Cyber Incident Victim: WauchulaGhost
Date:
Nov 2017
Location:
Iraq
Summary
Iraqi hackers infiltrated a terrorist group's communication networks by creating counterfeit propaganda platforms containing pornographic material to erode trust in their official channels. The operatives replicated the group's news agency sites, flooding them with falsified content and mockery, which triggered internal disputes and deletions among members. By overwhelming the platforms with traffic, they temporarily disabled access, further disrupting operations and amplifying paranoia regarding the authenticity of shared materials.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In November 2017, a hacker group identifying as Daeshgram executed a disruptive campaign against ISIS's online propaganda infrastructure. The hackers conducted months of reconnaissance on ISIS communication channels, particularly focusing on Amaq—the terrorist group's primary news dissemination front—and its presence on the encrypted Telegram platform. Their operational objective centered on creating counterfeit Amaq websites and propaganda materials that closely mirrored authentic ISIS content. These forged assets were deliberately seeded with pornographic material and ideological mockery, including a manipulated video purporting to show ISIS fighters watching pornography during an official announcement about a new media center in Syria. Daeshgram simultaneously launched distributed denial-of-service (DDoS) attacks against legitimate Amaq platforms, temporarily disrupting their operations by overwhelming them with traffic. The counterfeit content was strategically distributed across ISIS-affiliated Telegram groups frequented by supporters and recruiters.
The operation generated significant operational friction within ISIS networks. The terrorist organization's leadership issued warnings instructing supporters to distrust all Amaq links, while members engaged in internal disputes over content authenticity, resulting in reciprocal expulsion from communication channels. Paradoxically, ISIS's attempts to flag fraudulent content increased engagement with Daeshgram's materials as supporters investigated why seemingly legitimate links were deemed untrustworthy. This erosion of trust in Amaq's credibility constituted the primary impact, compromising a key radicalization and recruitment vector. Daeshgram maintained an active Twitter account to publicly document their activities, though the article provides no details regarding ISIS's technical countermeasures beyond organizational warnings to supporters. The hackers explicitly stated their dual objectives: to degrade confidence in ISIS propaganda channels and induce operational paranoia through demonstrated infiltration of their communication ecosystems.