#OpISIS 3

24 min readMar 18, 2022

In #OpISIS Part 2, we covered “Operation NO2ISIS” and #OpIceISIS, the first two cyber operations that Anonymous launched against ISIS in mid- to late 2014. Keeping in mind that information has been lost over the years due to deleted tweets and Twitter accounts, it appears that these two campaigns were initiated by the Twitter account, @TheAnonMessage.

Part 2 also discussed Buzzfeed’s recent articles about the Whitmer kidnapping case and Exeintel, a private intelligence firm founded by FBI agent, Jayson Chambers. Questions remain about whether or not Chambers was funneling sensitive case information (or, how much) to a far-right, “I like to wear Nazi masks,” ISIS-fighting, online troll who calls herself “ravagiing” and “SheliJ” (among a host of other names and online handles she uses) and claims to be the CEO of Exeintel.

Aside from an FBI agent sharing confidential information from the bureau with @SheliJ to boost his private security company’s profile, Buzzfeed also reported that Chambers was lurking around the #OpISIS/“ISIS slaying” scene as early as 2015.

In Part 2, it was noted that @AnonScandinavia, a longtime associate of Beth Bogaerts — a notorious defamation/disinfo social engineer who has repeatedly tried to string journalists up for crimes they didn’t commit and astroturfs her face online to legitimize her campaigns using the old adage “sex sells” — is also a longtime associate of SheliJ’s.

@AnonScandinavia admitted that they were a member of SheliJ’s online group and on the very day that Agent Chambers filed corporate documents for Exeintel, LLC in 2019, @AnonScandinavia publicly confirmed on Twitter that she was still a friend. While encouraging everyone to follow Tracy Beanz (a virtually unknown Youtuber at the time), and running their 2017 Vault 7 and “Warren Flood”/Cicada 3301 LARPs, not only did @AnonScandinavia deliberately hide their relationship with Bogaerts for years, they kept it a secret from WikiLeaks activists that they were part of a fed-infested, ISIS-slaying, Nazi group.

@AnonScandinavia also made at least one public comment diminishing the seriousness of hacktivists/activists working with U.S. intelligence agencies — a red flag that we all ignored — this, while simultaneously presenting himself/herself/themselves to activists as having a close relationship with Julian Assange and actively working to secure his freedom.

Prior to shutting down their 5-year old Twitter account directly after I started publishing The Rabbit Files, @AnonScandinavia followed numerous Twitter accounts that are managed by people and/or companies who are directly funded by and/or working with the U.S government, including the Pentagon and Department of Justice.

For example, they followed Rita Katz, the founder and CEO of Site Intelligence Group, a private security firm that specializes in tracking online terrorism i.e. ISIS. They have received over $2.5 million in funding from the U.S. government and the company still maintains open contracts with the U.S., the last one granted only a few months ago.

In addition, Blackwater (while still in existence as “Blackwater”) “hailed” SITE Intelligence Group as “an invaluable resource.”

@AnonScandinavia also boasted about being in communication with Ghost Security Group, a private security firm that was founded by members of Anonymous who were deeply involved with #OpISIS. In 2015, they left the collective and founded Ghost security Group in order to work directly with governments and intelligence agencies in a legitimate capacity.

So yes, @AnonScandinavia was knee deep in #OpISIS and teamed up with SheliJ via her Nazi ISIS slaying group that may have been working with federal agents like Jayson Chambers as early as 2015, if not earlier. But before there was #OpISIS, there was #OpIsrael, a precursor to what I’ve always said was a fed-ridden operation to go after online jihadists.

Background Information You Should familiarize Yourself With: #OpIsrael

Z Company Hacking Crew (ZHC) and “TriCk”

According to the Combating Terrorism Center at West Point, the Z Company Hacking Crew (ZHC) was established as an offshoot of “TeaMPoisoN,” another hacking group founded by Junaid Hussain (a.k.a. TriCk), a British citizen turned ISIS member and the first known hacker to be assassinated with a U.S. drone strike.

Hussain reportedly became radicalized after a 6-month prison stint and according to author and anthropologist, Gabriella Coleman, “The Trick story is such a fascinating one and important one to tell, especially the jail experience. It changes you.”

After his release, Hussain left Britain and traveled to Syria where he married Sally-Anne Jones, a former punk musician who converted to Islam. He also joined ISIS and allegedly became the “Islamic State’s chief terror cybercoach” and head of the “Islamic State Hacking Division.” According to “former senior U.S. and U.K. security officials”:

It was Hussain’s recruitment efforts, propaganda dissemination, attack plotting and inciting, and sensitive information leaking that made him a high-value target for coalition forces. According to media reports, his name appeared as number three on the Pentagon’s target list.

Notice how they don’t even mention hacking because apparently the U.S. government was more terrified of ISIS’ PR guy and publisher of leaks than the actual hackers. Hussain was brutally assassinated on August 24, 2015, by a U.S. Hellfire missile.

Two years later, his wife was also killed by a U.S drone strike alongside her 12-year-old son.

As for THC, over the years the group earned itself a reputation for high-profile hacks and webpage defacements, some in collaboration with Team Poison including hacking Tony Blair’s assistant (this is what landed Hussain in prison for 6 months), and Facebook pages managed by organizations such as the English Defense League:

In a four-year span, Team Poison also claimed to have hacked Mark Zuckerberg’s Facebook page, named and shamed members of the far-right English Defense League, and leaked the address book of Tony Blair’s personal assistant. It hacked NATO, the British Ministry of Defense, and other government targets. Most famously, Team Poison claimed to have flooded the British spy agency MI6’s terrorism hotline with prank calls, releasing a recording of an agent telling them she’d report them to the F.B.I. — the spy agency equivalent of ‘wait till your father gets home’ — that would have mortified 007.

On a lighter note, if you remember when the Megan Fox fan site was defaced with an anti-NATO protest message, that was ZHC.

“Mauritania Attacker,” an Islamic hacker from Africa, claims that he was a member of Team Poison before joining the Z Company Hacking Crew. After leaving ZHC, he went on to start a new hacking group called “Mauritania Hacker Team.”

Mauritania Attacker and the Mauritania Hacking Group

According to an article published by Reuters in 2013, Mauritania Attacker, the leader and founder of the pro-Islamic group, Mauritania Hacking Group, represented “a new generation of Western-style Islamists who promote religious conversation and traditional value, and oppose those they see as backing Zionism and Western hegemony.”

The desert country of Mauritania from which the hacker and his online handle allegedly hailed from is a former French colony and the last country in the world to abolish slavery. It’s also known for its strict Islamic law i.e., homosexuality is punishable with death by stoning.

According to the Reuters article, Mauritian Attacker and his team members were not extremists and were fighting for Islam “using peaceful means.”

Mauritanian Attacker aims to promote ‘correct Islam’ by striking at servers hosted by countries they see as hostile to sharia law. ‘There is no Islam without sharia,’ he said

In 2012, the group appeared out of nowhere but they quickly made a name for themselves by (allegedly) committing high-profile cyber attacks which included hacking the Bank of Israel’s website and leaking “tons of credit card details.” However, Reuters reported that security sources in Nouakchott, the capital of Mauritania where Mauritania Attacker allegedly resides, were not aware of the groups’ activities.

For what it’s worth, I should also mention that in early 2012, Hackread.com reported that the Mauritian Hacking Team was actually a part of the Z Company Hacking Crew (ZHC), not a separate group. It’s unknown (to me) if that’s true or not.

Teamr00t

After creating the Mauritania Hacking Team, the Mauritania Attacker went on to form another hacking group called “Teamr00t.” However, according to one interview, he had “some little problems with Teamr00t” so he shut it down.

Indeed, the pro-Palestinian, anti-Israel hacking group didn’t seem to last that long. Their Twitter account @Teamr00t was created in June 2012, and it appears that the last tweet they posted was on December 16, 2012, a mere six months later.

Anonghost

After Teamr00t disbanded, Mauritania Attacker put together a crew called “Anonghost,” another pro-Palestinian, anti-Israel hacking group that included former members of Teamr00t. In an interview with meethackers.in, Mauritania Attacker stated (consider [sic] to be included in a lot of of what they say):

i started AnonGhost Team, after closing my previous team Teamr00t.
i had the idea like this, because, i saw Anonymous idea spreading everywhere, but i decided to create a strong and crazy team like AnonGhost, so an Anon who is Ghost.

When asked why he closed Teamr00t, he said, “because i had a problem with an old member of ZHC. who was like a bro to me.” Then they discussed how he onboarded U.S. and U.K. intelligence agents to his team because this is completely normal stuff and doesn’t sound at all like someone trying to cover their arse for having feds on their team:

As for his thoughts on the Illuminati, Mauritania Attacker said that the “Illuminati are hidden group of persons, who use black Israeli magic’s, and use material to control people, and brainwash them,” so that happened.

Research Problems

The entire Anonghost/#OpIsrael timeline has been fairly difficult, if not downright confusing at times, to research. Unfortunately, it doesn’t appear that any historians have detailed the story in its entirety although there were a few online sources and one book I found that contained some surprisingly detailed facts about events from this time period.

I have concluded that after the infamous 2011 leaks from Anonymous and the arrests that followed, including Jeremy Hammond and Barrett Brown, there has been scant interest in documenting, in any sort of historical, long-form medium, what Anonymous, as well as affiliated hacking groups that were involved in the same operations, have been up to. That is, until Aubrey Cottle returned to the scene in 2020, but that’s a whole ‘nother ball of wax.

As for the confusion surrounding Anonghost, let me give you an example. One of the first times that “Anonghost” was mentioned on Twitter was on February 9, 2012, in regards to software literally called “Anon.Ghost.” I have no idea if there’s any relationship with the hacking group.

2011: The Tunisian Revolution, Arab Spring, #OpIsrael and Sabu

According to Erik Skare’s book, “Digital Jihad: Palestinian Resistance in the Digital Era,” one of the few sources I found that tracked #OpIsrael and Palestinian counteraction via cyber warfare in any sort of detail, the ferocity of Arab hacktivists and the targeting of Israeli websites drastically increased after the Arab Spring.

The anti-government, pro-democracy protests were sparked by the Tunisian Revolution in December 2010, a 28-day uprising that members of Anonymous took part in via #OpTunisia. Despite the fact that intense civil and political unrest throughout the small, North African country only lasted a month, protestors were able to successfully oust the Tunisian president, and the revolutionary spirit spread like wildfire into other countries like Libya, Egypt, Yemen, Syria, and Bahrain.

As these countries roiled in turmoil, #OpIsrael slowly took shape and the following is an attempt to put this operation’s gradual development in context with both the hacktivist/WikiLeaks scene I reported on in the previous article and the Arab Spring. For example, when protests erupted in Libya and Egypt in January 2011, the U.K. police arrested five people in connection with “Operation Payback,” an Anonymous operation that targeted “companies and institutions considered hostile to WikiLeaks,” such as PayPal.

In early February, unrest in Cairo’s Tahrir Square turned violent as the battle for control between President Mubarak’s supporters and protestors escalated. Meanwhile, the hashtag #OpIsrael was posted on Twitter for the first time by Simplon.co founder, Frédéric Bardeau (@fbardeau), who claimed that “Could we launch #Opisrael?” was heard in an “anon” Internet Relay Chat (IRC).

The Summer of 2011

On the evening of June 7th, LulzSec’s “50 days of Lulz” came to a halt when Sabu was arrested by the feds at his New York home. After the feds turned him the following day they set him loose on the internet for the next nine months.

Almost immediately after his arrest, Sabu created a new group called #AntiSec and then he handed out foreign targets like candy to unsuspecting hackers like Jeremy Hammond — the hacked data of which was deposited directly onto FBI servers.

Less than two weeks after Sabu got busted, a Facebook page called Mauritian Hackers Society a.k.a. “MauriHackers” was created, however, it’s unknown if it’s linked to the Mauritian Attacker. The Facebook page is still available and the bio reads:

Maurihackers has been online since November 2011. The objective of the website is to provide a platform to connect IT Security Professionals and amateurs to further communicate on important issues relating to vulnerability discovered, security patches available and much more. Maurihackers also provide news related to Cyber security, Information Security & Hacking.

The page is tied to the website, Maurihackers.info, which was created approximately five months later. If, indeed, the account is related to the Mauritian Attacker — the alleged founder of a hacking group called AnonGhost that became infamous for defacing websites during #OpIsrael — it’s fairly comical that their website includes a warning that it’s a crime to upload or change any information on their site. It’s not like there’s a disclaimer, “Hey Israel, we’re not associated with the Mauritian Attacker so please don’t deface us,” so yeah. Odd.

On July 19th, sixteen individuals were arrested in the United States for their alleged role in the PayPal 14 case and as we know now, again, thanks to Barrett Brown, two years later neo-Nazi, Andrew Auernheimer (a.k.a. Weev), contacted one of the defendants in an effort to silence/suppress anti-Pierre Omidyar sentiments over The Intercept’s monetization of Snowden documents and the 2010 financial blockade against WikiLeaks.

In chat messages posted by Brown, Auernheimer clearly tried to sell himself as an intermediary between the defendants and Peter Thiel in order to accomplish that.

There’s a lot more to the Thiel story, some of which I reported on previously in The Gatekeeper Files, and in the context of that report about the rise of the alt-right and these newly released chats, again, it’s important to note that Thiel never went away. Quite the contrary. And if anyone is familiar with the Hulk Hogan/Gawker story, you know how revengeful Thiel is.

In August 2011, there was an increase in the use of #OpIsrael. One account with the handle @YasirTineh repeatedly used it in tweets asking WikiLeaks if they were being pressured to suppress Israeli documents and demanding that Anonymous “man up” and start #OpIsrael.

The account kept tagging #LulzSec in most of their tweets which is funny but not funny due to the fact that at this point the leader of LulzSec/AntiSec had turned informant two months prior.

September 2011 — December 31, 2011

As protests continued throughout the Middle East, on September 25, 2011, a mass grave containing 1,270 bodies was uncovered in Tripoli. Months earlier, President Obama confirmed that he was exploring “military options” in Libya during a bilateral meeting with the Prime Minister of Australia:

I want to send a very clear message to those who are around Colonel Qaddafi: It is their choice to make how they operate moving forward, and they will be held accountable for whatever violence continues to take place there…we’ve got NATO, as we speak, consulting in Brussels around a wide range of potential options, including potential military options, in response to the violence that continues to take place inside of Libya..

Approximately two weeks later, a NATO-led coalition fired more than 110 missiles into Tripoli and Misrata, and in April they launched two guided missiles into Gaddafi’s resident. Not surprisingly, Gaddafi publicly accused NATO of trying to kill him, which they obviously were.

On October 20th, then-Secretary of State Hillary Clinton’s well-thought-out plan came to fruition. Gaddafi was found in a drainage pipe outside of his hometown, Sirte, and killed by Western-backed rebels.

Even Obama admitted that “the biggest mistake of his presidency was the lack of planning for the aftermath of Muammar Gaddafi’s outster in Libya that left the country spiraling into chaos and coming under threat from violent extremists.” The country literally now trafficks in open market slavery.

Approximately two weeks after Obama made the “biggest mistake” of his career, an anti-Israel video was dropped by an alleged member of Anonymous (that some accounts later accused of being CIA) in response to Israel’s imposed blockade of the Gaza Strip and the “Freedom Waves to Gaza” flotilla, the latter of which was intercepted and boarded by the Israeli navy. The hashtag #OpIsrael was not included with the video.

In fact, Twitter Advanced Search shows that the hashtag was last used on November 7, 2011, and didn’t make another appearance until January 9, 2012 — again, taking into account that tweets, hashtags, and Twitter accounts have been deleted over the years. In totality, the hashtag was used approximately 39 times throughout 2011, which is highly insignificant in the big scheme of social media. Five Twitter handles account for the majority of times it was used:

2x by @Opisrael

4x by @WisdomsGrave

5x by @YUNUS9910

6x by @SylenceRose

7x by @YasirTineh

In November 9, 2011, the website “maurihackers.info” was also created — the same website mentioned earlier that includes a warning for anyone thinking about defacing their page. Again, it is unknown if the individual(s) behind this website or its connected Facebook page were linked to Mauritian Attacker.

The year ended with #AntiSec hacking Stratfor, the files of which were leaked to and published by WikiLeaks. Jeremy Hammond, other members of LulzSec/AntiSec, and Barrett Brown were eventually arrested, prosecuted, an imprisoned in connection with the FBI-led operation. From a previous article I wrote:

After the FBI essentially orchestrated the Stratfor hack through their informant Hector Xavier Monsegur (“Sabu”) and hackers breached, pilfered, and wiped the company’s servers clean, alleged AntiSec member Jeremy Hammond not only continued hacking systems for months, he unwittingly spied on other countries on the behalf of the U.S. government. According to the Daily Dot, Hammond breached (or attempted to) databases containing the ‘login credentials, financial details, and private emails of foreign citizens’ in over thirty different countries and every mark he hit was handed to him by Sabu…
The un-redacted list and chat logs later released both show that Sabu encouraged Hammond and others to attack the Governor of Puerto Rico, the Internal Affairs Division of the Military Police of Brazil, the Official Website of the Crown Prince of Kuwait, the Tax Department of Turkey, and the Iranian Academic Center for Education and Cultural Research. Other foreign targets included Syria, Colombia, Nigeria, Pakistan, Iraq and U.S. allies Australia and the U.K.

“What the United States could not accomplish legally, it used Sabu, and by extension, me and my co-defendants, to accomplish illegally,” wrote Hammond in August, 2013.”

#OpISIS Part 1

#OpISIS Part 2

Timeline

2008

September 4, 2018

The company where SheliJ worked as a model, Pain vs. Guilt LLC, is founded

2010

January 1, 2010

The Jester begins his campaign against Jihadist websites
@SheliJ eventually tweets about how Jester was her “man, myth, legend” and “constant”

November 2010

The Jester claims responsibility for the attacks on WikiLeaks’ website

December 2010

The Tunisian Revolution begins
In retaliation to Jester’s actions as well as financial institutions for blocking donations to WikiLeaks, hacktivists disrupt the websites of MasterCard, Amazon, and Paypal a.k.a. #OpPayback — this will later be known as the PayPal 14 case in the U.S.

2011

January 2011

Barrett Brown connects with Anonymous via the Tunisian Revolution
Anonymous disrupts government websites during the revolution while associates like Brown provided resources to Tunisian nationals and exiles via Anonymous IRC channels
The spirit of the Tunisian Revolution spreads to other countries
At least four individuals in the U.K. are arrested in connection with #OpPayback

February 2011

February 2–3, 2011

Supporters of the Egyptian president stage a bloody battle in Tahrir Square; President Mubarak resigns eight days later

February 3, 2011

The hashtag #OpIsrael is used for the first time on Twitter in reference to the hashtag allegedly being overheard in an anon IRC

February 4, 2011

Then CEO of HBGary Federal, Aaron Barr, boasts to Financial Times that he spied on and infiltrated Anonymous
Anonymous responds by hacking HBGary emails which contain, among other shady things, a presentation created by Palantir and HBGary on how to take down WikiLeaks
Barrett Brown later clarifies that Barr was also spying on Tunisian nationals and exiles, something that was hinted at in the Financial Times article

February 13–18, 2011

The hashtag #OpIsrael IS USED by two others accounts (besides Feb. 3 guy) shows up in connection with Anonymous (including @AnonymousFrance)
https://archive.ph/aRv2m

February 14, 2011

The “Day of Rage” protest takes place in Bahrain, an estimated 6K people participate in demonstration

February 20, 2011

– The death toll in Libya due to protests that started in January passes 230

March 2011

March 9, 2011

The Tunisian court rules the party of former President Ben Ali is dissolved

March 14, 2011

Saudi Arabia deploys troops and armoured vehicles into Bahrain to help quell the unrest

March 15, 2011

Bahrain declares martial law; major unrest erupts in Syria after a teenage boy and his friends are arrested for graffiti denouncing President Assad

April 2011

April 7, 2011

On April 7th, a few Twitter accounts start tweeting that it’s “Time for #OpIsrael and “All Israeli and pro-#Israel websies and entities are legit targets”

April 9, 2011

Anti-government demonstrations spread across Syria; 22 are killed in Deraa

April 15, 2011

Barrack Obama commits to military action against Libya’s Gaddafi

April 25, 2011

Two air raids in three days hit Gaddaff’s premises in Tripoli, he accuses NATO of trying to kill him

April 28, 2011

– Crackdown on protests by the Syrian government leaves 500 dead

May 2011

May 2, 2011

The first @OpIsrael Twitter account is created

May 3, 2011

LulzSec creates the Twitter account @LulzLeaks and announces “There is much to do — prepare yourselves”; the group, which was loosely affiliated with Anonymous, then goes on a 50-day hacking spree

June 2011

June 4, 2011

Syrian security forces kill at least 100 protestors in two days

June 7, 2011

Lulzsec and Sabu target the FBI-affiliated company, Infragard
Sabu gets busted, turns snitch and starts AntiSec; hacks continue

June 22, 2011

LulzSec creates a new Twitter account, @LulzSec

July 2011

July 5, 2011

A facebook page called “Mauritian Hackers Society” which will later be linked to the Maurihackers.info website is created

July 19, 2011

Major arrests in the PayPal 14 case go down in the U.S.

August 2011

August 1, 2011

The Egyptian army brings in tanks and violently retakes Tahrir Square
During the month of August, multiple twitter users like @YasirTeneh and @brit_newsman collectively direct a number of tweets about leaking Israeli documents and/or “opisrael” towards LulzSec, WikiLeaks and Anonymous

September 2011

September 25, 2011

A mass grave containing 1270 bodies is found in Tripoli

October 2011

October 20, 2011

Gaddafi is found and killed resulting in the country spiraling into chaos, violence, and open-market slavery

November 2011

On around November 6, 2011

Anonymous takes down sites of the Israeli government in protest against blockage of Gaza #AntiSec used as hashtag again Sabu had turned informant at this point

November 7, 2011

The last time the hashtag #OpIsrael is used in 2011; it won’t be seen again until January 9, 2012

November 9, 2011

The maurihackers.info website is created

November 13, 2011

After wide ranging protests against the governing military government in Egypt, the interim government bows to growing pressure as violences leaves 33 dead and more than 2,000 injured

November 29, 2011

Egyptians vote in record numbers in the country’s first free ballot for more than 80 years

December 2011

A new government is sworn in by Egyptian Kamal Ganzouri who was appointed prime minister by the military rulers
The Stratfor hack takes place and emails are later sent to WikiLeaks; FBI informant continued giving Jeremy Hammond targets after this and which led to Jeremy Hammond and Barrett Brown’s incarceration