The militant organization’s cyberattacks have been, until now, a largely improvised affair. Five distinct groups have been working on small-scale attacks on vulnerable media, banking, and government targets. You might remember when ISIS hackers took over the social media pages of U.S. Central Command, for example.
The end goal, in attacks like these, is to spread ISIS propaganda and potentially recruit more hackers to the cause. These attacks are high-profile, sure, but not terribly hard to pull off. “ISIS hacked the U.S. Central Command …” sounds impressive, but when you finish the sentence to write “ISIS hacked the U.S. Central Command’s Twitter account”, it all becomes less frightening. It’s less of a massive breach of security and more of an embarrassing oversight on the part of whoever runs the social media accounts. As this XKCD comic points out so well, it’s more like vandalizing a poster hung up by the U.S. government than actually hacking the government.
But this could change, according to a report from Flashpoint, an intelligence firm that specializes in the deep web. They say ISIS’ consolidation also brings a focus on more meaningful attacks.
“Until recently, our analysis of the group’s overall capabilities indicated that they were neither advanced nor did they demonstrate sophisticated targeting,” said Laith Alkhouri, a co-founder of Flashpoint. “With the latest unification of multiple pro-ISIS cyber groups under one umbrella, there now appears to be a higher interest and willingness amongst ISIS supporters in coordinating and elevating cyber attacks against governments and companies.”
The report says that, like much of ISIS, the cyber efforts are likely underfunded, but increasingly ambitious. Attacks on financial institutions are likely to continue, and small-scale attacks on prominent low-hanging-fruit, such as Twitter accounts, will be used to attract talent.
