ISIS Cyberattacks

Citizen Lab has a new report on a probable ISIS-launched cyberattack:

This report describes a malware attack with circumstantial links to the Islamic State in Iraq and Syria. In the interest of highlighting a developing threat, this post analyzes the attack and provides a list of Indicators of Compromise.

A Syrian citizen media group critical of Islamic State of Iraq and Syria (ISIS) was recently targeted in a customized digital attack designed to unmask their location. The Syrian group, Raqqah is being Slaughtered Silently (RSS), focuses its advocacy on documenting human rights abuses by ISIS elements occupying the city of Ar-Raqah. In response, ISIS forces in the city have reportedly targeted the group with house raids, kidnappings, and an alleged assassination. The group also faces online threats from ISIS and its supporters, including taunts that ISIS is spying on the group.

Though we are unable to conclusively attribute the attack to ISIS or its supporters, a link to ISIS is plausible. The malware used in the attack differs substantially from campaigns linked to the Syrian regime, and the attack is focused against a group that is an active target of ISIS forces.

News article.

Posted on December 18, 2014 at 10:07 AM • 9 Comments

Comments

TryptameanieDecember 18, 2014 11:05 AM

From what I can tell ISIS have better broadband than most of North America and probably more choices.

Bauke Jan DoumaDecember 18, 2014 2:34 PM


If this is all true, it's just a reminder of what goodies the 'US' (I equate that notion with the few promille that 'call the shots' [as they prob. like to think] over there) -- a reminder of what goodies the 'US' brings, to its citizens, and to all those non-citizens abroad, Christmas or no Christmas.
ISIS, after all, is a 'US' creation.
On a related note: has any one seen a torrent of you know what yet?

Gerard van VoorenDecember 18, 2014 3:29 PM

Well this is how I see it.

ISIS is a fighting force of roughly 10,000 people strong. That is roughly one military division. To put it in scale, the Germans invaded the USSR in 1941 with more than 300 divisions.

I think this cyberattack has roughly the same equation compared to what the NSA is doing. ISIS can do a couple of tricks but it doesn't even come close compared to the NSA. So yes, ISIS is a serious fighting force and they do horrible things, but are they that newsworthy?

Or to put it a bit different:

What is worse and what is more newsworthy? One decapitation with a sword or 300 with shrapnel?

Sancho_PDecember 18, 2014 6:37 PM

After reading the NYT regarding the Sony hack I know who controls the Internet:
The North.
[1]

Clearly we see they have invisible WMD in Cyber Space.
Let’s bomb them, immediately.
[1]

Obviously those in control of the Internet have several blind spots in their surveillance. They need your money and support to cultivate and keep them.
[1]

No, we will not close systematic security holes, why should we?
They are useful to blackmail “The Enemy”.
[1]

Now comes the ISIS-lauched cyberattack.
“Though we are unable to conclusively attribute the attack to ISIS or it’s supporters,
a link to ISIS is plausible.”

Seems they control the Internet, too?
[1]


[1] I don’t know if I should laugh or cry.

jokeDecember 19, 2014 10:35 AM

Seriously, who cares about this? Anyone whose computing systems are vulnerable to ISIS or North Korea is plain stupid/incompetent/asking for it.

NileDecember 19, 2014 12:24 PM

It's easy to say *what* is happening: harder to say who did it, and much harder in Syria.

ISIS can and probably do have someone in their pay in one or more of the local telecomms providers.

This is also true of some - possibly all - of the factions that have some claim to be a 'government', an 'intelligence service', or a 'ministry' in the geographical area we call Syria. Which was (and still is, in places) a dictatorship: an unstable equilibrium of warring baronies and factions, all of which spy on the others and any of which can be bought.

So who or what is doing this is kind of moot.

If you think 'I could do that, if I had a friend in the Telco, and I lived somewhere with no laws, and someone gave me a thousand dollars' then any faction in Syria could do it. There are plenty of bright kids in Gaza as bright as anyone here, with nothing better to do: and, for all I know, it could be you (yes, you, reading this right now) that's doing it.

I mean, we all no how easy this is to do, right?

But if you think 'Holy ****! That looks like a state-level operator joined the game!' I guess I've got to respect your assessment of the technical resources that have been brought into play.

So the question is: which government gains from this? It's not clear who gains from dead or driven-out intelligentsia and the suppression of civil society; a hostile neighbor might be happy to support that as a direct or indirect 'gain', which brings up the spectre of Iran. If the people getting dragged out and shot are Shi'a or secularists, someone in Jeddah might be up for it. If it looks like arrogant and ignorant outsiders whose only interest is cultivating a basket-case client state with mineral resources, that'll be Beijing. Or worse, malignant stupidity from Langley, Virginia.

If the 'gain' is dead Kurdish people, look to Ankara, or any faction of the Turkish Army with a credible electronic intelligence capability.

Personally, I very much doubt that any government would want to work with ISIS - or the specific commanders conducting these raids - other than Ankara. And, as dealing with ISIS is a very, very stupid thing to do, you can narrow down your list of alternative suspects quite drastically.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.