According to Kyle Wilhoit, a senior security researcher at DomainTools, who made a speech at the DerbyCon hacking conference in US, ISIS members stopped trying to develop their own hacking and communication tools and used to search them into the criminal underground.
The expert explained that members of hacker groups that go under the banner of the United Cyber Caliphate (UCC) have low-level coding skills and their opsec are “garbage.”
ISIS members belonging to groups under the United Cyber Caliphate (UCC) developed three apps for their communication, they also developed trivial malware whom code was riddled with bugs.
The terrorists also developed a version of PGP called Mujahideen Secrets in response to NSA surveillance and the DDOS tool dubbed “Caliphate cannon.”
“ISIS is really really bad at the development of encryption software and malware,” Wilhoit explained. “The apps are sh*t to be honest, they have several vulnerabilities in each system that renders them useless.”
Due to their technical limitations, ISIS-linked groups started using mainstream communication systems like Telegram and Russian email services that are widely used by cyber criminals.
Wilhoit revealed to have discovered a server left open online containing photographs of active military operations by ISIS in Iraq and Syria. The content on the server, allegedly used for propaganda, was a mine for the experts because the ISIS militants haven’t removed metadata from the material allowing them to gather information on the terrorists.
Wilhoit provided profiled the activity of the following ISIS hacking groups:
Wilhoit also provided data related to the activity of social network companies against online propaganda, he said Facebook is able to take down terrorist accounts within 12 hours and Twitter in many cases is able to shut down accounts before they start spreading messages.
Twitter suspends 299,000 accounts linked to terrorism in the first six months of 2017, the company revealed that 75 percent of the infringing accounts were suspended before their first tweet confirming the huge efforts in fighting online propaganda and other activities linked to this threat.
According to data provided in the transparency report, Twitter confirmed that 95 percent of the suspended accounts for the promotion of terrorism were identified by using internal tools designed to identify and block spam, government requests accounted for less than 1% of account suspensions.
Wilhoit also explained that attempts to use the internet for fundraising were a failure, he reported scammers have started spoofing Islamic State websites to trick sympathizers in make Bitcoin donations.
“If UCC gets more savvy individuals to join then a true online terrorist incident could occur,” Wilhoit concluded. “But as it stands ISIS are not hugely operationally capable online. As it is right now we should we be concerned, of course, but within reason.”
(Security Affairs – ISIS, terrorism, United Cyber Caliphate)