The latest cybersecurity bulletin from ISIS supporters to followers of the terror group highlights the vulnerability of some million devices to the “BlueKeep” Microsoft flaw dubbed “potentially wormable” by the National Security Agency.
The Electronic Horizon Foundation launched in January 2016 as an IT help desk of sorts to walk ISIS supporters through how to encrypt their communications and otherwise avoid detection online while coordinating with and recruiting jihadists.
“It is time to face the electronic surveillance, educate the mujahideen about the dangers of the Internet, and support them with the tools, directives and security explanations to protect their electronic security, so that they don’t commit security mistakes that can lead to their bombardment and killing,” the group said in its founding announcement.
The EHF has since released a series of print and video tutorials covering a range of mobile security and dark web how-tos.
Last year, the group began distributing a weekly “Tech News Bulletin” including “the most important cyber security news.”
The EHF just issued bulletin No. 44 with six top stories: the BlueKeep bug, Huawei looking for an Android OS as it weathers bans, Telegram being hit with a DDoS attack from China during massive Hong Kong protests, a bill in India that could imprison users of cryptocurrency, and Mozilla looking to offer paid Firefox premium services including VPN.
The stories are of particular interest to ISIS supporters, who favor Telegram to disseminate propaganda and recruit. Terror groups have also encouraged fundraising with cryptocurrency, and last month ISIS claimed the establishment of its first province in India: Wilayah Hind. An Indian youth told police last July that he had received WhatsApp messages from numbers in Memphis, Tenn., and Starkville, Miss., trying to threaten him into gathering information for ISIS.
The sixth story in the bulletin is likewise targeted to ISIS followers: “Your Smartphone’s Sensors Can Be Used To Track You.”
The NSA issued a June 4 bulletin warning users to patch the Microsoft vulnerability, stressing that “we have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.”
“This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation code is widely available for this vulnerability,” the agency added. “NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.”
Terror groups are acutely aware of how technology has aided their borderless growth, and equally aware of how important tech training is to their followers to keep them under the radar as they operate online; they’re also trying to foster new hackers to wreak cyber devastation. Al-Qaeda accounts still seem to fly under that radar with greater ease; ISIS has been staking out new cyber territory in an effort to evade the censors.
Jihadist leaders take cybersecurity seriously, not just trying to infiltrate disbelievers’ domains and fundraise with Bitcoin but ensuring that followers follow basic password hygiene (stop using “123456,” says al-Qaeda) and encryption protocols. In a January video, al-Qaeda in the Arabian Peninsula emir Qasim al-Raymi railed against cell phones as “a form of a spy agent – an agent that is always with us.”
RDP Stands for ‘Really DO Patch!’: Understanding the Wormable RDP Vulnerability CVE-2019-0708