Steven Stalinsky and R. Sosnow
August 27, 2015
Hacking In The Name Of The Islamic State (ISIS)
Middle East Media Research Institute (MEMRI)
August 21, 2015
Table Of Contents
Introduction
I. Table: Hacks By ISIS And Pro-ISIS Elements: A Chronology
II. ISIS Hacking Activity
III. Hacking Activity By ISIS Supporters And Pro-ISIS Hacker Groups
IV. The Islamic State Hacking Division (ISHD)
V. The CyberCaliphate
VI. ISIS Cyber Operations And Counter Operations
Introduction
Over the past year, Islamic State (ISIS) and pro-ISIS hackers, as well as hackers claiming to be associated with or operating in the name of ISIS, have been conducting cyber attacks throughout the world. The targets have included media outlets, government agencies, universities, NGOs, and businesses, from the very large to the very small.
During this time, there has also been a debate regarding ISIS cyber capabilities, about whether it seeks to wage cyber jihad against the West, and about the hacking capabilities of its members and online supporters. While some cyber security analysts have attempted to downplay the significance of these attacks by ISIS and pro-ISIS elements, and by others claiming an ISIS affiliation, the issue of cyber-attacks by ISIS elements is being taken very seriously by governments and law enforcement.
The FBI warned in a Public Service Announcement titled “ISIL Defacements Exploiting WordPress Vulnerabilities” on April 7, 2015, that “[c]ontinuous Web site defacements are being perpetrated by individuals sympathetic to the Islamic State in the Levant (ISIL), a.k.a. Islamic State of Iraq and Al-Sham (ISIS). The defacements have affected Web site operations and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Web sites. Although the defacements demonstrate low-level hacking sophistication, they are disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems.”
FBI Director James Comey added, at the Cybersecurity Law Institute at Georgetown University on May 20, that ISIS was “waking up” to the idea of initiating a cyber-attack against critical U.S. infrastructure with sophisticated malware. “Logic tells me it’s coming,” Comey said, adding that ISIS is “looking into” whether it would be capable of pulling off such attacks. Over the last two years, he said, there has been more attention paid to potential cyber-attacks against the U.S., and although he hasn’t seen them yet, “it just makes too much sense” that destructive malware would end up in the hands of terrorists. “Destructive malware is a bomb, and terrorists want bombs.” He added that while it may be difficult for a terrorist to physically enter the U.S., they can do so online in an instant.[1]
In the most recent significant hack, on August 11, 2015, the Islamic State Hacker Division (ISHD) released what it claimed was a large collection of names, emails and other sensitive information belonging to U.S. military and government personnel. Earlier this year, in March, the same group had “doxxed” 100 U.S. military personnel, and, in May 2015, Italian military personnel – tweeting “hit lists” of them that included personal addresses, phone numbers, and photos. By posting such information of U.S. military personal and their families, as well as of other Western military officials and families, ISIS and pro-ISIS hackers are facilitating – or are even encouraging and urging – lone wolf attacks on these individuals.
Specific examples of targets of ISIS and pro-ISIS hacks in the U.S. and other countries have included: military forces and bodies as well as Western government entities; major media such as France’s TV5Monde and other French entities, including military bodies; nonprofits such as U.S. military spouse organizations; the Chilean Defense Ministry; educational organizations such as University of New Brunswick, Canada; transportation hubs, such as Hobart International Airport in Australia; municipal and county government, such as Richland County, Wisconsin; Middle East media, such as MBC Arabic TV; the UAE’s Al-Ittihad daily; and Egypt’s popular Nugoum radio station, in addition to various U.S., British, Indian, Israeli, Dutch, Egyptian and Russian websites.
Pro-ISIS hackers have targeted the U.S. military multiple times for the purpose of data theft and doxxing. Additionally, these hackers have taken control of Facebook and Twitter pages; stolen credit card information from the U.S. and other “infidel” countries; hacked Western celebrities’ cellphones; exploited vulnerabilities in a WordPress plugin used by hundreds of sites; stolen data from armed forces personnel after gaining access to Facebook accounts; and threatened members of various militaries and even celebrities.
Announcement of one of the first hacks following the declaration of the Islamic State: “#Iraq #Iran #Syria The cyber mujahideen of the Islamic Caliphate have hacked the Iranian website iranefardamag.com” Source: ISIS Urdu Twitter account, July 5, 2014; see also MEMRI JTTM report Al-Baghdadi-Led Islamic State (IS) Tweets In Urdu For Audiences In Pakistan And India, July 15, 2014.
Pro-ISIS hacktivists have built their own networks, especially on Twitter, to support each other. For example, on August 13, 2015, following the August 11, 2015 claim two days earlier by the Islamic State Hacker Division that it had hacked U.S. military databases, a Twitter account offered to help pro-ISIS and jihadi elements create their own Twitter accounts to help spread the data that was obtained in the hack. This is a common occurrence; when one Twitter account is suspended, others quickly move in to take over and continue to spread the information. The tweet stated: “We repeat for the millionth time that we are ready to provide accounts for the army of [jihad] supporters [on Titter]. Al-Fateh [security software used by online jihadis to conceal their locations] is now taking a toll on Twitter. Get an account and spit on Jack [Dorsey, Twitter cofounder]. FYI Al-Fateh program [can be downloaded at (link provided)].”
Offering to create Twitter accounts for jihadi supporters. Source: @ENGISIS_3_9_, August 12, 2015.
Many cyber attacks by pro-ISIS hacking elements are aimed at obtaining and distributing data from American bank accounts and credit card accounts. For example, on January 30, 2015, an alleged Tunisian hacker announced that he had pledged allegiance to ISIS leader Abu Bakr Al-Baghdadi, and that he had hacked over 200 credit card accounts, both American and accounts from other “infidel” countries, in response to the anti-ISIS coalition campaign in Syria and Iraq.
Another significant aim of the cyber activity of ISIS and its online supporters and followers is to actively go after the group’s main opponents, including the Al-Raqqa-based anti-ISIS media collective Raqqa Is Being Slaughtered Silently, which exposes ISIS atrocities via Facebook and Twitter; the Syrian Observatory for Human Rights, which documents the human rights situation in Syria and reports violations; the U.S. military; and influential sheikhs and others who have taken a stand against the group. One of the aims of ISIS’s attacks on these groups and individuals is to obtain personal information about them and their families, so that they can be targeted on the ground – as were two Raqqa Is Being Slaughtered Silently activists, executed in July 2015.[2]
Some of the hackers who appear to be pro-ISIS may have no actual affiliation with the group, even though they use pro-ISIS content and symbols in their deface messages – whether to create havoc and confusion, or as a “false flag” for other reasons. Nevertheless, their actions contribute to ISIS’s cyber-jihad reputation, which continues to grow, and all these entities are investing and advancing in their capability, some under direct control of ISIS and others by means of their legion of online followers, creating a dangerous mix.[3]Highlighting this is the case of the extensive April 2015 hack of France’s TV5Monde, which made international headlines and for which the CyberCaliphate claimed responsibility. Although the State Department concluded that the CyberCaliphate TV5Monde hack may not have been connected to or endorsed by ISIS, and that it may have been the work of the Russian hacking group APT28, ISIS has gained from the publicity that such hacking attacks generate.[4] These attacks also help promote ISIS by making its cyber capabilities look more impressive than they actually may be.
The following report will review hacking activity against military, government, media, commercial, and individual targets over the past year by ISIS, pro-ISIS elements, and ISIS supporters.
I. Table: Hacks By ISIS And Pro-ISIS Elements: A Chronology
II. ISIS Hacking Activity
This section reviews hacking and cyber-attack activity by ISIS, including attacks on newspapers and radio stations, exploiting vulnerabilities to hack websites, urging supporters to step up their hacking efforts, and more.
ISIS Hacks Website Of UAE Newspaper
Deface image on UAE newspaper Al-Ittihad website.
On February 14, 2015, ISIS hackers successfully targeted and defaced the website of the UAE newspaper Al-Ittihad. They also included a photo of Maj. Mariam Al-Mansouri, a UAE woman pilot participating in airstrikes against ISIS.[5]
South African ISIS Fighter Asks Hackers To Attack Anti-ISIS Group on Twitter
Abu Hurayra Al-Hindi (“The Indian”), a South African of Indian descent who immigrated to Al-Raqqa, Syria with his family to join ISIS, uses Twitter and Tumblr to discuss ISIS. He focuses mainly on the process of immigrating to the Islamic State (“Hijra”) and provides advice to fellow jihadis who wish to come to Syria or Iraq. On February 13, 2015, he addressed hackers on his Twitter account with a request for information about the Al-Raqqa-based anti-ISIS media collective Raqqa Is Being Slaughtered Silently, which exposes ISIS atrocities via Facebook and Twitter. Information on this group’s activists obtained by hacking could have led to the exposure of the identity of two of the members of the group, which in turn might have helped lead to the two’s execution in July 2015.[6]
ISIS Exploits WordPress Vulnerability To Hack Several Websites
On March 7, 2015, it was reported that up to 200 websites were victims of an ISIS hack, apparently made possible by a vulnerability in a WordPress plugin that the hackers were able to exploit.[7] A banner reading “Hacked by Islamic State” and “We Are Everywhere ;)” appeared at the top of websites using the plugin.
Two restaurants in Cincinnati were among those who had their websites hacked, along with a rape crisis center in Dublin, Ireland and a credit union in Montana.[8]
On March 9, it was reported that the website of the Kuwaiti parliament had been hacked, although it was unclear whether this was related to the WordPress plugin.
On March 16, a high school in Rhode Island was hacked by what appeared to be a pro-ISIS entity. Links on the school’s homepage redirected to a page that read “I love Jihad… and I love ISIS.” The group, called Team System DZ, was also responsible for other hacks worldwide around the same time.[9]
ISIS Hackers Take Over Popular Egyptian Radio Station’s Twitter Account
On April 15, 2015, ISIS-affiliated hackers took over the Twitter account of the popular Egyptian music station Nugoum. The account, @NogoumFM, which as of this writing has nearly 350,000 followers, remained under the hackers’ control for nearly seven hours, during which they flooded it with pro-ISIS tweets, propaganda videos and pamphlets, as well as links to official ISIS releases.
The hackers also used the page to post an exclusive photo of Shadi Al-Mani'i, an ISIS commander in the Sinai, as proof that he was still alive despite Egyptian claims to the contrary. The posting of this photo indicates that the hackers are directly connected to ISIS operatives, and are not merely supporters of the organization.
In one tweet they wrote: “Today, oh media of immorality and corruption, we infiltrated your fortresses in the virtual world. Tomorrow, God willing, we will do so in the real world…”
Following this attack on Nugoum’s Twitter account, ISIS supporters attempted to flood the station’s Facebook page with links to ISIS propaganda.
Photo of ISIS commander Shadi Al-Mani'i uploaded by the hackers
Link to Issue 8 of the ISIS magazine Dabiq posted by the hackers
Link to an ISIS propaganda video posted by the hackers
Nugoum Facebook page reports the attack on the station’s Twitter account; ISIS supporters respond by posting ISIS propaganda
Al-Battar Media Video Claims ISIS Hackers Hacked ‘UK Military Website,’ Gives Details Of Westerners, Including Americans; Calls On Lone Wolves To Kill Crusaders - Especially 'Soldiers And Military Officers Revealed In Video
On August 23, 2015, the ISIS-affiliated Al-Battar Media group released a nine-minute video titled “A Message to the Lone Wolves” via the Al-Battar Media Twitter account. The video reveals personal information that it says belongs to Western individuals, including American, British, French, and Italian officials and soldiers, allegedly collected via an ISIS hack of a “UK military website” through which, it says, weapons are sold.
The video leaks the names, email addresses of soldiers, officials, and other Westerners whom it says are connected to the hacked website, and calls on “lone wolves” to kill Crusaders particularly the army officers whose details are revealed. It also gives a list of Western websites that it says were recently hacked by ISIS hackers.
Opening with a series of Al-Jazeera reports published in recent months on cyberattacks allegedly carried out by ISIS hackers against the French TV5Monde and U.S. CENTCOM, the video also includes a recording of ISIS spokesman Abu Muhammad Al-'Adnani’s call to lone wolves across the world to carry out attacks in the heart of the enemy’s cities. Text in the video, in Arabic and English, announces an ISIS hack of a British website dealing with weapons sales, noting: “Today, one of the lions of hacking was able to hack a website that sells weapons and which belongs to the United Kingdom and it has information about many UK soldiers and officials who dealt with this website, they were hacked and their info was leaked and the website deals with many countries in the world.”
Next, the video shows the details – name, email address, phone number, IP address, and country – of a number of individuals in the U.S., U.K., France, and Italy, allegedly obtained in the hack. It then features several of these individuals with a satellite view of their IP addresses’ geolocation. These are marked “Wanted: Dead.”
The video concludes by stating: “Go ahead oh lone lions and kill those crusaders and those who support them, and especially the soldiers and military officers, these are their addresses so don’t let them get away.”
List of names, email addresses, phone numbers, and IP addresses allegedly obtained in hack of website
III. Hacking Activity By ISIS Supporters And Pro-ISIS Hacker Groups
This section reviews cyber attacks and data leaks by ISIS supporters against U.S. military personnel, Western government entities, French websites and Facebook accounts, “apostates” in Egypt, and more.
ISIS Supporters Hack Website Of University Of New Brunswick Student Union
On October 14, 2014, “Team System Dz” successfully hacked the website of the University of New Brunswick (Canada) student union, leaving a pro-ISIS message on the defaced page. The university filed a report with the Royal Canadian Mounted Police. The hacked page contained the above image and the message “I love you isis.”[10]
Pro-ISIS Jihadi Forum, Back Online After Cyber-Attack, Says Its Founders Are Prominent Among ISIS Fighters
On November 10, 2014, the Jihadi Media Platform forum (alplatformmedia.com) – a major advocate of ISIS – announced its return to function after several days of being offline. The forum attributed its absence to “failed” cyber-attacks by the “enemies of Allah.” It also thanked the members in its “technical section” for aiding in the return of the forum to normal operation.
Arab Anonymous Hackers Group Expresses Support For ISIS, Offers It 'Electronic Support’ Against Its Enemies, Threatens Attacks On U.S. If It Continues Interfering In Muslims’ Affairs
On November 17, 2014, the hacker collective Anonymous released a video expressing support for ISIS, while offering it “electronic support” to fight its enemies. The 3:15-minute video, whose authenticity could not be verified, was posted on the YouTube channel of AnonymousARAB-TV. The video expresses sympathy with ISIS, saying that it comprises mujahideen who seek to establish an Islamic state “on the path of prophethood.”
Also in the video, Anonymous criticizes U.S. interference in Muslims’ affairs, and threatens to launch cyberattacks against government apparatuses and major corporations if it continues. It also expresses support for ISIS, offering the group electronic assistance in fighting those who it says oppose the creation of a “state of truth and peace.” Congratulating the ISIS fighters and wishing them victory, it warns Arab coalition countries against collaborating with the “enemies of peace.”
The video stated, in part: “We are Anonymous, and this is a message directed to the Islamic State. We completely realize that the Islamic State is a group of mujahideen who demand the establishment of an Islamic State on the path of prophethood. And we know well its beginning in the lands of Al-Sham and Iraq, as well as we know how it was [unintelligible] who swore oath of obedience to Emir Al-Mu'mineen Abu Bakr Al-Baghdadi…”
Member Of Pro-ISIS Forum Promotes Hacking Course
On December 17, 2014, Qannas Al-Somal, a member of the Jihadi Media Platform forum, promoted a hacking class taught on the online learning platform Udemy.com. He wrote: “Glad tidings my loved ones… get a penetration testing course priced at $300 for free!!! Hurry up brothers, time is limited.” Udemy offers a number of hacking and penetration testing classes, some at no charge.
Pro-ISIS Hacker Groups Target 'Apostates’ In Egypt And Sinai, Claim Data Gathered Will Be Useful For The Mujahideen
On January 4, 2015, Khawla Al-Sinawiyya, a female member of the Jihadi Media Platform forum (alplatformmedia.com) posted a link to a video that showed the breaching of a large number of Facebook pages that apparently belonged to Egyptian armed forces personnel, to whom the video referred as apostates. According to the video, hackers managed to gain access to the computers and mobile phones of their targets, obtaining valuable information in the process, including their workplaces and whereabouts. The video said that such information was useful for the mujahideen, whom it referred to as “our brothers.”
According to the video, the attack was a joint effort by the Electronic Jihad Team and the Al-Mukhabarat Al-Islamiyya (The Islamic Intelligence Services). It also said that electronic warfare is the primary tool in the war against the apostates in Egypt and Sinai: “Let the apostates in Sinai and Egypt know that… our war with them is not a war [carried out] on land only, but, firstly, [is] an electronic one, since this is the main weapon of the battle, and its strongest and most effective tool…”
Hackers posting on breached Facebook account: “This account was hacked by #Electronic_Jihad_Team in collaboration with #Hacker_Sinawi…”
Sample message by the hackers, with #Egypt_Province shown at its end
Pro-ISIS Hackers Target French Websites With Anti-Charlie Hebdo Messages
On January 9, 2015, a hacker group calling itself L'Apoca-Dz successfully hacked and defaced a number of French websites with messages condemning satirical publication Charlie Hebdo after the terrorist attack on its offices on January 7. Websites targeted were ones belonging to the French towns of Goussainville, Ezanville, Jouy-le-Moutier, Piscop, and Val D'Oise. The defaced pages featured the image below, which includes the message: “The Islamic State Stay Inchallah, Free Palestine, Death To France, Death To Charlie.” Some reports claim the hacker group is Algerian.[11]
ISIS Supporters Praise Hacking Of MBC Arabic Channel Twitter Account
Following the hack of the UAE-based Saudi MBC Arabic channel’s Twitter account by an ISIS supporter on January 13, 2015, mujahideen and other ISIS supporters on Twitter praised the hacker and quickly spread the news. Among the most proactive twitter accounts were @Soldier_Allah_X and @terrorist0011. Some tweets refer to the hacker as an ISIS supporter, and others state that the account was “hacked by ISIS.” Thus, it is unclear how involved ISIS actually was in the hack.
Left: @Soldier_Allah_X: “#ISIS hacker hacked MBC page :)J share so everyone gets to see it @MBCINWEEK #Islamic State” @Senyum8yuhada: ALLAHU AKBAR! RT [retweet]@TheinfoIslam The Twitter account for Arabic News Channel MBC has been hacked by the #Islamic State" @sunnaleb123: #Breaking News #Islamic State hacker hacked a MBC page #Twitter :) please share to everyone @MBCINWEEK #Islamic State"; “Allah Akbar, one of the #Islamic_State supporters hacks the account of MBC in a week… @MBCINWEEK #ISIS @Islamic State @ISL”.Right: @Senyum8yuhada: ALLAHUAKBAR! RT @TheinfoIslam The Twitter account for Arabic News Channel MBC Has been hacked by the #Islamic State"
@HaroonAziz88: “@Magnetgas: RT @tnAmghar9 @Soldier_Allah_X #ISIS hacker hacked MBC page :) share so everyone gets to see it @MBCINWEEK # Islamic State”; @ibnAmghar9: @Soldier_Allah_X: #ISIS hacker hacked MBC page :) share so everyone gets to see it @MBCINWEEK #Islamic State" @terrorist10011: “#ISIS hacker hacked MBC page :) share so everyone gets to see it @MBCINWEEK # Islamic State”; @terrorist10011: “#ISIS hacker hacked MBC page :) pleeeeaaaaaase share to every one see it”
Left: @terrorist0011: “[All tweets repeat the same phrase:] Allahu Akbar a supporter of #Islamic_State hacks the account of MBC this week… spread [with various hashtags on each tweet to spread news].” Right: @terrorist0011: [More tweets with the same phrase and different hashtags] @apokerooo: “Allahu Akbar a supporter of #Islamic_State hacks the account of MBC this week… spread.”@gghhgg123478: “Spread.”
Left: Top: @alfrqan11: “#Support_from_Supporters This brother that hacked the site of #mbc #support #The_Current_Atmosphere [Current events] #Islamic_State” Bottom: @AbdecoEspace: “Islamic State hackers break into the account for MBC channel takbiiiiiiir” Right: Top: @sunnaleb123: “Islamic State hacker hacked a MBC page #Twitter, please share to everyone @MBCINWEEK #Islamic State” Bottom: @ct1781322 “Allah Akbar, one of the #Islamic_State supporters hacks the account of MBC in a week… @MBCINWEEK MBC hacked #ISIS @Islamic State @ISL”.
Pro-ISIS Twitter Account Claims It Hacked Several French Websites
On January 21, 2015, the pro-ISIS Twitter account of Omarov Al-Jallad (@jladOmarov) claimed that it had hacked at least seven French websites. The account also boasted that in the case of one “famous” French website, it managed to obtain its members’ emails. Al-Jallad wryly noted that the attack was his form of freedom of expression, thereby hinting that it was carried out in response to the January 7 attack on Charlie Hebdo and the events that followed it.
Al-Jallad’s Twitter account publishes tech-related materials, dealing primarily with computer security. The account previously operated under the name @omarovsir.
Tweeting on January 18, Al-Jallad claimed that he hacked seven French websites, and that he was working on hacking others: “Assalamu Alaikum, seven French websites were hacked, and work is being done [to hack] the rest of the server’s websites. [I ask for] your prayers, #Only_Prophet_Of_Allah.”
Alleged Tunisian Hacker Pledges Allegiance To ISIS Leader Abu Bakr Al-Baghdadi, Claims He Hacked American Credit Cards In Response To Anti-ISIS Coalition Campaign
On January 30, 2015, an alleged Tunisian hacker who goes by the name Cm0oS announced that he had pledged allegiance to ISIS leader Abu Bakr Al-Baghdadi, and that he had hacked over 200 credit card accounts, both American and accounts from other “infidel” countries, in response to the anti-ISIS coalition campaign in Syria and Iraq.
In the video that he posted on his YouTube channel on November 20, 2014, Cm0oS said that he was a member of the Terrorists For Electronic Jihad team and stated that he had sworn allegiance to Al-Baghdadi.
Screenshot of Cm0oS’s video on YouTube
Cm0oS claimed in the video that he had hacked “over 200 credit cards and American Visa cards,” as well as credit cards from other “infidel” countries, “in response to the aerial bombardment that our mujahideen brothers are encountering in Iraq and Syria.” He added that he also had information on an additional “10,000” American Visa cards.
Screenshot of Cm0oS’s video showing alleged hacked credit cards
Also in the video, Cm0oS warned the U.S. and its allies against continuing their aggression against “our beloved Islamic State,” and said that the majority of the funds allegedly obtained from the hacked credit cards would be sent to ISIS. “Don’t force us to fight you, because you will be the losers, and, by the way, most of the money [obtained from the hacked credit cards] will, Allah willing, reach our mujahideen brothers in the Islamic State.”
Pro-ISIS Hackers Threaten, Send Texts To British Singer
On February 15, 2015, it was reported that British singer Lily Allen had received text messages on her phone from pro-ISIS hackers, including threats of violence against her. According to reports, the hackers obtained Allen’s phone number by hacking the phone of another singer – Taylor Swift. The text message read: “Alright U don’t understand I’m actually a terrorist from ISIS U dumb b–ch enjoy everything u get… I'ma hack u and kidnap u then rape ur gaping body then I'ma behead u and f–k the hole in ur neck u dumb skunk.”[12]
ISIS Supporter Hacks Chilean Ministry Of Defense Website
On February 26, 2015, the website for the Chilean Ministry of Defense was hacked and defaced by a user calling himself “Saddam Hussein” and claiming to be with ISIS. The defaced page featured the above image as well as a message in Spanish that read “We are ISIS, don’t forget me” and “Allah is the only God.”[13]
French Website Hacked By ISIS Activist
ISIS supporters have been increasingly targeting French websites in their cyber-warfare efforts. On March 15, 2015, an online activist reported on the Jihad Media Platform (a pro-ISIS forum) that the website of another French company had been hacked by an ISIS supporter. The following are details:
The hacked site is Opalic.com, which belongs to a small investment and consulting company. It was targeted by a hacker who identifies himself as “MrDanger” and “Dark Master,” a member of the “Supporters of the Islamic Caliphate” group.
When the page opens, a jihadi song plays in the background. The content of the site’s front page is replaced by series of images and text in English and Arabic.
Some of the text reads:
“Greetings to the supporters of the Islamic Caliphate State”
“Campaign of electronic vengeance to support our mujahidin brothers”
“We will hang the flag of the Islamic State over your thrones despite your will”
“We will not back down from this decision [to support ISIS]”
“From Iraq to Sham and from Sham to Jerusalem and soon in Rome”
The images include a photo of armed ISIS fighters and a map of North Africa with an ISIS flag superimposed on it.
Pro-ISIS Hackers Deface Richland County, Wisconsin Websites
On March 21, 2015, Morocco-based pro-ISIS hackers, known as Team System DZ, defaced Richland County, Wisconsin websites. Among the county offices whose websites were hacked were the County Sheriff’s Department, the City of Richland Center Municipality, the Parks commission, the ambulance service, Richland County Fair & Recycling, the Land Conservation Department, and the Richland County Fitness Center. The hacked websites displayed an image with the message “Hacked by Team System DZ! I am a Muslim & I love jihad, I love ISIS” and “Fuck USA & Israel.”[14]
Hacker Entity Attacks Indian, Israeli Websites, Promises Attacks On U.S., Its Allies, Economy
In late March 2015, Al-Qaeda Electronic Base, a hacker entity that sympathizes with Al-Qaeda and with ISIS, announced that it managed to deface a number of Israeli and Indian websites.
The announcements were posted on the group’s Twitter[15] and Facebook pages,[16] as well on Al-Fida’ forum. On its Facebook page, the group operates under the Al-Ma'arek Media Production Company. The defaced websites included images associated with Al-Qaeda, as well as the black ISIS banner.
A week previously, Al-Qaeda Electronic Base had claimed attacks against several Chinese websites.[17] The defaced websites included the same images.
The group noted that it targeted three Indian websites that belonged to the Indian company Viva, which sells educational materials online. “Thanks to Allah, the three websites were under full control,” the group proclaimed. It further noted that it would continue targeting other websites of “unbelief and oppression,” including “attacking the American economy and the economy of its allies.”[18]
In its announcement regarding the targeted Israeli websites, the group said that it had hacked four websites belonging to the “Zionist entity.” Dedicating the attacks “to our brothers in the land of Islam in general, and [in] Palestine in particular,” it promised to continue supporting the Palestinians.[19]
Several Websites Hacked and Defaced By ISIS Cyber Army
Between March 19 and 29, 2015, the pro-ISIS hacking group ISIS Cyber Army defaced five websites – a French investment consulting firm,[20] three Egyptian sites,[21] and a Russian site.[22]
A pro-ISIS hacking group claim credit for the hack on Twitter[23] and on a pro-ISIS forum[24] The websites’ home pages were defaced with an ISIS flag, signed by “Hacked by Islamic State,” and provided with a Twitter handle as well as an email address on a Russian server. When the hacked page is accessed, an ISIS religious song, “Qariban Qariban” (“Soon Soon”) is heard in the background.
Left: Defacement page. Right: Screenshot of the tweet claiming credit for one of the attacks: “Hacking another website – #France[’s] stock index website. Only the #Islamic State.”
Pro-ISIS Hackers Deface Website Of Australian Airport
On April 13, 2015, the website of Hobart International Airport in Tasmania, Australia, was hacked by Team DZ. The group defaced the site with pro-ISIS images and a message that read: “A message to all peoples of the world and especially to governments. Islamic State List to restore the right of Muslims who have been killed by your governments savage and unjust. Islamic state will restore dignity for Muslims. Will purse the land of the Muslims from the hypocrite infidels. It intervenes you will equip you to dwell in cemeteries. Fuck USA & Israel.”
Authorities reported that identical messages have appeared on airport websites around the world since late 2014.[25]
Pro-ISIS Hacker Attacks British, U.S., Netherlands Websites
The Twitter account “Hacker of the caliphate state” (@ica_is6), which says it is an “electronic soldier” of the ISIS, claimed to have attacked a large number of British websites, as well as a Netherlands and an American website.
In a series of tweets on April 11-12, 2015, the account listed 23 British websites it claimed to have attacked.[26] The first tweet noted that the cyberattacks were a message to the “dog of the cross,” British Prime Minister David Cameron, and that they represented a “bombardment by the #Islamic_State soldiers.”
Previously, on April 11, the account tweeted that it had attacked an American website. The tweet was accompanied by the hashtag #We_Will_Burn_America.[27]
The next day, April 12, a member of the Jihadi Media Platform forum (mnbr.info) posted links to a defaced Dutch website that was also targeted by the same entity. The defaced webpages show the ISIS banner followed by the English caption “Hacked By Islamic State.” The email and Twitter names of the hacker (see below) are included as well, and the logos of several pro-ISIS media companies appear at the bottom of the page.
The Twitter account @ica_is6 previously operated under @ica_isis5. On April 11, @ica_is6 tweeted that its previous account had been closed down, and announced its new account and asked the “brothers of the #Islamic_State” for support.
ISIS hacker announces new Twitter account, asks for support
On its page, the Twitter account provided isis-cyberarmy @mail.ru as its email, and also provided its Telegram messenger app handle, @icais5.
U.K. Nonprofit Hacked By ISIS Supporters
On April 17, 2015, the website of The Red Barn, a nonprofit based in Leeds, Alabama, was hacked and defaced by ISIS supporters. Visitors to the website saw a three-minute video with an image of a man dressed in black holding a machine gun, while music played in the background. The words “infidel” and “jihad” could be heard in the video’s audio.[28]
Pro-ISIS Hacker Attacks Facebook Pages In Retaliation For Shutdown Of Pro-ISIS Facebook Pages
In April 2015, a pro-ISIS hacker hacked a number of Facebook pages in retaliation for the shutdown of other Facebook pages that belonged to ISIS supporters. The hack, which was reported by jihadis on the pro-ISIS Jihadi Media Platform forum, was carried out by a member of the pro-ISIS online media entity Rabitat Al-Ansar. Jihadis on the forum posted a link to a video filmed by the hacker showing parts of the attack. The hacker, who uses the alias Al-Saffah Al-Muhajir (“The Immigrant Butcherer”), noted that the targeted Facebook pages belonged to Rafidites (Shi'ites), who, he says, were involved in reporting pro-ISIS Facebook pages for the purpose of shutting them down.
The video lists two Facebook pages along with their log-in credentials.
The two hacked Facebook accounts along with their passwords
The hack appears to have gone beyond mere unauthorized access to the Facebook pages, and apparently also included compromising the computers of the account holders. For example, the hacker demonstrates how he was able to take a snapshot via one of the victims’ webcam, of the victim himself, who appeared clueless as to what was happening.
A snapshot of the victim, taken by the attacker
The attacker also left a message that noted that ISIS was behind the attack, and promising future attacks as well.
Pro-ISIS Activist Hacks Facebook Pages Of Shi'ite Bodies In Lebanon
A 14-minute video posted May 11, 2015 on the Jihadi Media Plaform documents the hacking of several Facebook pages by a pro-ISIS activist using the name Marwan Al-Nuaimi. The pages belong to Shi'ite organizations in Lebanon, most of them connected to the field of medicine, including volunteer groups, a doctors’ association, and a medical equipment store. The film, accompanied by the song “We Are Determined,” which is associated with ISIS, shows the hacking operation, stage by stage. On each page, the hacker planted an image saying “game over” and another saying “terrorist hacker Marwan Al-Nuaimi, supporter of the Islamic State.” The activist declared that he means to hack even more important sites in the near future.
Pro-ISIS Hacking Group Threatens Imminent Cyber-Attack
On May 11, 2015, a group of pro-ISIS hackers released a 3:30-long video, in Arabic with English subtitles, threatening the U.S. and Europe with an imminent cyber-attack. The video, titled “Message to America from the Virtual World,” was distributed via Twitter by a pro-ISIS account (@is_caliphate_n), and the tweet also spread a campaign of hashtags in English and Arabic, such as: #HelloftheAmericansystem, “Ansar hacker group,” and a banner.
The video, released and distributed via Twitter, included a banner reading “Message to America – From the land to the digital world”
Pro-ISIS accounts distributed the video and also disseminated the hashtags using images such the one above, whose message reads: “Today, the supporters of the Islamic State have left their mark on the digital world; the time of American hegemony is over”
The video includes an audio message, in Arabic with English subtitles, as an ISIS jihadi nasheed, “We have come as soldiers for God,” plays in the background. A map of the world is shown, as are several screenshots of hacks claimed by pro-ISIS hacker groups – including the hacking of U.S. Central Command’s Twitter account[29] and the claimed hack that led to the publication of a “hit list” of 100 U.S. military personnel.[30] The audio message plays against a still image of a faceless man in a hoodie sitting in front of a laptop – as in many videos released by the hacktivist group Anonymous.
Screenshot from the video.
The following are excerpts from the audio message:
“We are the Islamic State’s defenders on the internet. This message is sent to the servants of the cross. […]
"Message to the whole world, we are the supporters of the Islamic State who humiliated the armies of disbelievers everywhere. […]
"Praise to Allah, we are now expanding on the land and on Internet. We send this message to America and Europe: we are the hackers of the Islamic State. The electronic war has not begun yet. What you have seen before is just a preface for the future. We were already able to hack the website of the American leadership, the website of the Australian airport and many other websites. Despite you paying billions to secure your electronic websites it has become easier for us to hack into your websites in a short amount of time, thus your security information is in our hands. You do not have the power to fight the Islamic State.
"Oh soldiers of the Islamic State, we are the supporters, we will be your electronic army, and with the help of Allah we will show our power to the west. The west will soon realize that they do not have the power to face us. Soon, we will publish your plans that seek to fight Islam, the targets are ready and the hackers have started working. We are observing all of your movements from your devices. Therefore, you have to learn that we do not bend nor lose. Soon, you will see how we control your electronic world.
"Although America increased its internet security, we today have information on its soldiers. We are the hackers of the Islamic State and we do not turn our backs on oppression. Today the electronic fields witness our victory and soon you won’t have any control over the internet.”
Pro-ISIS Group Hacks Old Dominion University Website
On May 18, 2015, a hacker group calling itself “El Moujahidin Team” hacked the website of the Mace & Crown, a student newspaper at Old Dominion University in Norfolk, Virginia. The website was defaced with the hacker group’s logo and messages “of our Palestine and all Arabs,” which included: “We don’t accept killing Muslims everywhere. Stop killing us.”
The hackers appear to be Algerian, as they used the hashtag “Free Hamza BendelladJ,” a reference to an Algerian national extradited to the U.S. in 2013 on federal cybercrime charges. Tweets from the hacker group also indicated that they are aligned with ISIS.
Pro-ISIS Hackers Target Tri-State Area Healthcare Provider Website
On May 22, 2015, Pix 11 in New York City reported that a pro-ISIS hacker group known as “Moroccan Revolution Team” had defaced the website of Westchester Health, a healthcare provider for the tri-state area. The website featured an ISIS flag and the caption “I love you ISIS.” The website remained defaced for approximately 16 hours, but according to Westchester Health’s CEO, the homepage that was hacked is only for marketing purposes, and user info can only be accessed via a separate password-protected portal.
Middle East Cyber Army Hacks Arizona Department Of Weights And Measures
On June 9, 2015, the Phoenix Business Journal reported that an Islamic hacker group calling itself the Middle East Cyber Army had hacked the website of the Arizona Department of Weights and Measures. According to the report, the group posted pro-Islam messages on the website, which was still down for maintenance several days later.
Subdomain of U.S. Dept. of Energy’s Argonne National Lab Hacked by Cyber Islamic State
On July 9, 2015 it was reported that Cyber Islamic State had hacked and defaced the subdomain of the Illinois-based Argonne National Laboratory website, owned and funded by the U.S. Department of Energy Office of Science.
The targeted domain itself belongs to Argonne’s Laboratory Computing Resource Center (LCRC). Argonne (anl.gov) conducts research in energy storage, alternative energy, national security, and biological and environmental systems.
The hacked domain showed a deface page with the ISIS logo and a message, with an Arabic prayer playing in the background. The deface message talks about upcoming war.
The previous day, July 8, the group had hacked and defaced the official website of The State Ministry for Euro-Atlantic Integration of Georgia, leaving a deface page along with the ISIS logo and a brief message.[31]
Syrian Observatory For Human Rights Hacked By Cyber Army Of The Khalifa
On July 8, 2015, the website of the UK-based Syrian Observatory for Human Rights was hacked by ISIS supporters identifying themselves as the Cyber Army of the Khalifa. The hackers posted a photo and Arabic text threatening the organization’s director, Rami Abdul-Rahman; the photo showed a man in an orange jumpsuit kneeling next to an ISIS fighter with Abdul-Rahman’s face photoshopped onto him. A screenshot of the hacked page distributed via Twitter.
The hackers destroyed data the monitor had collected on its servers, but, Abdul-Rahman says, the data was backed up and will be published on the group’s Facebook and Twitter accounts.
According to the AFP, the Observatory had previously received threats from both the Syrian regime and Al-Qaeda.[32]
Pro-ISIS Hackers Document Attacks On Egyptian Targets, Urge Muslims To Join 'Electronic Jihad’
On July 20, 2015, Sinai-based pro-ISIS hackers released, in a video, their second tally of cyber operations against Egyptian targets. The hackers operate under the umbrella name of Al-Mukhabarat Al-Islamiyya (The Islamic Intelligence Services). The video, 21 minutes long, is Part II in a series on the topic, and documents some of the attacks, including an attack on the website of Alexandria University’s faculty of medicine, which was defaced with ISIS content; an attack on a number of Egyptian government webpages; and phone conversations between some Egyptian soldiers that were obtained by the hackers; the soldiers’ name and rank accompany the recordings. In these recordings, one Egyptian soldier expresses his concern that the “IP [address] of [his] mobile phone” was obtained by the hackers, and that it was used to “pinpoint my location and movements.” The same soldier also refers to Ansar Beit Al-Maqdis, the group that was the precursor to ISIS in the Sinai, and his allegations about how it managed to “hack my account, and change my email to Hacker Sinawi.” Compromised Facebook pages that belonged to the “tawaghit” (oppressors) are shown as well.
In Part I of their video series, released online in January, they mostly showed how compromised Facebook pages allegedly belonging to various Egyptian military personnel were jam-packed with ISIS content. The attacks, said the video, were in response to the Egyptian military campaign against jihadis in Sinai. The video also claimed that various sensitive information was obtained by accessing military personnel mobile phones and computers.[33] This latest video reveals phone conversations allegedly among Egyptian soldiers intercepted by the hackers.
The Sinai and Egypt have become a prime location for a cyber-warfare attempts among pro-ISIS hackers and hackers associated with the Egyptian regime, such as the Egyptian Cyber Army (ECA).[34]
This latest video was released via the Twitter account of Al-Qursan Al-Sinawi (@SinaiPirateS), a Sinai-based hacker who also goes by the name Al-Qursan Al-Suwairki (“The Suwairki Pirate”).[35] The name “Al-Suwairki” refers to the Al-Sawarika tribe in northern Sinai, from where the hacker hails and supposedly operates.
The video was also promoted via the hashtags #War_Of_Minds and #Electronic_Attacks_2.[36]
Al-Sinawi Twitter page
Gaining access to the Alexandria University faculty of medicine database
Defacement of the website with ISIS material
Video segment on soldiers whose phone conversations were hacked.
PRO-ISIS HACKTIVISTS TWEET THAT THEY HACKED NATO WEBSITE, LEAKED SOLDIER INFORMATION
On July 26, 2015, ISIS supporters on Twitter began circulating images containing what they claim is the personal information of NATO soldiers obtained by ISIS after it hacked the NATO website. The information included names, countries of origin, phone numbers, and more.
ISIS Supporters Hack Cincinnati Restaurant Website
On August 8, 2015, the website of the Cincinnati, Ohio-based Canal House Bar & Grille restaurant was hacked and defaced by ISIS supporters. The defaced page featured the image below, extolling ISIS and jihad.[37]
ISIS Supporters Publish List Of U.S. Government IP Ranges For Targeting By Hackers
On August 22, 2015, ISIS supporters began circulating on Twitter a list of IP ranges, allegedly belonging to various U.S. government agencies, so that they can be targeted by ISIS hackers.
An August 22 tweet (below) from a pro-ISIS account promoting the list stated: “#Entire IP ranges [of the] #U.S. #government #military and #security #bases and #websites The Islamic State, Caliphate #News.” (The full list is available upon request.)
IV. The Islamic State Hacking Division (ISHD)
The Islamic State Hacking Division (ISHD), which has no apparent official link to ISIS but which is sometimes reported as being officially affiliated with it, publishes hit lists of U.S. and other Western military personnel, including photos, physical and email addresses, phone numbers, and more, and urges ISIS members and supporters to target the individuals named.
ISHD Publishes Hit List Of 100 U.S. Military Personnel, With Photos And Addresses
On March 21, 2015, ISIS supporters circulated on jihadi forums and social media a document in English by the Islamic State Hacking Division (ISHD). The document contains a hit list of 100 U.S. military personnel, each with a photo and address. The list is preceded by a message noting that the group obtained this information by hacking several military servers, databases and emails containing details on personnel in the U.S. Air Force, Navy, and Army. The message also urges ISIS supporters in the U.S. to assassinate the individuals on the list for their alleged involvement in the campaign against the Islamic State.
MEMRI has a copy of the full list with the names and addresses of the U.S. servicemen.
The following are excerpts from the document’s introduction, in the original English:[38] “O Kuffar [infidels] in America, O You who worship the cross, O You crusaders that fight the Islamic State, we say to you: "DIE IN YOUR RAGE!”, die in your rage because with the grace of Allah, The Islamic State Hacking Division (ISHD) has hacked several military servers, databases and emails and with all this access we have successfully obtained personal information related to military personnel in the U.S. Air Force, NAVY & Army… With the huge amount of data we have from various different servers and databases, we have decided to leak 100 addresses so that our brothers residing in America can deal with you.
“O Brothers in America know that the jihad against the crusaders is not limited to the lands of the Caliphate, it is a world-wide jihad and their war is not just a war against the Islamic State, it is a war against Islam. These kuffar [infidels] that drop bombs over Syria, Iraq, Yemen, Khurasan [Afghanistan] and Somalia are from the same lands that you reside in, so when will you take action? Know that it is wajib [religious obligation] for you to kill these kuffar [infidels]! and now we have made it easy for you by giving you addresses, all you need to do is take the final step, so what are you waiting for? Kill them in their own lands, behead them in their own homes, stab them to death as they walk their streets thinking that they are safe…”
Part of the hit list presented in the document (names, photos, and addresses have been blacked out).
ISHD Publishes Hit List Of Italian Officers For Targeting By 'Lone Wolves’
On May 30, 2015, pro-ISIS online activists distributed via Twitter a document urging ISIS lone wolf operatives in Italy to target Italian military personnel, while supplying 10 profiles of prospective targets, complete with the photos, addresses and phone numbers. The document is signed by the ISHD.
In its message, the group claimed that it had penetrated and gained access to secure servers. The information distributed in both the Italian and U.S. hacks was apparently retrieved online using open source intelligence gathering methods to trawl through social media and publicly available records. The practice of publishing online personal data about an individual, or “doxing,” is standard operating procedure for hacktivists and cyber-vigilantes.
The document, hosted on the justepaste.it platform, was distributed by ISIS supporters (@PhantomAJ) on Twitter, accompanied by the hashtag #WeWillBurnRome. ISIS operatives consider Italy a legitimate target because it participates in the anti-ISIS coalition. Moreover, Rome is highly symbolic in ISIS discourse because it connects the coalition to the Crusaders.[39] The conquest of Rome figures prominently in ISIS eschatology and this explains why threats and calls to conquer Rome appear so frequently.[40]
The document contains a quote from a speech delivered by ISIS spokesman Abu Muhammad Al-Adnani, as well as a quote from a message to President Obama delivered by the ISIS operative and executioner known as Jihadi John. Both quotes were translated into Italian in the document. Several Koran passages are also cited.
The following are excerpts from the document, translated by MEMRI from the original Italian:
“O Kuffar [unbelievers] in Rome, Oh You who worship the cross, Oh You crusaders that fight the Islamic State, we say to you 'DIE IN YOUR RAGE,’ die in your rage because with the grace of Allah, The Islamic State Hacking Division (ISHD) has hacked several military servers, databases and emails and with all this access we have successfully obtained personal information related to military personnel in the Italian Air Force, Navy and Army… with the huge amount of data we have from various different servers and databases we have decided to leak 10 addresses so that our brothers residing in Italy can deal with you.
"We will conquer Rome and Al-Aqsa, we will destroy your crosses with Allah’s blessing. I’m back although the disbelievers dislike it. We swear by Allah that we will soon enter and conquer Rome. A message to the lone wolves: We await your surprises. Italy has declared war and we have declared war long ago Al-Jihad, Al-Jihad, Al-Jihad.”
Screenshots from the document showing profiles of proposed targets; faces and personal information were blurred by MEMRI team.
ISHD: We Compromised Sensitive U.S. Government, Military Personnel Data, Release Data Online
On August 11, 2015, the ISHD claimed that it had released a large collection of names, emails and other sensitive information that it alleged belonged to U.S. military and government personnel. A tweet by the group’s official account (@IS_Hacking_Div) reads: “Takbeer ALLHU AKBAR: U.S. Military And Government HACKED by the Islamic State Hacking Division!>>>LEAK”
The information leaked includes the full names, departments, email and physical addresses, phone numbers, and alleged passwords to the emails of hundreds of individuals, in addition to information to four RAF bases in the UK. A link to the information was posted on the group’s Twitter account.
The ISHD is currently thought to be headed by 21-year-old Junaid Hussain, aka Abu Hussain Al-Britani, from Birmingham, UK, who fled the UK to join ISIS in 2013.[41] Hussain is believed to be behind a Twitter account with the handle of Abu Hussain al Britani, which has been linked to CyberCaliphate. Hussain, who went to Syria in 2013 despite being under police supervision following his arrest for hacking the email account of then-prime minister Tony Blair and posting his personal information online, is thought to be a major recruiter and mastermind of a widespread ring of young computer experts recruited by ISIS to hack into the bank accounts of UK businesses and of celebrities, among them rapper P Diddy. He is believed to be teaching the new recruits how to crack codes and access sensitive information; a source said that “[t]he hackers are targeting the accounts of the rich and famous, VIP clients of banks and big businesses” and called this activity “international fraud on an unprecedented scale and the result could be a bottomless pit of money to fund their campaign of terror.”[42] Hussain was also linked to the attackers at the May 3, 2015 “Draw Muhammad” cartoon contest in Garland, TX.
Alleged CyberCaliphate leader Junaid Hussein/Abu Hussain Al-Britani Twitter account, accessed August 22, 2014.
Tweet announcing the hack (link blurred by MEMRI)
In a separate tweet, the group boasted that it had been watching its targets “for months,” and that all information it obtained had been passed on to the “soldiers of the Khilafah.”
In a message accompanying the list, the ISHD noted that the hack was a response to the anti-ISIS Crusader coalition, and warned that it had compromised the “emails and computer systems” as well as the social media accounts of its targets. It also threatened that the information it had obtained would be used to “strike at your necks in your own lands.”
The ISHD Twitter account at that time had 211 followers, and was following 20 accounts, including that of several Western ISIS fighters, Western media outlets, and the account of extremist British cleric Anjem Choudary.
The group also provided, on its Twitter page, several ways of contacting it, including via the secure communication apps Wickr and Kik as well as email.
V. The CyberCaliphate
The apparently pro-ISIS CyberCaliphate first emerged with its December 24, 2014 cyberattack on the Albuquerque Journal and on unnamed “official network communications.” Since then, it has carried out numerous cyber-attacks, mostly defacements, for example on January 6, 2015, when it hacked and defaced the website of WBOC TV in Maryland. It claims to have hacked the FBI’s New Mexico office on January 7, 2015, and has gone on to deface websites of other television news stations, including its April 2015 hack of the French TV5Monde, disrupting broadcasts and compromising critical information, including details on the relatives of French soldiers fighting ISIS;[43] attacking print news services, including official U.S. news services and Newsweek magazine; nonprofits, such as a U.S. military spouse organization; U.S. military websites, including U.S. Central Command (CENTCOM); and social media accounts, including Facebook and Twitter pages.
In January 2015, government sources and private sector security experts speculated that Junaid Hussain, aka Abu Hussain Al-Britani, who is now thought to be heading the ISHD, was the leader and founder of CyberCaliphate.
The following are some of the cyber-attacks claimed by the CyberCaliphate:
CyberCaliphate Attacks Maryland News Outlet
On January 6, 2015, both the Twitter account and website of the WBOC television station in Salisbury, MD, were the target of cyber vandalism by CyberCaliphate. One tweet from the hijacked account read “INFIDELS, NEW YEAR WILL MAKE YOU SUFFER,” and the account’s profile picture was replaced with the image of a masked man with the text, “I love you ISIS.” Other posts claimed that ISIS had stolen documents from the FBI, and files that appeared to be FBI enforcement information bulletins began to appear on the hijacked account.[44]
CYBERCALIPHATE CLAIMS RESPONSIBILITY FOR ATTACK ON U.S. TARGETS, PROMISES FURTHER ATTACKS
Also on January 6, 2015, CyberCaliphate began taking responsibility for an attack against “the U.S. Official Network Communications,” from which the group claims to have obtained confidential information about a large number of residents of Albuquerque, New Mexico.
An announcement that the group posted on Pastebin.com on December 29, 2014 stated that the attack was in response to the U.S. bombing of the Islamic State and promised “no mercy” towards the “infidels.” The group also promised to expand its attacks to other states besides New Mexico. The announcement read: “NEW YEAR WILL MAKE YOU SUFFER INFIDELS/In the name of Allah, the Most Gracious, the Most Merciful, the CyberCaliphate continues its CyberJihad. While the U.S. and its satellites are bombing Islamic State we broke into your home networks and personal devices and know everything about you.”
CyberCaliphate Claims Hack Of U.S. Central Command Twitter, YouTube Accounts; Users On Top ISIS Forum Praise Hack
On January 12, 2015, CyberCaliphate hacked the Twitter and YouTube accounts of the U.S. Armed Forces Central Command (CENTCOM) and used the accounts to disseminate its propaganda, as well as to leak information on CENTCOM personnel and other documents. The Pentagon later said that the information posted by CyberCaliphate was not “highly classified.”
The CENTCOM Twitter account was subsequently taken offline, and the official CyberCaliphate Twitter account, which also announced the hacking, was suspended.
Following are several CyberCaliphate tweets from the hacked account (some information has been blurred by MEMRI), from CENTCOM’s YouTube page, and from CyberCaliphate’s own Twitter account:
From The CENTCOM Twitter Account
From The CENTCOM YouTube Account
From The CyberCaliphate Twitter Account
Users on the pro-ISIS message board Jihadi Media Platform (Alplatformmedia.com) celebrated the hack and posted messages of encouragement. User Muawhid Al-Ma'ribi wrote: “I swear by Allah, [the hack is] a great strike.” He later added: “We defeated Twitter’s administration, hacked the Americans’ accounts, gathered their data, and terrified their leadership…” Another user, Falah, wrote: “Twitter [administration] is going to go crazy.” Al-Nu'man Al-Jaza'iri wrote: “Allah Akbar… By Allah, a great and delighted act. Thanks to Allah.” User Mata Al-Sa'a wrote: “This is the first [rain] drop, and we await the rain, Allah willing…”[45]
The hack announcement on the Jihadi Media Platform message board
CyberCaliphate Claims Hack Of 'Newsweek’ Twitter Account, Sends Message To Obama Family
On February 10, 2015, CyberCaliphate hacked the Twitter account of Newsweekmagazine, using it to tweet ISIS propaganda and what it said was classified information (though it included an “unclassified” designation). The account also tweeted a Valentine’s Day message to First Lady Michelle Obama: “Bloody Valentine’s Day #MichelleObama! We’re watching you, you [sic] girls and your husband! #CyberCaliphate.” Another tweet included names of fallen mujahideen and a threat to continue releasing “confidential documents.”
Following are some of the tweets sent by CyberCaliphate from the Newsweekaccount before Twitter administrators regained control of the account and deleted them (some of the information has been blurred by MEMRI):
CyberCaliphate Hacks Twitter Account Of U.S. Military Spouses Organization
On February 10, 2015, CyberCaliphate hacked the Twitter account of a military spouses organization, Military Spouses of Strength, tweeting personal threats against a number of members of the group, as well as threats against First Lady Michelle Obama.[46]
CyberCaliphate Hacks French TV Station And Its Facebook Page
On April 8, 2015, in one of the biggest attacks to date on televised communications, CyberCaliphate hacked France’s TV5Monde television network and took over its live broadcast, website, and Facebook page. At the time of the attack, TV5Monde’s director told AFP: “We are no longer able to broadcast any of our channels. Our websites and social media sites are no longer under our control and are all displaying claims of responsibility by the Islamic State.” The channel’s website and its Facebook page were defaced with pro-ISIS images and messages in English, French, and Arabic.[47]
VI. ISIS Cyber Operations And Counter Operations
This section reviews ISIS hacking and cyber attack campaigns, propagated under various hashtags.
Pro-ISIS, Other Muslim Hackers Declare Cyber Jihad; Under #OpFrance, 20,000 French Websites Attacked, Including Gov’t, Military; Hackers, Supporters Celebrate On Twitter: Mocking Pope, Statue Of Liberty, 'Coming To Crush The Cross’ And 'Your Freedom,’ Tweeting Images From ISIS Beheadings
During the week of January 16, 2015, Muslim hacktivist groups launched a massive hacking operation against thousands of French website, in retaliation for the cartoons published by the satirical French weekly Charlie Hebdo. The operation, dubbed #opFrance, included participants Fallaga Team from Tunisia, the United Islamic Cyber Force, the C7 Crew, Mauritania Attacker, AnonGhost, Middle East Cyber Army (MECA), and CyberCaliphate.
Some 20,000 French websites were targeted as part of #opFrance; the websites ranged from military regiments to small business such as pizza shops. For the most part, the attacks were DDoS. Users on Twitter also announced hacks of the websites of the University of Toulouse, the French Ministry of Economy, Finance, and Industry, the National Marine Resources Center, banks, and more.
The hackers also targeted French members of Anonymous, which had previously launched its own #OpCharlieHebdo against jihadi websites. A video posted on YouTube shows Tunisian hackers gaining access to the Facebook page of a French member of Anonymous.[48]
On Twitter, the hacker groups and other users began calling for the operation several days ago, using hashtags such as #OpFrance and #HellforHebdoPigs. One user wrote on January 10: “#OpFrance Muslims hacking the enemies of Allah!” The United Islamic Cyber Force tweeted: “We are not declared a war [sic.] but we just DEFEND our religion!” On January 9, the Middle East Cyber Army tweeted: “#OPFRANCE DECIDED !! WE ARE MUSLIMS AND WE WILL NOT LET ANYONE TO HUMILIATE US !!! #OPFRANCE WILL START ON 15th OF JANUARY !!!” On January 15, they tweeted: “TODAY IS THE DAY 15/01/2015 !!!! THE DAY #OPFRANCE IS LAUNCHED !!!! EXPECT MASS DEFACES TODAY AND BIG BIG SURPRISES WITHIN THE OPERATION !!”
Following are a collection of tweets from #OpFrance: [49]
Mauritania Attacker
United Islamic Cyber Force
United Islamic Cyber congratulating CyberCaliphate for hacking the U.S. Armed Forces Central Command (CENTCOM) Twitter and YouTube accounts
Using the hashtag #HellForCharlieHebdo
In #OpISIS, Anonymous Hacks ISIS Twitter Accounts, Publishes List Of Accounts That It Says U.S. Has Been Unable Or Unwilling To Stop
On February 16, 2015, under #OpISIS, Anonymous launched another wave of attacks on social media accounts promoting ISIS. Anonymous also published a full list of what it said were ISIS accounts that Twitter administrators and the U.S. government have been unwilling or unable to stop.
* Steven Stalinsky is Executive Director of MEMRI; R. Sosnow is Head Editor at MEMRI.
Endnotes:
[1] CNN.com, May 21, 2015.
[2] See MEMRI JTTM report ISIS Video Shows Execution Of Two Members Of Anti-ISIS Media Collective 'Raqqa Is Being Slaughtered Silently’, July 6, 2015.
[3] See MEMRI Inquiry & Analysis No. 1136, From Al-Qaeda To The Islamic State (ISIS), Jihadi Groups Engage in Cyber Jihad: Beginning With 1980s Promotion Of Use Of 'Electronic Technologies’ Up To Today’s Embrace Of Social Media To Attract A New Jihadi Generation, November 19, 2014.
[4] Infosecurity-magazine.com, June 10 and July 7, 2015.
[5] Hackread.com, February 15, 2015.
[6] See MEMRI JTTM report ISIS Video Shows Execution Of Two Members Of Anti-ISIS Media Collective 'Raqqa Is Being Slaughtered Silently’, July 6, 2015.
[7] Thewhir.com, March 7, 2015.
[8] Wlwt.com, March 7, 2015; Irishtimes.com, March 7, 2015; Nbcmontana.com, March 7, 2015.
[9] Whdh.com, March 16, 2015.
[10] CBC Radio Canada, October 14, 2014.
[11] Techworm.net, January 9, 2015.
[12] Techworm.net, February 15, 2015.
[13] Hackread.com, February 25, 2015.
[14] Hackread.com, March 21, 2015.
[15] Twitter.com/alqaeda_11_9, accessed March 24, 2015.
[16] Facebook.com/almaarek.media, accessed March 24, 2015.
[17] See MEMRI JTTM report Jihadis Hack Chinese Websites, March 19, 2015.
[18] justpaste.it/qe_b2, March 21, 2015.
[19] justpaste.it/qe_b3, March 22, 2015.
[20] Ifrc.fr.
[21] Kadesya.com, Serediaresort.com, Mygraphichouse.com
[22] Aa-silach.ru
[23] Twitter.com/Ica_is2, March 29, 2015.
[24] Mnbr.info, March 29, 2015.
[25] English.alarabiya.net, April 13, 2015.
[26] For a full list of the targeted websites, see justpaste.it/ica_is6.
[27] This hashtag is part of the online campaign by ISIS supporters against the U.S. For details on the campaign, see MEMRI JTTM report, ISIS Supporters Launch 'We Will Burn America’ Twitter Campaign, Threaten Attacks On U.S., April 11, 2015.
[28] Hackersnewsbulletin.com, April 17, 2015.
[29] See MEMRI JTTM report Several Websites Hacked And Defaced By 'ISIS Cyber Army’, March 30, 2015.
[30] See MEMRI JTTM report ISIS Supporters Publish Hit-List Of 100 US Military Personnel, With Pictures And Addresses, March 22, 2015.
[31] Hackread, July 8 and 9, 2015.
[32] Albawaba.com, Twitter, July 8, 2015.
[33] See MEMRI JTTM report Pro-Islamic State Hacker Groups Target 'Apostates’ In Egypt And Sinai, Claim Data Gathered Will Be Useful For The Mujahideen, January 7, 2015.
[34] See MEMRI JTTM report Hacker Group 'Egyptian Cyber Army’ Targets Islamic State (ISIS) Propaganda, Says Its Top Priority Is Targeting Jihadis And Terrorists, December 12, 2014.
[35] See MEMRI JTTM report Pro-ISIS Hacker Targets Egyptian Newspaper’s Facebook Page, April 16, 2015.
[36] See MEMRI Cyber Jihad Lab report, Pro-ISIS Hackers Document Attacks On Egyptian Targets, Urge Muslims To Join ‘Electronic Jihad’ July 20, 2015.
[37] Cincinnati.com, August 10, 2015.
[38] Shamikh1.info, March 21, 2015.
[39] See MEMRI JTTM report, ISIS Supporter Threatens Italy: Do Not Intervene In Libya; 'Sooner Or Later We Will Reach Rome’, February 23, 2015.
[40] See MEMRI JTTM report Islamic State (ISIS) Supporters Tweet Pro-ISIS Pictures From Across Rome, Threaten Italy: 'We Are On Your Streets’, April 29, 2015.
[41] See MEMRI JTTM report Islamic State 'Hacking Division’ Claims It Compromised Sensitive U.S. Government, Military Personnel Data; Releases Data Online, August 11, 2015; Theregister.co.uk, August 12, 2015; Express.co.uk, August 12 and 17, 2015.
[42] Mirror.co.uk, August 15, 2014; Reuters, IBtimes.com, January 13, 2015.
[43] Infosecurity-magazine.com, July 7, 2015.
[44] The Baltimore Sun, June 7, 2015.
[45] Twitter.com, Us.sputniknews.com, Wsj.com, January 12, 2015. Alplatformmedia.com, January 12, 2015.
[46] Cnn.com, February 11, 2015.
[47] Hackread.com, April 8, 2015; The Guardian, April 9, 2015.
[48] Youtube.com/watch?v=Ubq-HaUDRss, accessed July 17, 2015.
[49] Arabcrunch.com, January 15, 2015; Twitter.com, January 9-15, 2015; Facebook.com/Middle.East.Cyber.Army.4, January 13, 2015.
No comments:
Post a Comment