Report: Electronic jihad grows in sophistication
The cyber threat from terror groups could eventually endanger critical infrastructure, a new report warns.
A new report by a cyber security think tank paints a grim picture of an emerging "cyber-jihad," as social media and other online tools create what the authors regard as the "new great equalizer" in what is shaping up as an extended period of intense asymmetric warfare with the West.
The cyber-jihad survey released this week by the Institute for Critical Infrastructure Technology identifies potential cyber combatants that include ISIS, or the Islamic State, Al Shabaab, Boko Haram and Al Qaeda. Others have noted that these terror organizations, especially ISIS, have moved quickly to embrace social media as a recruitment tool while leveraging YouTube and online payment systems to pay its fighters.
"The rate at which a [terror] group adopts new technology is based on their resources and their membership," the report notes. "Groups with greater access to technology and funds and with younger members develop faster than other groups. "
Indeed, the level of sophistication has advanced to the point, sources said, that even training materials currently being used by the Defense Department to streamline acquisition practices have turned up in captured ISIS documents.
The report also notes that ISIS maintains sophisticated social media campaigns via Facebook, Twitter, Instagram, Tumblr and other outlets that are "widespread, resilient and adaptive." The terror group also releases well-edited, high-resolution videos on YouTube and other video platforms that frequently include special effects designed to attract new recruits.
As ISIS steadily loses territory in Syria and Iraq, the goal of these social media campaigns has evolved to inspire new recruits in the West to conduct "lone-wolf attacks" such as the recent carnage in Paris, Brussels and Ankara, Turkey.
Another offshoot of the social media efforts, according to the report, is the Cyber Caliphate, the dedicated hacker division of the Islamic State, along with the Terrorist Team for Electronic Jihad. These groups are believed to have launched attacks against Israeli and western websites and social media pages along with cyber attacks against Arab media outlets.
The groups' calling card is a notice on defaced websites declaring, "Hacked by the Islamic State."
The cyber jihad survey notes that ISIS has mostly dedicated its expanding offensive cyber capabilities to specific social media accounts, including the Twitter and YouTube accounts of U.S. Central Command. Offensive capabilities are thought to include the use of malware, insider threats and "preconfigured tools." Malware efforts have included spear-phishing emails containing malware designed to sweep up the IP addresses and geolocation data about anti-ISIS groups in the ISIS stronghold of Raqqa, Syria.
As ISIS and other cyber-jihadists become more sophisticated and aggressive, experts worry that they will eventually attempt more audacious attacks. According to Tom Boyden, a fellow with the Institute for Critical Infrastructure Technology and managing director of the cyber security firm GRA Quantum: "Just as ISIS has shifted the jihadist paradigm from low-tech distributed networks of fighters to tech-savvy administrators of vast territories and populations, so too could aspiring jihadists or their sympathizers learn to master the toolsets needed to wreak havoc on our critical infrastructure."
Meanwhile, as ISIS and other jihadists groups acquire the know-how and online tools needed to scale up their attacks, the institute report warns that global organizations have done little to improve their cyber defenses since last year's massive breach at the U.S. Office of Personnel Management, reportedly by China. Citing the OPM breach and another at Anthem Blue Cross and Blue Shield, the survey's authors warn that the organizations "lethargically procrastinate defending their networks until yet another catastrophic breach occurs."
With the threat to U.S. infrastructure growing, the institute called for "a renaissance in cyber security that evolves with the threat landscape…in order to combat this omnipresent and persistent threat to our critical infrastructure, economy and national security."
NEXT STORY: Vermont Guard gears up for major cyber exercise