Anatomy Of Cyber Jihad

Islamic State  already has the motive, means, and opportunity to acquire the personnel & code necessary to launch devastating cyber attacks. 

The Internet is a vast and untapped ocean of possibilities that provides opportunities to all. Thanks to this indispensable technological tool, knowledge and information flow more freely. But like any other technology it can be abused to cause irreparable and devastating damage on the world. Extremist terror groups for instance, have now taken to hacking and creating 'cyber armies' to arm themselves and cause widespread damage.

IBTimes UK spoke to James Scott from the Institute for Critical Infrastructure Technology (ICIT) about the paper The Anatomy of Cyber Jihad he co-wrote with Drew Spaniel, which analyses how extremist terror groups, be it al-Qaeda, al-Shabaab, Boko Haram or Islamic State (Isis) have taken to educating themselves about hacking to function better in this age of technology.

How it all began

"The chaos and religious extremism in the Middle East has spun the cyber jihadist into existence. These actors possess select characteristics of each of the above while injected with the religious fervor of the Crusades. This new actor uses technological means, to bring terror, chaos, and attack to the doorstep of every American, European, and global infidel. Cyber-jihadists are the newest threat facing the US and our allies," said the papers' authors.

Terrorist groups' Internet activity

"According to cloud security firm, BatBlue, al-Qaeda has used technology and the internet to distribute officially sanctioned propaganda since the 1980s," the ICIT states. Al-Shabaab "predominantly uses the internet in a limited capacity to disseminate propaganda, to recruit from external Somalian communities, and to sporadically antagonize its opposition on platforms like Twitter.

"Prior to its association with Isis, Boko Harem used the internet to distribute propaganda and to conduct unsophisticated online scams to raise funds. The group's social media presence remains inconstant and poorly aligned with its other propaganda. After allying with Isis, its published videos and photographs began to mirror that of Isis," ICIT specified.

"Isis has a strong online presence that heavily recruits and promotes 'lone-wolf' actions through social media. Their radical beliefs are spread by a diverse, unregulated band of digital zealots across conventional social media such as Twitter, Facebook, and Tumblr, and on less conventional channels such as forums and message boards," ICIT highlighted.

Daesh's Cyber-Army

Isis (Daesh) has recently been very active, be it uniting various hacking divisions into one central group, spreading propaganda via online videos or stepping up recruitment strategies by having a dominating presence on Twitter and Facebook.

"Isis poses an active cyber threat by working with lone hackers, hacker groups, and by appropriating open source online materials," ICIT said.

Commenting on the organisational structure of IS's hacker groups, Scott said, "The groups were disparate prior to the formation of the United Cyber Caliphate in April 2016. It remains unclear how integrated their operations have become since then. Isis is well known among jihadist groups for having meticulous organisation and a formal operational structure. While the inter-communication of the UCC groups is hampered by US cyberattacks against their channels, if the groups have united under Isis's structure, then their coordination and sophistication will increase in the near future.

"Isis has already launched unsuccessful attacks against the energy sector, they already claim to have insider threats inside government agencies, and they already possess the resources to conduct sophisticated attacks. ISIS is a current threat whose potential will only increase in the future."

When asked about the level of sophistication of pro-IS hacker groups, Scott explained, "Many members of Isis are not sophisticated attackers. The majority of members do not have a technical background. Nevertheless, in a group as large as Isis, there are bound to be a handful of technical individuals who can or could learn to, conduct sophisticated attacks. Even if there are not, Isis has the resources to hire hackers or to outsource layers of sophisticated attacks. In any case, many successful attacks do not require sophistication and the rise of GUI based malware, MaaS, and RaaS, means that an attacker does not need a technical background or even a complete understanding to launch an attack."

The Evolution of Isis Cyber-War

British militant and hacker Junaid Hussain aka Abu Hussain Al Britani was believed to be the driving force behind IS's cyber and social media growth and strategies. The hacker who went by online pseudonym "TriCk" was the founding member of a relatively unknown hacktivist group called "TeaMpOisoN" before he graduated to becoming one of the most prominent members and recruiters for IS.

"The series of forums, communication channels, and appropriated cyber-defensive instructional materials, referred to as the 'ISIS help desk', was devised under his suggestion. Even though he was not a key member of the leadership, Hussain's contribution to the cyber capabilities of the terrorist organisation made him the third most valuable target in IS," ICIT explains.

Isis as a Cyber threat

"The success of the Isis propaganda campaign is influencing how other groups use the internet. In much the same manner that newspapers' popularity declined in favour of online media, static propaganda publications are declining in favour of robust, dynamic multiplatform campaigns," ICIT stated.

When asked if IS-affiliated hacker groups have capabilities beyond merely using social media to create fear, Scott pointed out, "Creating fear and chaos is a desirable outcome for the group. It increases their recruitment power and their notoriety. That said, script kiddies [inexperienced hackers] can learn to launch meaningful attacks, such as ransomware campaigns, from YouTube. There is no barrier to entry preventing the UCC from conducting more harmful attacks."

ISIS and United Cyber Caliphate – are they the same?

It is important to note that the ICIT's research reveals that while UCC actively affirms its connection to IS, the reverse is not the case. "Isis has never claimed ownership of the Cyber Caliphate," ICIT pointed out.

When asked what this may signify, Scott responded: "It could signify that the UCC supports Isis, but that the UCC is not internal to Isis. It is also possible that Isis just never felt the need to outright claim ownership of the group.

"The UCC has a social media presence, but it is much smaller than IS'. The UCC mostly announces its activities when it claims to hack systems or when it releases lists for lone wolf attacks. Its visibility is meant to draw foreign members of IS to attacks. If the affiliated groups have actually integrated, then it may start drawing in fresh talent. If the group grows more sophisticated, it is likely that its social media presence will decrease to better obfuscate its activities."

Dropping ransomware bombs

Social media is not the only area of the internet that IS is interested on capitalising. Given the recent alarming increase in DDoS (distributed denial of services attacks), malware, ransomware attacks, extremist groups, including ISIS may find it convenient in both financial terms as well as in carving out a more fearsome image in utilising such tools to deploy cyber-attacks against their enemies.

What is a DDoS attack?

During a denial of service (DoS) or a distributed denial of service (DDoS) attack, hackers attempt to overload a website by sending in data requests from multiple sources. Most often hackers use a 'botnet' – internet-connected PCs that are compromised by malware – to send in the requests to visit the site without the users' knowledge.

The huge number of requests, which can reach thousands per second, overload the ability of a website's server to respond, eventually causing an error message to appear instead of the site's pages.

Executing a DDoS is relatively simple. Botnets are available to hire on websites not reachable via search engines (deep web) or on encrypted websites (the dark web).

"Ransomware is the current trend among sophisticated and unsophisticated groups alike. Dridex and script kiddies both use it to disrupt systems, build botnets, and generate fast revenue. It is effective because there is not yet a reactive solution for victim systems (except restore from backup)," added Scott. "Sophisticated malware is also being simplified and sold on dark net markets. Isis is already attacking the energy sector. If the UCC continues to exist, it will adopt an easy to use sophisticated malware or ransomware in future attacks."

The future of Cyber Terrorism

"The UCC is predominately capable of hacking soft targets, such as Twitter accounts, and spreading propaganda or defacing websites. While none of the groups incorporated possessed sophisticated capabilities, their unification has resulted in an increased interest in coordinating and conducting cyber-attacks against governments and organisations. It is possible that the shared coordination will enable the collective to learn more skills and increase their sophistication; however, it is more likely that the cyber jihadists will purchase malware, will rely on malware-as-a-service, or will outsource stages of an attack to mercenary hackers," ICIT predicted.

While international law enforcement agencies, and even hacktivist collectives such as Anonymous, actively target IS social media posts, such is the nature of the internet that new accounts appear almost as rapidly as they are taken down. According to the ICIT, unlike other well-known and functioning terrorist groups, IS already has the "motive, means, and opportunity to acquire the personnel and code necessary to begin launching devastating cyber campaigns."

However, as the group grows and garners more attention, it also becomes a major target for international law enforcement agencies to take down. "The US Cyber Command is DDoSing Isis servers, taking down social media accounts, disrupting financial transfers, and compromising communications where possible," disclosed Scott. "It would be beneficial as the group grows, to infiltrate it and measure their actual cyber capabilities and operations."

IB Times: http://bit.ly/28KGGzR

« Europol Warn Of The Ransomware Threat
Cybercrime Links To Russian State Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Micron Technology

Micron Technology

Micron is a global leader in the semiconductor industry providing memory and secure storage devices for Networks, Mobile devices and IoT applications.

Israel Aerospace Industries (IAI)

Israel Aerospace Industries (IAI)

IAI offers a holistic approach that provides defense forces, governments, critical infrastructures and large enterprises with end-to-end cyber security & monitoring tools.

Riscure

Riscure

Riscure is a global test lab and tools leader for device security. Core expertise in side channel analysis, fault injection and embedded device software.

Claranet

Claranet

Claranet are experts in modernising and running critical applications and infrastructure through end-to-end professional services, managed services and training.

SecurityHQ

SecurityHQ

SecurityHQ (formerly known as Si Consult) is a Global Managed Security Service Provider (MSSP) that monitors networks 24/7, to ensure complete visibility and protection against your cyber threats.

CYSEC Academy

CYSEC Academy

CYSEC Academy offer cyber certifications, cyber assurance and cyber defense training, hands-on learning training modules, public, private and bespoke training courses.

Bessemer Venture Partners (BVP)

Bessemer Venture Partners (BVP)

Bessemer Venture Partners was born from innovations that literally forged modern building and manufacturing. Today, our team of investors works with people who want to create revolutions of their own.

Barikat Cyber Security

Barikat Cyber Security

Barikat is a provider of information security solution and services including security analysis and compliance, security testing, managed security services, incident response and training.

stackArmor

stackArmor

stackArmor specializes in compliance and security-focused solutions delivered using our Agile Cloud Transformation (ACT) methodology.

Raman Power Technologies

Raman Power Technologies

Raman Power Technologies focus on bringing value and solving business challenges through the delivery of modern IT services and solutions including cybersecurity.

Third Wave Innovations

Third Wave Innovations

Third Wave Innovations (formerly RCS Secure) offers a full spectrum of cybersecurity safeguards and IT services.

Seal Security

Seal Security

Seal Security revolutionizes software supply chain security operations, empowering organizations to automate and scale their open source vulnerability remediation and patch management.

Fairly AI

Fairly AI

Fairly AI is on a mission to democratize safe, secure, and compliant AI across the enterprise.

Advania UK

Advania UK

Advania are one of Microsoft’s leading partners in the UK, specialising in Azure, Security, Dynamics 365 and Microsoft 365.

Xantaro

Xantaro

Xantaro specializes in technologies, software and services for Carriers, ISPs, Hosting and Cloud Providers as well as for Operators of Data Centres and Campus Networks.

Luxembourg House of Cybersecurity (LHC)

Luxembourg House of Cybersecurity (LHC)

Luxembourg House of Cybersecurity (formerly SecurityMadeIn.lu) is the backbone of leading-edge cyber resilience in Luxembourg.