Islamic State Likely To Switch To Cyber Warfare

Islamic State (IS) and other terrorist groups are turning to the underworld to try to secure tools to carry out cyber-attacks on critical infrastructure.

Terrorist groups have taken part in low-grade “cyber vandalism” and their ability to wage more damaging attacks will only increase, according to a former operations chief at the UK’s spy centre GCHQ.

Many of the required tools to launch crippling attacks are becoming increasingly available on criminal markets on the so-called Dark Web, part of the world wide web that needs special software to penetrate.

Committed extremists could seek to accelerate those efforts by recruiting knowledgeable insiders, said Conrad Prince in a report for government-backed insurance company Pool Re. “A well-placed insider can go a long way to simplifying the work involved in delivering a destructive cyber-attack,” he wrote.

He cited the case of Rajib Karim, a former IT worker for British Airways, who used his position to investigate how to cause international travel chaos by bringing down the airline’s systems. He was jailed for 30 years in 2011 for plotting to blow up a plane.

Mr Prince said that as IS lose control of more physical territory it seemed likely that they would focus their efforts on cyberspace. “The cyber conflict… has a long way to run yet,” he wrote.

“Their capability to do so is limited at present, but all the trends indicate that their ability to deliver such attacks will increase over time.”

IS has so far failed to carry out any major successful cyber-attack in part because of the targeting of its cyber experts by the US and other anti-IS forces, according to the most recent internet threat assessment published by the European Union’s policing agency Europol.

It said that the concerted action had led to a scaling down of the activities of Pro-IS hackers, such as a group known as the “United Cyber Caliphate”.

The group had specialised in the publication of “kill lists” of potential targets in the US and UK and called on followers to “kill them wherever you found them”. There has been no confirmed incident of anyone being targeted on the list.

Many previous known cyber-attacks amounted to little more than attention-grabbing stunts and hacks of public accounts, rather than the penetration of critical infrastructure.

Junaid Hussain, a British militant who was killed in a US drone strike in Syria in 2015, was believed to have been involved in obtaining the passwords of the US Central Command’s Twitter account to briefly send pro-ISIL messages.

He was jailed in the UK for six months while part of a hacking group known as Team Poison after hacking the address book of former UK premier Tony Blair and publishing information. He also was involved in tying up the phone-lines of a UK anti-terror hotline.

“The absence of any major cyber-attacks by terrorist organisations can be interpreted as the result of not enough technical skills on their side, at least for the present time,” Europol said in its internet organised crime threat assessment for 2017.

Despite the apparent amateurish nature of some of the hacks, the 2017 Europol report concluded that the militants’ receptiveness to new technologies and a stated commitment to waging the fight in the virtual world “leaves little room for complacency”.

The National:   picture: Abu Bakr al Baghdadi 

You Might Also Read: 

Terrorism, A Sea Change In Tactics:

Cyberterrorism: The Next Threat From Islamic State:

Cyber Caliphate's Scorecard:

 

 

« Will AI Make Data Analytics Jobs Obsolete?
Self-Drive Trucks Now Working In Australia »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Solarflare

Solarflare

Solarflare is a leading provider of intelligent networking I/O software and hardware platforms that accelerate, monitor and secure network data.

CANVAS Consortium

CANVAS Consortium

The CANVAS Consortium aims to unify technology developers with legal and ethical scholar and social scientists to approach the challenges of cybersecurity.

Sangfor Technologies

Sangfor Technologies

Sangfor is a global leader of IT infrastructure, security solutions, and cloud computing.

Bluink

Bluink

Bluink specializes in identity and access management and customer identity verification, using your smartphone as a strong authenticator and secure identity store.

Entel CyberSecure

Entel CyberSecure

Entel CyberSecure is a portfolio of Cybersecurity solutions and services for the protection, defense, risk management and regulatory compliance of ICT Systems for corporations and Government.

Data443 Risk Mitigation

Data443 Risk Mitigation

Data443 Risk Mitigation provides next-generation cybersecurity products and services in the area of data security and compliance.

Eskive

Eskive

Eskive is a Brazilian cyber security awareness and education platform that empowers users and strengthens their company in the face of cyber threats.

UKAS

UKAS

UKAS is the national accreditation body for the UK. The directory of members provides details of organisations offering certification services for ISO 27001.

SafeCipher

SafeCipher

At SafeCipher, we pride ourselves on being your single vendor-neutral resource for navigating the complexities of cryptographic data encryption.

Qascom

Qascom

Qascom is an engineering company offering security solutions in satellite navigation and space cybersecurity. We are one of the European key players in GNSS authentication and security.

KeyData Associates

KeyData Associates

KeyData is a recognized leader in cybersecurity services specializing in Identity and Access Management (IAM), Customer Identity & Access Management (CIAM) and Privileged Access Management (PAM).

KBE Information Security

KBE Information Security

KBE is a global consulting firm, with offices in Toronto and Milan, which specializes in the area of IT and information security with over 20 years of experience.

CLEAR

CLEAR

With more than 17 million members and a growing network of partners across the world, CLEAR's identity platform is transforming the way people live, work, and travel.

SecureLake

SecureLake

SecureLake (formerly Managni) is one of the most trusted US-based IT security and infrastructure companies.

MadWolf Technologies

MadWolf Technologies

MadWolf’s mission is to deliver enterprise-quality managed services and focused applications to organizations operating in the non-profit, association and international development sectors.

Beazley Security

Beazley Security

Beazley Security is a global cyber security firm committed to helping clients develop true cyber resilience: the ability to withstand and recover from any cyberattack.