ISIL ‘seeking industry insiders’ for cyber attacks
ISIL and other terrorist groups are turning to the underworld to secure tools to carry out cyber attacks on critical infrastructure, according to a report yesterday in a British newspaper.
Terrorist groups have taken part in low-grade “cyber vandalism” and their ability to wage more damaging attacks will only increase, according to a former operations chief at the UK’s spy centre GCHQ, quoted by The Sunday Times.
Many of the required tools to launch crippling attacks are available on criminal markets of the so-called Dark Web, part of the world wide web that needs special software to penetrate.
Committed extremists could seek to accelerate those efforts by recruiting knowledgeable insiders, according to the report by Conrad Prince for government-backed insurance company Pool Re, cited by the newspaper.
“A well-placed insider can go a long way to simplifying the work involved in delivering a destructive cyber attack,” the report says.
The report recalled the case of Rajib Karim, a former IT worker for British Airways, who used his position to investigate how to cause international travel chaos by bringing down the airline’s systems. He was jailed for 30 years in 2011 for plotting to blow up a plane.
ISIL has so far failed to carry out any major successful cyber attack in part because of the targeting of its cyber experts by the US and other anti-ISIL forces, according to the European Union’s policing agency Europol.
It said that the concerted action had led to a scaling down of the activities of Pro-ISIL hackers – such as a group known as the United Cyber Caliphate.
The group had specialised in the publication of “kill lists” of potential targets in the US and UK and called on followers to “kill them wherever you found them”. There has been no confirmed incident of anyone being targeted on the list.
Many previous known cyber attacks amounted to little more than attention-grabbing stunts and hacks of public accounts, rather than the penetration of critical infrastructure. Junaid Hussain, a British militant who was killed in a US drone strike in Syria in 2015, was believed to have been involved in obtaining the passwords of the US Central Command’s Twitter account to briefly send proISIL messages.
“The absence of any major cyber attacks by terrorist organisations can be interpreted as the result of not enough technical skills on their side, at least for the present time,” Europol said in its internet organised crime threat assessment for 2017.
The full report by Mr Prince is due to be released later this week, according to the newspaper. Nobody at Pool Re was available yesterday for comment.