Cyber Caliphate's Scorecard

Uploaded on 2017-07-17 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

Researchers say Islamic State's United Cyber Caliphate remains in its infancy when it comes to cyber-attack expertise.

Hackers operating within the Islamic State's United Cyber Caliphate may be well-versed and conversant in encrypted communications tools such as Telegram and WhatsApp, but they're still novices when it comes to their actual cyber-attack expertise.

While the online propaganda machines and presence of some of the world's most prominent terrorist groups appear technologically advanced and organised, their underlying cyber-attack tools and techniques are still rudimentary and limited, security researchers say. 

As such, they're not likely to disrupt a power plant with a cyber-attack any time soon like a nation-state could do, yet there is always a concern of their eventual partnering with more advanced and resourced attack groups to wreak physical or other damage via cyber-attacks.

Kyle Wilhoit, senior security researcher with DomainTools, has been studying the cyber capabilities of several terrorist groups. He found that the United Cyber Caliphate, the cyber arm of ISIS that has been in operation for nearly three years, employs techniques similar to those of a so-called script kiddie or fledgling hacker.
"Their relative overall technical expertise is low," he says.

The cyber terrorist group's denial-of-service attack MO is akin to a crowd-sourced attack not unlike Anonymous employed in its heyday, for instance. "Their denial-of-service attacks are being executed through Windows applications on multiple hosts, but not infected" bots or a botnet infrastructure, he says. In other words, they're mostly using their own, or supporters', machines to pummel websites with SYN or other flood attacks, for example

To cover its tracks, the terror group also employs domain-registration proxies for their online activity, he says, to help hide their real identities. 
"They are also leveraging what cybercriminals use," he says, test-driving malware development toolsets. "Just recently, with this research … I found them dabbling in the creation of malware."
Wilhoit spotted the Cyber Caliphate using the known underground crime toolkit Ancalog Exploit Builder to generate fake HTML pages to a command and control server. "That piece of malware looked like it was in the development phase. It wasn't weaponised," he says.
The terrorist group is most advanced when it comes to communicating among its members, he says. The members use the encrypted messaging platforms Telegram and WhatsApp to discuss and share information about hacking tools or targets they're going after, he says.
"Looking at their toolsets, I found that ultimately as it stands right now they don't have advanced enough technological capability to cause a major problem" or widespread damage, he says. "But that's not to say in the future" they couldn't become a bigger threat, he says.

Ken Wolf, senior analyst for cyber terror research at Flashpoint, concurs that the cyber terror groups are not skilled or sophisticated in their DoS attacks. His team also has spotted ISIS supporters in one top-tier ISIS forum employing a downloadable DoS tool they dubbed "Caliphate Cannon."
"It was written by a forum member" who appears to be an entry-level coder, he says. Members of the forum downloaded the tool and ran it from their machines in crowdsource-style, HTTP-flood DoS attacks against mainly Middle East government targets in January, for example.
"We've seen other cases where actors have been aggregating … open-source tools" for those attacks, he says. "But there's nothing that we've seen that's suggesting they are using those to inspire their own tool development," Wolf says.
"The greatest value that these actors provide is in their propaganda value," he says.

Ground Battle
It's unclear how the intensified ground battles in Raqqa, Syria and Mosul, Iraq, have affected the Islamic State's cyber powers. Wolf says his team of researchers hasn't seen any Telegram communications out of the United Cyber Caliphate (UCC) since late April, nor any real cyber activity. He says that could indicate manpower losses or other disruptions to their operations as a result of the ground battles.
"We've seen over the past year a few instances in which the United Cyber Caliphate or other groups aligned with it have announced members of their teams were killed in Syria. Most recently, in March, a UCC leader was killed in an airstrike in Syria," Wolf says. "But there's a lot of uncertainty who these actors are, or where they might be," whether on the ground fighting or elsewhere, he says.
Wilhoit says defending against cyber terror groups like the United Cyber Caliphate now doesn't require any different denial-of-service defenses than state-of-the-art firewalls and other best practices. "If you follow basic security precautions, most of these [attacks] can be blocked. They are not using infected botnets to perform denial-of-service attacks," and they are relatively small attacks, he says.
"I'm somewhat surprised that they are not further along than this," Wilhoit says of UCC's cyber-attack capabilities. 

Dark Reading:

You Might Also Read:

Islamic State On The Internet:

Islamic State's Social Media Strategy:

US And UK Agree To Take On Islamic State In Cyberspace:

« US Marines Embrace Cyber Warfare
Terrorist Activities On Social Media »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Citicus

Citicus

Citicus provides world-class security, risk and compliance management software, plus supporting services.

IDpendant

IDpendant

IDpendant offers a wide range of services, including authentication technology, client security products, single sign on systems, encryption solutions, card and mobile device management systems.

Swimlane

Swimlane

Swimlane is a leader in security automation and orchestration (SAO). Our platform empowers organizations to manage, respond and neutralize cyber threats with adaptability, efficiency and speed.

Cyber Security Jobs

Cyber Security Jobs

Cyber Security Jobs was formed to help job seekers find jobs and recruiters fill cyber security job vacancies.

TechForing

TechForing

TechForing Ltd. works for business organization's cyber security and cyber crime incident managements. We help business to secure their business online.

SAFECode

SAFECode

SAFECode is a global industry forum where business leaders and technical experts come together to exchange insights on creating, improving, and promoting effective software security programs.

Revere Technologies

Revere Technologies

Revere Technologies is a pure-play cyber security solutions and services provider in Sub-Saharan Africa.

Regulativ.ai

Regulativ.ai

Regulativ.ai is an innovative and comprehensive platform, driven by AI, to address the regulatory and compliance needs of Cyber Security Regulatory compliance and reporting.

MTI

MTI

MTI is a solutions and service provider, specialising in data & cyber security, datacentre modernisation, modern workplace, IT managed services and IT transformation services.

Profian

Profian

Profian’s hardware-based solutions maintain your data's confidentiality and integrity in use, providing true confidential computing to meet regulatory and audit requirements.

RMRF Tech

RMRF Tech

RMRF is a team of cybersecurity engineers and penetration testers which specializes in the development of solutions for early cyber threat detection and prevention.

Appalachia Technologies

Appalachia Technologies

Appalachia is a full service Managed Services Provider with a focus on cybersecurity, backed by the best engineers.

Rausch Advisory Services

Rausch Advisory Services

Rausch delivers solutions that address compliance, enterprise risk, information technology and human resource capital.

Accenture

Accenture

Accenture is a leading global professional services company providing a range of strategy, consulting, digital, technology & operations services and solutions including cybersecurity.

Exium

Exium

At Exium we’ve integrated networking and security in a cloud-delivered Zero Trust platform powered by 5G and open source.

Fescaro

Fescaro

FESCARO is a trusted cybersecurity partner for global automakers and their partners, helping them transition to software-defined vehicles (SDVs) with tailored automotive software solutions.