ISIS Cyber Terrorism Analysis
1 like1,996 views
The document discusses the risks of ISIS engaging in cyber-terrorism, leveraging the anonymity of the deep web and cryptocurrency to conduct attacks with high strategic value. It highlights the vulnerabilities in Western infrastructure due to outdated security measures and widespread use of consumer-grade software, which could lead to catastrophic consequences if exploited. The financial capabilities of ISIS and their technological adeptness suggest a potential for significant cyber threats, necessitating increased preparedness and continuous vulnerability assessments in Western nations.
ISIS Cyber Terrorism Analysis
- 1. RISKS OF ISIS-CYBER-TERRORISM Lars G. A. Hilse, September 2014 +1 949 208 4181 // +49 4835 9513027 // LH@LARSHILSE.COM The deep web allows anonymous communication. Bitcoin makes it possible to transfer assets around the globe in seconds, also in absolute anonymity. ISIS has a war chest of over USD $2 billion, seeks to attack the west and is attributed the ability to operate very strategically. Jihadists have been known to embrace technology. Gaping vulnerabilities in the technology-reliant western infrastructure make easy targets. What if ISIS were to communicate anonymously? One of the most essential instruments in counter terrorism is signals intelligence; infiltrating the adversary’s communication-flow to make qualified decisions, determine their strategy, and be aware of their next movement. If this stream of information is severed, if ISIS would start to communicate through anonymous communication channels, the advantage falls drastically in favor of the adversary. Contrary to popular belief it is still possible to use the TOR network to communicate anonymously. The most prominent example is the arrest of the alleged Silk Road1 founder Ross William Ulbricht, who as able to acquire a fortune of Bitcoin worth several hundred million dollars2 over a period of years, without being discovered. When reading the criminal complaint3 it becomes evident that his capture was only possible due to mistakes he made during the early stages of Silk Road, while a majority of sources still claim that providing anonymity for end-users on the internet remains a very challenging and difficult task4. When used correctly, TOR offers tremendous possibilities to obscure communiqués in form of email, instant (mobile) messaging, and even voice messaging, while not only anonymizing the communiqué itself, but also the geophysical location of both sender and recipient. Recruiting Professionals ISIS and previous extremist-movements are experienced in recruiting followers for their cause 1 Silk Road: ebay for drugs in Addiction Volume 107, Issue 3, page 683 March 2012 http://onlinelibrary.wiley.com/doi/10.1111/j.1360-0443.2011.03709.x/full 2 D. Ron, A. Shamir, How did Dread Pirate Roberts Acquire and Protect his Bitcoin Wealth?, Weizmann Institute of Science Israel in IACR Cryptology ePrint Archive, 2013 http://i.cdn.turner.com/money/2013/images/11/25/silk-road-paper.pdf 3 United States - v. - Ross William Ulbricht, 13 MAG 2328, p24 onwards, https://www.documentcloud.org/documents/801103-172770276-ulbricht-criminal-complaint.html 4 Performance Analysis of Anonymous Communication Channels provided by Tor, Panchenko, A. ; Dept. of Comput. Sci. - Inf. IV, RWTH Aachen Univ., Aachen ; Pimenidis, L. ; Renner, J., Pages 221 - 228
- 2. online5, so looking in other online-forums for IT security professionals is merely a minor change in procedure. Convincing hackers, who find pleasure in making use of things in ways that were unintended, is quite easy. Even ethical concerns tend to loosen with a budget of USD $2+ billion6. Furthermore, a cyber-attack can be compartmentalized, so that subject matter experts might be hired to work on a particular piece of software that is - by itself - harmless. Only when put into greater context does it become harmful, without the people creating it being aware of the intended use. Adding to the simplicity is the fact that large quantities of the knowledge required to orchestrate a large-scale cyber-attack are available in the public domain, and can be easily retrieved performing searches for topics such as "penetration testing" or similar terms. Because they are people of the internet, most of the subject matter experts required for such a project will prefer Bitcoin over conventional cash for a variety of reasons. For one, the assets received in form of Bitcoin can be easily laundered and the source can be entirely obscured. If all fails, the claim is made that the large sum of money originated from early Bitcoin mining operations7. Furthermore, it is easier to transport. Even large sums of Bitcoin fit onto a USB drive, and can therefore cross borders without a customs official even having a hint that a perpetrator is walking by them with the equivalent of several million US Dollars on their person. An impressive, but largely useless Armory Their expansion in Iraq has granted ISIS access to several conventional arms, among which are tanks, armored vehicles, howitzers along with other towed artillery. An estimated 30 T-55 and T-72 battle tanks, SA-7 and FIM-92 shoulder mounted Stinger missiles, rocket launchers, etc. on the offensive, and instruments such as the ZU-23-2 anti-aircraft guns, M79, HJ-8 and AT-4 anti-tank weapons on the defensive side are in their possession8. Ongoing attempts to obtain chemical or biological agents9, and their deployment in western countries is unlikely due to the high difficulty of shipping such agents undetected. 5 http://www.ctvnews.ca/world/how-isis-became-the-richest-terrorist-group-in-the-world-1.1872634 6 http://www.dw.de/who-finances-isis/a-17720149 7 Zerocoin: Anonymous Distributed E-Cash from Bitcoin, Miers, I. ; Dept. of Comput. Sci., Johns Hopkins Univ., Baltimore, MD, USA ; Garman, C. ; Green, M. ; Rubin, A.D., 2013, Pages 397-411 8 http://www.telegraph.co.uk/news/worldnews/middleeast/iraq/11052919/How-Isil-is-funded-trained- and-operating-in-Iraq-and-Syria.html 9http://www.foreignpolicy.com/articles/2014/08/28/found_the_islamic_state_terror_laptop_of_doom _bubonic_plague_weapons_of_mass_destruction_exclusive
- 3. In terms of nuclear capabilities, ISIS captured some 40kg of low-grade uranium compounds from a research facility in Mosul, but are far from weaponising it10. While this presents an impressive arsenal, which is very useful in their current AO, deploying these weapons to strike the west is - again - nearly impossible. Necessary Transition The jihadist-movement has repeatedly been referred to as being very tech-savvy11, so in spite of the post 9/11 scrutiny, and its dynamic strategy adjustments of the past, it is a conceivable opportunity that it will resort to acquiring the expertise necessary to conduct large-scale cyber attacks. One of an extreme number or possible threat scenarios resulting thereof is a prolonged internet outage. The western internet infrastructure currently has approximately 60 Tbps available bandwidth 12. A 2014 DDoS attack on Spamhaus13, an organization specializing in spam prevention, reached 400Gbps14. In a speech at the 2013 Defcon Conference in Las Vegas, Cloudflare CEO Matthew Prince not only stated that such large-scale attacks don't require a lot of technical expertise, but that attacks of 12Tbps are realistic15. Those orchestrating an earlier attack on Spamhaus in March 2013 would later attack the London Internet Exchange (LINX), the Amsterdam Internet Exchange (AMS-IX), the Frankfurt Internet Exchange (DE-CIX), and the Hong Kong Internet Exchange (HKIX), all of which are critical hubs in the internet infrastructure of the western world16. Congesting 12Tbps of the available 60Tbps of the west's available internet bandwidth would have significant impact on a society, in which almost any industry or part of personal lives rely heavily on network connected infrastructure. From our personal and business communication, over traffic lights, the trains we use to commute, up to the power- and water-treatment-plants we take for granted – nearly everything only works because it is connected to the internet. An organization like ISIS would seek to create large-scale interruption and/or damage upon the 10 http://www.telegraph.co.uk/news/worldnews/middleeast/iraq/11052919/How-Isil-is-funded- trained-and-operating-in-Iraq-and-Syria.html 11 http://www.theguardian.com/world/2014/jun/16/terrifying-rise-of-isis-iraq-executions 12 http://global-internet-map-2012.telegeography.com/ 13 http://www.spamhaus.org/organization/ 14 http://www.pcmag.com/article2/0,2817,2453157,00.asp 15 http://youtu.be/q2FxTgd3uTE?t=24m7s 16 http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
- 4. culture they despise, and favor this broadsword attempt to cause the highest possible damage, while cyber-attacks can also be exceptionally surgical and precise. The internet wasn't designed with security in mind, because in its infancy it was a closed circuit system, never intended to go public. Therefore, all security measures becoming necessary for the commercial ways in which the web is being used/misused are built upon an exceptionally vulnerable infrastructure. A particular Threat to Israel? In July 2014, reports surfaced about Chinese hackers having infiltrated the networks of three Israeli defense contractors, obtaining information not only on the Iron Dome System, but likely also on UAV technology, ballistic rockets, and detailed schematics on the Arrow III missile interceptor17. It is black market intelligence like this, which is easily purchased through the right channels on the deep web, which can shift advantage in favor of the weaker adversary. The impressive arsenal ISIS has assembled over the past months is no match for the strong and well-trained Israeli Defense Force (IDF)18. Yet, a forward deployed, and targeted cyber attack to cripple large parts of Israel’s civilian infrastructure, thereby - for instance - also hindering rapid troop deployment, may present a viable option for ISIS to reduce the military advantage Israel holds. While it wouldn't set the IDF and ISIS on par, a pre-invasion cyber-attack could reduce battle damage encountered by ISIS invading Israel, which, due to its close proximity to Syria and affiliation with the west - along with the ideological differences -, may be a likely target for an invasion. Contributing Factors to the Global Cyber-Vulnerability Along with the aforementioned fact, that the internet wasn't design with security in mind, there are two main factors in western culture, which can be classified as the main contributors of increasing vulnerabilities in network connected infrastructure. Number 1 are the decreasing quality and commercialization/consumerization of software and operating systems, which essentially depict the interface between the employee and the machine. When consumer grade software is used to secure and control sensitive and critical infrastructure, vulnerabilities are inevitable. Number 2 is the exponentially increasing demand for convenience and cost reduction. Every employee needs a place to work; an office. Offices present a large overhead for any corporation, as do the working instruments made available to employees. 17 http://rt.com/news/176268-chinese-hackers-israel-iron-dome/ 18 http://www.globalfirepower.com/country-military-strength-detail.asp?country_id=israel
- 5. This fact has brought forth the trend of "Bring Your Own Device" (BOYD), in which employees are encouraged to use their own hard- and software as tools they would otherwise have to be equipped with by the employer. BOYD, however, puts the hard- and software used by employees out of the reach and control of employers and associated IT policies and procedures. Employees will be using their devices in private environments as well, therefore exposing them to significant risks in context to penetration of corporate intellectual property, in otherwise secured ICT environments19. Furthermore, the fact that an ever increasing number of employees are left to work from the comfort of their home, mainly to save costs for office space. This, however, displays yet more vulnerabilities, because large distances have to be relayed for the employee to work, which can be intercepted, and the devices used to work are in unsecure environments. Countermeasures In the years leading up to 9/11, the world was in denial over the fact that planes could be used as weapons. The consequences of this lack of imagination towards realistic cyber-threats could have even more dire consequences taking into consideration that all means of communication are network connected today. Even such basic things like telephony require a functioning, stable connection to the internet to function, if they're not already switched over to IP-telephony already, and therefore require the internet as the base of operation. Applied countermeasures start with the necessity of awareness towards the vulnerabilities, more importantly though how catastrophic their exploitation would be in most western nations. The second step is to assess not only the vulnerabilities in the domestic environment, but to also monitor the efforts of more advanced nations and enterprises, in order to prevent new vulnerabilities from arising and to check the domestic environment against vulnerabilities discovered by others, before they become a problem. Conclusion The world is in danger, neglecting the consequences a cyber-attack could have. Whether it is the aforementioned "broadsword" approach, or a more surgical strike, the consequences - both from a human casualty and monetary standpoint - would be dire for any western nation. 19 https://www.academia.edu/7858110/Why_there_will_be_a_Cyber-9_11._Soon
- 6. With ISIS, the world is introduced to the first actor with the financial capability to orchestrate such an attack with their ideology and hatred towards western culture presenting the motive. A variety of western nations deem themselves prepared for such an attack, while being far from it. The cyber-threats constantly change in an exceptionally dynamic fashion. Preparedness is the key, and constant analysis of domestic infrastructure, as well as inclusion of cyber-capabilities into warfare-theaters and civilian infrastructure is essential. About the Author Lars G. A. Hilse (*1979) is a senior management consultant specializing in digital strategy with a lifelong passion for the internet. On the commercial side, his E-Business Sales Funnel Methodology is responsible for close to USD $1 billion increased revenue for his clients, among which are AXA, Ferrari, DHL, et. al. from 20+ industry verticals in over two dozen countries. On the government side, he has privately funded over USD $200.000 worth of research into cybercrime, cyber-terrorism, cyber-defense & -security. His Continuous Vulnerability Testing Methodology (CVT) focuses on securing critical, domestic infrastructure, while at the same time including offensive cyber-warfare principles into military strategy to reduce casualties and battle damage. He has given numerous speeches around the globe, among others at the WCF in Davos, Switzerland and is the author of several books.