How ISIS Uses The Internet

Uploaded on 2016-05-28 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

They talk on Telegram and send viruses to their enemies. BuzzFeed  looks at how ISIS members and sympathizers around the world use the internet to grow their global network.

Abu Majad figured that when ISIS came for him, it would be with a knife on a dark street, or a bomb planted on his car. The 34-year-old had been living in southern Turkey since fleeing Syria nearly three years ago and knew that his outspoken stance against ISIS, online and in his hometown in northern Syria, had put him in the terrorist group’s crosshairs. 

What he wasn’t expecting was to wake up on the morning of March 29 to a virus planted by ISIS within a seemingly innocuous email attachment.

“Everything about this looked like a real email, sent from the admin of my own website. It looked safe, but it was not. They were trying to get my login information, my passwords. They were trying to get things that could have put real lives in danger,” said Abu Majad, who asked that his nickname be used instead of his real name to protect himself and his remaining family in Syria from reprisal attacks by ISIS. “It was very clever. When I saw it I thought to myself, Shit, now they are professional hackers?”

Cybersecurity experts and intelligence agencies who monitor ISIS say the malware is just one more sign that ISIS is growing more sophisticated in its use of the internet. “When I saw it I thought to myself, Shit, now they are professional hackers?”

“I don’t think it is far-fetched to say that the Internet is a major reason why ISIS is so successful, and so worrying, as far as global terror movements go,” said one US intelligence officer, who spoke to BuzzFeed News in Washington, DC, and asked not to be named as he wasn’t authorized to speak to the press. “They have always been ‘good’ at the internet, at the strategy of how they use it. Now they are smarter at the Internet too.”

Many of the world’s major intelligence agencies are trying to figure out just how ISIS uses the internet. As the jihadi group continues to attract supporters around the globe, the need for them to safely communicate online has grown. While the vast majority of the group’s fighters in Iraq and Syria are probably not using the internet for much more than sending photos to their family WhatsApp groups, US intelligence believe a small unit within ISIS is leading the group’s cyber ambitions, which range from working with hackers to launch cyberattacks against their enemies, to publishing manuals that help their supporters mask their online communications and defend themselves from those hunting them.

What Abu Majad found that March morning was an email that looked like it came from his own website, asking him to log in and verify his details. Within the email was something known as a “dropper”, malware that is used to plant other software onto a computer without the user’s knowledge.

“They would have had access to everything if I had opened that link,” said Abu Majad, who has sensitive information on his computer about other activists who, like him, try to oppose ISIS rule in Syria by smuggling out photos and videos that document the difficulty of civilian life under ISIS rule. Abu Majad insists he did not click the link, but he also declined to explain how he knew it was malware. “I was used to seeing ISIS fighters in cafes who barely know how to sign on and check their email. I was not expecting them to be this sophisticated.”

Dlshad Othman is a cybersecurity engineer with the ISC Project, which provides information security assistance to civil liberties groups, and also studies ISIS. He said he had recently seen malware used in attacks on Syrian and Kurdish journalists and sites that try to fight against ISIS propaganda online.

“ISIS has been targeting sites that are outspoken against ISIS,” Othman said, giving as an example the group Raqqa Is Being Slaughtered Silently, an activist group that tries to disseminate real information from within Raqqa, capital of ISIS’s self-declared caliphate. “They targeted people who are trying to reveal what ISIS is really doing in Syria, which they see as a threat to their recruitment and propaganda.”

He showed BuzzFeed one of the emails he was analyzing, which also contained malware. Othman traced the email back to IP addresses in Turkey and Qatar, another indication, he said, that ISIS was getting help from its network outside of Iraq and Syria to carry out cyber-attacks.

“Malware, phishing campaigns, DDoS attacks are all things I have seen,” he said. “Now, these dropper attacks are new and are more sophisticated. What we see is the group growing and evolving their capabilities. What we are seeing is worrying.”

Buzzfeed

« US Must Prepare For Cyber Warfare In Space
Edward Snowden JoinsWith Jean Michel Jarre To Make Music About Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Technology Association of Georgia (TAG)

Technology Association of Georgia (TAG)

TAG's mission is to educate, promote, influence and unite Georgia's technology community to stimulate and enhance Georgia's tech-based economy.

Fortify Experts

Fortify Experts

Fortify Experts is a search and recruitment firm specializing in Cyber Security.

ICS Cyber Security Conference

ICS Cyber Security Conference

SecurityWeek’s Industrial Control Systems (ICS) Cyber Security Conference is the largest and longest-running event series focused on industrial cybersecurity.

Base Cyber Security

Base Cyber Security

Base Cyber Security is an information and cyber security talent service provider and career specialist.

Take Five

Take Five

Take Five is a national campaign offering straight-forward, impartial advice that helps prevent email, phone-based and online fraud – particularly where criminals impersonate trusted organisations.

Charterhouse Voice & Data

Charterhouse Voice & Data

Charterhouse is your trusted technology partner - designing, provisioning and supporting the technology that underpins your operations including network security and data compliance.

Foundries.io

Foundries.io

Foundries.io have built a secure, open source platform for the world's connected devices, and a cloud service to configure this to any hardware and any cloud.

Huntington Ingalls Industries (HII)

Huntington Ingalls Industries (HII)

Huntington Ingalls Industries is America’s largest military shipbuilding company and a provider of professional services to partners in government and industry.

Silicon Labs

Silicon Labs

Silicon Labs are a leader in secure, intelligent wireless technology for a more connected world. We provide award-winning hardware and software security to help safeguard connected devices.

Spyderbat

Spyderbat

Spyderbat ATI closes the manual investigation gap between detection and response by instantly presenting causally connected threat activity to security analysts at the onset of an investigation.

LGMS - LE Global Services

LGMS - LE Global Services

LGMS is a leading cyber security penetration testing and assessment firm in the Asia Pacific region.

Nitel

Nitel

Nitel is a leading next-generation technology services provider. We simplify the complex technology challenges of today’s enterprises to create seamless and integrated managed network solutions.

NormCyber

NormCyber

NormCyber provide award-winning cyber security and data protection as a service for midsize organisations.

MLSecOps Community

MLSecOps Community

The MLSecOps Community is a collaborative space for machine learning security experts and industry leaders to connect and shape the future of AI/ML security.

S2W

S2W

S2W is a data intelligence company specialized in cyber threat intelligence, brand/digital abuse, and blockchain.

ARGOS Cloud Security

ARGOS Cloud Security

ARGOS aims to simplify and strengthen cloud security, by creating a visual map of security vulnerabilities, to your priceless information stored in any cloud provider environment.