Poor Coding Limits IS Hackers' Cyber-capabilities, Says Researcher
Hackers working for the so-called Islamic State are bad at coding and hiding what they do, suggests research.
They produce buggy malware and easily crackable encryption programs, said senior security researcher Kyle Wilhoit at security conference DerbyCon.
In particular, he called three attack tools created by one large IS hacker collective "garbage".
Their poor skills meant IS groups had switched to online services and the dark web for attack code, he said.
Little harm
While IS was very proficient at using social media as a recruitment and propaganda tool, its cyber-attack arm was nowhere near as effective, said Mr Wilhoit, a cyber-security researcher at Domain Tools, while presenting his work at the conference in Kentucky.
"ISIS is really, really bad at the development of encryption software and malware," he told tech news outlet The Register, adding that the vulnerabilities found in all the tools effectively rendered them "completely useless".
As part of his research, Mr Wilhoit analysed three separate types of tools created by hackers who were part of what is known as the United Cyber Caliphate (UCC). This was set up as an umbrella organisation for 17 hacker groups that had declared their support for IS.
All the tools had problems, he said.
- the group's malware was full of basic bugs
- a secure email system it developed leaked information about users
- the UCC's web attack tool failed to take down any significant target
In addition, attempts to raise cash via donations of bitcoins have been diluted by fraudsters cashing in on the IS name and producing websites mimicking the appeals for funds.
"As it stands ISIS are not hugely operationally capable online," Mr Wilhoit added. "There's a lack of expertise in pretty much everything,"
IS also had a lot to learn when it came to hiding its activities online, he said. There were many examples of it sharing pictures of successful attacks, or which lauded its members, that still held metadata that could identify where the photos were taken.
Mr Wilhoit said that, during his research, he had found an unprotected IS server online that served as a repository of images the group planned to use for propaganda.
"You can basically mass export metadata from each of the pictures and get literally up-to-the-second information on where people are operating, because they are not really that great at operation security," he said.
Many of the people involved with the cyber-arm of IS had been killed in drone strikes, said Mr Wilhoit adding that it was open to speculation about how location data to aid the drones was found.
Over the last year UCC had begun moving to attack tools used by Western cyber-thieves, he said.
"They know they cannot develop tools worth a damn, so they are going to use stuff that works, is minimally cheap and is easy to use."
Uncovering The Tactics: How Hackers Exploit Developing Countries In Ransomware Testing
In recent years, there has been a concerning rise in hackers using developing countries as testing grounds for ransomwar... Read more
From Silicon Valley To Down Under: Musk's Defense Of Public Interest In The Digital Era
In recent headlines, tech titan Elon Musk has once again captured global attention, this time for his intervention in an... Read more
The Global Semiconductor Landscape: Navigating Through Market Shifts Post Samsung's Earnings Triumph
In the first quarter of 2024, Samsung Electronics announced a staggering 931% surge in operating profits, reaching 6.6 t... Read more
The Balancing Act: Google's Paywalled AI And The Quest For Digital Equity
In an era where artificial intelligence (AI) is no longer the stuff of science fiction but a daily utility, Google's lat... Read more
The Meteoric Rise Of Anthropic: Valuation And The Future Of AI
In an era where artificial intelligence (AI) is not just a buzzword but a cornerstone of technological advancement, Amaz... Read more
The Future Of Sports Strategy: Navigating The AI Revolution
In the fast-evolving world of competitive sports, the introduction of Artificial Intelligence (AI) has been nothing shor... Read more