Experts say United Cyber Caliphate hackers have low-level cyber capabilities

United Cyber Caliphate members stopped trying to develop their own hacking and communication tools and used to search them into the criminal underground.

According to Kyle Wilhoit, a senior security researcher at DomainTools, who made a speech at the DerbyCon hacking conference in US, ISIS members stopped trying to develop their own hacking and communication tools and used to search them into the criminal underground.

The expert explained that members of hacker groups that go under the banner of the United Cyber Caliphate (UCC) have low-level coding skills and their opsec are “garbage.”

ISIS members belonging to groups under the United Cyber Caliphate (UCC) developed three apps for their communication, they also developed trivial malware whom code was riddled with bugs.

The terrorists also developed a version of PGP called Mujahideen Secrets in response to NSA surveillance and the DDOS tool dubbed “Caliphate cannon.”

“ISIS is really really bad at the development of encryption software and malware,” Wilhoit explained. “The apps are sh*t to be honest, they have several vulnerabilities in each system that renders them useless.”

Due to their technical limitations, ISIS-linked groups started using mainstream communication systems like Telegram and Russian email services that are widely used by cyber criminals.

Wilhoit revealed to have discovered a server left open online containing photographs of active military operations by ISIS in Iraq and Syria. The content on the server, allegedly used for propaganda, was a mine for the experts because the ISIS militants haven’t removed metadata from the material allowing them to gather information on the terrorists.

Wilhoit provided profiled the activity of the following ISIS hacking groups:

• The Caliphate Cyber Army, a group formed about four years ago that was mostly involved on online defacement of websites.
• The Islamic State Hacking Division that was focused on the hacking of government systems in the US, UK, and Australia to gather information of the military personnel purportedly involved in drone strikes against the IS in Syria and Iraq and publish “Kill lists.” In May 2016, the group claimed to have infiltrated the UK Ministry of Defence. Wilhoit believes the technical skills of the group are negligible.
• The Islamic Cyber Army focuses on the energy industry, gathering data about power grids likely to plan an attack. Despite they leaked information about the systems of the targeted companies, Wilhoit confirmed that there’s no evidence they have actually managed to break into a power company,
• The Sons of the Caliphate Army is another group analyzed by the expert. It is currently operating under the UCC banner, but it was not involved in specific operations.

Wilhoit also provided data related to the activity of social network companies against online propaganda, he said Facebook is able to take down terrorist accounts within 12 hours and Twitter in many cases is able to shut down accounts before they start spreading messages.

Twitter suspends 299,000 accounts linked to terrorism in the first six months of 2017, the company revealed that 75 percent of the infringing accounts were suspended before their first tweet confirming the huge efforts in fighting online propaganda and other activities linked to this threat.

According to data provided in the transparency report, Twitter confirmed that 95 percent of the suspended accounts for the promotion of terrorism were identified by using internal tools designed to identify and block spam, government requests accounted for less than 1% of account suspensions.

Wilhoit also explained that attempts to use the internet for fundraising were a failure, he reported scammers have started spoofing Islamic State websites to trick sympathizers in make Bitcoin donations.

“If UCC gets more savvy individuals to join then a true online terrorist incident could occur,” Wilhoit concluded. “But as it stands ISIS are not hugely operationally capable online. As it is right now we should we be concerned, of course, but within reason.”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – ISIS, terrorism, United Cyber Caliphate)

[adrotate banner=”13″]