37.5 F
Washington D.C.
Saturday, November 30, 2024

New ISIS Cybersecurity Bulletin Shows Interest in Microsoft BlueKeep Bug

The latest cybersecurity bulletin from ISIS supporters to followers of the terror group highlights the vulnerability of some million devices to the “BlueKeep” Microsoft flaw dubbed “potentially wormable” by the National Security Agency.

The Electronic Horizon Foundation launched in January 2016 as an IT help desk of sorts to walk ISIS supporters through how to encrypt their communications and otherwise avoid detection online while coordinating with and recruiting jihadists.

“It is time to face the electronic surveillance, educate the mujahideen about the dangers of the Internet, and support them with the tools, directives and security explanations to protect their electronic security, so that they don’t commit security mistakes that can lead to their bombardment and killing,” the group said in its founding announcement.

The EHF has since released a series of print and video tutorials covering a range of mobile security and dark web how-tos.

Last year, the group began distributing a weekly “Tech News Bulletin” including “the most important cyber security news.”

The EHF just issued bulletin No. 44 with six top stories: the BlueKeep bug, Huawei looking for an Android OS as it weathers bans, Telegram being hit with a DDoS attack from China during massive Hong Kong protests, a bill in India that could imprison users of cryptocurrency, and Mozilla looking to offer paid Firefox premium services including VPN.

The stories are of particular interest to ISIS supporters, who favor Telegram to disseminate propaganda and recruit. Terror groups have also encouraged fundraising with cryptocurrency, and last month ISIS claimed the establishment of its first province in India: Wilayah Hind. An Indian youth told police last July that he had received WhatsApp messages from numbers in Memphis, Tenn., and Starkville, Miss., trying to threaten him into gathering information for ISIS.

The sixth story in the bulletin is likewise targeted to ISIS followers: “Your Smartphone’s Sensors Can Be Used To Track You.”

The NSA issued a June 4 bulletin warning users to patch the Microsoft vulnerability, stressing that “we have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.”

“This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation code is widely available for this vulnerability,” the agency added. “NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.”

Terror groups are acutely aware of how technology has aided their borderless growth, and equally aware of how important tech training is to their followers to keep them under the radar as they operate online; they’re also trying to foster new hackers to wreak cyber devastation. Al-Qaeda accounts still seem to fly under that radar with greater ease; ISIS has been staking out new cyber territory in an effort to evade the censors.

Jihadist leaders take cybersecurity seriously, not just trying to infiltrate disbelievers’ domains and fundraise with Bitcoin but ensuring that followers follow basic password hygiene (stop using “123456,” says al-Qaeda) and encryption protocols. In a January video, al-Qaeda in the Arabian Peninsula emir Qasim al-Raymi railed against cell phones as “a form of a spy agent – an agent that is always with us.”

RDP Stands for ‘Really DO Patch!’: Understanding the Wormable RDP Vulnerability CVE-2019-0708

Bridget Johnson
Bridget Johnson
Bridget Johnson is the Managing Editor for Homeland Security Today. A veteran journalist whose news articles and analyses have run in dozens of news outlets across the globe, Bridget first came to Washington to be online editor and a foreign policy writer at The Hill. Previously she was an editorial board member at the Rocky Mountain News and syndicated nation/world news columnist at the Los Angeles Daily News. Bridget is a terrorism analyst and security consultant with a specialty in online open-source extremist propaganda, incitement, recruitment, and training. She hosts and presents in Homeland Security Today law enforcement training webinars studying a range of counterterrorism topics including conspiracy theory extremism, complex coordinated attacks, critical infrastructure attacks, arson terrorism, drone and venue threats, antisemitism and white supremacists, anti-government extremism, and WMD threats. She is a Senior Risk Analyst for Gate 15 and a private investigator. Bridget is an NPR on-air contributor and has contributed to USA Today, The Wall Street Journal, New York Observer, National Review Online, Politico, New York Daily News, The Jerusalem Post, The Hill, Washington Times, RealClearWorld and more, and has myriad television and radio credits including Al-Jazeera, BBC and SiriusXM.

Related Articles

- Advertisement -

Latest Articles