Anatomy Of Cyber Jihad

Uploaded on 2016-09-01 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

Islamic State  already has the motive, means, and opportunity to acquire the personnel & code necessary to launch devastating cyber attacks. 

The Internet is a vast and untapped ocean of possibilities that provides opportunities to all. Thanks to this indispensable technological tool, knowledge and information flow more freely. But like any other technology it can be abused to cause irreparable and devastating damage on the world. Extremist terror groups for instance, have now taken to hacking and creating 'cyber armies' to arm themselves and cause widespread damage.

IBTimes UK spoke to James Scott from the Institute for Critical Infrastructure Technology (ICIT) about the paper The Anatomy of Cyber Jihad he co-wrote with Drew Spaniel, which analyses how extremist terror groups, be it al-Qaeda, al-Shabaab, Boko Haram or Islamic State (Isis) have taken to educating themselves about hacking to function better in this age of technology.

How it all began

"The chaos and religious extremism in the Middle East has spun the cyber jihadist into existence. These actors possess select characteristics of each of the above while injected with the religious fervor of the Crusades. This new actor uses technological means, to bring terror, chaos, and attack to the doorstep of every American, European, and global infidel. Cyber-jihadists are the newest threat facing the US and our allies," said the papers' authors.

Terrorist groups' Internet activity

"According to cloud security firm, BatBlue, al-Qaeda has used technology and the internet to distribute officially sanctioned propaganda since the 1980s," the ICIT states. Al-Shabaab "predominantly uses the internet in a limited capacity to disseminate propaganda, to recruit from external Somalian communities, and to sporadically antagonize its opposition on platforms like Twitter.

"Prior to its association with Isis, Boko Harem used the internet to distribute propaganda and to conduct unsophisticated online scams to raise funds. The group's social media presence remains inconstant and poorly aligned with its other propaganda. After allying with Isis, its published videos and photographs began to mirror that of Isis," ICIT specified.

"Isis has a strong online presence that heavily recruits and promotes 'lone-wolf' actions through social media. Their radical beliefs are spread by a diverse, unregulated band of digital zealots across conventional social media such as Twitter, Facebook, and Tumblr, and on less conventional channels such as forums and message boards," ICIT highlighted.

Daesh's Cyber-Army

Isis (Daesh) has recently been very active, be it uniting various hacking divisions into one central group, spreading propaganda via online videos or stepping up recruitment strategies by having a dominating presence on Twitter and Facebook.

"Isis poses an active cyber threat by working with lone hackers, hacker groups, and by appropriating open source online materials," ICIT said.

Commenting on the organisational structure of IS's hacker groups, Scott said, "The groups were disparate prior to the formation of the United Cyber Caliphate in April 2016. It remains unclear how integrated their operations have become since then. Isis is well known among jihadist groups for having meticulous organisation and a formal operational structure. While the inter-communication of the UCC groups is hampered by US cyberattacks against their channels, if the groups have united under Isis's structure, then their coordination and sophistication will increase in the near future.

"Isis has already launched unsuccessful attacks against the energy sector, they already claim to have insider threats inside government agencies, and they already possess the resources to conduct sophisticated attacks. ISIS is a current threat whose potential will only increase in the future."

When asked about the level of sophistication of pro-IS hacker groups, Scott explained, "Many members of Isis are not sophisticated attackers. The majority of members do not have a technical background. Nevertheless, in a group as large as Isis, there are bound to be a handful of technical individuals who can or could learn to, conduct sophisticated attacks. Even if there are not, Isis has the resources to hire hackers or to outsource layers of sophisticated attacks. In any case, many successful attacks do not require sophistication and the rise of GUI based malware, MaaS, and RaaS, means that an attacker does not need a technical background or even a complete understanding to launch an attack."

The Evolution of Isis Cyber-War

British militant and hacker Junaid Hussain aka Abu Hussain Al Britani was believed to be the driving force behind IS's cyber and social media growth and strategies. The hacker who went by online pseudonym "TriCk" was the founding member of a relatively unknown hacktivist group called "TeaMpOisoN" before he graduated to becoming one of the most prominent members and recruiters for IS.

"The series of forums, communication channels, and appropriated cyber-defensive instructional materials, referred to as the 'ISIS help desk', was devised under his suggestion. Even though he was not a key member of the leadership, Hussain's contribution to the cyber capabilities of the terrorist organisation made him the third most valuable target in IS," ICIT explains.

Isis as a Cyber threat

"The success of the Isis propaganda campaign is influencing how other groups use the internet. In much the same manner that newspapers' popularity declined in favour of online media, static propaganda publications are declining in favour of robust, dynamic multiplatform campaigns," ICIT stated.

When asked if IS-affiliated hacker groups have capabilities beyond merely using social media to create fear, Scott pointed out, "Creating fear and chaos is a desirable outcome for the group. It increases their recruitment power and their notoriety. That said, script kiddies [inexperienced hackers] can learn to launch meaningful attacks, such as ransomware campaigns, from YouTube. There is no barrier to entry preventing the UCC from conducting more harmful attacks."

ISIS and United Cyber Caliphate – are they the same?

It is important to note that the ICIT's research reveals that while UCC actively affirms its connection to IS, the reverse is not the case. "Isis has never claimed ownership of the Cyber Caliphate," ICIT pointed out.

When asked what this may signify, Scott responded: "It could signify that the UCC supports Isis, but that the UCC is not internal to Isis. It is also possible that Isis just never felt the need to outright claim ownership of the group.

"The UCC has a social media presence, but it is much smaller than IS'. The UCC mostly announces its activities when it claims to hack systems or when it releases lists for lone wolf attacks. Its visibility is meant to draw foreign members of IS to attacks. If the affiliated groups have actually integrated, then it may start drawing in fresh talent. If the group grows more sophisticated, it is likely that its social media presence will decrease to better obfuscate its activities."

Dropping ransomware bombs

Social media is not the only area of the internet that IS is interested on capitalising. Given the recent alarming increase in DDoS (distributed denial of services attacks), malware, ransomware attacks, extremist groups, including ISIS may find it convenient in both financial terms as well as in carving out a more fearsome image in utilising such tools to deploy cyber-attacks against their enemies.

What is a DDoS attack?

During a denial of service (DoS) or a distributed denial of service (DDoS) attack, hackers attempt to overload a website by sending in data requests from multiple sources. Most often hackers use a 'botnet' – internet-connected PCs that are compromised by malware – to send in the requests to visit the site without the users' knowledge.

The huge number of requests, which can reach thousands per second, overload the ability of a website's server to respond, eventually causing an error message to appear instead of the site's pages.

Executing a DDoS is relatively simple. Botnets are available to hire on websites not reachable via search engines (deep web) or on encrypted websites (the dark web).

"Ransomware is the current trend among sophisticated and unsophisticated groups alike. Dridex and script kiddies both use it to disrupt systems, build botnets, and generate fast revenue. It is effective because there is not yet a reactive solution for victim systems (except restore from backup)," added Scott. "Sophisticated malware is also being simplified and sold on dark net markets. Isis is already attacking the energy sector. If the UCC continues to exist, it will adopt an easy to use sophisticated malware or ransomware in future attacks."

The future of Cyber Terrorism

"The UCC is predominately capable of hacking soft targets, such as Twitter accounts, and spreading propaganda or defacing websites. While none of the groups incorporated possessed sophisticated capabilities, their unification has resulted in an increased interest in coordinating and conducting cyber-attacks against governments and organisations. It is possible that the shared coordination will enable the collective to learn more skills and increase their sophistication; however, it is more likely that the cyber jihadists will purchase malware, will rely on malware-as-a-service, or will outsource stages of an attack to mercenary hackers," ICIT predicted.

While international law enforcement agencies, and even hacktivist collectives such as Anonymous, actively target IS social media posts, such is the nature of the internet that new accounts appear almost as rapidly as they are taken down. According to the ICIT, unlike other well-known and functioning terrorist groups, IS already has the "motive, means, and opportunity to acquire the personnel and code necessary to begin launching devastating cyber campaigns."

However, as the group grows and garners more attention, it also becomes a major target for international law enforcement agencies to take down. "The US Cyber Command is DDoSing Isis servers, taking down social media accounts, disrupting financial transfers, and compromising communications where possible," disclosed Scott. "It would be beneficial as the group grows, to infiltrate it and measure their actual cyber capabilities and operations."

IB Times: http://bit.ly/28KGGzR

« Europol Warn Of The Ransomware Threat
Cybercrime Links To Russian State Hackers »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Caldew Consulting

Caldew Consulting

Caldew specialise in providing information assurance and cyber security consultancy, covering the full spectrum of the security life cycle.

Interpol

Interpol

Interpol is the world’s largest international police organization. It is committed to the global fight against cybercrime, as well as tackling cyber-enabled crimes.

Security Industry Association (SIA)

Security Industry Association (SIA)

The SIA's mission is to be a catalyst for success​ within the global security industry through information, insight and influence.

Government Communications Headquarters (GCHQ)

Government Communications Headquarters (GCHQ)

GCHQ defends Government systems from cyber threat, provide support to the Armed Forces and strive to keep the public safe, in real life and online.

Fastpath Solutions

Fastpath Solutions

Fastpath deliver software solutions that enable you to take control of your security, compliance and risk management initiatives.

AMETIC

AMETIC

AMETIC, is the Association of Electronics, Information and Communications Technologies, Telecommunications and Digital Content Companies in Spain.

Raytheon Technologies

Raytheon Technologies

Raytheon Intelligence & Space delivers solutions that protect every side of cyber for government agencies, businesses and nations.

CMMI Institute

CMMI Institute

CMMI Institute enables organizations to elevate and benchmark performance across a range of critical business capabilities, including product development, data management and cybersecurity.

Kasada

Kasada

Kasada has developed a radical approach to defeating automated cyberthreats based on its unmatched understanding of the human minds behind them.

Binary Defense

Binary Defense

Binary Defense protect businesses of all sizes through advanced cybersecurity solutions including Managed Detection and Response, Security Information and Event Management and Counterintelligence.

White Cloud Security

White Cloud Security

White Cloud is a cloud-based Application Trust-Listing security service that prevents unauthorized programs from running on your computers.

Tugboat Logic

Tugboat Logic

Tugboat Logic was created to address the skills and expertise gap in the security and compliance industry. Our goal is to simplify and automate information security management for every enterprise.

Extreme Engineering Solutions (X-ES)

Extreme Engineering Solutions (X-ES)

Extreme Engineering Solutions is a leader in the design, manufacture, testing, and support of hardware and software solutions for the embedded computing market.

Schillings

Schillings

Shillings defends your rights to privacy, reuptation and security. We fight passionately against breaches of your privacy, attacks on your reputation and threats to your security.

Northrop Grumman

Northrop Grumman

Northrop Grumman is a global provider and integrator of complex, advanced and rapidly adapting information technology, cybersecurity, mobility and optimized services and solutions.

Offenso Hackers Academy

Offenso Hackers Academy

At Offenso we focus on cyber security training focused on producing cyber security professionals with a wide range of abilities to counter threats from the internet and cloud to a business.