Islamic State Hacking Division

Last updated
Islamic State Hacking Division
Also known asUnited Cyber Caliphate
Foundation2014
Dates of operation2014–Present
AllegianceAQMI Flag asymmetric.svg Islamic State
StatusActive

The Islamic State Hacking Division (ISHD) or The United Cyber Caliphate(UCC) is a merger of several hacker groups self-identifying as the digital army for the Islamic State of Iraq and Levant (ISIS/ISIL). The unified organization comprises at least four distinct groups, including the Ghost Caliphate Section, Sons Caliphate Army (SCA), Caliphate Cyber Army (CCA), and the Kalashnikov E-Security Team. Other groups potentially involved with the United Cyber Caliphate are the Pro-ISIS Media group Rabitat Al-Ansar (League of Supporters) and the Islamic Cyber Army (ICA). [1] Evidence does not support the direct involvement of the Islamic State leadership. It suggests external and independent coordination of Pro-ISIS cyber campaigns under the United Cyber Caliphate(UCC) name. [2] Investigations also display alleged links to Russian Intelligence group, APT28 , using the name as a guise to wage war against western nations. [3] [4]

Contents

Concerns

The group's actions have included online recruiting, website defacement, social media hacks, denial-of-service attacks, and doxing with 'kill lists.' [5] [6] [7] The group is classified as low-threat and inexperienced because their history of attacks requires a low level of sophistication and rely on publicly available hacking tools. [8] [9]

Experts raised doubts about the source and nature of data from released 'kill lists' containing personal information about U.S. Military personnel claimed stolen from hacked U.S. government servers. There is no evidence that the United Cyber Caliphate (UCC) compromised U.S. systems. The data included public, unclassified, and often outdated information about civilians, non-U.S. citizens, and others built from old data breaches or web scraped data. [10] [11]

U.S., French, and German intelligence investigated attacks following the French Television Channel TV5Monde hack and The U.S. CENTCOM Twitter attack. All three countries linked actions by the United Cyber Caliphate (UCC) to APT 28 (aka Fancy Bear), a Russian intelligence group. [3] [4]

History

The group first emerged in hacking operations against U.S. websites in January 2015 as the Cyber Caliphate Army(CCA). [1] In March 2015, the Islamic State published a "kill list" on a website that included names, ranks, and addresses of 100 U.S. military members. [12]

A pattern of similar attacks emerged after the media coverage. At least 19 individual 'kill lists,' including personal information of American, Canadian, and European citizens released between March 2015 and June 2016. [13] On April 4, 2016, all four groups united as the United Cyber Caliphate (UCC). [14]

In June 2016, the Middle East Media Research Institute found and revealed to the media an alleged list of approximately 8,300 people around the world as potential lone-wolf attack targets. [15]

Successful attacks since mid-2014

Related Research Articles

<span class="mw-page-title-main">Hacktivism</span> Computer-based activities as a means of protest

Internet activism, hacktivism, or hactivism, is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hacker culture and hacker ethics, its ends are often related to free speech, human rights, or freedom of information movements.

<span class="mw-page-title-main">TV5Monde</span> French television network

TV5Monde, formerly known as TV5, is a French public television network, broadcasting several channels of French-language programming. It is an approved participant member of the European Broadcasting Union.

<span class="mw-page-title-main">Islamic State</span> Salafi jihadist militant Islamist group

The Islamic State (IS), also known as the Islamic State of Iraq and the Levant (ISIL), the Islamic State of Iraq and Syria (ISIS) and by their Arabic acronym Daesh, are a transnational Salafi jihadist group. Their origins were in the Jaish al-Ta'ifa al-Mansurah organization founded by Abu Omar al-Baghdadi in 2004. The organization affiliated itself with Al-Qaeda, so IS was originally a branch of Al-Qaeda and fought alongside them during the Iraqi insurgency. IS eventually split, and gained global prominence in 2014, when their militants successfully captured large territories in northwestern Iraq and eastern Syria, taking advantage of the ongoing Syrian civil war. Notorious for their perpetration of war crimes and extensive human rights violations, IS have engaged in the persecution of Christians, Mandaeans, Shia Muslims, and Sufi Sunnis, and published videos of beheadings and executions of journalists and aid workers. By the end of 2015, they ruled an area with an estimated population of 12 million people, where they enforced their extremist interpretation of Islamic law, managed an annual budget exceeding US$1 billion, and commanded more than 30,000 fighters.

<span class="mw-page-title-main">Cyberattacks during the Russo-Georgian War</span> Series of cyber attacks during Russo-Georgian war in 2008

During the Russo-Georgian War, a series of cyberattacks swamped and disabled websites of numerous South Ossetian, Georgian, Russian and Azerbaijani organisations. The attacks were initiated three weeks before the shooting war began.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

Teamp0ison was a computer security research group consisting of 3 to 5 core members. The group gained notoriety in 2011/2012 for its blackhat hacking activities, which included attacks on the United Nations, NASA, NATO, Facebook, Minecraft Pocket Edition Forums, and several other large corporations and government entities. TeaMp0isoN disbanded in 2012 following the arrests of some of its core members, "TriCk", and "MLT".

Anonymous is a decentralized virtual community. They are commonly referred to as an internet-based collective of hacktivists whose goals, like its organization, are decentralized. Anonymous seeks mass awareness and revolution against what the organization perceives as corrupt entities, while attempting to maintain anonymity. Anonymous has had a hacktivist impact. This is a timeline of activities reported to be carried out by the group.

<span class="mw-page-title-main">Syrian Electronic Army</span> Hacker group affiliated with the Syrian government

The Syrian Electronic Army is a group of computer hackers which first surfaced online in 2011 to support the government of Syrian President Bashar al-Assad. Using spamming, website defacement, malware, phishing, and denial-of-service attacks, it has targeted terrorist organizations, political opposition groups, western news outlets, human rights groups and websites that are seemingly neutral to the Syrian conflict. It has also hacked government websites in the Middle East and Europe, as well as US defense contractors. As of 2011, the SEA has been "the first Arab country to have a public Internet Army hosted on its national networks to openly launch cyber attacks on its enemies".

<span class="mw-page-title-main">Islamic State of Iraq</span> Militant Salafist jihadist group in Iraq (2006–2013)

The Islamic State of Iraq was a Salafi jihadist militant organization that fought the forces of the U.S.-led coalition during the Iraqi insurgency. The organization aimed to overthrow the Iraqi federal government and establish an Islamic state governed by Sharia law in Iraq.

Al-Hayat Media Center is a media wing of the Islamic State. It was established in mid-2014 and targets international (non-Arabic) audiences as opposed to their other Arabic-focused media wings and produces material, mostly Nasheeds, in English, German, Russian, Urdu, Indonesian, Turkish, Bengali, Chinese, Bosnian, Kurdish, Uyghur, and French.

<span class="mw-page-title-main">Abu Muslim al-Turkmani</span> ISIL deputy leader

Fadel Ahmed Abdullah al-Hiyali, better known by his noms de guerre Abu Muslim al-Turkmani, Haji Mutazz, or Abu Mutaz al-Qurashi, was the Islamic State of Iraq and the Levant (ISIL) governor for territories held by the organization in Iraq. He was considered the ISIL second-in-command ; he played a political role of overseeing the local councils and a military role that includes directing operations against opponents of ISIL. His names were also spelt Fadhil Ahmad al-Hayali, and Hajji Mutazz.

<span class="mw-page-title-main">Military of the Islamic State</span> Military unit

The Military of the Islamic State is the fighting force of the Islamic State (IS). The total force size at its peak was estimated from tens of thousands to over two hundred thousand. IS's armed forces grew quickly during its territorial expansion in 2014. The IS military, including groups incorporated into it in 2014, openly operates and controls territory in multiple cities in Libya and Nigeria. In October 2016, it conquered the city of Qandala in Puntland, Somalia. It conquered much of eastern Syria and western Iraq in 2014, territory it lost finally only in 2019. It also has had border clashes with and made incursions into Lebanon, Iran, and Jordan. IS-linked groups operate in Algeria, Pakistan, the Philippines, and in West Africa. In January 2015, IS was also confirmed to have a military presence in Afghanistan and in Yemen.

Lizard Squad Hacker group

Lizard Squad was a black hat hacking group, mainly known for their claims of distributed denial-of-service (DDoS) attacks primarily to disrupt gaming-related services.

Junaid Hussain was a British black hat hacker and propagandist under the nom de guerre of Abu Hussain al-Britani who supported the Islamic State of Iraq and the Levant (ISIL). Hussain, who was raised in Birmingham in a family originally from Pakistan, was jailed in 2012 for hacking Tony Blair's accounts and posting his personal information online. Hussain left the UK around 2013 for Syria.

Fancy Bear is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165. This refers to its unified Military Unit Number of the Russian army regiments. The headquarters of Fancy Bear and the entire military unit, which reportedly specializes in state-sponsored cyberattacks and decryption of hacked data, were targeted by Ukrainian drones on July 24, 2023, the rooftop on an adjacent building collapsed as a result of the explosion.

<span class="mw-page-title-main">Islamic State – Khorasan Province</span> Islamic State branch in Central and South Asia

The Islamic State – Khorasan Province is a regional branch of the Salafi jihadist group Islamic State (IS) active in South-Central Asia, primarily Afghanistan and Pakistan. ISIS–K seeks to destabilize and replace current governments within the historic Khorasan region with the goal of establishing a caliphate across South and Central Asia, governed under a strict interpretation of Islamic sharia law, which they plan to expand beyond the region.

MLT, real name Matthew Telfer, is a cybersecurity researcher, former grey hat computer hacker and former member of TeaMp0isoN. MLT was arrested in May 2012 in relation to his activities within TeaMp0isoN, a computer-hacking group which claimed responsibility for many high-profile attacks, including website vandalism of the United Nations, Facebook, NATO, BlackBerry, T-Mobile USA and several other large sites in addition to high-profile denial-of-service attacks and leaks of confidential data. After his arrest, he reformed his actions and shifted his focus to activities as a white hat cybersecurity specialist. He was the founder of now-defunct Project Insecurity LTD.

<i>The Plot to Hack America</i> Non-fiction book by Malcolm Nance

The Plot to Hack America: How Putin's Cyberspies and WikiLeaks Tried to Steal the 2016 Election is a non-fiction book by Malcolm Nance about the Russian interference in the 2016 United States elections. It was published in paperback, audiobook, and e-book formats in 2016 by Skyhorse Publishing. A second edition was also published the same year, and a third edition in 2017. Nance researched Russian intelligence, working as a Russian interpreter and studying KGB history.

Ghost Squad Hackers ("GSH") is a hacktivist group responsible for several cyber attacks. Former targets of the group include central banks, Fox News, CNN, the United States Armed Forces and the government of Israel. The group is led by a de facto leader known as s1ege, and selects targets primarily for political reasons. The group forms a part of the hacktivist group Anonymous.

<span class="mw-page-title-main">Russo-Ukrainian cyberwarfare</span> Informatic component of the confrontation between Russia and Ukraine

Cyberwarfare is a component of the confrontation between Russia and Ukraine since the Revolution of Dignity in 2013-2014. While the first attacks on information systems of private enterprises and state institutions of Ukraine were recorded during mass protests in 2013, Russian cyberweapon Uroburos had been around since 2005. Russian cyberwarfare continued with the 2015 Ukraine power grid hack at Christmas 2015 and again in 2016, paralysis of the State Treasury of Ukraine in December 2016, a Mass hacker supply-chain attack in June 2017 and attacks on Ukrainian government websites in January 2022.

References

  1. 1 2 Alkhouri, Laith (2016). "Hacking for ISIS: The Emergent Cyber Threat Landscape" (PDF). Flashpoint. Archived from the original (PDF) on 2020-11-01. Retrieved 2020-12-08.
  2. Alexander, Audrey (April 2019). "Doxing and Defacements: Examining the Islamic State's Hacking Capabilities". CTC Sentinel. 12 (4). Archived from the original on 2023-02-03. Retrieved 2020-12-08 via Combating Terrorism Center at West Point.
  3. 1 2 "False Flags: The Kremlin's Hidden Cyber Hand". Observer. 2016-06-18. Retrieved 2017-09-25.
  4. 1 2 "Defense Intelligence Agency Releases Russia Military Power Assessment". Defense Intelligence Agency. Archived from the original on 2018-03-31.
  5. Theodore Schleifer (18 June 2015). "FBI director: We can't yet limit ISIS on social media - CNNPolitics.com". CNN.
  6. Emma Graham-Harrison (12 April 2015). "Could Isis's 'cyber caliphate' unleash a deadly attack on key targets?". the Guardian.
  7. "Flashpoint - Cyber Jihadists Dabble in DDoS: Assessing the Threat". Flashpoint. 2017-07-13. Retrieved 2020-12-09.[ permanent dead link ]
  8. Lamothe, Dan. "U.S. military social media accounts apparently hacked by Islamic State sympathizers". Washington Post. ISSN   0190-8286 . Retrieved 2020-12-09.
  9. Bernard, Rose (2017-05-04). "These are not the terrorist groups you're looking for: an assessment of the cyber capabilities of Islamic State". Journal of Cyber Policy. 2 (2): 255–265. doi:10.1080/23738871.2017.1334805. ISSN   2373-8871.
  10. "Doubts cast on Islamic State's so-called leak of US .mil, .gov passwords". theregister.co.uk.
  11. Desk, ICT Cyber (2016). "Case Study – "Killing Lists" – The Evolution of Cyber Terrorism?". Cyber-Terrorism Activities Report No. 16: 34–39.{{cite journal}}: |last= has generic name (help)
  12. Schmidt, Michael S. (21 March 2015). "ISIS Urges Sympathizers to Kill U.S. Service Members it Identifies on Website". The New York Times. Retrieved 8 December 2020.
  13. Arsenault, Adrienne (15 June 2016). "ISIS 'kill list' includes names of 151 Canadians". CBC.ca. Retrieved 16 June 2016.
  14. "Special Report: Kill Lists from Pro-IS Hacking Groups" (PDF). SITE Intelligence. 2016.
  15. "Are you on the Islamic State's kill list? Check here". 10 June 2016. Retrieved 16 June 2016.
  16. "Australian airport website hacked by Islamic State". Telegraph.co.uk. 13 April 2015.
  17. "IS supporters hack Australian airport website". San Diego Union Tribune. 13 April 2015. Retrieved 2023-08-18.
  18. "Europe - France's TV5Monde targeted in 'IS group cyberattack'". France 24. 9 April 2015.
  19. "France probes Russian lead in TV5Monde hacking: sources". Reuters. 10 June 2015. Retrieved 9 July 2015.
  20. "Someone Hacked Swedish Radio Station to Play Pro-ISIS Song". 11 November 2017.
  21. Safi, Michael (13 August 2015). "Isis 'hacking division' releases details of 1,400 Americans and urges attacks". the Guardian. Retrieved 2015-08-23.
  22. Perry, Keith (11 September 2015). "ISIS hackers intercept top secret British Government emails". Daily Mirror . Retrieved 2015-09-21.
  23. "IS hackers target small Battle firm in cyber attack". BBC News. 28 February 2016. Retrieved 2023-08-18.
  24. "Solar Panels at Risk of Cyber Attacks, warn Experts". Cyber Security. 31 May 2023. Retrieved 2023-08-18.
  25. "'Are you joking?': Small Australian businesses targeted by pro-IS hackers". ABC News. 15 April 2016.
  26. "ISIS-linked cyber group releases 'kill list' of 8,786 US targets for lone wolf attacks". Newsweek. 2017-04-04. Retrieved 2017-04-09.
  27. "ACCA Claims Hacking 150 Twitter Accounts | Dark Web and Cyber Security | Articles". ent.siteintelgroup.com. 16 July 2019. Archived from the original on 2019-07-16. Retrieved 2019-07-16.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.