General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsISIS Twitter Accounts Traced Back to UK Government by Hackers
A group of online computer experts has traced a number of ISIS-run social media accounts back to a government office in Westminster. Specifically, the Department of Work and Pensions, run by Iain Duncan Smith.
As The Mirror reports:
Every computer and mobile phone logs onto the internet using an IP address, which is a type of identification number.
The hacking collective showed Mirror Online details of the IP addresses used by a trio of separate digital jihadis to access Twitter accounts, which were then used to carry out online recruitment and propaganda campaigns.
At first glance, the IP addresses seem to be based in Saudi Arabia, but upon further inspection using specialist tools they appeared to link back to the DWP.
Snip
http://www.alternet.org/world/isis-twitter-accounts-traced-back-uk-government-hackers
My Note: I find it interesting that Daesh are using Twitter accounts with IP now based out of Saudi Arabia and not Iraq or Iran or Yemen or any of the places they normally habitats.
Mika
(17,751 posts)... Foggy Bottom.
Frustratedlady
(16,254 posts)to do with this finding?
I know there is a Foggy Bottom in DC, but not familiar with its clandestine history.
This ISIS situation is mind-boggling. Are they being led by other groups/countries? I know there have been discussions about Saudi Arabia financing them. What a wicked web they weave.
hedda_foil
(16,375 posts)LiberalArkie
(15,721 posts)instead of Syria etc. Thinking of how a tweet of a person in Syria can have an IP address that is routed to SA would (in my old IT thinking) have to either be originating in SA or hitting a proxy server in SA.
IT guys.. you are way smarter than me on this.
rufus dog
(8,419 posts)Then Syria, Iran, North Korea, Sudan, and Cuba would be blocked from hitting most US sites.
Crazy that Cuba is still on the list, anyway it is clear sailing with a Saudia Arabia IP.
Denzil_DC
(7,246 posts)The British government has admitted selling large numbers of internet addresses to Saudi Arabia, but refused to reveal how much it has has earned from the transaction.
Westminster said it could not control the use of these addresses, which originally belonged to the Department of Work and Pensions, amid fears they may have allowed ISIS extremists to connect to the internet and spread their message of hate.
They were sold as part of a drive to raise money by auctioning unused "IP addresses", which are the identifying numbers used to label each connection point to the internet.
http://www.mirror.co.uk/news/technology-science/technology/british-government-admits-selling-internet-7017287
LiberalArkie
(15,721 posts)needed large blocks of IP Addresses. But since they now run proxy servers with 10. local addresses they do not need that many any more. But the ones they sold to Saudi Arabia became registered as Saudi addresses. The question still remains is why in the heck are tweets and instant messages originated by Daesh using those addresses. Either the messages are coming from SA or they are going through a proxy server in SA.
I am hoping that a IT guy can explain it.
Denzil_DC
(7,246 posts)Geolocation of IP addresses is often unreliable unless a user has a fixed IP address (quite common in the US for those with cable providers, less so elsewhere in the world, where dynamic IP addresses are more usual - they change periodically). If I do a check on my own (dynamic) IP, the results can be a good few hundred miles out, showing the location of my Internet provider's node, not my home.
I'd imagine Saudi has pretty good telecoms infrastructure compared to other countries in the region, so comms are likely to get routed through there from elsewhere in the region. I can't find out much about the mobile company mentioned in the article - "Mobile Telecommunications Company" - as obviously that's a poor Google search term. But it's likely to operate in a number of countries, not just Saudi.
There's every possibility that Daesh is supported/operated within Saudi, of course, and not just by keyboard warriors ...
GummyBearz
(2,931 posts)Its the simplest explanation and makes sense. SA is run by sunni wahhabists just like ISIS. The probability ISIS gets financial and material help from SA is damn high (logically)... internet access is material help in the way they are recruiting.
Denzil_DC
(7,246 posts)Who with any serious clout is going to call out the Saudis on it, though? And let's not forget who set up the precursors to Daesh, either ... a bit closer to home.
Useful as it can be, I don't know how much of a role Twitter can play in actual operations/planning, though - more likely to be used as a propaganda/incitement/recruitment tool.
GummyBearz
(2,931 posts)Consider it a "gateway drug" of their recruitment process.
Step 1: Put a bunch of horrible messages/acts against humanity in the name of jihad on the internet via twitter
Step 2: Wait for young impressionable minds to start following and commenting
Step 3: Pick out those who seem to be serious, or of great potential value
Step 4: Invite the people identified in step 3 to a closed, encrypted, internet conversation
Step 5: Make concrete plans with the impressionable minds, and enable them to enact upon them
Step 5 is speculation, as at that point it is out of the public domain... but I think the circumstantial evidence makes it an obvious next step
Denzil_DC
(7,246 posts)Seriously, Twitter can be vile (as well as all sorts of good things), but Facebook can be the utter pits. Almost as bad as the comments sections on some RW sites or newspapers.
GummyBearz
(2,931 posts)and I only have a facebook account from the days when you had to have a .edu email to join. It is nice to keep up with my group of old friends, but I haven't explored it at all in the last 10 years
LiberalArkie
(15,721 posts)Brits had sold part of the block in October to Saudi Arabia. It was not geolocation. They were just going by who owned the IP addresses.
If you know the IP of something you can do http://whois.urih.com and find out the owner of it.
Denzil_DC
(7,246 posts)I got sidetracked with the articles and didn't glom onto how they'd come to their conclusions.
In that case, the situation's even less clear. Whois will give you details of whoever registered the domain, but that can mask the real owner. Whoever registered it may have just been a commercial registrar engaged to figure out that side of things, and may be dealing with thousands of accounts and a wide range of sequences of IP addresses. (This is what's known as IP geolocation, BTW.)
For instance, if I check my own IP at your link, it comes up with RIPE Network Coordination Centre (RIPE), with a PO box number in Amsterdam. It doesn't even say who my ISP is, let alone tell me correctly in which country it's located.