline. These efforts aimed to erode trust in ISIS’s communication channels among its supporters, who relied heavily on Telegram for recruitment and coordination.
The operation achieved measurable disruption, as ISIS leadership publicly warned supporters to distrust Amaq links, acknowledging the infiltration. Internal conflicts erupted among ISIS affiliates, with members accusing one another of sharing compromised content and purging suspected infiltrators from Telegram groups. Paradoxically, Daeshgram noted that ISIS’s attempts to flag their fake links as fraudulent increased curiosity-driven clicks, further spreading the counterpropaganda. The hackers explicitly stated their objectives: to dilute Amaq’s credibility, induce paranoia within ISIS ranks, and provoke infighting. Daeshgram maintained an active Twitter presence to document and publicize their activities, though specific metrics regarding operational reach or lasting technical impacts on ISIS infrastructure were not disclosed in available reporting. No direct retaliation from ISIS against the hackers was documented at the time.