On March 22, 2022, a user of the Islamic State (ISIS) operated Rocket.Chat server claimed that the Element server of prominent pro-ISIS media group Electronic Horizons Foundation (EHF) was hacked. EHF is known for periodically releases of with information security tips and warnings for ISIS supporters. The EHF server was hosted on the Germany-based platform Coffeespot.
A user of the ISIS-operated Rocket.Chat server posted the above screenshot
The user published two graphics alleging in English and Arabic that EHF was created by an operative "under the pretext" of protecting the information security of ISIS supporters, with the real purpose of collecting donations from Muslims to use for buying "cars and apartments" for himself. One graphic also claimed that the creator of group let his fiancé manage it, and that she has been using donated funds to launch her own private company.
The second graphic addressed ISIS supporters who use the server: "We were able to hack all the servers that have a lot of information of many of you." It claimed that the hacking became possible due to the fiancé's focus on embezzling the funds of supporters, which led her to neglect the security of the group's server. The graphic then claimed: "Most of you will be at a high risk and in a huge danger."
Photos allegedly showing the leader and his fiancé at a cafe were also included in the graphic, showing the two using "the name of [the Islamic State] for personal purposes, and here they are today enjoying and having fun with all the money they collected under the name of 'jihad.'"
It is not clear whether the information in the poster is true or whether the individuals shown in the poster have any connection to EHF.
Anti-ISIS Pro-Al-Qaeda Media Group Claims EHF Was Hacked By Disgruntled ISIS Supporters
On March 23, an anti-ISIS pro-Al-Qaeda channel published a Telegram post commenting on the hacking of the EHF server, claiming that the hackers' ability to gain access to the EHF server itself proves that they were able to discover the IP addresses of those who had visited the server. The anti-ISIS channel asserted that it is unlikely that whoever hacked EHF is affiliated with intelligence agencies, claiming that if they were, they would have arrested its leader rather than publicizing his personal information. The channel speculated that the hacker is an ISIS supporter, perhaps a former EHF media operative.
On March 24, an anti-ISIS channel on the Al-Qaeda-operated Rocket.Chat published a post related to the hacking of EHF's Element server. In the post, the channel published a screenshot of the group's server showing links for donations (on the right), pointing out they were removed after the allegations against the founder were published.
EHF Issues Statement Denying Accusations, Claiming They Were Fabricated By 'Mercenaries' Working For Intelligence Agencies
On March 22, EHF released an "important alert" stating that: "Some mercenaries are trying to hack the Electronic Horizons Foundation's accounts on the Element platform, as they spread some lies and false and misleading statements with the aim of defaming the foundation." The media group advised supporters to change their passwords for the EHF Element server and always use VPN and added that all official EHF statements can be found on its official website.
Notably, The EHF statement did not directly address any of the accusations made against the group or its alleged founder, nor did it state clearly whether or not the EHF server on Element has been hacked.
The full text of this report is available to MEMRI Jihad and Terrorism Threat Monitor subscribers.
Subscription information is available at this link.
JTTM subscribers can visit this page to view the report