Hyderabad: Anti-terror intelligence sleuths are using the cyber-herding technique to identify ISIS sympathisers and potential terror suspects to excellent effect. According to cyber security experts, the technique includes the creation of doppelganger (a ghostly double) websites and attracting terror sympathisers and suspects away from the original terror websites. As the number of real terror websites shrinks, the potential suspects will be diverted to the doppelganger websites. Cyber security expert and CEO of AuthBase Thota Umesh said, “These are social engineering tactics at their best. They can be effectively used to dismantle the dangerous group activities online.”
Mr Daivd B. Moon, a cyber security expert from Naval Post-Graduate School of Monterey, California, in his research paper titled “Cyber Herding and Cyber Activism: Countering Qutbists on the Internet” revealed, “The Internet provides militants (“Qutbists”) a golden opportunity to bypass normal media outlets and take their message directly to the people. This allows them to spread their ideas to an ever-growing audience. Cyber herding is the action by which an individual, group, or organisation drives, guides, or attracts other individuals, groups, or organisations to a desired location within the electronic realm. Spammers have been cyber-herding for years to get people to go to a web site or provide them personal information. They use e-mails crafted to utilise herding methods like winning a lottery. These herding methods can also be used against Qutbists and potential Qutbists on the internet.”
To drive people away from real jihadi websites cyber-herding methods include posting that a site is being monitored or is a fake or posing as sympathisers and recommending the doppelganger websites or offering ISIS sympathisers content-rich websites. Mr Moon mentioned in his paper, “On these doppelganger websites, data can be mined, virtual social networks can be mapped, the terror messages can be manipulated, and their story modified.” The cyber-herding programme consists of seven phases and four nodes. “At its core, a cyber-herding programme is a deception and psychological campaign. The deception element begins in Phase 2 with node members trying to insert themselves into existing terror websites. The deception continues in Phase 3 with the introduction of websites owned by the cyber-herding programme and later on with the introduction of Darknet. The psychological element begins in Phase 5 as the node attempts to influence the terror message and ideology,” Mr Moon said.
“The members of the network node develop virtual fictitious identities. They keep detailed records of their conversations for each identity. Later they attract them into Darknet. Darknet is a password-protected virtual private network where users connect only to people they trust. These Darknet environments offer e-mail, file sharing, chat, instant messenger, and streaming video services. Many terrorist and criminal groups are already using password-protected web sites to further their operations, so this concept should be familiar to many terror suspects on the internet. The target will be asked to add people with similar terror motives. In this the security agencies create an exclusive group and track them physically too,” said a cyber security official.