Has The Cyber ‘Pearl Harbor’ Already Happened?

Over the past few years an abundance of rhetorical bravado has been creatively exhausted by the US legislative community and law enforcement to expedite legislation that will protect us from a future cyber event so catastrophic, so devastating, that it could only be described as “The Cyber Pearl Harbor".

The fact is that, the Cyber Pearl Harbor that many seem to be waiting for has already occurred in the embodiment of the Office of Personnel Management breach. The devastation to our counter intelligence, general population and federal landscape as a whole is so profound that the damage of this breach has yet to be fully calculated. 

Compounded by the Anthem breach, over 100 million Americans have their most intimate personal details in the hands of a foreign APT, most likely controlled by China, for multi-generational exploitation, blackmail and surveillance. Strangely, an incident that should have had Americans protesting in the streets, was quickly swept under the rug and vanished from conversation. 

From Al Qaeda to Al Shabaab, from Boko Haram to ISIS, this Cyber Caliphate flourishes in the techno nutrient rich, binary soil of the Internet and continually reinforced via graphic imagery and unique story telling in publications such as Dabiq and Kybernetiq. The rapid success of the Cyber-Jihad movement has been expedited via magnification of xenophobia, powerful and organized propaganda and the targeting and recruitment of social outcasts from the American Midwest to the Streets of Paris and London, and religious zealots who make easy recruits for carrying out cyber-attacks as part of the collective and lone wolf initiatives. 

Al Qaeda: 

Al Qaeda founder Osama bin Laden relied on charisma, fatwas, and rhetoric to rally militants to his cause. After bin Laden’s death in 2011, Ayman al Zawahiri assumed control of the organization. 

According to cloud security firm, BatBlue, Al Qaeda has used technology and the Internet to distribute officially sanctioned propaganda since the 1980’s. In the 1990’s, the group began to use the Internet for secure communications between members. Most Al Qaeda communications are encrypted or obfuscated in some way. 

Al Shabaab: 

Al Shabaab is a Somalia based militant organization with strong ties to Al Qaeda. Al Shabaab was the militant wing of the Somali Council of Islamic Courts that seized southern Somalia in late 2006 until 2007. Since then, it has continued to fight in southern and central Somalia, relying on guerilla warfare and terrorist tactics. Al Shabaab is not centralized or monolithic in its agenda or goals. It consists of disparate clans; consequently, it is susceptible to internal strife, clan politics, and brittle alliances. It does not appear interested in a global jihad. 

Boko Haram: 

Boko Haram is a terrorist organization that strives to establish a militant Islamic state in Nigeria. Founded by Mohammed Yusuf in 2002, the group initially focused on opposing Western education. Initially, it recruited local children through a school that claimed to promote an Islamic education. The children were trained as soldiers and it began launching military operations in 2009 in an attempt to create an Islamic state. 

The group was aligned to Al Qaeda until January 2015, when it switched allegiance to ISIS. Afterward, the group’s presence on social media and its distributed propaganda materials have become more robust. It is possible that it receives assistance from ISIS in the creation and distribution of its materials. Prior to its association with ISIS, Boko Harem used the internet to distribute propaganda and to conduct unsophisticated online scams to raise funds. The group’s social media presence remains inconstant and poorly aligned with its other propaganda. 

After allying with ISIS, its published videos and photographs began to mirror that of ISIS. Boko Harem has not yet begun to heavily recruit online. Its propaganda is used more to spread fear than to recruit. It is possible that the group raised funds in the past through an advanced fee fraud or 419 scam. Essentially, the scam involves promising a victim a share in greater financial holdings if they provide a forward investment to “free the funds”. Security researchers believe that the group still does the 419 scam because it is still profitable for them and because it allows them to target individuals, instead of large organizations or governments. 

The group has not shown signs of adopting more sophisticated methods of raising funds, such as ransomware. At the time of this writing, Boko Harem does not have a widespread cyber strategy; however, its alliance with ISIS may lead to the rapid development of newfound capabilities. 

ISIS

The Islamic State of Iraq and Syria (ISIS), also known as the Islamic State of the Levant (ISIL), the Islamic State (IS) or the Daesh, was originally formed as an Iraqi branch of Al Qaeda in 2004. 

It has since developed into an independent organization that is more radical in its views and more technologically sophisticated in its use of social media and the internet. In summer 2014, ISIS leader Abu Bakr al-Baghdadi declared a global jihad. He called on all Muslims to join his cause by either travelling to Iraq or Syria or by supporting the jihad locally. The call specifically focused on recruiting technically skilled and sophisticated individuals, such as engineers, hackers, and doctors, to join the cause. 

ISIS leader Abu Bakr al Bagdadi avoids public exposure and he relies on ruthless violence to assert his power. Bagdadi is the supreme religious and political leader within ISIS. In 2014, he personally issued the call for all “true Muslims” to join in a global caliphate. The caliph has unchecked authority, but it relies on regional deputies to oversee its regions and manage the imposed administration in each region. The Shura Council can theoretically depose the caliph; however, such an action is unlikely since all members were appointed by al Baghdadi. 

ISIS has a strong online presence that heavily recruits and promotes “lone-wolf” actions through social media. Their radical beliefs are spread by a diverse, unregulated band of digital zealots across conventional social media such as Twitter, Facebook, and Tumblr, and on less conventional channels such as forums and message boards. Members target lonely and misguided individuals, regardless of their initial beliefs, by offering a sense of community and by glamorizing the fight, actions, and lifestyle of the movement. 

ISIS poses an active cyber threat by working with lone hackers, hacker groups, and by appropriating open source online materials. Some members are technically sophisticated enough to promote the message and culture by defacing websites, social media accounts, and other media channels with text, images, and videos, glorifying the agenda of the group. 

The technical tools, techniques, and procedures of the group are rapidly escalating as its membership and resources increase. Increases in ISIS online activity tends to coincide with major current events. The group capitalizes off the chaos that it creates, such as launching a major Twitter campaign after the Paris attacks, as well as by turning global events, such as the Syrian refugee crisis, to its advantage. 

ISIS encourages young supporters to tweet, blog, and otherwise share their reactions, opinions, and views. The group calls new recruits to conduct domestic lone-wolf attacks using novel mechanisms, such as the hashtag “#FightforHim” following the Paris attacks. 

The success of the ISIS propaganda campaign is influencing how other groups use the internet. In much the same manner that newspapers’ popularity declined in favor of online media, static propaganda publications are declining in favor of robust, dynamic multi- platform campaigns. Their social media campaigns are widespread, resilient, and adaptive. ISIS content is constantly removed from conventional social media; however, they have or had a presence on Facebook, Twitter, Tumblr, Instagram, Friendica, Diaspora, and other outlets. 

Their videos are edited, clear, and include special effects. Video content has been released on YouTube, IS-tube, Dailymotion, personal blogs, and on other media hosting networks. They have released podcasts and interviews on Ask.FM, Mixir, Paltalk, and other channels. ISIS has also used more conventional media outlets, such as Al-Battar Media, Dawla Media, and Al-Platform Media, to spread its message. 

Defaced websites are often reconfigured to feature the flag of ISIS and phrases like “Hacked by the Islamic State”. The defacements are meant to scare Western businesses and organizations more than recruit new followers. Website defacement often occurs through widely publicized vulnerabilities, such as an outdated WordPress plugin. Those affected range from businesses, to schools, to individual users. 

By inconveniencing small targets, ISIS creates a sense of fear and xenophobia in the target population that it can leverage to recruit Muslims and social outcasts who are disenfranchised by cultural stigmas. Screenshots, recordings and lists of defaced and targeted websites have been found on forums, such as Aliyyosh, an Arab hacker forum. 

Stolen Personal Identifiable information belonging to Israelis and Western and American Jews has also been discovered on the forums. In March 2015, a list of names, units, addresses, and photographs of over one hundred U.S. military personnel, supposedly involved in the bombing of ISIS targets, was posted online. 

Motive: 

Extremist groups such as ISIS aspire to create chaos, inflict harm, and disrupt services in the nations and organizations that they oppose. In many cases, small attacks that incite panic and fear in many members of the population are just as effective as large attacks that embarrass or undermine opposing geopolitical powers. 

Jihadist groups are increasingly motivated to adopt cyber-defensive capabilities, such as encryption applications and anonymity tools, so that their members can remain undiscovered within the general population and so that their activities remain unknown to opposing intelligence and counterintelligence entities. By developing cyber-offensive capabilities, extremist groups can raise funds, inflict harm from across the globe, gather information about targets, 

The ISIS Cyber “Help Desk”: 

In November 2015, the media reported that ISIS has spent over a year developing a “24- hour cyber help desk”, across a series of forums, applications, and social media platforms, to assist its followers in remaining anonymous and instructing them on basic hacker tools, techniques, and procedures. 

The campaign is intended to spread the Jihadist message to new recruits, spread greater fear, and increase the number of attacks against foreign nations. The primary function of the help desk was to instruct perspective jihadists in the use of encryption and other secure communication applications to evade law enforcement and intelligence authorities. 

The group promotes the use of deep web forums and secure platforms to obfuscate their activities so that they can covertly plan recruitment, propaganda, and terror campaigns without worrying that signal intelligence or other indicators will expose their operations.

Conclusion

ISIS has already been purchasing attacks on Western organizations and critical infrastructure for years. Groups like ISIS might hate Western culture and practices, but they have no qualms about appropriating and weaponizing material and assets developed in those regions. 

They use guns manufactured in the United States and Russia and vehicles from Japan, so why would they refuse to use malware or hackers from foreign nations. To the zealots, the cyber assets are just more weapons to use in their battle. In all likelihood, the cyber-mercenaries hired would not know if they were conducting attacks on behalf of the terrorist organization. As a result of the anonymity that the hackers themselves rely on, they would unknowingly infect systems, steal data, or otherwise cause chaos for a terror organization. 

Given a fiscal asset portfolio at a very conservative estimate of over $1 billion, ISIS can hire many hackers to conduct many attacks. If those attacks result in stolen data, intellectual property, or other intangible assets, then the organization can sell the data to perpetuate the cycle. 

While many cyberterrorist organizations are lacking in their capacity to pose a significant cyber threat to global organizations, ISIS already possesses the motive, means, and opportunity to acquire the personnel and code necessary to begin launching devastating cyber campaigns. 

ICITech:

 

« Your Next Security Analyst Will Probably Be A Computer
Cyber Insurance Is Changing How We Look At Risk »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Aurec

Aurec

Aurec provides specialist recruitment and contracting services including ICT professionals.

Zimperium

Zimperium

Zimperium offers enterprise class protection for mobile devices against the next generation of advanced mobile attacks.

Data Resolve Technologies

Data Resolve Technologies

Data Resolve offer a mechanism through which customers can detect and tackle various kinds of sensitive activities pertaining to data loss and data theft.

Carbide

Carbide

Carbide (formerly Securicy) breaks down enterprise-class security and privacy requirements and makes them accessible to, and achievable by, companies of all sizes.

Oceania Cyber Security Centre (OCSC)

Oceania Cyber Security Centre (OCSC)

OCSC engages with government and industry to conduct research, develop training opportunities and build capacity for responding to current and emerging cyber security issues.

BullGuard

BullGuard

BullGuard is an award-winning cybersecurity company focused on providing the consumer and small business markets with the confidence to use the internet in absolute safety.

The Cyber AB

The Cyber AB

The Cyber AB is the official accreditation body of the Cybersecurity Maturity Model Certification (CMMC) Ecosystem.

SpecTrust

SpecTrust

SpecTrust provides an all-in-one defense solution for identity abuse & fraud, enabling your company's talent to stay focused on the core business.

Ward Solutions

Ward Solutions

Ward Solutions are an information security consultancy and managed services company. We help organisations protect their brand, people, assets, intellectual property and profits.

Valtix

Valtix

Valtix is the first and only multi-cloud network security platform delivered as a service that enables cloud teams to meet the most stringent security requirements in a cloud-first & simple way.

CybersCool Defcon

CybersCool Defcon

CybersCool is committed to educate and train, re-skill and up-skill the current workforce of various industries and businesses in the knowledge and know-how of cybersecurity.

Telindus

Telindus

Telindus is the strategic IT partner for the flexible organization of the future. We build optimal IT infrastructure with four components: networking, cloud, cybersecurity and data & AI.

Total Secure Technology

Total Secure Technology

Total Secure Technology provides trusted Managed IT Security and Managed IT Services for organizations looking to increase their cybersecurity defensive posture.

Oz Forensics

Oz Forensics

Oz Forensics is a global leader in preventing biometric and deepfake fraud. It is a developer of facial Liveness detection for Antifraud Biometric Software with high expertise in the Fintech market.

IT Solutions Consulting

IT Solutions Consulting

IT Solutions is a full-service IT partner providing managed services and other information technology solutions nationwide.

Options Technology

Options Technology

Options is a global leader in financial technology, specialising in Capital Markets technology and enterprise-grade solutions.