Poor Coding Limits IS Hackers

Uploaded on 2017-10-25 in TECHNOLOGY--Hackers, FREE TO VIEW

Hackers working for the so-called Islamic State are bad at coding and hiding what they do, suggests research. They produce buggy malware and easily crackable encryption programs, said senior security researcher Kyle Wilhoit at a recent security conference .

In particular, he called three attack tools created by one large IS hacker collective "garbage".

Their poor skills meant IS groups had switched to online services and the dark web for attack code, he said.

Little Harm

While IS was very proficient at using social media as a recruitment and propaganda tool, its cyber-attack arm was nowhere near as effective, said Mr Wilhoit, a cyber-security researcher at Domain Tools, while presenting his work at the conference in Kentucky.

"ISIS is really, really bad at the development of encryption software and malware," he told tech news outlet The Register, adding that the vulnerabilities found in all the tools effectively rendered them "completely useless".

As part of his research, Mr Wilhoit analysed three separate types of tools created by hackers who were part of what is known as the United Cyber Caliphate (UCC). This was set up as an umbrella organisation for 17 hacker groups that had declared their support for IS.

All the tools had problems, he said.

  • the group's malware was full of basic bugs
  • a secure email system it developed leaked information about users
  • the UCC's web attack tool failed to take down any significant target

In addition, attempts to raise cash via donations of bitcoins have been diluted by fraudsters cashing in on the IS name and producing websites mimicking the appeals for funds.

"As it stands ISIS are not hugely operationally capable online," Mr Wilhoit added. "There's a lack of expertise in pretty much everything,"

IS also had a lot to learn when it came to hiding its activities online, he said. There were many examples of it sharing pictures of successful attacks, or which lauded its members, that still held metadata that could identify where the photos were taken.

Mr Wilhoit said that, during his research, he had found an unprotected IS server online that served as a repository of images the group planned to use for propaganda.

"You can basically mass export metadata from each of the pictures and get literally up-to-the-second information on where people are operating, because they are not really that great at operation security," he said.

Many of the people involved with the cyber-arm of IS had been killed in drone strikes, said Mr Wilhoit adding that it was open to speculation about how location data to aid the drones was found.

Over the last year UCC had begun moving to attack tools used by Western cyber-thieves, he said.

"They know they cannot develop tools worth a damn, so they are going to use stuff that works, is minimally cheap and is easy to use."

BBC

You Might Also Read: 

Learning About ISIS Intentions Using Open Source Intelligence:

Islamic State On The Internet:

« Nuclear Missiles Are Not N.Korea’s Only Threat
China Disrupts WhatsApp »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Fusion Center - Maryville University

Cyber Fusion Center - Maryville University

Maryville University Cyber Fusion Center is a virtual lab for working on real-world cyber security challenges.

Logscape

Logscape

Logscape provides a big data analytical tool for log file analysis and operational analytics.

Security Network Munich

Security Network Munich

Security Network Munich brings together leading players in the field of information and cyber security through joint research and innovation projects.

NRI Secure Technologies

NRI Secure Technologies

NRI SecureTechnologies is a Cybersecurity group company of the Nomura Research Institute (NRI) and a global provider of next-generation Managed Security Services and Security Consulting.

Capula

Capula

Capula is a leading system integration specialist for control, automation and operational IT systems across all applications and industry sectors.

Data Eliminate

Data Eliminate

Data Eliminate provide data destruction, secure end-of-life IT asset disposal, and data protection consultancy services.

FraudWatch International

FraudWatch International

FraudWatch has been protecting client brands around the world since 2003, and are the leaders in online brand protection from phishing, malware, social media and mobile apps impersonation.

Russell Reynolds Associates

Russell Reynolds Associates

Russell Reynolds Associates is a global leadership advisory and search firm with functional expertise in Digital Leadership, Data & Analytics, and Compliance.

LTIMindtree

LTIMindtree

LTIMindtree is a new kind of technology consulting firm. We help businesses transform – from core to experience – to thrive in the marketplace of the future.

Darkbeam

Darkbeam

Darkbeam provides a unified solution to protect against security, brand and compliance risks across your digital infrastructure.

FDD Center on Cyber and Technology Innovation (CCTI)

FDD Center on Cyber and Technology Innovation (CCTI)

The Foundation for Defense of Democracies is a nonprofit research institute focusing on foreign policy and national security. Ares of focus include cyber security and technology innovation.

Mondoo

Mondoo

Mondoo is a powerful security, compliance, and asset inventory tool that helps businesses identify vulnerabilities, track lost assets, and ensure policy compliance across their entire infrastructure.

Tausight

Tausight

Tausight is an AI-Powered patient data security startup with a mission of reducing healthcare cyber incidents using a more proactive, risk management philosophy.

Aim Security

Aim Security

Aim empowers enterprises to unlock the full potential of GenAI technology without compromising security. GenAI makes business better - Aim makes GenAI secure.

Togggle

Togggle

Togggle offers seamless identity verification solutions and distributed infrastructure, enabling organizations to combat fraud and ensure compliance with data protection regulations.

Graphiant

Graphiant

Graphiant’s Data Assurance service gives businesses end-to-end control and visibility into how data travels throughout the entire business network.