On January 7, 2014, a relatively new hacker group calling itself the Islamic Cyber Resistance (ICR) claimed they had accessed the Local Area Network (LAN) of the Israel Airports Authority (IAA) and leaked sensitive information regarding domestic and international flight maps.
According to the group, they accessed flight management plans and the ATIS/VOLMET system (Automatic Terminal Information Service), where they could have manipulated data communications, such as flight routing and weather conditions.
The ICR has leaked a great amount of data, most of which is not up-to-date. Our analysis additionally revealed that the leaked data does not originate from the IAA local network, but either from its open and public network or from a different server that contains such information.
Nonetheless, it appears that this group may pose a threat to Western entities, as well as non-Shi’a, and I will explain.
ICR executed their first act on February 25, 2013, when the group leaked the personal details of Bahraini intelligence and high-ranking military personnel. This was accompanied by an image demonstrating the group’s support of Hezbollah leader Hassan Nasrallah.
On August 10, 2013, the ICR and the Syrian Electronic Army (SEA), a pro-Assad hacker group, hacked a Kuwait mobile operator (Zain Group) and leaked information that included passwords.
On October 22, 2013, the ICR leaked the email addresses of the International Atomic Energy Agency (IAEA). It should be noted that information regarding the IAEA was also leaked in 2012 by the Iranian hacker group Parastoo.
On December 16, 2013, the ICR leaked personal details of 2,014 Israelis affiliated with various security bodies as well as secret documents from the Saudi BinLadin Group (SBG) and Saudi Arabian security officials. They stated that this attack was the group’s revenge for the assassination of Hezbollah Commander Hassan al-Lakkis on December 4, 2013.
According to the semi-official Iranian Fars News Agency, the group has declared that it is not affiliated with Hezbollah. However, the cyber-attack coined “Remember Hassan Lakkis Operation” and the image of Hassan Nasrallah attached to one of the leaks indicates a connection between the group and Hezbollah, or at least the group’s support for the organization.
Moreover, the name of the group in English is the same as one of the names for Hezbollah (Al-Muqawama al-Islamiyya – “Islamic Resistance”). Additionally, a news report in Persian about the ICR attached an image labeled “HizbullahCyber”, another indication of a possible connection between the ICR and Hezbollah.
The ICR has no Facebook or Twitter accounts. However, it seems that wikileak.ir is the main platform for their leaks. Additionally, the Twitter account @quickleak.org often tweets about the group’s operations and should therefore be considered a good source of information about the group’s activity.