How ISIS Uses The Internet

Uploaded on 2016-05-28 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

They talk on Telegram and send viruses to their enemies. BuzzFeed  looks at how ISIS members and sympathizers around the world use the internet to grow their global network.

Abu Majad figured that when ISIS came for him, it would be with a knife on a dark street, or a bomb planted on his car. The 34-year-old had been living in southern Turkey since fleeing Syria nearly three years ago and knew that his outspoken stance against ISIS, online and in his hometown in northern Syria, had put him in the terrorist group’s crosshairs. 

What he wasn’t expecting was to wake up on the morning of March 29 to a virus planted by ISIS within a seemingly innocuous email attachment.

“Everything about this looked like a real email, sent from the admin of my own website. It looked safe, but it was not. They were trying to get my login information, my passwords. They were trying to get things that could have put real lives in danger,” said Abu Majad, who asked that his nickname be used instead of his real name to protect himself and his remaining family in Syria from reprisal attacks by ISIS. “It was very clever. When I saw it I thought to myself, Shit, now they are professional hackers?”

Cybersecurity experts and intelligence agencies who monitor ISIS say the malware is just one more sign that ISIS is growing more sophisticated in its use of the internet. “When I saw it I thought to myself, Shit, now they are professional hackers?”

“I don’t think it is far-fetched to say that the Internet is a major reason why ISIS is so successful, and so worrying, as far as global terror movements go,” said one US intelligence officer, who spoke to BuzzFeed News in Washington, DC, and asked not to be named as he wasn’t authorized to speak to the press. “They have always been ‘good’ at the internet, at the strategy of how they use it. Now they are smarter at the Internet too.”

Many of the world’s major intelligence agencies are trying to figure out just how ISIS uses the internet. As the jihadi group continues to attract supporters around the globe, the need for them to safely communicate online has grown. While the vast majority of the group’s fighters in Iraq and Syria are probably not using the internet for much more than sending photos to their family WhatsApp groups, US intelligence believe a small unit within ISIS is leading the group’s cyber ambitions, which range from working with hackers to launch cyberattacks against their enemies, to publishing manuals that help their supporters mask their online communications and defend themselves from those hunting them.

What Abu Majad found that March morning was an email that looked like it came from his own website, asking him to log in and verify his details. Within the email was something known as a “dropper”, malware that is used to plant other software onto a computer without the user’s knowledge.

“They would have had access to everything if I had opened that link,” said Abu Majad, who has sensitive information on his computer about other activists who, like him, try to oppose ISIS rule in Syria by smuggling out photos and videos that document the difficulty of civilian life under ISIS rule. Abu Majad insists he did not click the link, but he also declined to explain how he knew it was malware. “I was used to seeing ISIS fighters in cafes who barely know how to sign on and check their email. I was not expecting them to be this sophisticated.”

Dlshad Othman is a cybersecurity engineer with the ISC Project, which provides information security assistance to civil liberties groups, and also studies ISIS. He said he had recently seen malware used in attacks on Syrian and Kurdish journalists and sites that try to fight against ISIS propaganda online.

“ISIS has been targeting sites that are outspoken against ISIS,” Othman said, giving as an example the group Raqqa Is Being Slaughtered Silently, an activist group that tries to disseminate real information from within Raqqa, capital of ISIS’s self-declared caliphate. “They targeted people who are trying to reveal what ISIS is really doing in Syria, which they see as a threat to their recruitment and propaganda.”

He showed BuzzFeed one of the emails he was analyzing, which also contained malware. Othman traced the email back to IP addresses in Turkey and Qatar, another indication, he said, that ISIS was getting help from its network outside of Iraq and Syria to carry out cyber-attacks.

“Malware, phishing campaigns, DDoS attacks are all things I have seen,” he said. “Now, these dropper attacks are new and are more sophisticated. What we see is the group growing and evolving their capabilities. What we are seeing is worrying.”

Buzzfeed

« US Must Prepare For Cyber Warfare In Space
Edward Snowden JoinsWith Jean Michel Jarre To Make Music About Cybersecurity »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ICTSecurity Portal - Austria

ICTSecurity Portal - Austria

The ICTSecurity Portal is an interministerial initiative in cooperation with the Austrian economy and acts as a central internet portal for topics related to security in the digital world.

National Cyber Security Centre (NCSC) - New Zealand

National Cyber Security Centre (NCSC) - New Zealand

The role of the NCSC is to help New Zealand’s most significant public and private sector organisations to protect their information systems from advanced cyber-borne threats.

Titans24

Titans24

Titans24 is a Software-as-a-Service security platform for web applications. It prevents attacks on business websites that are protected under 11 cyber-security layers.

CSC Digital Brand Services

CSC Digital Brand Services

Our brand protection and security expertise give our customers peace of mind that no matter how fast the digital world changes, their intellectual property and digital assets will be secure.

Port53 Technologies

Port53 Technologies

Port53 Technologies is focused on delivering enterprise-grade, cloud-delivered security solutions that are easy to deploy, simple to manage and extremely effective.

Vention

Vention

Vention (formerly iTechArt) is the partner of forward-thinking tech leaders around the globe.

UTMStack

UTMStack

UTMStack is a Unified Security Management system that includes SIEM, Vulnerability Management, Network and Host IDS/IPS, Asset Discovery, Endpoint Protection and Incident Response.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

Cyber Security Canada

Cyber Security Canada

Cyber Security Canada is an accredited Certification Body for government-backed Cyber Security Certification Programs, designed specifically for small and medium-sized Canadian businesses.

Trenton Systems

Trenton Systems

Trenton Systems are committed to providing high-performance computing solutions to customers running mission-critical applications in harsh settings worldwide and across various industries.

Zerify

Zerify

Zerify offers the industry’s only video conferencing platform built with a zero-trust architecture to keep your meetings secure, private and business compliant.

Quantum Ventura

Quantum Ventura

Quantum Ventura is a technology innovation company with a single mission of delivering customer-centric advanced solutions to US Federal & State Governments and Private Sector customers.

Cytidel

Cytidel

Cytidel is a vulnerability and risk management platform that utilises threat and business intelligence to help IT Security teams.

Stratsec

Stratsec

Stratsec is a global team of experts on a mission to protect human life, well-being and the environment against cyber-driven threats.

Virtual Cyber Labs

Virtual Cyber Labs

Virtual Cyber Labs is a 21st generation Cybersecurity Edu-Tech company that offers an all-in-one hub including custom syllabus and labs.

SafetyDetectives

SafetyDetectives

SafetyDetectives' mission is to give our readers accurate and valuable information so they can make informed decisions about staying safe, secure and protected on the internet.