Islamic State has 'best cyber offence' of any terrorist group

"There's a new group of attackers coming. It's growing right now. And these guys are different," says F-Secure's Mikko Hypponen. Then there's criminals. And governments.
Written by Stilgherrian , Contributor

"ISIS [also known as Islamic State] came onto the scene very quickly, but they already have arguably the best cyber offensive capability of any extremist movement out there, and it's still early days," Mikko Hypponen, chief research officer at F-Secure said.

"We still haven't seen real physical damage being done by any extremist group, and it's probably going to take a while until we see it. But these guys are the first ones that actually have some existing hackers who have joined them and moved in from the West," Hypponen told the AusCERT Information Security Conference on Australia's Gold Coast in his keynote address on Friday morning.

"It's not yet really a big problem, but obviously this isn't getting better, this is getting worse," he said.

One such hacker is Abu Hussain Al Britani, a British citizen that F-Secure had been tracking as a traditional hacker three years ago. They lost track of him two years ago, but found him again last summer in Syria.

Al Britani has been kicked off Twitter around 20 times, but appears to be tweeting again this week.

The alleged Twitter account
(Image: Screenshot by Stilgherrian)

"He was offline for maybe half a year, but he came back online two days ago, together with his wife. They are both British citizens. And he's actually involved with the attacks that we saw against the US Central Command in which the home addresses of US generals were posted online," Hypponen said.

"Yes, this is still far away from doing actual physical attacks. Movements and groups like ISIS are the only kind of attacker which would be willing to do attacks which don't have exact targets, and which create undefined outcomes," he said.

"For example, trying to gain access to factory automation gear anywhere in the West, and do random modifications to them. It might be an attack which would actually make sense to them, but to no-one else. That's why I worry about extremist movements in the cyber field."

Meanwhile, in the traditional criminal world, everything is becoming bigger, and the attackers are becoming bolder. "They're just going online and advertising their attack services more visibly than ever before," Hypponen said.

One of Hypponen's examples was CTB-Locker, a Cryptolocker-style ransomware system that operates on an affiliate business model. The ransomware's creators don't conduct attacks themselves, but sell the ransomware as a kit.

"The other criminals [the buyers] are the ones who actually break the law, by infecting end users, and then encrypting their files and demanding a Bitcoin payment to get your decryption key," he said.

"These lockers of various kinds have been one of the main headaches we, and other anti-virus companies, have had for the least five years ... And I suppose one of the reasons why ransom trojans, whether encrypting trojans or so-called police trojans [that purport to be messages from law enforcement agencies] exploded was Bitcoin. Bitcoin created an easy way for them to move the money without getting detected."

Hypponen also showed a police trojan running on a smart TV, claiming that the user hadn't paid their "TV tax".

"Let me tell you a secret. Every time you hear the word 'smart' anything, what you really should be thinking is 'exploitable'. So smart TV? Exploitable TV. Smartphone? Exploitable phone. Smart car? Exploitable car. That's the way it works," he said.

Hypponen dismissed many of the scenarios for hacking the Internet of Things, such as hacking a smart car's braking system to kill the driver, as what security guru Bruce Schneier would deride as "movie plot scenarios".

"That's not going to happen. It's much more likely that somebody hacks your car to steal the car, because there's money in stealing cars. Or how about somebody hacking your car to lock your car with a random trojan? You have to pay $100 if you want to start your car," he said.

But the biggest problem, said Mykko, is governments themselves as malware authors -- such as law enforcement using malware to do criminal investigations, intelligence agencies using malware to spy, and militaries using malware to do sabotage.

"It's not just the superpowers who do this. Pretty much any government has the resources to enter the game," Hypponen said.

"The biggest superpowers are probably the best. I would claim the United States has the best offensive capability in the world, followed closely by the Russians. But we also have countries like North Korea, or Iran, or India and Pakistan in this game. And of course your government [Australia] is in it as well."

Stilgherrian travelled to the Gold Coast as a guest of AusCERT.

Editorial standards