Has The Cyber ‘Pearl Harbor’ Already Happened?
Over the past few years an abundance of rhetorical bravado has been creatively exhausted by the US legislative community and law enforcement to expedite legislation that will protect us from a future cyber event so catastrophic, so devastating, that it could only be described as “The Cyber Pearl Harbor".
The fact is that, the Cyber Pearl Harbor that many seem to be waiting for has already occurred in the embodiment of the Office of Personnel Management breach. The devastation to our counter intelligence, general population and federal landscape as a whole is so profound that the damage of this breach has yet to be fully calculated.
Compounded by the Anthem breach, over 100 million Americans have their most intimate personal details in the hands of a foreign APT, most likely controlled by China, for multi-generational exploitation, blackmail and surveillance. Strangely, an incident that should have had Americans protesting in the streets, was quickly swept under the rug and vanished from conversation.
From Al Qaeda to Al Shabaab, from Boko Haram to ISIS, this Cyber Caliphate flourishes in the techno nutrient rich, binary soil of the Internet and continually reinforced via graphic imagery and unique story telling in publications such as Dabiq and Kybernetiq. The rapid success of the Cyber-Jihad movement has been expedited via magnification of xenophobia, powerful and organized propaganda and the targeting and recruitment of social outcasts from the American Midwest to the Streets of Paris and London, and religious zealots who make easy recruits for carrying out cyber-attacks as part of the collective and lone wolf initiatives.
Al Qaeda:
Al Qaeda founder Osama bin Laden relied on charisma, fatwas, and rhetoric to rally militants to his cause. After bin Laden’s death in 2011, Ayman al Zawahiri assumed control of the organization.
According to cloud security firm, BatBlue, Al Qaeda has used technology and the Internet to distribute officially sanctioned propaganda since the 1980’s. In the 1990’s, the group began to use the Internet for secure communications between members. Most Al Qaeda communications are encrypted or obfuscated in some way.
Al Shabaab:
Al Shabaab is a Somalia based militant organization with strong ties to Al Qaeda. Al Shabaab was the militant wing of the Somali Council of Islamic Courts that seized southern Somalia in late 2006 until 2007. Since then, it has continued to fight in southern and central Somalia, relying on guerilla warfare and terrorist tactics. Al Shabaab is not centralized or monolithic in its agenda or goals. It consists of disparate clans; consequently, it is susceptible to internal strife, clan politics, and brittle alliances. It does not appear interested in a global jihad.
Boko Haram:
Boko Haram is a terrorist organization that strives to establish a militant Islamic state in Nigeria. Founded by Mohammed Yusuf in 2002, the group initially focused on opposing Western education. Initially, it recruited local children through a school that claimed to promote an Islamic education. The children were trained as soldiers and it began launching military operations in 2009 in an attempt to create an Islamic state.
The group was aligned to Al Qaeda until January 2015, when it switched allegiance to ISIS. Afterward, the group’s presence on social media and its distributed propaganda materials have become more robust. It is possible that it receives assistance from ISIS in the creation and distribution of its materials. Prior to its association with ISIS, Boko Harem used the internet to distribute propaganda and to conduct unsophisticated online scams to raise funds. The group’s social media presence remains inconstant and poorly aligned with its other propaganda.
After allying with ISIS, its published videos and photographs began to mirror that of ISIS. Boko Harem has not yet begun to heavily recruit online. Its propaganda is used more to spread fear than to recruit. It is possible that the group raised funds in the past through an advanced fee fraud or 419 scam. Essentially, the scam involves promising a victim a share in greater financial holdings if they provide a forward investment to “free the funds”. Security researchers believe that the group still does the 419 scam because it is still profitable for them and because it allows them to target individuals, instead of large organizations or governments.
The group has not shown signs of adopting more sophisticated methods of raising funds, such as ransomware. At the time of this writing, Boko Harem does not have a widespread cyber strategy; however, its alliance with ISIS may lead to the rapid development of newfound capabilities.
ISIS:
The Islamic State of Iraq and Syria (ISIS), also known as the Islamic State of the Levant (ISIL), the Islamic State (IS) or the Daesh, was originally formed as an Iraqi branch of Al Qaeda in 2004.
It has since developed into an independent organization that is more radical in its views and more technologically sophisticated in its use of social media and the internet. In summer 2014, ISIS leader Abu Bakr al-Baghdadi declared a global jihad. He called on all Muslims to join his cause by either travelling to Iraq or Syria or by supporting the jihad locally. The call specifically focused on recruiting technically skilled and sophisticated individuals, such as engineers, hackers, and doctors, to join the cause.
ISIS leader Abu Bakr al Bagdadi avoids public exposure and he relies on ruthless violence to assert his power. Bagdadi is the supreme religious and political leader within ISIS. In 2014, he personally issued the call for all “true Muslims” to join in a global caliphate. The caliph has unchecked authority, but it relies on regional deputies to oversee its regions and manage the imposed administration in each region. The Shura Council can theoretically depose the caliph; however, such an action is unlikely since all members were appointed by al Baghdadi.
ISIS has a strong online presence that heavily recruits and promotes “lone-wolf” actions through social media. Their radical beliefs are spread by a diverse, unregulated band of digital zealots across conventional social media such as Twitter, Facebook, and Tumblr, and on less conventional channels such as forums and message boards. Members target lonely and misguided individuals, regardless of their initial beliefs, by offering a sense of community and by glamorizing the fight, actions, and lifestyle of the movement.
ISIS poses an active cyber threat by working with lone hackers, hacker groups, and by appropriating open source online materials. Some members are technically sophisticated enough to promote the message and culture by defacing websites, social media accounts, and other media channels with text, images, and videos, glorifying the agenda of the group.
The technical tools, techniques, and procedures of the group are rapidly escalating as its membership and resources increase. Increases in ISIS online activity tends to coincide with major current events. The group capitalizes off the chaos that it creates, such as launching a major Twitter campaign after the Paris attacks, as well as by turning global events, such as the Syrian refugee crisis, to its advantage.
ISIS encourages young supporters to tweet, blog, and otherwise share their reactions, opinions, and views. The group calls new recruits to conduct domestic lone-wolf attacks using novel mechanisms, such as the hashtag “#FightforHim” following the Paris attacks.
The success of the ISIS propaganda campaign is influencing how other groups use the internet. In much the same manner that newspapers’ popularity declined in favor of online media, static propaganda publications are declining in favor of robust, dynamic multi- platform campaigns. Their social media campaigns are widespread, resilient, and adaptive. ISIS content is constantly removed from conventional social media; however, they have or had a presence on Facebook, Twitter, Tumblr, Instagram, Friendica, Diaspora, and other outlets.
Their videos are edited, clear, and include special effects. Video content has been released on YouTube, IS-tube, Dailymotion, personal blogs, and on other media hosting networks. They have released podcasts and interviews on Ask.FM, Mixir, Paltalk, and other channels. ISIS has also used more conventional media outlets, such as Al-Battar Media, Dawla Media, and Al-Platform Media, to spread its message.
Defaced websites are often reconfigured to feature the flag of ISIS and phrases like “Hacked by the Islamic State”. The defacements are meant to scare Western businesses and organizations more than recruit new followers. Website defacement often occurs through widely publicized vulnerabilities, such as an outdated WordPress plugin. Those affected range from businesses, to schools, to individual users.
By inconveniencing small targets, ISIS creates a sense of fear and xenophobia in the target population that it can leverage to recruit Muslims and social outcasts who are disenfranchised by cultural stigmas. Screenshots, recordings and lists of defaced and targeted websites have been found on forums, such as Aliyyosh, an Arab hacker forum.
Stolen Personal Identifiable information belonging to Israelis and Western and American Jews has also been discovered on the forums. In March 2015, a list of names, units, addresses, and photographs of over one hundred U.S. military personnel, supposedly involved in the bombing of ISIS targets, was posted online.
Motive:
Extremist groups such as ISIS aspire to create chaos, inflict harm, and disrupt services in the nations and organizations that they oppose. In many cases, small attacks that incite panic and fear in many members of the population are just as effective as large attacks that embarrass or undermine opposing geopolitical powers.
Jihadist groups are increasingly motivated to adopt cyber-defensive capabilities, such as encryption applications and anonymity tools, so that their members can remain undiscovered within the general population and so that their activities remain unknown to opposing intelligence and counterintelligence entities. By developing cyber-offensive capabilities, extremist groups can raise funds, inflict harm from across the globe, gather information about targets,
The ISIS Cyber “Help Desk”:
In November 2015, the media reported that ISIS has spent over a year developing a “24- hour cyber help desk”, across a series of forums, applications, and social media platforms, to assist its followers in remaining anonymous and instructing them on basic hacker tools, techniques, and procedures.
The campaign is intended to spread the Jihadist message to new recruits, spread greater fear, and increase the number of attacks against foreign nations. The primary function of the help desk was to instruct perspective jihadists in the use of encryption and other secure communication applications to evade law enforcement and intelligence authorities.
The group promotes the use of deep web forums and secure platforms to obfuscate their activities so that they can covertly plan recruitment, propaganda, and terror campaigns without worrying that signal intelligence or other indicators will expose their operations.
Conclusion
ISIS has already been purchasing attacks on Western organizations and critical infrastructure for years. Groups like ISIS might hate Western culture and practices, but they have no qualms about appropriating and weaponizing material and assets developed in those regions.
They use guns manufactured in the United States and Russia and vehicles from Japan, so why would they refuse to use malware or hackers from foreign nations. To the zealots, the cyber assets are just more weapons to use in their battle. In all likelihood, the cyber-mercenaries hired would not know if they were conducting attacks on behalf of the terrorist organization. As a result of the anonymity that the hackers themselves rely on, they would unknowingly infect systems, steal data, or otherwise cause chaos for a terror organization.
Given a fiscal asset portfolio at a very conservative estimate of over $1 billion, ISIS can hire many hackers to conduct many attacks. If those attacks result in stolen data, intellectual property, or other intangible assets, then the organization can sell the data to perpetuate the cycle.
While many cyberterrorist organizations are lacking in their capacity to pose a significant cyber threat to global organizations, ISIS already possesses the motive, means, and opportunity to acquire the personnel and code necessary to begin launching devastating cyber campaigns.