Renown for exploiting social media as a propaganda tool to broadcast its brutal exploits, Isis (Islamic State) may now have expanded its operations into cyberwarfare, with hacking operations against rival groups.
A malware attack targeting opposition group Raqqa is Being Slaughtered Silently (RSS), which documents Islamic State's human rights abuses, was probably launched by the jihadist group, cybersecurity and human rights organisation The Citizen Lab has said in a report.
An RSS member told the Citizen Lab that the attempted hack on their computer was not successful, and forwarded the malware, which was disguised in an email supposedly from Syrian dissidents.
Others may have been identified through the malware though.
"The group [RSS] has been targeted for kidnappings, house raids, and at least one alleged targeted killing. At the time of writing, Isis is allegedly holding several citizen journalists in Raqqa," according to the Citizen Lab report.
Raqqa, in northern Syria, has become the capital of Islamic State's "caliphate" in Syria, where they claim to have established a doctrinally pure Islamic society.
On Twitter and on its website, RSS documents the reality in Raqqa, where Isis holds brutal executions, and persecutes women, homosexuals, and those belonging to other sects of religious groups.
The fake email sent to RSS claims to be from Syrian refugees in Canada working on a report on Islamic State in Raqqa, and asks the recipient to to download and check maps marked with believed Islamic State strongholds bombed by the US in air attacks for accuracy.
Once installed on the target's computer, "The custom malware… beacons home with the IP address of the victim's computer and details about his or her system each time the computer restarts," said The Citizen Lab in its study.
This would allow those familiar with the area to identify the computer's location and imprison the user.
Keyloggers, which allow the hacker to extricate content from a target's computer by recording keystrokes, were not contained in the malware, leading researchers to believe that the malware attack was probably not launched by the Syrian government, which has previously employed malware designed to seize content.
They said that the malware's shoddy construction may indicate that the hacker had little technological sophistication, but it also meant that antivirus programmes were less likely to identify it as malware.
"The program looks less like malware, and may attract less attention from endpoint protection tools and scanners. Detections were low when the file was first submitted to VirusTotal, for example. It registered only 6/55 detections by anti-virus scanners, or a 10% detection rate," they said in the report.
In September, Steve Stalinsky, an executive director of the Middle East Media Research Institute, told Fox News that Islamic State would target banks, government websites, transport infrastructure and security targets in future hacking operations.
"They are forward-thinking and are experimenting with hacking. In the future, the jihadists' cyberarmy's activities will become a daily reality," he said.
Recently Commissioner Adrian Leppard of the City of London Police warned of the dangers posed to financial organisations by hackers from jihadist groups.
"There could be a very serious impact to the financial institutions of the world through a cyberattack, and I think it's a very strong likelihood that it will happen one day in the future, which is why we've got to push back and take action now before it happens," he told a New York conference.