Anatomy Of Cyber Jihad

Islamic State  already has the motive, means, and opportunity to acquire the personnel & code necessary to launch devastating cyber attacks. 

The Internet is a vast and untapped ocean of possibilities that provides opportunities to all. Thanks to this indispensable technological tool, knowledge and information flow more freely. But like any other technology it can be abused to cause irreparable and devastating damage on the world. Extremist terror groups for instance, have now taken to hacking and creating 'cyber armies' to arm themselves and cause widespread damage.

IBTimes UK spoke to James Scott from the Institute for Critical Infrastructure Technology (ICIT) about the paper The Anatomy of Cyber Jihad he co-wrote with Drew Spaniel, which analyses how extremist terror groups, be it al-Qaeda, al-Shabaab, Boko Haram or Islamic State (Isis) have taken to educating themselves about hacking to function better in this age of technology.

How it all began

"The chaos and religious extremism in the Middle East has spun the cyber jihadist into existence. These actors possess select characteristics of each of the above while injected with the religious fervor of the Crusades. This new actor uses technological means, to bring terror, chaos, and attack to the doorstep of every American, European, and global infidel. Cyber-jihadists are the newest threat facing the US and our allies," said the papers' authors.

Terrorist groups' Internet activity

"According to cloud security firm, BatBlue, al-Qaeda has used technology and the internet to distribute officially sanctioned propaganda since the 1980s," the ICIT states. Al-Shabaab "predominantly uses the internet in a limited capacity to disseminate propaganda, to recruit from external Somalian communities, and to sporadically antagonize its opposition on platforms like Twitter.

"Prior to its association with Isis, Boko Harem used the internet to distribute propaganda and to conduct unsophisticated online scams to raise funds. The group's social media presence remains inconstant and poorly aligned with its other propaganda. After allying with Isis, its published videos and photographs began to mirror that of Isis," ICIT specified.

"Isis has a strong online presence that heavily recruits and promotes 'lone-wolf' actions through social media. Their radical beliefs are spread by a diverse, unregulated band of digital zealots across conventional social media such as Twitter, Facebook, and Tumblr, and on less conventional channels such as forums and message boards," ICIT highlighted.

Daesh's Cyber-Army

Isis (Daesh) has recently been very active, be it uniting various hacking divisions into one central group, spreading propaganda via online videos or stepping up recruitment strategies by having a dominating presence on Twitter and Facebook.

"Isis poses an active cyber threat by working with lone hackers, hacker groups, and by appropriating open source online materials," ICIT said.

Commenting on the organisational structure of IS's hacker groups, Scott said, "The groups were disparate prior to the formation of the United Cyber Caliphate in April 2016. It remains unclear how integrated their operations have become since then. Isis is well known among jihadist groups for having meticulous organisation and a formal operational structure. While the inter-communication of the UCC groups is hampered by US cyberattacks against their channels, if the groups have united under Isis's structure, then their coordination and sophistication will increase in the near future.

"Isis has already launched unsuccessful attacks against the energy sector, they already claim to have insider threats inside government agencies, and they already possess the resources to conduct sophisticated attacks. ISIS is a current threat whose potential will only increase in the future."

When asked about the level of sophistication of pro-IS hacker groups, Scott explained, "Many members of Isis are not sophisticated attackers. The majority of members do not have a technical background. Nevertheless, in a group as large as Isis, there are bound to be a handful of technical individuals who can or could learn to, conduct sophisticated attacks. Even if there are not, Isis has the resources to hire hackers or to outsource layers of sophisticated attacks. In any case, many successful attacks do not require sophistication and the rise of GUI based malware, MaaS, and RaaS, means that an attacker does not need a technical background or even a complete understanding to launch an attack."

The Evolution of Isis Cyber-War

British militant and hacker Junaid Hussain aka Abu Hussain Al Britani was believed to be the driving force behind IS's cyber and social media growth and strategies. The hacker who went by online pseudonym "TriCk" was the founding member of a relatively unknown hacktivist group called "TeaMpOisoN" before he graduated to becoming one of the most prominent members and recruiters for IS.

"The series of forums, communication channels, and appropriated cyber-defensive instructional materials, referred to as the 'ISIS help desk', was devised under his suggestion. Even though he was not a key member of the leadership, Hussain's contribution to the cyber capabilities of the terrorist organisation made him the third most valuable target in IS," ICIT explains.

Isis as a Cyber threat

"The success of the Isis propaganda campaign is influencing how other groups use the internet. In much the same manner that newspapers' popularity declined in favour of online media, static propaganda publications are declining in favour of robust, dynamic multiplatform campaigns," ICIT stated.

When asked if IS-affiliated hacker groups have capabilities beyond merely using social media to create fear, Scott pointed out, "Creating fear and chaos is a desirable outcome for the group. It increases their recruitment power and their notoriety. That said, script kiddies [inexperienced hackers] can learn to launch meaningful attacks, such as ransomware campaigns, from YouTube. There is no barrier to entry preventing the UCC from conducting more harmful attacks."

ISIS and United Cyber Caliphate – are they the same?

It is important to note that the ICIT's research reveals that while UCC actively affirms its connection to IS, the reverse is not the case. "Isis has never claimed ownership of the Cyber Caliphate," ICIT pointed out.

When asked what this may signify, Scott responded: "It could signify that the UCC supports Isis, but that the UCC is not internal to Isis. It is also possible that Isis just never felt the need to outright claim ownership of the group.

"The UCC has a social media presence, but it is much smaller than IS'. The UCC mostly announces its activities when it claims to hack systems or when it releases lists for lone wolf attacks. Its visibility is meant to draw foreign members of IS to attacks. If the affiliated groups have actually integrated, then it may start drawing in fresh talent. If the group grows more sophisticated, it is likely that its social media presence will decrease to better obfuscate its activities."

Dropping ransomware bombs

Social media is not the only area of the internet that IS is interested on capitalising. Given the recent alarming increase in DDoS (distributed denial of services attacks), malware, ransomware attacks, extremist groups, including ISIS may find it convenient in both financial terms as well as in carving out a more fearsome image in utilising such tools to deploy cyber-attacks against their enemies.

What is a DDoS attack?

During a denial of service (DoS) or a distributed denial of service (DDoS) attack, hackers attempt to overload a website by sending in data requests from multiple sources. Most often hackers use a 'botnet' – internet-connected PCs that are compromised by malware – to send in the requests to visit the site without the users' knowledge.

The huge number of requests, which can reach thousands per second, overload the ability of a website's server to respond, eventually causing an error message to appear instead of the site's pages.

Executing a DDoS is relatively simple. Botnets are available to hire on websites not reachable via search engines (deep web) or on encrypted websites (the dark web).

"Ransomware is the current trend among sophisticated and unsophisticated groups alike. Dridex and script kiddies both use it to disrupt systems, build botnets, and generate fast revenue. It is effective because there is not yet a reactive solution for victim systems (except restore from backup)," added Scott. "Sophisticated malware is also being simplified and sold on dark net markets. Isis is already attacking the energy sector. If the UCC continues to exist, it will adopt an easy to use sophisticated malware or ransomware in future attacks."

The future of Cyber Terrorism

"The UCC is predominately capable of hacking soft targets, such as Twitter accounts, and spreading propaganda or defacing websites. While none of the groups incorporated possessed sophisticated capabilities, their unification has resulted in an increased interest in coordinating and conducting cyber-attacks against governments and organisations. It is possible that the shared coordination will enable the collective to learn more skills and increase their sophistication; however, it is more likely that the cyber jihadists will purchase malware, will rely on malware-as-a-service, or will outsource stages of an attack to mercenary hackers," ICIT predicted.

While international law enforcement agencies, and even hacktivist collectives such as Anonymous, actively target IS social media posts, such is the nature of the internet that new accounts appear almost as rapidly as they are taken down. According to the ICIT, unlike other well-known and functioning terrorist groups, IS already has the "motive, means, and opportunity to acquire the personnel and code necessary to begin launching devastating cyber campaigns."

However, as the group grows and garners more attention, it also becomes a major target for international law enforcement agencies to take down. "The US Cyber Command is DDoSing Isis servers, taking down social media accounts, disrupting financial transfers, and compromising communications where possible," disclosed Scott. "It would be beneficial as the group grows, to infiltrate it and measure their actual cyber capabilities and operations."

IB Times: http://bit.ly/28KGGzR

« Europol Warn Of The Ransomware Threat
Cybercrime Links To Russian State Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

securitycurrent

securitycurrent

Security Current's proprietary content and events provide insight, actionable advice and analysis giving executives the latest information to make knowledgeable decisions.

Intland Software

Intland Software

Intland offer an integrated Application Lifecycle Management platform that offers all-round Requirements, Development, and Testing & Quality Assurance functionality.

RSA Insurance Group

RSA Insurance Group

RSA is one of the world’s leading multinational quoted insurance groups. Commercial services include cyber risk insurance.

Detack

Detack

Detack is an independent supplier of IT security auditing and consulting services.

Kudelski Security

Kudelski Security

Kudelski Security is an international cybersecurity company providing innovative, independent and tailored security solutions for large enterprise and public sector clients.

HvS Consulting

HvS Consulting

HvS Consulting is a specialist information security company offering a full range of services including IT security architecture, ISO 27001 audits, Pentesting, Security monitoring and Training.

FoxGuard Solutions

FoxGuard Solutions

FoxGuard Solutions develops customized cyber security, compliance and industrial computing solutions for critical infrastructure entities and control system vendors.

Data443 Risk Mitigation

Data443 Risk Mitigation

Data443 Risk Mitigation provides next-generation cybersecurity products and services in the area of data security and compliance.

CybernetIQ

CybernetIQ

CLAW by CybernetIQ is the industry's most advanced SOAR platform helping unify all cybersecurity tools under one umbrella and providing organizations faster, better and more accurate cybersecurity.

Granted Consultancy

Granted Consultancy

Granted Consultancy is a business consultancy that specialises in securing funding to support companies with the development and commercialisation of new and innovative products and technologies.

Tyler Technologies

Tyler Technologies

Tyler Technologies is a leading provider of end-to-end information management solutions and services for local governments.

comforte AG

comforte AG

comforte AG is a leading provider of data-centric security technology. Organizations worldwide rely on our tokenization and format-preserving encryption capabilities to secure personal, sensitive data

Avrem Technologies

Avrem Technologies

Avrem Technologies is a business IT and cybersecurity consulting firm. We design, implement, manage and monitor the networks, servers, computers and software that our clients rely on each day.

Mindsprint

Mindsprint

Mindsprint (formerly Olam Technology and Business Services - OTBS) are a leading edge technology and business services firm.

Cybervergent

Cybervergent

Cybervergent (formerly Infoprive) are a leading cybersecurity technology company in Africa. We provide cybersecurity guidance and solutions that help protect your business.

Barquin Solutions

Barquin Solutions

Barquin Solutions is a full-service information technology consulting firm focused on supporting U.S. federal government agencies and their partners.