image

ISIS CYBERTHREAT: PUNY BUT GAINING POWER

By John P. Mello Jr. - TechNewsWorld |5th May 2016

The Islamic State group's cyberwar capabilities are unsophisticated, but they won't be that way for long.

A report, "Hacking for ISIS: The Emergent Cyber Threat Landscape," found that the Islamic State's "overall capabilities are neither advanced nor do they demonstrate sophisticated targeting."

However, the severity of the attacks by the groups supporters isn't likely to remain unsophisticated, it added.

"Their capability of hacking military or NSA servers in the United States is far-fetched, but it's not completely impossible. Concern is high, not because they have sophisticated hacking skills but because they're utilizing multiple ways of bringing in new talent, utilizing all the freely available tools online, trying to utilize malware that's already available and building their own malware".

-Laith Alkhouri, Flashpoint's director of Middle East and North Africa research and one of the authors of the report.

Script Kiddie Assassins

ISIS lacks the organization and skills of other cyber adversaries of the United States, noted another author of the report, Flashpoint Director of Security Research Allison Nixon.

"Chinese and Russian hackers are organized criminal gangs or nation-state supported groups," she told TechNewsWorld. "They're highly educated, highly skilled. They use custom malware and custom tools."

"On the other hand, ISIS supporters are more like script kiddies or hactivists. They have a low level of sophistication and engage in behavior patterns and use toolsets that we would see in any other attention-seeking group," Nixon continued. "They're using open source tools and very old public exploits," she said. "They're only capable of hacking sites that aren't very well maintained in the first place."

Although ISIS hackers have some similarities to hactivists, they differ from them in at least one very important way. "Hacktivists don't threaten physical violence," Nixon said. "Physical violence is an important part of ISIS hackers. They're interested in translating these online threats into physical attacks," she added.

Attacks of Opportunity

The hacking tools of ISIS cyberwarriors are almost invariably going to be taken from publicly available open source projects because of the ease of obtaining such tools along with the fact that they can often be used successfully, the report noted. "As pro-ISIS cyber attacks and capabilities have gradually increased over time but remained relatively unsophisticated, it is likely that in the short run, these actors will continue launching attacks of opportunity," it noted.

"Such attacks, include finding and exploiting vulnerabilities in websites owned by, for example, small businesses, and defacing these websites. Other attacks may include DDoS attacks," the report continued.

Hacking Powerhouse

Pro-ISIS cyberactors are demonstrating an upward trajectory, indicating that they will continue to improve and amplify pre-existing skills and strategies, the report said.

"We're starting to see these groups coalesce their brand. They're increasing their ranks in number. They're increasing their ranks in skill. They're increasing their ranks in languages, which means they're increasing the channels on which they operate and which they distribute their claims of responsibility," Alkhouri noted.

U.S. Responds

The United States isn't ignoring the growing threat of ISIS in cyberspace. A new campaign was designed to disrupt the ability of the Islamic State to spread its message, attract new adherents, circulate orders from commanders and carry out day-to-day functions, like paying its fighters, according to a news report published last week.

While the Pentagon hasn't been shy about letting ISIS know U.S. cyberforces will be gunning for it, details have been in short supply.

"It may be as something as simple as finding some servers and executing an automated attack on those servers," he told TechNewsWorld, "or it may be something more complicated, like the use of directed malware or the disruption of encrypted channels used by ISIS on the dark Web,"

said Lawrence Husick, co-chairman of the Foreign Policy Research Institute's Center for the Study of Terrorism.