When Terrorists Learn How to Hack

Uploaded on 2018-01-02 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

Terrorist groups are expanding their use of the Internet beyond mere messaging and disseminating operational know-how, slowly adding a hacking toolkit that could one-day rival that of criminal or state-sponsored hacking. 

To date attacks have included website defacement, doxing of personally identifiable information, and distributed denial of service (DDoS) attacks. But this could grow to more disruptive attacks, not only with the potential to spread fear, but also raise revenue across the far reaches of the globe.

In the early 2000s, the CIA had identified two known US-designated terrorist organisations, Hezbollah and Hamas, with the capability and intent of using cyber-attacks against US critical infrastructure. 

There were also reports of al Qaeda pursuing technically savvy recruits to hold US networks at risk as well. With the emergence of the so-called Islamic State, a global pool of potential recruits that grew up with the internet, and readymade hacking toolsets available online, the likelihood of such groups turning to offensive cyber capabilities is growing. In September 2016, a Kosovo hacker linked to ISIS named Ardit Ferizi was sentenced to 20 years in prison for hacking the networks of a US company and stealing personally identifiable information of some 1,300 US military members and government personnel. 

Ferizi, who pleaded guilty in June 2016, then provided the stolen information to Junaid Hussain, a British hacker and ISIS recruiter also known as Abu Hussain Al Britani, who was later killed in a US drone strike after he published the stolen personal information under the name of the Islamic State Hacking Division (ISHD), now known as the United Cyber Caliphate, in 2015. Hussain is also thought to be responsible for hacking into US Central Command’s Twitter account.

In the dump, Hussain proclaimed, “O Crusaders, as you continue your aggression towards the Islamic State and your bombing campaign against the Muslims, know that we are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands! ‘So wait; we too are waiting.”

The intention was to package the stolen personal data of US military and government officials, such as names, addresses and other sensitive information, as a ‘kill list’ to inspire lone wolf attacks against those individuals and their families, a clear facilitator fear. 

In fact, a Bangladeshi living in Maryland named Nelash Mohamed Das was indicted in September 2016 for allegedly seeking to attack a military member whom appeared on the kill list published by Hussain. In another instance, ISIS-affiliated hackers using a tool named Caliphate Cannon launched their first volley of DDoS attacks against government targets in Egypt, Jordan, Yemen and Iraq in December 2016, resulting in the disruption of several servers hosting hundreds of sites.

Pro-ISIS hackers commonly resort to website defacement, particularly targeting government and media sites so that the group’s propaganda can coopt their audiences. In June, a number of government websites were hacked with messages purporting to be support of the ISIS. 

While fear is the ultimate goal, terrorists could also seek to confuse and sow doubt by spreading disinformation similar to Russian cyber operations in the lead up to the 2016 US presidential elections. Network intrusions could allow terrorists to manipulate critical data or information and bots on social media could amplify terrorist narratives to global audiences, causing audience to overestimate their presence and respond disproportionately, the “judo throw” tactic common among terrorist groups.

At the same time, pointing the blame for hacks at terrorist organisations such as ISIS has been a tactic used to muddy attribution of state-sponsored operations. 

In April 2015, a group claiming to be the Cyber Caliphate targeted French television channel TV5Monde, taking their operations temporarily offline. But French investigators determined the culprits were hackers working on behalf of the GRU, Russian military intelligence. While cyber-attacks by terrorist groups likely necessitate clear attribution, thus claims of responsibility, the use of such methods also allow other nation-states plausible deniability when they engage in such activities.
Terrorist groups have long used guerilla warfare and cutting-edge technologies to pursue their goals, they embrace unconventional tactics to counter a conventionally superior foe. The use of hacking is a natural progression for jihadist groups and other non-state actors seeking to expand their influence, spread fear and uncertainty, and bankroll their operations.

The progressive increase in Internet infrastructure in the developing world means terrorist groups will be able to launch cyber operations from all over the globe. While the technical capability of cyber jihadists has remained unsophisticated in relation to the criminal underground and nation-states, this could change. 

A pro-ISIS information security group named Horizons already regularly publishes detailed guides on computers and encryption, and such spread of operational know-how could eventually include hacking courses, such as the many found on the dark web.

Hacking-as-a-service is a growing industry, and criminal groups could wittingly or unwittingly act on behalf of extremist groups. State-sponsors of terror could fund terrorist hacking operations and publically available hacking tools, either purchased on the dark web or obtainable tools such as the allegedly NSA tools released by Shadow Brokers, could facilitate e-jihad.

Terrorists could disrupt Internet communications or media sites prior or following a terrorist incident, once they develop the capacity to create expansive botnets to launch denial of service attacks that use the Internet of Things to flood networks with false traffic, such as the Mirai botnet that temporarily took down DNS provider Dyn in October 2016. 

Such a disruption could adversely affect how audiences and emergency responders could quickly gain an understanding of the situation, increasing the probability of panic.

Ransomware coupled with propagating worms, such as the WannaCry attacks in May, could provide a mode of both fundraising and disruption for terrorist organisations, such as by targeting hospitals or transportation hubs. Such capacity would also allow terrorist organisations to coerce governments and others to meet their demands, such as prisoner exchanges given the accumulating costs that ransomware produces.

While many have warned of cyber terrorism targeting critical infrastructure, such as the power grid or nuclear power plants to spread panic, blunt government response and potentially even cause loss of life through physical destruction, such operations are far more complex and require deep understanding of the physical engineering of these systems. 

Success in targeting critical infrastructure is not impossible, however, as the 2015 and 2016 attacks on the Ukrainian power grid shows, and this trend could grow with automated hacking capabilities.

The Cipher Brief

You Might Also Read:

Terrorism, A Sea Change In Tactics:

Interpol/Group-IB Unmasking Pro-ISIS Hackers:

 

 

« Snowden’s Haven - A New Surveillance App
GDPR - Its Complicated. »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Operational Center for Information Systems Security (COSSI)

Operational Center for Information Systems Security (COSSI)

COSSI is responsible for the detection and mitigation of cyber attacks directed at French Government information systems.

Compass Security

Compass Security

Compass Security is a specialist IT Security consultancy firm based in Switzerland. Services include pentesting, security assessments, digital forensics and security training.

Cyberwrite

Cyberwrite

Cyberwrite was founded to provide underwriters around the world a unique and innovative Cyber Underwriting platform.

Cybersixgill

Cybersixgill

Cybersixgill was founded with a single mission: to protect organizations against malicious cyber attacks that come from the deep and dark web, before they materialize.

Resilia

Resilia

RESILIA is a comprehensive portfolio of tools and training to help your organization achieve global best practice in cyber security.

GMV

GMV

GMV is a technological business group offering solutions, services and products in diverse sectors including Intelligent Transportation Systems, Cybersecurity, Telecoms and IT.

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain accelerator is located in Washington D.C. which is one of the world's top cybersecurity ecosystems.

German Accelerator

German Accelerator

German Accelerator supports high-potential German startups in successfully entering the U.S. and Southeast Asian markets.

Trusted Security Solutions (TSS)

Trusted Security Solutions (TSS)

TSS are specialist in IT Security and providing Cybersecurity Solutions & Services combined with storage and backup.

Abu Dhabi Gov Digital

Abu Dhabi Gov Digital

Gov Digital (formerly Abu Dhabi Digital Authority - ADDA) enable, support and deliver a digital government that is proactive, personalised, collaborative and secure.

Quad9 Foundation

Quad9 Foundation

Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system's performance, plus, it preserves and protects your privacy.

Istari

Istari

ISTARI is a new kind of cyber risk management company. We’re an agile collective of best-in-class capabilities and experts, who build ongoing partnerships with clients.

AuditBoard

AuditBoard

AuditBoard is the leading cloud-based platform transforming audit, risk, ESG, and InfoSec management.

BuddoBot

BuddoBot

BuddoBot has been a pioneering force in cybersecurity and information technology since 2008.

appNovi

appNovi

appNovi inventories everything to map the attack surface, identify missing security agents, and prioritize vulnerabilities based on exposure.

SecuCenter

SecuCenter

Secucenter is a trusted partner for SOC services, offering security expertise in a cost-effective way.