On March 22, 2022, a user of the Rocket.Chat server operated by the Islamic State (ISIS) claimed that the Element server of the prominent pro-ISIS media group Electronic Horizons Foundation (EHF) was hacked. EHF is known for regularly publishing information security tips and warnings for ISIS supporters. The EHF server was hosted on the Germany-based platform Coffeespot.
A user of the IS-run Rocket.Chat server posted the screenshot above
The user posted two graphics claiming in English and Arabic that EHF was created by an agent “under the pretense” of protecting the information security of ISIS supporters, with the actual purpose of collecting donations from Muslims to use them for the Buying “cars and homes” to use himself. One graphic also claimed that the group’s creator had left management to his fiancée, and that she used donated funds to start her own private company.
The second graphic was aimed at IS supporters using the server: “We were able to hack all the servers that have a lot of information from many of you.” It was claimed that the hacking became possible because the fiancee focused on the Embezzlement of funds from supporters, causing her to neglect the security of the group’s server. The graphic then claimed, “Most of you will be at great risk and danger.”
Photos allegedly showing the leader and his fiancée at a coffee shop were also included in the graphic, showing the two with “the name of [the Islamic State] for personal purposes, and here they are enjoying and having fun today with all the money they have collected under the name ‘jihad’.”
It is not clear if the information on the poster is true or if the people depicted on the poster have any connection to the EHF.
Anti-ISIS pro-Al Qaeda media group claims EHF was hacked by angry ISIS supporters
On March 23, an anti-ISIS pro-Al Qaeda channel published a Telegram post commenting on the hacking of the EHF server and claiming that the hackers’ ability to gain access to the EHF server itself prove that they were able to discover the IP addresses of those who had visited the server. The anti-ISIS channel claimed that whoever hacked EHF was unlikely to be connected to intelligence agencies and claimed that if this had been the case, they would have arrested their leader instead of releasing his personal information . The broadcaster speculated that the hacker is an ISIS supporter, perhaps a former EHF media agent.
On March 24, an anti-ISIS channel on al-Qaeda-run Rocket.Chat published a post related to the hacking of the EHF’s Element server. In the post, the channel shared a screenshot of the group’s server with links for donations (right), noting that they were removed after the allegations against the founder were published.
EHF issues statement denying allegations they were fabricated by “mercenaries” working for intelligence agencies
On March 22, the EHF issued an “important warning” stating: “Some mercenaries are trying to hack the Electronic Horizons Foundation accounts on the Element platform as they are spreading some lies and false and misleading statements with the aim to defame the foundation.” The media group advised fans to change their passwords for the EHF Element server and always use VPN, adding that all official EHF statements can be found on their official website.
Notably, the EHF statement did not directly address the allegations made against the group or its alleged founder, nor did it clearly state whether or not the EHF server on Element was hacked.
The full text of this report is available to MEMRI Jihad and Terrorism Threat Monitor subscribers.
For subscription information, see this link.
JTTM subscribers can visit this page to view the report