In the real world, the Islamic State (Isis) is a dangerous terror group capable of committing global atrocities and mass murder. However, in cyberspace, at least according to security researchers at Flashpoint, Daesh-affiliated hackers are neither advanced nor sophisticated.
In a fairly damning 25-page assessment of the Islamic State's e-Jihad crew, a report titled 'Hacking for ISIS: The Emergent Cyber Threat Landscape' explores the unpredictable – and unorganised – origins of the cyber group and how their attempts to become a force to be reckoned with online have mostly fallen flat.
"It is important to note that because the pro-Isis hacking effort is still an unofficial endeavour, neither acknowledged nor claimed by Isis itself, it is still poorly organized (and likely under-resourced), which often leads to conflicting messaging among the relevant actors," the report states. "The group's overall capabilities are neither advanced nor do they demonstrate sophisticated targeting." However, the paper notes: "The severity of cyberattacks supporting Isis will likely not remain at this level of relative unsophistication."
As previously reported, on 4 April this year three Isis-related hacking teams that were previously acting independently of one another, joined forces to create the 'United Cyber Caliphate'. "After relying on Almighty Allah and by his grace, incorporation between Islamic State Hackers Teams to expand in our operations, to hit 'em deeper. We announce our new team United Cyber Caliphate," an online announcement stated at the time.
Yet even with this coordinated approach to launching cyberattacks, the Flashpoint report says the efforts of the group remained underwhelming. "Regarding this coordination, however, it is important to note that because the pro-Isis hacking effort is still an unofficial endeavour, neither acknowledged nor claimed by Isis itself, it is still poorly organized (and likely under-resourced), which often leads to conflicting messaging among the relevant actors," the report states.
As IBTimes UK found while investigating how pro-Isis activists spread online, these campaigns can be unpredictable at best and a complete shambles at worst. In one particularly embarrassing incident, one of the hackers attempted to hack Google and failed miserably.
So, who are the targets?
"Isis cyber threat actors appear to have two primary macro targets – as professed by at least one pro-Isis hacking collective: governmental and economic targets," the report states. "To date, Isis cyber actors have launched attacks on primarily government, banking, and media targets. These entities appear to be not only what these actors are focused on, but also what generates the most publicity for the groups behind them, likely contributing to the focus on such targets."
However, the Flashpoint research notes that pro-Isis cyber actors are "demonstrating an upward trajectory" and are likely to continue to thrive on social media channels like Twitter, Facebook and Telegram. Furthermore, the groups will likely start to adapt 'off-the-shelf' malware attacks into their cyberattack toolsets, it warns.
"[The] willingness to adapt and evolve in order to be more effective and garner more support indicates that while these actors are still unsophisticated, their ability to learn, pivot, and reorganize represents a growing threat," the paper states. Yet for any budding cyber jihadist, the report contains a fairly poor point of view about how much damage such online terror operations can actually cause. Flashpoint states: "Despite the significant amount of attention that Isis supportive hackers are garnering, it is important to note that their skill level is still low."