Abdullah Bozkurt / Stockholm
A Turkish hacker group apparently aligned with pro–al-Qaeda Turkish radical organization the Islamic Great East Raiders Front (IBDA-C), a network long empowered and tolerated by the government of President Recep Tayyip Erdogan, has demonstrated its growing capability by breaching airport systems across North America.
In coordinated incidents last week, hackers infiltrated public-address and display systems at several airports in the United States and Canada, broadcasting pro-Hamas and anti-Western propaganda that carried the signature of a cyber collective known as Siberislam, or Mutarrif. The attacks briefly disrupted operations but underscored a worrying expansion of ideologically driven Turkish cyber-activism into Western civilian infrastructure.
The@siberislam account, operating under the alias Seriyyetü’l-Kassam (al-Qassam Brigade) in reference to Hamas’s military wing the Izz ad-Din al-Qassam Brigades, was created on X in April 2025 and almost immediately began spreading militant propaganda steeped in IBDA-C’s ideological lexicon. The account’s activity mirrored the group’s longstanding hostility toward Israel, the United States and Western institutions while glorifying martyrdom and jihad.
Its emergence was publicly promoted by Turkish jihadist figure Harun Şimşak, head of the İstanbul Youth Branch of the Büyük Doğu Akıncıları Fikir Sanat ve Dayanışma Derneği (Great Eastern Raiders Association for Thought, Art and Solidarity, BDA), an organization that serves as the legal and ideological continuation of IBDA-C. Şimşak, who has been described as leading an armed faction under the youth wing, celebrated the launch of the Siberislam initiative as a new front for the movement’s digital warfare.
Following the cyberattacks on airport systems in the US and Canada, Şimşak revealed on his X profile that the operation had been carried out by Turkish hacker Mütarrif, also referred to as Siber Akıncı (Cyber Raider), and congratulated him publicly for the operation.
In his post Şimşak referred to Mütarrif as a “brother” and praised him for striking a blow against the enemies of Islam, framing the attacks as a continuation of IBDA-C’s campaign against the West. His message was widely shared across pro-Islamist Turkish circles online, amplifying both the hacker’s reputation and the ideological justification behind the incident.
Siber Islam also claimed the responsibility for the airport attacks both through the messages read out loud on airport PA systems as well on its account on the X social media platform.
The scope of the cyber intrusions expanded when Harrisburg International Airport in Pennsylvania became the latest facility compromised. On October 15 the group gained access to the airport’s public-address system and played a pre-recorded message that included a computer-generated voice reading a list of hackers claiming responsibility for the breach before shouting, “F**k Netanyahu and Trump.”
Security experts later confirmed that the incident could have caused chaos if the hackers had chosen a different message such as a bomb threat or evacuation orders.
Similar incidents occurred at Kelowna, Windsor and Victoria airports in Canada, where hackers breached digital display and announcement systems through a compromised third-party cloud software provider. In both cases, pro-Hamas and anti-Israel messages were broadcast publicly, accompanied by militant anthems. Although no flight-safety systems were compromised, the events forced brief suspensions of airport communications and triggered parallel investigations by police and aviation authorities.
The hacking of the airport systems was hailed by Turkish media outlets controlled by the Erdogan government, which celebrated the operation as a symbolic victory for Palestine. The pro-government A Haber news station, part of the Turkuvaz media network, owned by President Erdogan’s family, reported the attack with the headline “Bir grup hacker Filistin’in sesi oldu” (A group of hackers became the voice of Palestine).
Similarly, pro-government Islamist dailies such as Milat and Yeni Şafak covered the story under the headline “Türk hacker ABD’de havalimanlarında Ebu Ubeyde’nin sesini dinletti” (Turkish hacker played Abu Ubayda’s voice at US airports).
Abu Ubayda, the masked spokesman of Hamas’s military wing, has become a poster boy in Islamist circles in Turkey, glorified as a hero since President Erdogan publicly described Hamas militants as fighters defending their territory and Turkish land. These coordinated media narratives underscored how state-aligned propaganda networks in Turkey framed the cyberattacks not as crimes but as acts of religious and national valor.
When US Secretary of Transportation Sean Duffy reacted to the incidents by posting on X that “this is absolutely unacceptable and understandably scared travelers” while vowing to get to the bottom of the hacking, the group responded directly to his message, taunting, “Are you ready for a second September 11?,” referring to deadly al-Qaeda suicide terrorist attacks in the US in 2001.
The @siberislam account was suspended on October 16, but its digital trail and prior activity, reviewed by Nordic Monitor, reveal a longer and more alarming operational history. Siberislam has previously claimed responsibility for multiple hacking operations targeting what it described as pro-Israel media outlets, Israeli businesses and government-linked institutions.
In one of its most widely publicized campaigns, the group claimed to have stolen the private data of more than 100,000 Israeli personnel, including employees of defense contractors and technology firms. It boasted about releasing the phone numbers of Israeli cabinet members and senior officials, encouraging supporters to flood those numbers with SMS messages as part of an intimidation and harassment campaign.
The tactic, reminiscent of psychological warfare techniques long employed by jihadist networks, was intended to signal reach and retaliation, demonstrating that ideological loyalty could be weaponized through mass digital participation rather than conventional terrorism.
On July 14, 2025, the group uploaded a video showing a masked man loading bullets into a handgun accompanied by the taunting message in Turkish, “Yurt dışındaki İsrailli insanlar kendilerini güvende mi sanıyor gerçekten?” (Do Israelis abroad really think they are safe?). The post marked a clear escalation in the group’s intimidation tactics and illustrated how its online propaganda increasingly merges cyber operations with direct threats of violence on the streets against Jews.
The BDA association, established as a civic façade for IBDA-C’s network, has maintained visible ties with the Erdogan government. Nordic Monitor’s investigations document how the organization’s executives have been welcomed at official state gatherings and presidential platforms.
On March 28, 2025, BDA President Mehmet Ali Bayram and advisory board member Atıf Bilir attended a special meeting of the Millî İrade Platformu (National Will Platform) — a pro-government umbrella organization chaired personally by President Erdogan at the presidential complex.
Photographs from that meeting show the BDA delegation participating alongside senior government officials and conservative NGOs loyal to the ruling party, a clear indication of the organization’s continuing acceptance in the corridors of power.
The emergence of Siberislam under the patronage of BDA figures illustrates how IBDA-C’s violent legacy has migrated into cyberspace with implicit political cover.
IBDA-C first appeared in the 1980s under the leadership of Salih İzzet Erdiş, better known by his assumed name Salih Mirzabeyoğlu.
The group was one of Turkey’s earliest radical Islamist movements to espouse armed struggle and a messianic vision of Islamic revolution inspired by poet and writer Necip Fazıl Kısakürek, whose ideas also influenced Erdogan’s own Islamist worldview.
Throughout the 1990s, IBDA-C carried out numerous bombings, assassinations and arson attacks targeting journalists, churches and secular institutions, prompting its designation as a terrorist organization by Turkey, the European Union and the United States.
Despite these designations, the Erdogan government gradually rehabilitated the organization and its affiliates. Mirzabeyoğlu, sentenced to life in prison for leading a terrorist group, was released in 2014 after a sustained campaign by pro-government activists, a release for which Erdogan personally phoned him to offer congratulations.
Following his release, the group was further emboldened, rallying behind Erdogan and even taking an active role during a staged coup attempt in 2016, helping to incite violence in the streets of Istanbul and Ankara. The coup, engineered to fail from the outset, provided Erdogan with the perfect pretext to launch mass purges across the state bureaucracy, targeting public servants and military officers deemed to be insufficiently loyal to his ideological line.
It also enabled him to consolidate power by transforming Turkey’s parliamentary system of governance into a presidential regime devoid of effective checks and balances and to justify a new wave of cross-border military interventions in Syria, Libya and the Caucasus.
IBDA-C members and sympathizers began resurfacing in civic associations and municipal offices aligned with the ruling Justice and Development Party (AKP). State-controlled media later portrayed Mirzabeyoğlu as an intellectual martyr rather than a convicted extremist, while Islamist circles under government patronage, including the BDA, continued to celebrate his legacy.
The association between BDA officials and Erdogan’s administration has not been incidental. Nordic Monitor has identified senior AKP figures such as Metin Külünk and Hamza Yerlikaya, both close confidants of Erdogan, as individuals investigated or linked to IBDA-C circles. Meanwhile, clerics like Ali Osman Zor, one of IBDA-C’s leading propagandists, have publicly called for attacks on NATO installations and Jews, rhetoric that continues to circulate widely across Telegram and social media platforms without censorship from Turkish authorities.
Against this backdrop, the October 2025 cyberattacks on North American airports appear to be the latest evolution of IBDA-C’s strategy of expanding its digital footprint on cyberspace. The hackers’ decision to target public address and information systems at the Kelowna, Victoria, Windsor and Harrisburg airports projecting anti-Israel messages and militant slogans under the name “Mutarrif Siberislam” reflects the group’s preference for spectacle, possibly designed to boost recruitment campaigns in Turkey and abroad.
The intrusions relied on simple but effective exploitation of unprotected digital infrastructure to project propaganda into civilian spaces. Despite the limited technical impact, the operation achieved what the movement prizes most: publicity in Turkey and abroad and broad ideological amplification.
The parallels between the Siberislam operation and IBDA-C’s historical methods are unmistakable. Both rely on spectacle, symbolism and moral absolutism. Both target public visibility rather than strategic depth. And both deploy a rhetoric of divine vengeance that merges political grievance with religious justification. In this sense the digital attacks are less an isolated incident than a natural continuation of IBDA-C’s ideological project, one that has survived decades of legal bans by embedding itself within state-sanctioned religious nationalism.
The group is openly active in Turkey, with the government continuing to embolden its jihadist sympathizers. No crackdown has been launched since President Erdogan personally intervened to secure the release of Mirzabeyoğlu. This transformation carries profound security implications for Turkey’s allies and partners.
Following mass purges of well over 100,000 government employees including top judges, prosecutors and police chiefs between 2016 and 2017, Turkey’s intelligence, judiciary and law enforcement agencies have ceased monitoring IBDA-C-linked structures, allowing offshoots like BDA and its youth networks to operate freely under the banner of patriotic and Islamist activism.
The creation and promotion of @siberislam by Şimşak, his public endorsement of the attacks and his praise of the hacker Mütarrif as a “brother” illustrate how this permissive environment has enabled radicalized factions to modernize their tactics without losing their ideological core.
Local TV station WGAL News 8 covered the hacking of the PA systems at Harrisburg International Airport in Pennsylvania:
A group that once bombed newspaper offices now penetrates airport software; the target and the method have changed, but the message that jihadist resistance serves a divine plan remains identical.
Western security agencies now face the challenge of treating such entities not merely as isolated hackers but as ideological actors whose digital aggression is sustained by a state-tolerated and, at times, state-sponsored ecosystem in Turkey. The cost of infiltrating airport PA systems may be negligible, but the propaganda value for IBDA-C’s successors is immense. Each successful intrusion reinforces a narrative of defiance, vindicating their self-image as cyber-mujahideen fighting Western powers.
As Nordic Monitor’s reporting has consistently shown, the Erdogan government’s decision to accommodate rather than confront Islamist extremists like IBDA-C has allowed their ideology to metastasize far beyond Turkey’s borders, into the cloud networks of airports, the screens of travelers and the digital frontlines of global jihad. The next time they launch a cyberattack may very well lead to catastrophic consequences if they continue to operate with total impunity under the protective shield of President Erdogan’s Islamist government in Turkey.
