Jihadi Cybercrime
While monitoring closed platforms that propagate an Islamic State agenda, hacking lessons, focusing on spam and phishing methods, were found by Israeli security firm Sensecy.
Many discussions in the technical sections of closed platforms affiliated with the Islamic State deal with the implementation of information security awareness among its members, therefore discussions regarding offensive capabilities are rare on these platforms, and the shared materials are basic and elementary.
However, the fact that individuals on these platforms are becoming more aware of spam and phishing methods is a worrying development indicating interest among pro-IS hackers to become involved in cybercrime.
In one discussion regarding the establishment of hacking lessons, the main goal was to teach members to implement methods of social engineering, like creating scam pages of popular platforms to steal victim details, such as login credentials, financial information and more.
In addition, it was mentioned that stolen credit card information can be utilized for the benefit of the Islamic State by transferring money from victims’ accounts to jihadi cells around the world, or for purchasing powerful servers for carrying out cyber-attacks.
One hacking lesson that included a detailed review, with instructions and recommendations dealing with various subjects, such as stealing email lists from different platforms using Havij (a popular automatic SQL injection tool), creating fake messages that impersonate official emails and avoiding AV detections. The lesson received favorable comments.
This is an interesting development, as closed platforms affiliated with the Islamic State do not usually focus on activity related to hacking and offensive cyber capabilities, such as sharing malware or malicious tools.
Blog.Sensecy.com New Cyber Tricks Make ISIS Sophisticated: