How ISIS Uses The Internet

They talk on Telegram and send viruses to their enemies. BuzzFeed  looks at how ISIS members and sympathizers around the world use the internet to grow their global network.

Abu Majad figured that when ISIS came for him, it would be with a knife on a dark street, or a bomb planted on his car. The 34-year-old had been living in southern Turkey since fleeing Syria nearly three years ago and knew that his outspoken stance against ISIS, online and in his hometown in northern Syria, had put him in the terrorist group’s crosshairs. 

What he wasn’t expecting was to wake up on the morning of March 29 to a virus planted by ISIS within a seemingly innocuous email attachment.

“Everything about this looked like a real email, sent from the admin of my own website. It looked safe, but it was not. They were trying to get my login information, my passwords. They were trying to get things that could have put real lives in danger,” said Abu Majad, who asked that his nickname be used instead of his real name to protect himself and his remaining family in Syria from reprisal attacks by ISIS. “It was very clever. When I saw it I thought to myself, Shit, now they are professional hackers?”

Cybersecurity experts and intelligence agencies who monitor ISIS say the malware is just one more sign that ISIS is growing more sophisticated in its use of the internet. “When I saw it I thought to myself, Shit, now they are professional hackers?”

“I don’t think it is far-fetched to say that the Internet is a major reason why ISIS is so successful, and so worrying, as far as global terror movements go,” said one US intelligence officer, who spoke to BuzzFeed News in Washington, DC, and asked not to be named as he wasn’t authorized to speak to the press. “They have always been ‘good’ at the internet, at the strategy of how they use it. Now they are smarter at the Internet too.”

Many of the world’s major intelligence agencies are trying to figure out just how ISIS uses the internet. As the jihadi group continues to attract supporters around the globe, the need for them to safely communicate online has grown. While the vast majority of the group’s fighters in Iraq and Syria are probably not using the internet for much more than sending photos to their family WhatsApp groups, US intelligence believe a small unit within ISIS is leading the group’s cyber ambitions, which range from working with hackers to launch cyberattacks against their enemies, to publishing manuals that help their supporters mask their online communications and defend themselves from those hunting them.

What Abu Majad found that March morning was an email that looked like it came from his own website, asking him to log in and verify his details. Within the email was something known as a “dropper”, malware that is used to plant other software onto a computer without the user’s knowledge.

“They would have had access to everything if I had opened that link,” said Abu Majad, who has sensitive information on his computer about other activists who, like him, try to oppose ISIS rule in Syria by smuggling out photos and videos that document the difficulty of civilian life under ISIS rule. Abu Majad insists he did not click the link, but he also declined to explain how he knew it was malware. “I was used to seeing ISIS fighters in cafes who barely know how to sign on and check their email. I was not expecting them to be this sophisticated.”

Dlshad Othman is a cybersecurity engineer with the ISC Project, which provides information security assistance to civil liberties groups, and also studies ISIS. He said he had recently seen malware used in attacks on Syrian and Kurdish journalists and sites that try to fight against ISIS propaganda online.

“ISIS has been targeting sites that are outspoken against ISIS,” Othman said, giving as an example the group Raqqa Is Being Slaughtered Silently, an activist group that tries to disseminate real information from within Raqqa, capital of ISIS’s self-declared caliphate. “They targeted people who are trying to reveal what ISIS is really doing in Syria, which they see as a threat to their recruitment and propaganda.”

He showed BuzzFeed one of the emails he was analyzing, which also contained malware. Othman traced the email back to IP addresses in Turkey and Qatar, another indication, he said, that ISIS was getting help from its network outside of Iraq and Syria to carry out cyber-attacks.

“Malware, phishing campaigns, DDoS attacks are all things I have seen,” he said. “Now, these dropper attacks are new and are more sophisticated. What we see is the group growing and evolving their capabilities. What we are seeing is worrying.”

Buzzfeed

« US Must Prepare For Cyber Warfare In Space
Edward Snowden JoinsWith Jean Michel Jarre To Make Music About Cybersecurity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Security House

IT Security House

IT Security House is a leading European supplier of Cyber Security Intelligence and eCrime services.

Cybraics

Cybraics

Cybraics nLighten platform implements a unique and sophisticated artificial intelligence engine that rapidly learns your environment and alerts security teams to threats and vulnerabilities.

Red Balloon Security (RBS)

Red Balloon Security (RBS)

Red Balloon Security is a leading embedded device security company, delivering deep host-based defense for all devices.

Waratek

Waratek

Waratek is a pioneer in the next generation of application security solutions known as Runtime Application Self-Protection or RASP.

Penningtons Manches Cooper

Penningtons Manches Cooper

Penningtons Manches Cooper is a leading UK law firm providing high quality legal advice in areas including Data Protection, Cyber Security and Cyber Crime.

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions provides advanced, innovative data security solutions for enterprises, professionals and individuals.

SimSpace

SimSpace

SimSpace is the visionary yet practical platform for measuring how your security system responds under actual, sustained attack.

Quantum Xchange

Quantum Xchange

As the provider of unbreakable quantum-safe encryption, Quantum Xchange gives commercial enterprises and government agencies the ultimate defense to keep high-value data safe.

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo is the UK’s largest cloud and cyber security event.

Intechtel

Intechtel

Intechtel is a cyber security company, in addition to providing other internet, technology and telephone services.

ActZero

ActZero

ActZero’s security platform leverages proprietary AI-based systems and full-stack visibility to detect, analyze, contain, and disrupt threats.

ShellBoxes

ShellBoxes

ShellBoxes are a leading Web3 company focused on providing top-notch blockchain security and development services.

G-71

G-71

G-71 LeaksID is a cutting-edge ITM technology aimed at safeguarding sensitive documents from insider threats.

MAUSHIELD

MAUSHIELD

MAUSHIELD is the national platform for sharing cyber threat information and intelligence that can help organisations to improve their cybersecurity posture, minimize risks and prevent cyber-attacks.

Veza Technologies

Veza Technologies

Veza is the authorization platform for data. Built for hybrid, multi-cloud environments, Veza enables organizations to manage and control who can and should take what action on what data.

Cognna

Cognna

Cognna's innovative platform is designed to empower you and your team, providing the tools you need to detect, prevent, and resolve threats with ease.