Archive for May 2016

Is ISIS a Cyberthreat?

A 25-page report released by Flashpoint last week stated that the Islamic State’s cyberwar capabilities remain unsophisticated, but are on the rise. The report, titled “Hacking for ISIS: The Emergent Cyber Threat Landscape,” purported that IS’s “overall capabilities are neither advanced nor do they demonstrate sophisticated targeting.” That said, the group is taking steps to increase the effectiveness of its attacks, making its internet exploits no laughing matter.

“Their capability of hacking military or NSA servers in the United States is far-fetched, but it’s not completely impossible,” stated Laith Alkhouri, the director of Middle East and North Africa research at Flashpoint and one of the authors of the report.

cybercal“Concern is high, not because they have sophisticated hacking skills but because they’re utilizing multiple ways of bringing in new talent, utilizing all the freely available tools online, trying to utilize malware that’s already available and building their own malware.”

According to the report, ISIS hasn’t developed the organization and skills of more capable and threatening adversaries of the United States. Flashpoint’s Director of Security Research Allison Nixon had this to say:

“Chinese and Russian hackers are organized criminal gangs or nation-state supported groups…They’re highly educated, highly skilled. They use custom malware and custom tools… On the other hand, ISIS supporters are more like script kiddies or hactivists. They have a low level of sophistication and engage in behavior patterns and use toolsets that we would see in any other attention-seeking group.”

“They’re using open source tools and very old public exploits,” Nixon continued. “They’re only capable of hacking sites that aren’t well maintained in the first place.”

Nixon went on to define the difference between ISIS and hacktivists: “Hacktivists don’t threaten physical violence. Physical violence is an important part of ISIS hackers… They’re interested in translating these online threats into physical attacks.”

Most of ISIS cyberwarriors’ hacking tools are taken from publicly available open source projects owing to the ease of obtaining an open sourced tool. Creating their own tools that functioned with the same effectiveness would require a significant amount of time and skill that is difficult for ISIS to access at this current time.

“As pro-ISIS cyber attacks and capabilities have gradually increased over time but remained relatively unsophisticated, it is likely that in the short run, these actors will continue launching attacks of opportunity,” said the report.

cybercaliphate“Such attacks include finding and exploiting vulnerabilities in websites owned by, for example, small businesses, and defacing these websites. Other attacks may include DDoS attacks.”

That said, the ISIS cyberactors are demonstrating an upward trajectory in both number of attacks and sophistication of attacks.

“We’re starting to see these groups coalesce their brand. They’re increasing their ranks in number. They’re increasing their ranks in skill. They’re increasing their ranks in languages, which means they’re increasing the channels on which they operate and which they distribute their claims of responsibility,” stated Alkhouri. “That menas they have a much more powerful message and a more robust structure than before… They are coalescing their ranks to become a hacking powerhouse.”