27 July 2016

ISIS goes on the defensive in cyber

July 22, 2016

ISIS has adapted its approach in the digital space to resist efforts aimed at disrupting and restricting its use of the internet, some experts say. A new report, made public today, details the items in ISIS's digital toolbox that the group uses to resist these disruptive attempts.

The report, titled “Tech for Jihad: Dissecting Jihadists’ Digital Toolbox” and released by Flashpoint, an intelligence firm, notes that while “most communication platforms lack the sophistication necessary to ensure sufficient security … today’s jihadists constantly seek alternative ways to advance their agendas and communicate securely.” The report explains 36 of the most noteworthy tools and technologies leveraged by groups such as ISIS conducted by examining primary sources from the Deep and Dark Web. Most of the technologies, the report notes, have been used long before ISIS developed a public presence.

Jihadist organizations, according to the report, utilize encryption to protect their communications on a variety of platforms and services that include web browsers, email services, mobile devices and mobile applications. While many use traditional browsers such as Chrome, Firefox and Safari, these services are not secure. “Jihadists enact stringent online security measures starting with the World Wide Web’s most fundamental portal: browsers,” the report said. “[T]ech-savvy jihadists are increasingly turning to highly-secure, alternative browsers such as Tor Browser and Opera Browser, so they can operate online more clandestinely without easily divulging their IP address and risking third-party surveillance.” They also use VPNs and DNS tools to obfuscate their location and IP address.


Encrypted tools are leveraged to protect emails as well as communications on mobile applications. Protected email services used by these groups include services that offer end-to-end encryption on emails, inbox encryption services that encrypt attachments and subject lines and services that guard against spam and phishing attempts. Additionally, common mobile encrypted communicates are Threema, WhatsApp and Telegram.

These groups have also leveraged tools that hide and delete files on devices as well as a tool called Net Guard, an open source firewall allowing users to specify apps connected to the internet.

While the exact culprit is not verifiable, one of the report’s authors said there has been a noticeable decline in ISIS’s Twitter activity and a significant uptick in use of encrypted platforms. This is likely a combination of the mass shuttering of social media accounts by the social media companies, CYBERCOM’s efforts against the group and the efforts of nongovernmental hacktivist groups such as Anonymous, said Laith Alkhouri, co-founder and the Director of Research & Analysis Flashpoint, in an interview with C4ISRNET.

Alkhouri said one of the ways ISIS has been effected in cyberspace isthe disruption of password-protected deep web forums used to communicate and release propaganda prior to widespread social media release. He was unable to say exactly who perpetrated these disruptions and hacks of one of ISIS’s top administrators.

ISIS’s hacking and cyber capabilities are often described as proficient, but disorganized. The group's hacking community is a loosely knit community of ideologically driven hackers, another report from Flashpoint, released in April and titled “ISIS Cyber Capabilities,” said.

Alkhouri said ISIS does not have an official hacking or cyber wing and has not taken credit for any of the cyber activity perpetrated in its name on its official media channels, but it has praised calls to commit acts against perceived enemies in its name. ISIS has never acknowledged the presence of ISIS hackers that proclaim that they are hacking on their behalf, he said. ISIS does not coordinate or supervise the hacking collective working in their name.

Given ISIS' capabilities and exploitation of technology — there’s a difference between the pro-ISIS hackers and ISIS, he added, noting that ISIS is not a cyber threat on par with nation-states. They use technology and the internet to further their agenda.

This is not say the group or its supporters will never pose a threat in cyberspace. “The challenge I look for or that concerns me when I look at the future is what happens if the non-state actor — [ISIS] being one example — starts to view cyber as a weapon system? That would really be a troubling development,” CYBERCOM Commander Adm. Michael Rogers told Congress in April.

Alkhouri said ISIS or pro-ISIS hacking groups could recruit individuals or organizations with far greater sophistication to join their ranks. He said he only saw one instance in which an individual that did not totally share the group’s ideology was recruited and helped the organization in the digital arena. British ISIS member Junaid Hussain, who was killed in an August 2015 drone strike and led the effort to launch and grow the so-called “Cyber Caliphate,” recruited Ardit Ferizi, a Kosovar hacker that collected and sent the personally identifiable information of U.S. service members to ISIS. Ferizi was eventually indicted by the U.S. Justice Department for his efforts.

“As pro-ISIS cyber attacks and capabilities have gradually increased over time but remained relatively unsophisticated, it is likely that in the short run, these actors will continue launching attacks of opportunity. Such attacks include finding and exploiting vulnerabilities in websites owned by, for example, small businesses, and defacing these websites,” Flashpoint’s April report forecasts. “Other attacks may include DDoS attacks. Furthermore, advanced targeting and exfiltration are not far-fetched if the group is able to recruit outside experts into its fold… advancement of the cyber capabilities of pro-ISIS actors largely depends on the group’s ability to bring in a technological savvy, diverse group of people with broad technical skills.”

For some in the government these commercially available technologies that can be accessed by all pose a grave threat. “I think the biggest challenge for national security in the 21st Century as opposed to the 20th Century is that the things that are most likely to affect the future the most are going to be developed outside of the Defense Department,” William Roper, director of the Strategic Capabilities Office, said at the Defense One Tech Summit in June.

A recent report by the Rand Corporation discovered open-source and commercial off the shelf devices can have adverse effects on militaries in future urban conflicts. These technologies “are persistent and are dual-use, which means that they can benefit society or harm it,” the report said. “Although they are intended for commercial purposes, such as learning about shoppers’ preferences and finding new markets, they can easily be used by police and security services to identify and track criminals, terrorists, insurgents and spies.”

From its days as an al-Qaida affiliate in Iraq almost driven to extinction, ISIS has endured rising from the ashes of the Iraq War insurgency to rebrand, proving how it can adapt and evolve to changing circumstances, much to the fear of its enemies.

Alkhouri said the first creation of proprietary encryption technology for communication by al-Qaida in 2007 set a precedent for proprietary software development. Jihadi organizations can now trust their own proprietary technology as opposed to western technology, especially as smartphones and encryption for shielding communication is becoming more widespread.

ISIS and other groups have coped with technology changes. Alkhouri provided the unique example of members using Xbox Live and PlayStation 4 to as one unexpected form of communication used. He said ultimately it will be a whack-a-mole process: When one platform is scrutinized and attacked, ten other platforms will pop up.

No comments: