ISIS hackers are now making strides to seek out the means to launch cyberattacks against critical government and civilian targets, according to U.S. officials.
Extremist group ISIS has reportedly amassed malicious hacker-sympathizers and other extremists to engage in open discourse about waging cyberattacks against several U.S. target, by communing in various online forums. Politico reports that media posted by ISIS sympathizers such as pictures and videos of airplane cockpits are rife among the forums, stirring up discussion to ponder hacking of onboard electronics.
A Lack of Sophistication
New York-based threat intelligence firm Flashpoint, whose analysts routinely monitor such conversations on online extremist forums confirm that the expertise and the necessary means to wage cyber-warfare still elude ISIS. This is the common consensus despite ISIS hackers routinely attempting to infiltrate the computers that keep the nation’s electricity grid going.
So far, the extent of ISIS’ cyberattacks has seen the infiltrating of U.S. military Twitter accounts and websites. Despite their limited reach, ISIS has repeatedly sought to improve their sophistication in cyberwarfare, according to Flashpoint terrorism analyst Alex Kassirer.
Speaking to Politico, he notes:
The capability’s not there and that’s why we’re seeing these low-level attacks of opportunity. But that’s not to say it’s going to be that way going forward. They’re undoubtedly working on cultivating those skills.
Having the Technical Know-How
The means to ‘cultivating those skills’ is primarily achieved by a concentrated marketing campaign to appeal to a young, impressionable and tech savvy crowd by turning them into sympathizers. It is through a new generation of young minds who understand technology that ISIS has demonstrated the means to shield its communications and even escape surveillance measures against it.
In early December, Flashpoint reported on a detailed manual passed around by an ISIS supporter that encouraged the use of encryption-based messaging platform – Signal. The manual even detailed the means to acquire and use a fake phone number necessary to set up a Signal account, to completely do away with sharing any information.
Although such concealment measures can be argued as meager, they’re already a significant leap from techniques used by Al Qaeda, who employed couriers in order to communicate.
ISIS has really revolutionized how they use the tech sector, and their recruits tend to be younger individuals who grew up in the tech age.
Being proficient with the internet also enables ISIS to reach out and pay for hacking talent that isn’t available within the group’s ranks, typically from the Dark Web.
Vulnerabilities and Reinforcements
The U.S. has already felt the impact of a significant cyberattack this year with the OPM breach. The personal data and records of over 20 million federal employees were stolen in what is believed to be a state-sponsored cyberespionage attack. In what is certain to be an increasing spend, the U.S. government currently spends over $5 billion on its cyberdefense structure. The onus to ensure its cyber-defense readiness and structure is split between several federal departments including the Department of Defense and Homeland Security, the National Security Agency and the Federal Bureau of Investigation.
Meanwhile, the private cybersecurity industry is also seeing an increasing spend among private enterprise and companies. In a year that saw the infamous Ashley Madison breach and the OPM data breach, information security spending is poised to reach $75.4 billion.
Meanwhile ISIS has predominantly concentrated its efforts on physical destruction and violence such as the recent Paris attacks. It is speculated that cyberwarfare is the next front where a significant proportion of the war is waged.
In May, FBI Director James Comey warned:
Destructive malware is a bomb. Terrorists wants bombs.
I see them already starting to explore things that are concerning, critical infrastructure, things like that. The logic of it tells me it’s coming, and so of course, I’m worried about it.
The concern is shared by other U.S. allies, as top British officials warn of ISIS’ goal to striking critical infrastructure like the power grid and the financial system.
George Osborne, the U.K. chancellor of the exchequer said: “We know they want it and are doing their best to build it.”
Recently, the U.S. assistant secretary of homeland security for infrastructure protection, Caitlin Durkovich openly spoke about ISIS launching cyberattacks on the grid, at an electricity industry conference.
Despite the threats, critical infrastructure networks and systems are notoriously hard to compromise. There have been a handful of cyberattacks scattered over decades that have targeted critical infrastructure such as nuclear power plants, despite a recent report that claimed nuclear facilities are in denial to the risk of a serious cyber attack.
Featured image from Shutterstock.