Leaked ISIS Documents

Looks like tens of thousands of ISIS documents have been leaked. Where did they come from? We don't know:

Documents listing the names of Islamic State fighters have been touted around the Middle East for months, dangled in front of media outlets for large sums of money.

[...]

Ramsay said he met the source of the documents in Turkey, an individual calling himself Abu Hamed who had been in the Free Syrian Army rebel group and switched to Isis before becoming disillusioned with it.

Sky said the documents were on a memory stick stolen from the head of Isis's internal security police.

The Syrian opposition news website, Zaman al-Wasl, in a report billed as "exclusive" and published before Sky's, said it had the personal data on 1,736 fighters and that its documents had come from Isis's general administration of borders.

Posted on March 11, 2016 at 6:17 AM • 19 Comments

Comments

Clive RobinsonMarch 11, 2016 8:27 AM

Hmm, the contents of the documents is two to three years old and appears to be heavily duplicated, and parts couched in unlikely phraseology...

However some of it appears accurate, but of no stratigic advantage.

What is the likelihood that in fact it is a disinformation campaign by IS it's self.

at is take ~1500 genuine documents then multiply them up as 10-20,000 to make it look like they are rather more successful in obtaining recruits than the actually are?

Or as likely the ~1500 real docs have been dressed up to make a much bigger and thus more valuable / saleable package to profit from.

ter all selling "genuine looking" fakes to news papers is not new, anyone else remember the "Hittler Diaries"?

Identity ProtectionMarch 11, 2016 8:45 AM


Two weeks later a messenger arrives at a dusty ISIL outpost...

"Okay, I have an announcement from the ISIL Ministry of Finance...

"All loyal followers will receive free credt report monitoring and identity protection for the next two years at no cost to themselves. In addition, the traitorous dogs responsible for this betrayal have all been justly punished in accordance with the strictures of-"

"Wait," a fighter interrupts, "that looks like a very long announcement and we've been up all night sending the new recruits on martyrdom operations - you know how they whine so much beforehand, 'but this wasn't in the brochure, blah blah blah' - so we're very tired and a touch irritable. Honestly, just among us, what's really happening?"

The messenger sighs.

"Okay okay. But you didn't hear this from me, got it? Some office assistant at the Ministry of Voluntary Charitable Donations emailed the usual monthly newsletter to everyone, and the Minister replied to the assistant and attached a list of people to check for Voluntary Donation Status But the infidel computer tricked the Minister, and "Replied All" instead. So we burned the computer along with the assistant who sent the newsletter. Now, you really do have free credit report monitoring and identity protection. In fact I'm to emphasize to all of you that no matter where you go, your identity will follow you. To prevent this kind of thing from happening again, the new head of the Science & Technology Division-"

"The new head?"

"Yes the previous one was removed."

"Drone strike? Those damn Americans."

"Cunning Americans too," another fighter groused, "Last week I got an email claiming that my Amazon Prime membership entitled me to Same-Day drone deliveries. It took all my will to select standard shipping. "

The messenger beams at this. "Thank you brother, the brothers at the Ministry of Righteous Couriers have been very nervous about this new competition. Fortunately a helpful group called the Courier International Association has shown up to streamline the organization and improve on-time deliveries of packages to intended recipients, so that you will receive what has been ordered just as if a drone were delivering it."

"But about the previous head of Science & Technology..."

"Oh right. Well, he had told everyone that iPhones couldn't be trusted and had even expressed some doubts about the wisdom of sending selfies. But now that we know how loyal Apple is to their customers... So that was strike one."

"Is it permitted to use baseball analogies?"

"I will inquire on your behalf."

"Err, no that's okay."

"Right then. Anyway, after the Emirs had handed over all their iPhones, then this guy - and you won't believe this - tried to teach them to use something called Oh-Pen-Bee-sed."

"OpenBSD?"

"I don't know. But one of the Emirs complained to the Science & Tech head that he didn't see any desktop when he started the computer. Things became a little heated, and finally the Science & Tech head told him that if he wanted a certain kind of GUI then he should stop complaining and just learn how to build it himself."

"Uh oh."

"Yes, and so then the Emir screamed that if he's going to use a monolithic kernel developed entirely in a language that predated safe coding practices and running on top of a proprietary hardware stack anyway, he wants to see pictures and not something that Matthew Broderick used in the 1980s."

"Hey you know there's some truth in that-"

The messenger shakes his head.

"Brother, that was nothing compared to the storm that followed. The Science & Tech head, seeing he had stepped too far, apologized. They reconciled, briefly, before the Emir asked how he could continue to use Tinder if he also needed to use GPG. The Science and Tech guy stared into space, saying nothing, and then just walked out, muttering to himself about no free lunches."

"And then what?"

"The Emir, eyes bloodshot after spending all night reading man pages, with new worries about the implications of GPLv3 for some of their work, and having foregone food since supper, feared that the Science & Tech Division was now going to take away his lunch as well. So, the Science & Tech head was executed, and the Emir put his cousin in charge instead, who found that he provide the same services at a tenth of the cost by outsourcing to the Courier International Association, who have been very happy to help. In fact, they're the people who hired me."

"So brothers," the messenger continues, "I see by the time that I must be going. I have an important letter for the commander at the operations center, and the sooner I leave, the sooner I can ensure that an important package someone has ordered for you will be delivered on time."

"Really? A package for us?!"

"Oh yes, it's addressed to each of you by name. Now, could you point me to the operations center?"

"Sure, go down the wadi about 40 kilometers, turn north by the mass burial site, and then go west 10 kilometers when you pass the slave market. The commander built his center right next to a hospital so that he could keep a close eye on the sick and wounded."

The messenger nods gravely. "Truly brothers, he is a man of ISIL," he says as he hops on his motorcycle and roars away in a haze of blue exhaust and sun-scorched dust.

20 minutes later the fighters at the outpost received their promised package, and they worried about their identities no longer.

SkepticalMarch 11, 2016 11:41 AM

Was this posting before or after the Turkish Government seized Zaman the other day?

If it was after or today, I'd think it's highly suspect as the news agency is under government control and no longer and independent "Opposition News Agency".

SkepticalMarch 11, 2016 11:49 AM

Read the article, and it's after the Turkish Government takeover of the New Agency.

As the Guardian article points out there are "inconsistencies" indicative of forgery or fraud.

Likely this is a Turkish Government plat of propaganda.

Who?March 11, 2016 11:52 AM

I am a bit paranoid. Each time a large leak including lists of people ("members") happen I fear my name will be on that list.

I had that fear with Ashley Madison's leak (in fact, it was later known that a lot of supposed "customers" did not even had access to computers or knowledge about how using them), and it may happen again. Hopefully it was confirmed I was not on that list.

Later it was known that Ashley Madison's list had a lot of fake members coming from sources like spam lists. I understand it happened to make that corporation more attractive to investors, but there are other possible reasons for business like Ashley Madison to grow these lists with fake customers, like hidding money coming from human trafficking as legal transactions.

The reasons behind a fake or old listing coming from ISIS would be either a dissinformation campaign (as noted by Clive) or starting a terror campaign by putting people around the world in serious danger. Hope intelligence services will do a good and honest work with that list and will not blindly trust its content.

NS SinnermanMarch 11, 2016 1:16 PM

@Who?

**hugs**. :-)

(I am figuring quite confidently that you have no relation with ISIS. Otherwise, you would probably not have such feelings, nor be posting them on such a site. )

It is a fact of life these days, and will probably continue. [In sec research, and general it sec, it has been common to have someone get hacked somewhere. One of my good friends had his emails exposed when one defense contractor was hacked. Some others were exposed in various attacks by hackers who wanted to make a name for themselves by hacking bigger name people, that was mostly "the 2000s". Nowadays, much more mainstream. I was ostensibly had my records stolen in OPM hack, but because of data on there, it may have already been pulled by another TLA I did some work with. My wife, whose information was in mine, was contacted, but I never have been.]

(Had my credit card reset automatically maybe three times. Big name store hacks, like the Home Depot one, and Michaels.)

There are mitigations you can take. Some unfortunate, like systematically deleting your personal email box(es) content. Socialize privately to a minimum, and online try and be as vague as you can be about details about yourself. Consider lying, even, as a strategy, even if you do not like to do so. That is, change details on personal matters, or anything that can track you back, if you wish to discuss them.

Do not use real name social media. And be cautious with it, in general. If you can.

You do not have to live in fear, but you should be "operationally paranoid".

Try and talk about personal items, either with relatively true metaphors, or use as distant of language as possible. NOT stuff like "so I have a friend who has this problem".

Change accounts and account names frequently, if you can. Where you may communicate with others online. Even if you are using "not your real name".

IDK what all else, but that is a damned good start.

One saying is "trust but verify". No. "Never trust, anyone, ever, anywhere. And when you do, doubt, doubt doubt."

Season with reality.

Lawrence D’OliveiroMarch 11, 2016 2:04 PM

I thought “Memory Stick™” was a Sony trademark. Has it fallen into the public domain yet?

NS SinnermanMarch 11, 2016 4:54 PM

I poked around some news articles. It looks like assessment of authenticity is mixed, at this juncture.

Reportedly, multiple European nations have validated it.

One expert stated he felt that it was authentic at first, but grew doubtful after further analysis. He suggested it might be a mix of authentic and forged documents.

I saw mixed reports about where it came from, but there seemed strong evidence that there was a primary source who presented it to the first two major news agencies, and his claim was he grew disillusioned and stole it from the main border agent's papers

I was wondering if they were shopping this around to media, earlier, who else they tried to shop it around to. Sounds like they may have been attempting some sort of rudimentary counterintelligence. (Which would have engaged them probably killing anyone who came up with sizeable money for the documents.)

Netflix -- Green Prince
http://www.imdb.com/title/tt2304915/

Great view into how radical Islam terrorists do rudimentary counterintelligence. (Which consists of vicious torture and murder of a good portion of their own people, performed en masse and routinely. On the basis of zero evidence. In fact, it looked like they were hobbling their own population far more then anyone else every had altogether, and that yearly, if not monthly.)

I would not be surprised if ISIS is not even worse.

(The documentary also shows that they are absolutely horrible at catching real moles.)


SkepticalMarch 12, 2016 12:52 AM

Guys, you're missing the point.

One week ago - Friday, 4 March 2016, Zaman, the "Independent Opposition News Agency" was taken over by the Turkish Government and many employees were arrested. The Turkish Government now controls that media outlet and its content.

Turkey has been condemned by the EU for suppressing freedom of the press which is part of the EU charter.

Overwhelming evidence shows that Turkey has been supporting ISIS, purchasing oil, supplying weapons and oppressing the Kurds (the "Opposition") along with attempts to make land grabs into Syria. The Erdogan Government is corrupt and has their own agenda, along with being aligned with the Saudi Government.

Now that Zaman is under the control of the Turkish Government, I would dismiss this as a propaganda play on their part, given that it was released after the takeover of Zaman.

Turkey has gone rogue, and the US is just now starting to wake up to this fact. The piece may be somewhat legitimate, though I highly doubt it contains any current or useful information and is instead a disinformation campaign on the part of the Turkish Government.

The timing of this release so soon after the government seizure of Zaman and imprisonment of its reporters and management is highly suspect. Turkey is likely trying to win favor os Western powers as it continues to destabilize the region.

MIA Paper PlanesMarch 12, 2016 1:46 AM

@Skeptical

I, for one, am all for invading Turkey.

So, please. Do not even get me started.

ROFL.

I am just a little bit more eager, though, with "getting it going" with either Iran, or Saudi Arabia. So, IDK. Choices, choices.

Let us see how they keep playing things, eh??

Hehheheheh. LOL!!

Thank you, as always, sir, for your consistent 'devil's advocate' stance.

Hate to do you one plus on that one for once.

Dirk PraetMarch 12, 2016 11:05 AM

@ MIA Paper Planes, @ Moderator

Likely this is a Turkish Government plat of propaganda.

It would seem that someone is making comments using the @Skeptical handle. Neither the writing style or the opinions expressed therein are consistent with those of our favorite USG advocate.

MIA Paper PlanesMarch 12, 2016 2:06 PM

@Dirk Praet

Ah. Was drunk myself at the time, so didn't notice.

My drunken response was sarcastic, for da record.

SkepticalMarch 12, 2016 2:58 PM

@ Dirk Praet

Apologies if I absconded with someone else's moniker. System allowed it, but no I am not the droid you are looking for. ;)

Coyne TibbetsMarch 12, 2016 4:26 PM

This whole thing absolutely reeks of intelligence agency misinformation.

Let's start by supposing that the "supposed head of ISIS intelligence" was actually dumb enough to accumulate all this information in one place; dumb enough to not keep it encrypted; dumb enough to let someone get away with a copy of it. Well, gee, that doesn't say much for the operational capability of ISIS, right?

But wait, ISIS is supposed to be the "world's deadliest terrorist organization"; a "global threat that must be stopped." But incapable of basic operational security, hmmmm?

But if it were propaganda, then it all makes sense, doesn't it? Because then it's not from ISIS, which isn't simultaneously a global threat and too dumb to wipe its nose.

Then there's the matter of offering it to all these news agencies. What a waste: they should have offered it to the CIA, which will pay a mint for anything...even if it is two or three years old and worthless. Because here's the thing: it's intelligence. Even outdated, it could serve as a foundation which would give an intelligence agency enormous insights into a deadly enemy. But no: no intelligence agencies appear to have been offered a play; only news agencies.

And even the news agencies weren't dumb enough to buy it, most of them. Probably because they were concerned about that "material support" label.

Which was probably what it was all about. Taken in all, it looks like it was (a) propaganda and (b) the sellers were trying to sell it to news agencies, I bet to get them labeled as supporting terrorism. Who do we know who would do a thing like that? Oh, right. Intelligence agencies--and not ISIS intelligence, either.


@Skeptical
That's some nice propaganda by itself: CIA decided to start us on a war with Turkey? Of course they have: Turkey was the one that just shut off the oil flowing from Iraq, weren't they? Time to ramp up a war to drive those "rogue" Turkish devils back in line. (You're behind...they turned the oil back on yesterday.)

But, shades of the Iraq war, they just had the nerve to violate the First Amendment. Civil rights violations...that'll justify a war. We must save the Turkish citizenry from the rogue Turkish leaders, by blowing up all the citizenry.

Sorry, no sale.


MIA Paper PlanesMarch 13, 2016 8:03 PM

@Skeptical

Apologies if I absconded with someone else's moniker. System allowed it, but no I am not the droid you are looking for. ;)


;-)

Would the moderator be surprised to discover you use the same IP.


Thank you, "Skeptical", for confirming my confirmation bias by burning a private passphrase...........

Dirk?

That was the real "Skeptical".


SkepticalMarch 13, 2016 9:27 PM


@Skeptical: I do not lay any claim to the pseudonym. I used it once in a few comments when I was being genuinely skeptical of certain claims, and thereafter have (largely) used it for consistency. Not always though - the little story of the Courier International Association above is my comment, for example. And you're not the first to have used the same pseudonym as me.

Obviously Turkey's relationship with the various factions of the Kurds is complicated.

Although I, along with many others, believe that the Kurds someday will, as they have well earned and richly deserve to, achieve a fully independent state of their own, the internal political situation in Turkey, the complicated dynamics that extend through the Kurdish question to tensions with the Assad Regime, Iran, Russia, etc., make me very hesitant to form any firm opinions on the subject. Erdogan's personal motivations for power should not be dismissed; but neither can Turkey's security concerns as to the potential of a more widespread and intense insurgency within its own borders, the degree to which the chaos in Syria and Iraq must be managed in its interests, and the larger conflict that continues to run via proxy between the Sunni and Shia states.

As to the foment of unrest in the Middle East, you must first explain to me when there was no unrest.

tyrMarch 14, 2016 8:47 PM


@Skeptical

"As to the foment of unrest in the Middle East, you must first explain to me when there was no unrest. "

After the passage of Al Midras Allah.

The Scourge of God better known to the west as
Ghenghis Khan.

AJWMMarch 16, 2016 5:07 PM

@Lawrence D’Oliveiro

Isn't a "memory stick" what interrogators beat someone with until they remember their passcode?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.