While monitoring closed platforms that propagate an Islamic State agenda, we detected an initial interest in hacking lessons, focusing on spam and phishing methods. Many discussions in the technical sections of closed platforms affiliated with the Islamic State deal with the implementation of information security awareness among its members, therefore discussions regarding offensive capabilities are rare on these platforms, and the shared materials are basic and elementary. However, the fact that individuals on these platforms are becoming more aware of spam and phishing methods is a worrying development indicating interest among pro-IS hackers to become involved in cybercrime.
In one discussion regarding the establishment of hacking lessons, we noticed that the main goal was to teach members to implement methods of social engineering, like creating scam pages of popular platforms to steal victim details, such as login credentials, financial information and more. In addition, it was mentioned that stolen credit card information can be utilized for the benefit of the Islamic State by transferring money from victims’ accounts to jihadi cells around the world, or for purchasing powerful servers (for carrying out cyber-attacks).
We detected one hacking lesson that included a detailed review, with instructions and recommendations dealing with various subjects, such as stealing email lists from different platforms using Havij (a popular automatic SQL injection tool), creating fake messages that impersonate official emails and avoiding AV detections. The lesson received favorable comments.
In conclusion, this is an interesting development, as closed platforms affiliated with the Islamic State does not usually focus on activity related to hacking and offensive cyber capabilities, such as sharing malware or malicious tools.