Ever since Isis (the Islamic State of Iraq and Syria) began gaining notoriety in June of 2014, the scouting report on this terrorist organisation has been that it is a new breed of radical militant group.
How was it that a militant group firmly based in Iraq and Syria was inspiring terrorist attacks in Paris and Belgium, and lone wolf attacks in Canada and England? How were they recruiting members from seemingly any nation in the world?
The answer was, of course, the Internet. Like any organisation does these days, Isis has a strong social media and digital marketing strategy, one that exploits the media's thirst for shocking content and lures in disenfranchised people the world over with recruitment videos on YouTube and an active community on Twitter.
So while military and coalition forces take the fight against Isis to the air with manned and unmanned aircraft and to the trenches with boots on the ground, hacktivists are hitting Isis and other radical Islam organisations where it might just really hurt: the Internet. Could distributed denial of service (DDOS) attacks and Twitter hackings be new weapons in the war on terror?
The multi-faceted DDOS attack
As detailed by leading DDoS protection service Incapsula, distributed denial of service or DDOS is a form of cyber attack that uses a number of Internet-connected computers and devices amassed in a so-called botnet to flood a target Web site with traffic or overwhelm a target's network infrastructure to the point that the Web site is either knocked offline or slowed down so much that it's unusable, thereby denying its services to its users.
Over the past few years the usage of DDOS attacks has exploded to the point that pretty much anyone with a Web presence is a target - small businesses, major enterprises, online stores, government Web sites, religious organisations, your local 4H club, the list goes on and on.
The problem has only gotten more widespread with the advent of DDOS for hire services, which allow anyone with a PayPal account to carry out an attack at the Web site of their choosing. Cut someone off in traffic driving your business's vehicle and you could find your Web site taken down an hour later. So really, it was only a matter of time before a group of enterprising hacktivists lined up Isis, the Muslim Brotherhood and other radical fundamentalists groups in their Internet cross hairs.
Hacktivists mobilizing
The cyber attacks against Isis and the Muslim Brotherhood aren't being perpetrated by bored individuals logging in to DDOS for hire services, of course. Attacking groups at this level and with success requires the concerted efforts of well-known hacktivist groups like Anonymous, famed for attacks on the Church of Scientology and the Ku Klux Klan, and the new, but effective SkyNetCentral.
Anonymous first mobilised against the Islamic State extremist group in the wake of the Paris attacks, publishing a guide to hacking Isis. Anonymous claims to have identified tens of thousands of Twitter accounts associated with Isis and to have targeted Isis-related Web sites, including one recruitment site Anonymous says they have taken permanently offline. Anonymous also successfully targeted Turkish Internet domains with a massive week-long DDOS attack that took a reported 400 000 Web sites offline in response to Turkey's alleged support of Isis.
Anonymous also recently made the news for hacking several popular Isis Twitter accounts, posting the gay pride flag and sending out messages of support for gay pride day in the wake of the Pulse nightclub shooting in Orlando, an attack that evidently targeted the gay community.
SkyNetCentral, for its part, has taken aim at the Muslim Brotherhood, an Egyptian-based religious and political movement that has been tied to radical Islam. SkyNetCentral used a series of distributed denial of service attacks to take the official Web site of the Muslim Brotherhood offline, despite the fact that the Muslim Brotherhood was using CloudFlare DDOS protection on its site.
In this instance, the DDOS attacks - as they often are - were seemingly used as a smokescreen for an intrusion. SkyNetCentral was able to bypass site security and steal files from the database, leaking comments, e-mail conversations, commenters' names and IP addresses to the Internet at large.
The damage done
Isis and organisations like them are heavily dependent on the Internet for both member recruitment and the spreading of propaganda. Disrupting their Internet presence, be it by making a Web site inaccessible or by hijacking Twitter or other social media accounts, weakens these abilities and renders relied upon lines of communication untrusted. Further, if efforts like those of SkyNetCentral's are continued, invaluable information on extremist group members - including names and locations - could be turned over to intelligence organisations, aiding in surveillance and attack prevention efforts.
Distributed denial of service attacks and the like have been in the news often for the past few years, usually for attacks on enterprises, gaming platforms, online banking and e-commerce sites, and chances are they're going to stay in the news. Nearly every Web site is a potential target for a DDOS attack, and extremist groups are becoming some of the biggest targets of all.
Share