Poor Coding Limits IS Hackers

Uploaded on 2017-10-25 in TECHNOLOGY--Hackers, FREE TO VIEW

Hackers working for the so-called Islamic State are bad at coding and hiding what they do, suggests research. They produce buggy malware and easily crackable encryption programs, said senior security researcher Kyle Wilhoit at a recent security conference .

In particular, he called three attack tools created by one large IS hacker collective "garbage".

Their poor skills meant IS groups had switched to online services and the dark web for attack code, he said.

Little Harm

While IS was very proficient at using social media as a recruitment and propaganda tool, its cyber-attack arm was nowhere near as effective, said Mr Wilhoit, a cyber-security researcher at Domain Tools, while presenting his work at the conference in Kentucky.

"ISIS is really, really bad at the development of encryption software and malware," he told tech news outlet The Register, adding that the vulnerabilities found in all the tools effectively rendered them "completely useless".

As part of his research, Mr Wilhoit analysed three separate types of tools created by hackers who were part of what is known as the United Cyber Caliphate (UCC). This was set up as an umbrella organisation for 17 hacker groups that had declared their support for IS.

All the tools had problems, he said.

  • the group's malware was full of basic bugs
  • a secure email system it developed leaked information about users
  • the UCC's web attack tool failed to take down any significant target

In addition, attempts to raise cash via donations of bitcoins have been diluted by fraudsters cashing in on the IS name and producing websites mimicking the appeals for funds.

"As it stands ISIS are not hugely operationally capable online," Mr Wilhoit added. "There's a lack of expertise in pretty much everything,"

IS also had a lot to learn when it came to hiding its activities online, he said. There were many examples of it sharing pictures of successful attacks, or which lauded its members, that still held metadata that could identify where the photos were taken.

Mr Wilhoit said that, during his research, he had found an unprotected IS server online that served as a repository of images the group planned to use for propaganda.

"You can basically mass export metadata from each of the pictures and get literally up-to-the-second information on where people are operating, because they are not really that great at operation security," he said.

Many of the people involved with the cyber-arm of IS had been killed in drone strikes, said Mr Wilhoit adding that it was open to speculation about how location data to aid the drones was found.

Over the last year UCC had begun moving to attack tools used by Western cyber-thieves, he said.

"They know they cannot develop tools worth a damn, so they are going to use stuff that works, is minimally cheap and is easy to use."

BBC

You Might Also Read: 

Learning About ISIS Intentions Using Open Source Intelligence:

Islamic State On The Internet:

« Nuclear Missiles Are Not N.Korea’s Only Threat
China Disrupts WhatsApp »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Duane Morris LLP

Duane Morris LLP

Duane Morris is a global law firm with offices in the USA, UK and Asia. Practice areas include Cybersecurity.

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

KirCCS harnesses expertise across Kent University to address current and potential cyber security challenges.

British Insurance Brokers’ Association (BIBA)

British Insurance Brokers’ Association (BIBA)

BIBA is the UK’s leading general insurance intermediary organisation. Use the ‘Find Insurance‘ section of the BIBA website to find providers of cyber risk insurance in the UK.

Rubicon Workflow Solutions

Rubicon Workflow Solutions

Rubicon is a leading provider of managed IT support and strategic services, specialising in creative and mixed platform environments.

Telia Cygate

Telia Cygate

Cygate are specialists in information security, data networks, and data centre and cloud technologies.

World Wide Technology (WWT)

World Wide Technology (WWT)

WWT is a technology solution provider in the areas of big data, collaboration, computing and cloud, mobility, networking, security and storage.

Vdoo

Vdoo

Vdoo provides an end-to-end product security platform for automating all software security tasks throughout the entire product lifecycle.

Research Institute in Verified Trustworthy Software Systems (VeTSS)

Research Institute in Verified Trustworthy Software Systems (VeTSS)

The main purpose of VeTSS is to support program analysis, testing and verification, to achieve guarantees of software correctness, safety, and security.

JupiterOne

JupiterOne

JupiterOne is the security product that is changing how organizations manage and secure their software defined assets.

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP provides solutions and services around Core Infrastructure, Cloud, Cyber Security, Enterprise Applications, Intelligent Automation and Data, Smart Buildings, and Managed Services.

BlackFog

BlackFog

BlackFog is a leader in device data privacy, data security and ransomware prevention. Our behavioral analysis and anti data exfiltration technology stops hackers before they even get started.

Triaxiom Security

Triaxiom Security

Triaxiom Security offers penetration testing, security audits, and strategic consulting customized to meet your needs.

DC Two

DC Two

DC Two are a locally operated and supported Australian data centre, offering a suite of vertically integrated services covering every part of the data centre and cloud technology stack.

Exodata

Exodata

Exodata is a French digital services company specializing in the outsourcing of IT Systems and solutions.

ThreatView by Turaco Labs

ThreatView by Turaco Labs

ThreatView combines extensive experience in digital forensics with advanced analytics and threat detection capabilities to protect eCommerce websites.

Odaseva

Odaseva

Odaseva delivers the strongest data security solution for enterprises running on Salesforce, safeguarding confidentiality and integrity of critical business information.