Islamic State Aims to Launch Cyberattacks on US

Uploaded on 2016-01-04 in NEWS-Cybersecurity News, INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

To date, ISIS’ cyber achievements agint America have been limited, although the US charged a Kosovo native in October with hacking into a US database and stealing personal information on more than 1,350 military and government personnel. Its hackers have tried to penetrate computers that regulate the nation’s electricity grid, US officials say.

The Islamic State is seeking the ability to launch cyberattacks against US government and civilian targets in a potentially dangerous expansion of the terror group’s Internet campaign.

Though crippling attacks for now remain beyond the reach of the Islamic State of Iraq and the Levant, also known as ISIL, its hackers have tried to penetrate computers that regulate the nation’s electricity grid, US officials say. On shadowy Internet forums, ISIL sympathizers post photos and videos of airplane cockpits and discuss wanting to crash passenger jets by hacking into on-board electronics. Fellow extremists debate triggering a lethal radiation release by sending rogue commands to nuclear power plants, according to the New York-based threat intelligence firm Flashpoint.

To date, a lack of world-class expertise has limited ISIL and its supporters to defacing websites, including that of an organization for US military spouses, and pranks such as commandeering the Twitter feed of the US military command directing operations in Iraq and Afghanistan. In September, James Clapper, the director of national intelligence, told Congress that the danger of a catastrophic attack from any cyber adversary was “remote.”

But Islamic State adherents have made no secret of their desire to acquire lethal capabilities, says Alex Kassirer, a Flashpoint terrorism analyst, who monitors conversations on extremist forums. “The capability’s not there and that’s why we’re seeing these low-level attacks of opportunity,” Kassirer said. “But that’s not to say it’s going to be that way going forward. They’re undoubtedly working on cultivating those skills.”

US vulnerability to cyberattacks is well known. Nearly 22 million individual records were stolen when hackers believed to be from China penetrated the government’s central personnel office computers.  The US government spends more than $5 billion annually on cyber defense, with responsibility divided among the departments of Defense and Homeland Security, the National Security Agency and the FBI. US companies, primarily responsible for their-own protection, spend a multiple of that figure.

While ISIL, under growing military pressure in its would-be Middle Eastern caliphate, has mainly put its efforts into inspiring scattered shootings and bombings rather than organizing mass casualty attacks, cyberspace could become a more active front in the war on terror.

The concern is not limited to the US government. Four days after ISIL terrorists killed 130 people in Paris, Britain’s top Treasury official warned that the terror group is dedicated to striking critical infrastructure, such as the financial system or power grid.


To date, ISIL’s cyber achievements have been limited, although the US charged a Kosovo native in October with hacking into a US database and stealing personal information on more than 1,350 military and government personnel. The suspect, Ardit Ferizi, later passed the data to Junaid Hussain, a member of the self-proclaimed Islamic State Hacking Division who was reportedly killed by an airstrike in Syria in August, authorities said. The information Ferizi pilfered included U.S. personnel’s email addresses, passwords, locations and phone numbers, according to the Justice Department.

Compared with earlier terrorist generations, ISIL has demonstrated an appeal to young, tech-savvy individuals far from the battlefields of Iraq and Syria, Kassirer said.

“Al Qaeda’s media apparatus was a van driving around Yemen passing out videos,” she said. “ISIS has really revolutionized how they use the tech sector, and their recruits tend to be younger individuals who grew up in the tech age.”

The group has also shown a sophisticated understanding of ways to shield its communications from eavesdropping intelligence agencies. Flashpoint earlier this month reported on a detailed manual released by an ISIL supporter urging members to use the popular encrypted chat system Signal. The manual even describes how to employ a fake phone number to set up a Signal account to avoid revealing personal information.

That’s a far cry from Al Qaeda, which communicated via couriers to escape surveillance, she said.

Experts have traditionally discounted the risk of cyberterrorism, saying terrorists prefer the greater chaos and bloodshed of physical attack. The technical skill required to execute a major cyberattack also was judged beyond any but a few nation-states.

Terrorists might pair a cyber-strike with a traditional attack to amp up the confusion or death toll, Bacon suggested. If terrorists overwhelmed the communication networks used by emergency responders, for example, that could magnify the damage of a physical attack. Attacking broadcast facilities might increase the public’s panic.

Still, ISIL for now is likely to stick to its traditional tools, guns and explosives, analysts said. “As far as getting attention, there’s still going to be, in the minds of most terrorist groups, an inherent advantage in things that make loud noises and flashes and kill a lot of people as opposed to digital systems going down,” said Paul Pillar, a Georgetown University terrorism expert and former CIA analyst. “The speculation about exotic terrorist techniques, especially in the cyber arena, has outrun what groups are actually doing.”

Politco: http://politi.co/1kpKYS8

« Apple Opens Fire In Encryption Battle
BBC Websites Offline After Massive DDOS Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BruCERT

BruCERT

BruCERT is the referral agency for dealing with computer-related and internet-related security incidents in Brunei Darussalam.

TestFort

TestFort

TestFort QA Lab is a specialized software testing company offering independent quality assurance and software testing services.

First National Technology Solutions (FNTS)

First National Technology Solutions (FNTS)

First National Technology Solutions is a leading provider of flexible, customized hosted and remote managed services including IT security and compliance.

Raytheon Technologies

Raytheon Technologies

Raytheon Intelligence & Space delivers solutions that protect every side of cyber for government agencies, businesses and nations.

Evidence Talks (ETL)

Evidence Talks (ETL)

A leading forensic computing authority developing unique digital forensic technologies. Tools that detect potential terrorists & criminals & used by the military, enforcement & intelligence commmunity

National CyberWatch Center - USA

National CyberWatch Center - USA

National CyberWatch Center is a cybersecurity consortium working to advance cybersecurity education and strengthen the national workforce.

RevBits

RevBits

RevBits provides high-performance cybersecurity solutions including email security, endpoint security, deception technology and PAM solution to enterprise companies and public sector organizations.

Cythereal

Cythereal

Cythereal is the leader in predicting and preventing advanced malware attacks. Security Automation for the Overwhelmed Administrator.

Winbond Electronics

Winbond Electronics

Winbond is a Specialty memory IC company. Product lines include Code Storage Flash Memory, TrustME® Secure Flash, Specialty DRAM and Mobile DRAM.

Raxis

Raxis

Raxis is a cybersecurity company that hacks into computer networks and physical structures to perform penetration tests, assessing corporate vulnerability to real-world threats.

Singtel Innov8

Singtel Innov8

Singtel Innov8, the venture capital arm of the Singtel Group, invests in and partners with innovative technology start-ups globally.

Polestar Industrial IT

Polestar Industrial IT

Polestar work on both sides of the IT & OT divide. Network, Data & Asset Security is our priority. Polestar installations are robust and resilient and comply with the appropriate security.

Limes Security

Limes Security

Limes Security GmbH is the leading OT Security expert in the German-speaking region of Europe.

IT-Schulungen.com / New Elements GmbH

IT-Schulungen.com / New Elements GmbH

Under the name IT-Schulungen.com, the Nuremberg-based New Elements GmbH has been operating one of the largest training centres in the German-speaking world for over 20 years.

Defend-OT

Defend-OT

Defend-OT is a Belgium-based cybersecurity firm specializing in OT environments.

Invary

Invary

Invary's expert Runtime Integrity solution, powered by NSA-licensed technology, verifies the security and confidentiality of your system.