As French police scoured Paris and surrounding areas in search of those responsible for Friday’s terrorist attacks on the French capital, a group of cyber activists took aim at the Islamic State’s online presence. The computer-hacker federation known as Anonymous claims to have disabled at least 5,500 pro-ISIS Twitter accounts and exposed thousands of the terror group’s supporters who use the social media site.

Anonymous announced its current campaign on November 14, the day after ISIS (the Islamic State in Iraq and Syria) claimed responsibility for murdering at least 129 people and injuring more than 300 in various locations throughout Paris. The hacktivist group released a video that begins with dramatic music and what appears to be images of the Paris attacks. Halfway into the video a person wearing Anonymous’s symbolic Guy Fawkes mask announces that the group is tracking down ISIS members and supporters and then proclaims, “We’ll not give up. We will not forgive. And we’ll do all that is necessary to end their actions.”

Law enforcement and cyber counterterrorism experts generally welcome the digital havoc that groups like Anonymous can wreak on terrorist organizations’ online communication and recruiting efforts. That is, as long as these uncoordinated cyber antiterrorism campaigns do not end up scuttling months of undercover investigative police work. Anonymous could be the digital equivalent of a renegade cop going to great lengths to catch a bad guy at the expense of ruining a painstakingly organized federal investigation to take down a larger crime ring.

The hacktivist collective does this by exposing its adversaries’ Twitter accounts (and reporting them to the company) or paralyzing opposition Web sites by flooding them with online traffic. The group’s secretive nature gives it a lot of latitude for operating outside the law. “This means they can create collateral damage on the Internet without having to answer for it,” says Scott Borg, director and chief economist for The U.S. Cyber Consequences Unit, an independent, nonprofit cybersecurity research institute.

Groups operating outside official law enforcement and intelligence channels can make legitimate communications and business difficult to carry out, or even interfere with the intelligence community's efforts, Borg says. If Anonymous shuts down a terrorist Web site or online forum that government agents have already infiltrated, this could hinder valuable counterterrorism surveillance and data collection. This is especially important because gathering useful information on Islamic State forums is typically difficult. The terror group  often uses Web-hosting companies unwilling to cooperate with Western governments and regularly switches hosting companies to avoid being shut down. The U.S. has a lot of ways of going after these organizations and can target new communications channels when old ones are blocked, but ISIS’s way of operating in stealth online makes this difficult, Borg adds.

The key to successfully disrupting terrorist organizations online is to shut down their recruiting and propaganda efforts while tapping into the valuable intelligence their forums can provide, according to the executive director of Ghost Security Group, who goes by the name “DigitaShadow” in order to not reveal his true identity. His organization formed as a nonprofit counterterrorism network delivering intelligence to U.S. government agencies earlier this year, a few days after terrorists attacked the Parisian paper Charlie Hebdo. They have gained some notoriety in recent months for their role in helping disrupt ISIS’s funding efforts as well as planned attacks in New York City and Tunisia.

Ghost Security Group’s 15 members in the U.S., Europe and the Middle East have taken down 149 terrorism-related propaganda sites so far, DigitaShadow says. “We leave Islamist-related forum or communication platforms intact for intelligence reasons, waiting for participants to make a mistake,” he adds. “We shut down any propaganda sites that push out videos or graphic or gory pictures because they don’t have any intelligence value.”

DigitaShadow’s organization had acted as part of Anonymous for a few months after forming but is no longer affiliated with them. “They’ve attacked quite a few forums that had high-value Islamic State militants transmitting propaganda, trying to recruit young people and in some cases addressing weapons-manufacturing and ground movements,” he says. “It’s caused quite a disruption [for intelligence].”

Borg contends, however, that Anonymous and the hacker community in general do more good than harm. Given the brutality of ISIS’s attacks, and its successful Internet recruitment efforts, the hacker collective’s latest rally against the terrorist organization is an acceptable risk. “Right now, the harm to innocent parties that Anonymous might cause by going after the servers ISIS is using would probably be worth it,” he says. In addition to the ISIS-related Twitter accounts taken down, Anonymous used #OpIceISIS, #OpParis and other Twitter threads to report on their progress and reveal names, locations and pictures of those supporting ISIS. “To me, it’s not surprising, it’s a little overdue,” Borg adds. Anonymous launched a similar campaign against ISIS following its attack on Charlie Hebdo, claiming to disrupt tens of thousands of Twitter accounts connected to the terrorist organization.

Anonymous also claims to be spamming ISIS hashtags with “rickrolls,” messages that appear to be relevant but instead include a link to the music video for the 1987 Rick Astley hit song “Never Gonna Give You Up.” The cyber scuffle has not been entirely one-sided though. Anonymous tweeted early Wednesday that it had to take down its own site for reporting on Islamic State activity due to a high level of spam, although it is unclear whether the terror group was responsible. The #OpParis feed also warned followers that ISIS had tried to open a fake thread with the same hashtag.