World

ISIS Twitter Accounts Traced Back to UK Government by Hackers

The UK government sold IP addresses to an extremist group who used them to disseminate hate speech and potentially promote terrorism.

CHIANGMAI, THAILAND - FEBRUARY 15, 2015: Photo of Google serch engine for " ISIS " on a apple ipad screen.
Photo Credit: GongTo / Shutterstock.com

A group of online computer experts has traced a number of ISIS-run social media accounts back to a government office in Westminster. Specifically, the Department of Work and Pensions, run by Iain Duncan Smith.

As The Mirror reports:

Every computer and mobile phone logs onto the internet using an IP address, which is a type of identification number.

The hacking collective showed Mirror Online details of the IP addresses used by a trio of separate digital jihadis to access Twitter accounts, which were then used to carry out online recruitment and propaganda campaigns.

At first glance, the IP addresses seem to be based in Saudi Arabia, but upon further inspection using specialist tools they appeared to link back to the DWP.

So, has the DWP been engaging in a little jihad after hours? The hackers believed so, saying:

Don’t you think that’s strange?

We traced these accounts back to London, the home of the British intelligence services.

It is indeed strange. However, this appears to be more cock-up than conspiracy. The DWP claims they actually sold a swathe of IP addresses to Saudi Arabia in an unannounced deal that completed in October of this year. That is, the UK government sold IP addresses to an extremist group who used them to disseminate hate speech and potentially promote terrorism.

Despite the astronomic proportions of this cock-up, a Cabinet spokesman remarked:

The government owns millions of unused IP addresses which we are selling to get a good return for hardworking taxpayers.

We have sold a number of these addresses to telecoms companies both in the UK and internationally to allow their customers to connect to the internet.

We think carefully about which companies we sell addresses to, but how their customers use this internet connection is beyond our control.

The government appears remarkably nonchalant about the affair, especially considering the laws Theresa May is currently proposing to clamp down on the very internet use enabled by her own government.

May has fast-tracked her 300-page Investigatory Powers Bill, allowing only a few weeks of scrutiny before it goes to the vote in parliament after Christmas. The Bill is designed to make legal every violation of privacy exposed by Edward Snowden and Wikileaks in recent years.

  • Internet and phone companies will be compelled to store your data for 12 months and provide it to police, security services or government agencies on request
  • The current panel of three oversight commissioners will be replaced with a single judge.
  • Internet and phone companies will be compelled to maintain “permanent capabilities” to intercept and collect the personal data passing over their networks.

The Bill makes it explicitly legal for the UK government to engage in the mass collection and surveillance of civilian data, and to force the compliance of internet and telecommunications companies in that surveillance, for the first time in our history. If passed, all of our personal and private communications cease to be protected from scrutiny by this or any future government.

May last attempted to pass a slimmer version of her ‘Snooper’s Charter’ in 2012. Back then, the Bill was granted five months of scrutiny, and was defeated when May failed to convince her fellow MPs that appropriate technical, ethical and legal safeguards were in place. Rather than resolving these issues, Theresa May leveraged the fear surrounding the Paris terror attacks to attempt to force through this even wider-reaching Bill.

Liberal Democrat Peer Lord Strasburger, a member of the panel which will review the Bill took to Twitter to share his outrage at the government’s decision.

The privacy group Don’t Spy On Us said in a blog post:

This runs counter to previous statements by the home secretary Theresa May who in her statement to the House told MPs the bill would ‘receive careful parliamentary scrutiny’.

The last major piece of legislation to extend surveillance in the UK, the draft Communications Data Bill, was given five months of parliamentary scrutiny before parliamentarians decided the powers were too sweeping and went too far.

The draft Investigatory Powers Bill is vastly more comprehensive than the Communications Data Bill, yet it may be subjected to as few as three expert hearings before parliament breaks for Christmas.

We already know this Bill will not make us any safer. In fact, it will likely make us less safe from non-state terrorists and open us all up to potential abuses of power by the state.

It makes us more vulnerable to non-state terrorist attacks by creating a flood of data which becomes impenetrable by security services. Whether it’s Charlie Hebdo, the Woolwich killing of Lee Rigby, the Boston bombing, the Sydney siege or the Friday 13 terror attacks on Paris – the assailants were already known to security services. These attacks did not happen because the state lacked the powers to identify them as a threat.  They happened because they were a needle-sized threat in a haystack of data – and no one knew where to prioritise resources.

This situation only gets worse when the data of literally millions of regular citizens simply going about their lives is added.

What is far more likely, is that these powers will be used to enforce non-terror-related laws against the civilian population. We have already seen this happen with the Bill’s predecessor, the Regulation of Investigatory Powers Act.

The Regulation of Investigatory Powers Act 2000 allowed the government full surveillance powers over all kinds of communications. These powers have been extensively overused by police, councils and other enforcement agencies. It has rightly been deemed as a ‘snooper’s charter’.  The current rate is 30 warrants being issued a week. In the 15 months from July 2005 to October 2006, 2407 warrants were issued.  Some of the most egregious cases of misuse include: a council in Dorset putting three children and their parents under surveillance to check they were in the catchment area for the school they had applied to. The council has directly surveilled the family 21 times; other councils have launched undercover operations on dog fouling and fly tipping.

We have also seen how the government re-purposed Injunctions to Prevent Nuisance and Annoyance. In 2012, Beth Tichbourne, a teacher of disabled children called out “You have blood on your hands!” as David Cameron turned on the Christmas lights in Witney. She was convicted of “using threatening words or behaviour to cause harassment, alarm or distress” and ordered her to pay a £225 fine, a victim surcharge of £22 and to make a contribution of £500 towards court costs.

More recently, the Crown Prosecution Service (CPS) attempted to widen the purpose of ‘joint enterprise’ (charging someone for a crime committed by someone else – intended for use against gang members and drug dealers) to include anyone on a protest where a crime was committed.  The CPS charged Dr Lisa McKenzie with criminal damage after a fellow protester allegedly placed a sticker on the window of luxury flats which had installed ‘poor doors’. As the Forward Intelligence Team had already profiled LSE research fellow Dr McKenzie under protest surveillance laws, they used that data to identify her and attempt to try her under ‘joint enterprise.’ Thankfully, the case was thrown out by the judge.

So what we have here is ever-increasing overreach by the government; a government who continually erode our civil liberties and right to privacy in the name of security, while applying such minimal measures to their own practices that they sold their own IP addresses to ISIS.

Don't let big tech control what news you see. Get more stories like this in your inbox, every day.