Threat Management, Threat Management

ISIS vs Anonymous – and Russia?

As Anonymous squares up to IS, and western critics of vigilante hacktivism question the wisdom of such a course of action, the Russian Government apparently takes an altogether different view.

In fact the Russian government, together with the Federal Security Service (FSS), are considering attracting hacker groups for the fight with Islamic State, an official spokesman of FSS has recently told SCMagazineUK.com.

A spokesman of the Russia's Ministry of Internal Affairs told SC's St Petersburg reporter Eugene Gerden, that unlike in Western countries, the majority of hacker groups in the country usually have connections with the local government and secret services and in most cases are controlled by them.

Consequently the Russian Ministry of Internal Affairs is now considering creating special hacker groups within its structure, that will focus on the fight with terrorists, and whose activities will be classified.

According to plans of the Russian government, these hacker groups should mainly focus on the fight with Islamic State's online recruiters (and in particular their social networks).

It makes a strange ally for the anti-authoritarian Anonymous which, in the wake of the Paris attacks, launched its most public effort yet to take cyber-war to so-called Islamic State, seen as having inspired the attack.

This was not the first part of the long cyber-war between IS and Anonymous. Anonymous launched an ‘#Op' after the Charlie Hebdo attacks at the beginning of 2015, helping to shut down thousands of social media accounts associated with IS as well as an IS dating site.

A similar tack was taken this time, with the hacktivist network crowd-sourcing its new ‘#OpParis', encouraging those who yearned to help deal a blow beyond online rebuke against IS. The volunteers would search social media for accounts that may have looked IS affiliated and then report them back to #OpParis, which would in turn publish those accounts and claim to hand them over to the police.

The lists compiled, numbering well over 10,000, contained accounts of people suspected as being affiliated with IS but also contained academics, journalists and ordinary Muslims. Even the mustachio-masked vigilantes themselves had to admit they had no way of verifying their information, so despite their lofty goals this campaign has failed to gain much credence with Twitter and the security services.

Prior to the news of Russia's potential involvement, one prominent critic of Anonymous, Olivier Laurelli, a blogger and founder of reflets.info, told SC Magazine UK that while the sentiment behind #OpParis was noble, the effort may have actually hurt legitimate attempts to mitigate or pursue Islamic State elements operating in western countries. When an account is gone, said Laurelli, the data that police could use to glean more information from them is gone too.

“Police now have technical and legal ways to exploit social media accounts,” said Laurelli. “They now have an offensive approach to exploit remotely, on the basis of the information gleaned from social networks.” But if the data on those accounts is deleted, then so is the geotag data which could help to locate IS militants, along with the contextual data which might have helped build a better picture of how IS networks and recruitment work.

The strategy, Laurelli told SC is essentially childish. For now, Twitter, Facebook and the general authorities “already have many targets and no time to waste with some more unwanted noise. We all should have humility to accept that the internet is not a battlefield where lists of public accounts would do something against Kalashnikovs”.

But this being the internet, tit for tat retaliation is the norm, and IS retaliated by publishing a list of people which the group had supposedly identified as members of the US defence establishment. Not too impressive for a group that claims to herald the coming of the apocalypse.

Elsewhere, NATO officials have been partly sympathetic if mostly disparaging of the masked group's efforts. James Shea Deputy Assistant Secretary General of NATO on new security challenges told press that,  “On the one hand, it is a good thing to make terrorists understand that they fight not only with States and their governments, but also with all the values of the modern society.” However, Shea added, “currently the Islamic State still has about 46,000 accounts on Twitter, which may provide an opportunity to secret services to monitor the activities of terrorists.”

Cyber-security legend and head of Kaspersky Lab, Eugene Kaspersky, echoed that very sentiment, telling SC that the battle with IS should be carried out by the relevant authorities and not hackers.

So what capabilities does IS have? One might say that it shares a similarly diffuse nature with Anonymous. Like Anonymous, there are hacking groups that claim allegiance to IS and we can safely assume that there are people, not yet in IS territory, who can commit minor to moderate acts of cyber-vandalism in the name of the ‘caliphate'.

Meanwhile, Anonymous has been said to be reaching a febrile senility at the far side of the curve. At this year's RSA conference, Joe Gallop, manager of cyber-intelligence production and analysis at iSIGHT Partners, stated plainly that Anonymous is failing and that other hacktivists groups are rising to take its place. There's been a decline in its activity since 2010, which according to Gallop, can be traced to internal fractures over whether to attack network infrastructure.

While Anonymous has demonstrated its capacity to cause mischief and chaos, we have been fortunate in not seeing anything remotely as impressive emanating from the IS camp. IS's actual cyber-capability is, by its very nature, a murky thing, and it's hard to know what exactly it can do.

Although it may be tempting to throw shade on IS's cyber-war capabilities, we would be wise not to underestimate such a determined foe. In the autumn statement, UK chancellor George Osborne claimed - presumably based on briefings by the intelligence services - that  Islamic State is plotting and capable of cyber-warfare with the intent of killing civilians.

Elsewhere, Mikko Hyppönen, chief research officer for F-Secure, claimed just a month before that IS was probably the only terror group currently capable of launching a major attack on a large piece of government infrastructure, say, an electricity grid. Kaspersky also told SC that he worries about IS growing to be able to recruit skilled hackers and launch complex cyber-attacks.

Terrorists have always understood how to leverage limited resources to maximum advantage. Carrying on this tradition of asymmetric warfare, it would appear that the terrorists are prepared to carry their struggle into cyber-space, an arena seemingly designed for this kind of fight.

Related

Record low ransomware payment prevalence observed

Only 28% of ransomware attack-hit organizations have fulfilled their attackers' extortion demands during the first three months of 2024, which is the lowest on record, potentially due to increased protective measures and mounting legal concerns stemming from paying such demands, BleepingComputer reports.

New tool used in China-linked attacks against Asia-Pacific

Intrusions with the Waterbear backdoor and its updated variant dubbed "Deuterbear" have been deployed by China-linked threat operation BlackTech — also known as Earth Hundun, Manga Taurus, Circuit Panda, Temp.Overboard, Palmerwom, Red Djinn, and HUAPI — against government, research, and technology organizations across the Asia-Pacific, reports The Hacker News.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.