Using vulnerabilities in software, websites, and web applications as attack vectors, hosting malicious components in cloud services. Other than this if there’s any service getting launched in the future, there will be always chances of abuse.
Experts at TrendMicro in their research on cyber-crime had found the group that shares the same level of proficiency as cyber criminals in abusing legitimate services : Terrorist groups can be considered as cyber criminal as their online activities run afoul of the law. Both have different motives, A cyber-criminals are motivated by financial gain while the terrorist is focused on spreading propaganda instead of malware.
Researchers at TrendMicro has found out how cyber criminals and terrorists overlap in their abuse of technology and online platforms to benefit their cause. They explain their methodologies, the service they abuse and tools they’ve to use to streamline the abuse so that their followers can facilitate their activities much more easily.
Terrorists as well as cyber criminals both want to remain untraceable and anonymous online. They abuse tools and services that are developed to help those having a legitimate reason to hide like journalists, whistle-blower, and activist. Some are this tools are TOR and several encryption tools found in the deep web. Abusing the DDoS mitigation service, Cloudfare is being commonly done by terrorists. CloudFlare runs as a web service and designed to provide a mirror for website experiencing heavy traffic or under a denial of service attacks, Cloudfare is abused to hide the real hosted IP address and location of the website. This has been used widely by cyber criminals to distract or delay authorities from being able to track the location of their hosted server. Cloudflare has been used by terrorists to give propaganda web sites another level of anonymity.
The anonymizing guides used by activists and journalist were also spotted being adopted by terrorist distributing to their followers. These guides even names the National Security Agency and gives instruction on how to avoid surveillance :
They also ask their follower to deactivate their social media accounts in order for them to maintain anonymity. The motive behind staying anonymous of both Cyber criminals, as well as terrorist groups, is another example of the contrast between the two parties and their distinct goals. We can assume that the consequences of being caught are different for both of them : Cyber criminals needs to worry about jail time while terrorist would have to content with counter-terrorism efforts, which may lead to lengthy prison sentences or death.
We can assume that the consequences of being caught are different for both of them : Cyber criminals needs to worry about jail time while terrorist would have to content with counter-terrorism efforts, which may lead to lengthy prison sentences or death.
Methods of Communication.
Japanese cyber-criminals use secure e-mail services such as “SAFe-email” in order to contact and exchange information with each other through secure and undetectable email.
The regional cyber-criminal underground communities were observed to be involved in the use of underground forum – not only they advertise their wares and services they also discuss new techniques and share information. They are normally accessible only using TOR.
Brazilian cyber-criminals usually use social media to get touch with each other and to share their earnings from their activities.
It has been seen that Terrorists also utilize these same methods but their purpose is different but their use of this method focuses more on communication, coordination and propaganda-sharing as opposed to cyber-crime related abuse. Services such as SIGAINT, Ruggedinbox and Mail2Tor has been seen to be widely used by terrorist.
Some of the Customized tools used by Terrorist.
Trendmicro has uncovered certain applications that are homegrown by terrorist groups in order to aid their members who are not technically proficient in preserving anonymity and securing communication. Here are six commonly used tools by the terrorist organization.
Also, Terrorists are seen to be using DDOS tool which is capable of performing limited DDOS attack such as SYN flood.
There are lots of differences and similarities in techniques and method used by the online activities of both terrorists as well as cyber criminals. They are interested in keeping their anonymity online, also the way they spread information related to their agenda seems to be different. Cyber criminals are seen to be more inclined to engage with limited contacts however on the other hand terrorist organization focus their efforts on getting their propaganda to a wider range of audience in hopes of finding potential sympathizers,
Lot’s of overlaps has been seen regarding the online presence of terrorist organizations and cyber criminals. They use same communication channels as well as technologies, making it challenging for the authorities to track them back. Gaining knowledge about channels and technologies they use is a critical step towards in getting
Gaining knowledge about channels and technologies they use is a critical step towards in getting an better idea of how these groups function and how can be help provide in order to stop their activities.
Written by: Imdadullah Mohammed
Author Bio: Imdad is an Information Security Consultant, He is also a Moderator for Pune Chapter of Null – The open security community in India and Also member of Garage4hackers. A true open source and Information Security enthusiast. His core area of expertise includes Vulnerability Assessment and Penetration Testing of the Web application, Mobile application and Networks, as well as Server Hardening.
(Security Affairs – ISIS terrorists, Terrorism)