A group operating under ISIS’ hacking division announced in a Friday statement a new campaign “to destroy your websites, your devices and your data,” while an ISIS supporters’ IT help desk highlighted a Senate report revealing cybersecurity failures and vulnerabilities at several government agencies.
At the beginning of the year, the new Caliphate Cyber Shield was announced as “an extension of the United Cyber Caliphate (UCC).” In March, Kim Anh Vo, 20, of Hephzibah, Ga., was arrested on allegations that she joined the UCC in 2016 and disseminated propaganda including “kill lists” with mass quantities of personal identifying information on Americans. In 2018, the UCC threatened to kill gray-hat #OpISIS hackers, including Anonymous hacktivists, who had been waging a lengthy online campaign to take down ISIS social media accounts and websites; the UCC claimed in the threat that “you know very well that your strongest branch has joined us.”
The CCS founding statement pledged allegiance to Abu Bakr al-Baghdadi and declared the launch of “your brothers in the shield of the electronic caliphate (CCS) to start work for the sake of Allah and support his religion.”
Last week’s CCS message distributed in ISIS forums announced “a new phase of our struggle, and of the history of the cyber warfare.”
“We penetrate the accounts of the soldiers and officers of the Rafidha [Shiites], the Crusaders, the Jews and the murtaddin [apostates], and collect their data. We penetrate websites that Allah makes easy for us to penetrate. We monitor and allure infiltrated spies to able to hack their accounts and warn Muslims from them and the files they publish, as well as spreading the security awareness and explain some of the secret methods used by the Crusader coalition to spy on supporters and follow them, whatever you have mobilized against us, the enemies of God,” the statement declared.
“O enemies of Allah, no matter how much you gather against us, no matter how many you killed and captured of us, Almighty Allah will replace them with whom are harder than us on you,” CCS continued. “We are but a small part of the army, which will be prepared by the Islamic State to destroy your websites, your devices and your data, by Allah’s permission. We bring glad tidings of what [is] yet to harm you, for the best outcome is for the pious.”
Separately, the latest cybersecurity bulletin from the Electronic Horizon Foundation led with the story on a 10-year review of cybersecurity compliance flaws at the departments of Homeland Security, State, Transportation, Housing and Urban Development, Agriculture, Health and Human Services, and Education, as well as the Social Security Administration.
The bipartisan report from the Senate Homeland Security and Governmental Affairs Permanent Subcommittee on Investigations found during a 10-month investigation that the agencies failed to comply with basic cybersecurity protocols and seven of the eight left Americans’ personally identifiable information vulnerable. “After a decade of negligence, our federal agencies have failed at implementing basic cybersecurity practices, leaving classified, personal, and sensitive information unsafe and vulnerable to theft,” said Chairman Rob Portman (R-Ohio). “The federal government can, and must, do a better job of shoring up our defenses against the rising cybersecurity threats.”
The EHF weekly tech bulletin also featured stories on Facebook handing over data on hate speech suspects to French courts, an Android spyware campaign in the Middle East that spread through Telegram and WhatsApp (both favored ISIS platforms), and vulnerabilities in iPhone apps and Microsoft Word.
Two weeks ago, the EHF — which launched in January 2016 as an IT help desk of sorts to walk ISIS supporters through how to encrypt their communications and otherwise avoid detection online while coordinating with and recruiting jihadists — highlighted the vulnerability of some million devices to the “BlueKeep” Microsoft flaw dubbed “potentially wormable” by the National Security Agency.
“It is time to face the electronic surveillance, educate the mujahideen about the dangers of the Internet, and support them with the tools, directives and security explanations to protect their electronic security, so that they don’t commit security mistakes that can lead to their bombardment and killing,” the group said in its founding announcement.
The EHF has since released a series of print and video tutorials covering a range of mobile security and dark web how-tos.
Last year, the group began distributing the weekly “Tech News Bulletin” including “the most important cyber security news.”