Cyber Incident Victim: Anonymous

In early August 2016, Israeli cyber-intelligence firm Intsights disclosed it had infiltrated an ISIS-operated Dark Web forum hosted via Telegram, uncovering plans for imminent terrorist attacks. The company, staffed by former Israel Defense Forces intelligence officers, reported the forum contained operational details targeting US military installations in Kuwait, Bahrain, and Saudi Arabia. Attack plans specifically referenced these bases due to their role in launching coalition airstrikes against ISIS positions in Syria and Iraq. A map detailing global US and Israeli military base locations had been circulated on the forum on August 1, 2016. Intsights shared its findings with Israeli television station Channel 4, linking the forum to prior ISIS operations, including the July 26, 2016, knife attack at a Normandy church that resulted in the death of an 85-year-old priest. The firm did not disclose its intrusion methods or whether intercepted data was relayed to international law enforcement. No subsequent attacks matching the uncovered plans were publicly reported in the immediate aftermath.

This incident occurred amid sustained efforts by hacktivist groups and cybersecurity researchers to disrupt ISIS online operations. Anonymous affiliates had previously breached and leaked data from similar ISIS forums, though such actions received limited media coverage compared to Intsights’ disclosure. Concurrently, security researchers at the August 2016 Black Hat conference revealed unrelated Telegram vulnerabilities exploited by Iranian state actors to harvest data from millions of user profiles. The Intsights operation demonstrated continued ISIS reliance on encrypted platforms for operational planning and highlighted the evolving role of private intelligence firms in counterterrorism efforts. No technical details regarding Telegram’s encryption circumvention or forum access methods were disclosed by Intsights.