Does the Islamic State have Offensive Cyber Capabilities?

The short answer to this question is another question – does it really matter? What is more important is their ever-growing desire and motivation to obtain and develop offensive capabilities in cyber-space.

There has been debate among security experts on this matter since the Islamic State (IS) started operating in the cyber domain. On the one hand, some argue that IS hackers have already proven their ability to launch successful cyber-attacks and now they are attempting to carry out meaningful attacks against critical infrastructures (with no success thus far).

On the other hand, an emerging theory suggests that attacks previously associated with IS were actually perpetrated by a sophisticated group of Russian hackers. In other words, the alleged attacks against a French TV station in April 2015, the hijacking of the CENTCOM Twitter account in January 2015 and others were the work of a Russian APT group, and not the IS-affiliated “Cyber Caliphate.”

But again – does it really matter? We can say with a high degree of certainty that IS as a terror organization is trying to develop cyber capabilities. We received a strong indication of this trend in late August 2015, when a US drone strike killed a British IS cyber expert.

Even before that, in early 2014, we had heard of so-called cyber operations conducted by the Al-Qaeda Electronic Army (AQEA, or AQECA – the Al-Qaeda Electronic Cyber Army) against US government websites.

We assess that at the moment IS hacking entities (such as “Cyber Caliphate” or the Islamic Cyber Army – ICA) do not have high technical capabilities. That said, we should not underestimate the Islamic State’s attempts to develop an offensive cyber capability. An analysis of IS publications reveals a clear increase in the motivation of IS-inspired hackers to wage attacks against high-profile Western targets.

A concerning development in this aspect would be indications of the purchasing of attack tools and malware from highly sophisticated cyber criminals. Taking into consideration the clear intentions expressed by IS in relation to executing cyber-attacks against the West, such tools could be directed at critical infrastructures, sensitive organizations, government agencies and more.

Online Jihadists Express Interest in Cyber Warfare and Cyber Security

In March 2013, a hacker group called the “Tunisian Cyber Army” (TCA) claimed that they, in coordination with the al-Qaeda Electronic Army (AQEA), (or AQECA – al-Qaeda Electronic Cyber Army), have hacked several U.S. government websites.

The attackers stated that they were assisted by “Chinese hackers.” In addition, the groups claimed that these attacks were in preparation for #OpBlackSummer, a cyber campaign designed to target U.S. websites between May and September 2013.

OpBlackSummer

Regardless of the authenticity of these attacks, we clearly see the increased motivation of AQ-affiliated cyber units to wage attacks against Western targets. We would not be at all surprised to see sophisticated AQ attacks in the near future. We can assume that they are developing cyber attack tools, or even worse – purchasing advanced tools from the underground black market.

In September 2013, the Global Islamic Media Front (GIMF) – a propaganda organization associated with AQ – posted an encryption program for mobile phones on jihadi forums. The program is called Tashfeer al-Jawwal, or Mobile Encryption, and the GIMF described it as the “first Islamic encryption software for mobiles.”

The release was prefaced by an introduction from renowned jihadi ideologue Abu Sa’ad al-A’mili, who promised that the program would be a qualitative move for secure communications between jihadists and a surprising shock to the enemy. It should be mentioned that the GIMF provided a description of the program on their website, as well as tutorials in Arabic, English, Indonesian and Urdu.

Tashfeer al-Jawwal -  encryption program for mobile phones
Tashfeer al-Jawwal – encryption program for mobile phones

In December 2013, the exclusively online AQ propaganda distributor, the al-Fajr Media Center, published a new encryption program called Amn al-Mujahid (“Security of the Mujahid”) on jihadi forums, accompanied by a 28-page instructional manual. Al-Fajr said that AQ’s Technical Committee sought to develop an encryption program equipped with the latest technology that would enable the user  to use advanced encryption standards.

Although these developments are merely versions of available programs, the steady introduction of programs such as these reveals jihadi interest in cyber security and cyber warfare.