Poor Coding Limits IS Hackers

Hackers working for the so-called Islamic State are bad at coding and hiding what they do, suggests research. They produce buggy malware and easily crackable encryption programs, said senior security researcher Kyle Wilhoit at a recent security conference .

In particular, he called three attack tools created by one large IS hacker collective "garbage".

Their poor skills meant IS groups had switched to online services and the dark web for attack code, he said.

Little Harm

While IS was very proficient at using social media as a recruitment and propaganda tool, its cyber-attack arm was nowhere near as effective, said Mr Wilhoit, a cyber-security researcher at Domain Tools, while presenting his work at the conference in Kentucky.

"ISIS is really, really bad at the development of encryption software and malware," he told tech news outlet The Register, adding that the vulnerabilities found in all the tools effectively rendered them "completely useless".

As part of his research, Mr Wilhoit analysed three separate types of tools created by hackers who were part of what is known as the United Cyber Caliphate (UCC). This was set up as an umbrella organisation for 17 hacker groups that had declared their support for IS.

All the tools had problems, he said.

  • the group's malware was full of basic bugs
  • a secure email system it developed leaked information about users
  • the UCC's web attack tool failed to take down any significant target

In addition, attempts to raise cash via donations of bitcoins have been diluted by fraudsters cashing in on the IS name and producing websites mimicking the appeals for funds.

"As it stands ISIS are not hugely operationally capable online," Mr Wilhoit added. "There's a lack of expertise in pretty much everything,"

IS also had a lot to learn when it came to hiding its activities online, he said. There were many examples of it sharing pictures of successful attacks, or which lauded its members, that still held metadata that could identify where the photos were taken.

Mr Wilhoit said that, during his research, he had found an unprotected IS server online that served as a repository of images the group planned to use for propaganda.

"You can basically mass export metadata from each of the pictures and get literally up-to-the-second information on where people are operating, because they are not really that great at operation security," he said.

Many of the people involved with the cyber-arm of IS had been killed in drone strikes, said Mr Wilhoit adding that it was open to speculation about how location data to aid the drones was found.

Over the last year UCC had begun moving to attack tools used by Western cyber-thieves, he said.

"They know they cannot develop tools worth a damn, so they are going to use stuff that works, is minimally cheap and is easy to use."

BBC

You Might Also Read: 

Learning About ISIS Intentions Using Open Source Intelligence:

Islamic State On The Internet:

« Nuclear Missiles Are Not N.Korea’s Only Threat
China Disrupts WhatsApp »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

RISA

RISA

RISA solutions help to secure networks, improve overall network security, and achieve government regulatory compliance.

Cybertrust Japan

Cybertrust Japan

Cybertrust Japan provides a comprehensive security certification and digital authentication service, enabling customers to build and manage highly secure IT infrastructures.

Riskified

Riskified

Riskified is a leading eCommerce fraud-prevention company, trusted by hundreds of global brands – from luxury fashion houses and retail chains, to gift card and ticket marketplaces.

SecLytics

SecLytics

SecLytics is the leader in Predictive Threat Intelligence. Our SaaS-based Augur platform leverages behavioral profiling and machine learning to hunt down cyber criminals.

Cobalt Labs

Cobalt Labs

Pen Testing as a Service for Modern SaaS Businesses. Cobalt is redefining the modern pen test for companies who want serious hacker-like testing built into their development cycle.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

Cylera

Cylera

Cylera is a Healthcare IoT cybersecurity and intelligence company built in close partnership with healthcare providers.

Cutting Edge Technologies (CE Tech)

Cutting Edge Technologies (CE Tech)

CE Tech is a Next Generation Technology Partner providing advanced technology infrastructure solutions through partnerships with leading technology providers.

Forever Group

Forever Group

Forever Group is a Managed Services Provider specialising in Telecommunications, IT Support, and Cyber Security.

In Fidem

In Fidem

In Fidem specializes in information security management, with a bold approach that views cybersecurity as a springboard to organizational transformation rather than a barrier to innovation.

Center for Information Technology Policy (CITP) - Princeton University

Center for Information Technology Policy (CITP) - Princeton University

The Center for Information Technology Policy at Princeton University is a nexus of expertise in technology, engineering, public policy, and the social sciences.

LANCOM Systems

LANCOM Systems

LANCOM Systems is the leading European manufacturer of secure, reliable and future-proof networking (WAN, LAN, WLAN) and firewall solutions for the public and private sectors.

Zyber 365

Zyber 365

Zyber 365 are providing a robust, decentralized, and cyber-secured operating system which adheres to the fundamental principles of environmental sustainability.

AccessIT Group

AccessIT Group

AccessIT Group is a specialized cybersecurity solutions provider offering a full range of advanced security services.

Silobreaker

Silobreaker

Silobreaker is a SaaS platform that enables threat intelligence teams to produce high-quality and relevant intelligence at a faster pace.

CovertSwarm

CovertSwarm

Since 2020 CovertSwarm have been radically redefining how enterprise security risks are discovered. We outpace the cyber threats faced by our clients using a constant cyber attack methodology.