In the wake of the Paris attacks, the vigilante hacker group Anonymous has declared war on so-called Islamic State using the internet and claims to have shut thousands of Twitter accounts used by IS operatives. But a much smaller online group has also emerged, with quite a different strategy - and they claim they've already thwarted at least one terror attack.
This group say they were fed up with what they saw as unsophisticated Anonymous tactics. Things came to a head after the Charlie Hebdo attack in January, and after that, the founding members of Ghost Security Group decided to make a clean break from Anonymous.
"They [Anonymous] don't have any counterterrorism experience whatsoever," said Ghost Security Group's executive director, who spoke to BBC Trending via phone, asking for anonymity to protect his safety. "We felt that not enough was being done and the Charlie Hebdo attack made it clear that ISIS was not confined to the Middle East."
Security agencies such as the US FBI have refused to comment on the group - and it's difficult to independently verify the claims they have made.
But the director of Ghost Security Group said volunteers live in the US, Europe, and the Middle East, and include linguists and "people familiar with intelligence gathering techniques."
Instead of trying to shut down accounts and attack jihadi websites with distributed denial of service (DDoS) attacks - basically flooding a website with traffic to take it offline - Ghost Security Group members operate more like spies than hackers. They monitor suspected IS Twitter accounts and infiltrate militant message boards to find information, which they say they then pass along to law enforcement.
"We would much prefer to stop attacks than shut down websites," the executive director said. "I don't think DDoS attacks do a huge amount of damage to Islamic State. Anonymous are hitting some extremist forums that have intelligence value, but we would like forums to stay online so we can see what people are saying and gather intelligence from them."
The group claims that it has already helped to thwart one attack in Tunisia by picking up on what they say was online jihadi chatter which indicated that militants would attack a specific location on the island of Djerba. The plot, Ghost Security says, was designed to be a follow up to the June beach massacre which killed 38 people, mostly British tourists. Reports indicate that Djerba did indeed appear on a list of IS targets in Tunisia in July. Like the other claims the groups have made, though, it's difficult to verify that they thwarted an attack.
Michael Smith, chief operating officer of security consultancy Kronos Advisory, works with the group and says they spotted tweets that were being sent back and forth between IS accounts. Although the tweets would sometimes only exist for minutes before being deleted, Ghost Security Group operatives were watching. The group sent Trending screen grabs of examples of the types of messages it found on now-deleted Twitter accounts:
"They are not just identifying channels [of communication], they have put together a list of accounts which are utilised by people with influence," Smith said. "These people have saved lives."
Smith told Trending he works with the group to funnel the information they gather to security services, and said they came to him after realising they needed a conduit to pass along information, and to alert authorities to their operations so that they themselves wouldn't be targeted for investigation, thus wasting time and resources.