ICT Cyber-Desk Review: Report #24
Executive Summary
Cyber Report no. 24 by the International Institute for Counter-Terrorism (ICT) reviewed the prominent uses made of cyberspace by terrorist organizations and their supporters during the months of September, October and November 2017. This is not an exhaustive list but rather an identification of the main trends as they arose from the field, and their
analysis is divided into five areas.
1. In the operational domain, media changes made by the Islamic State (IS) were prominent in relation to coalition forces’ takeover of Raqqah, where the organization’s media base is located. Prior to the takeover, the volume of IS publications skyrocketed but then decreased upon its completion. Later, an attempt was made to rehabilitate the Islamic State’s media system by merging media groups in order to streamline the distribution processes. In addition to disseminating banners encouraging the execution of “lone wolf” attacks in the West, there was an increase in the volume of official
publications encouraging the recruitment of foreign fighters to IS branches in the Philippines and in Khorasan. The use of cyberspace for recruitment was also prominent in Hayat Tahrir al-Sham and Ansar Gazwat al-Hind. In an examination of
financing activities, two main financing channels in cyberspace arose during the period under review. One – online purchases using the Zcash digital currency, and two – the use of crowdfunding sites for anonymous donations. Another operational use of cyberspace that stood out was logistical-operational – in Gaza, weapons were seized that had been ordered on the darknet. Meanwhile, guidebooks on preparing homemade weapons were discovered.
2. In the defensive domain, activities identified during the period under review shared the common denominator of privacy protection. Recommendations were published about anonymous surfing on the Internet as well as privacy protection of users’ local files. In addition to the conventional recommendation for the use of end-to-end encryption of written messages, a recommendation was also made to use an application to encrypt voice calls; an important function for planning and operational control. It was also apparent that different groups emphasize the importance of using a unique identification code to verify the integrity of the information. This attests to the high awareness of information security among supporters of terrorism and the assessment is that this is a counter-reaction to the phenomenon of counterfeiting radical content. Another reaction is the publication of warnings of imposter accounts. It is worth emphasizing that the trend of terrorist organizations using Western off-theshelf software continues. In this context, supporters of terrorism distribute technology guides that make Western software accessible to the Muslim community on the Internet. In the mobile field, recommendations were published or applications that support anonymous use and protect user privacy.
3. In the offensive domain, there were no significant changes in terrorist organizations’ offensive policies during the period under review. Most of their activities focused on defacement, hacking into social media accounts or reporting accounts that violate terms of use to bring about their suspension. At the same time, however, we identified more attempts/defined intentions on the part of cyber terrorist groups to attack strategic targets, including government, military and educational sites, aimed at stealing and leaking sensitive information.
4. In the domain between cyber-crime and cyber-terrorism, two trends of paramount importance were identified. The first trend is spying. During the period under review, we identified a significant number of campaigns that were carried out by a range of attackers using various vectors of attack, with their common denominator being the purpose of the attack – spying. The second trend is attacks on infrastructure, transportation and aviation.
5. In the international response domain, the trend of cooperation continued to develop. The first aspect relates to joint and synchronized operations between several law enforcement agencies. The second aspect deals with the signing of agreements for the sharing of cyber intelligence between enforcement agencies and technology companies. The political-legal arena also saw a significant development reflected in, despite the conceptual gap, a comprehensive European reform in cyber security and specific US legislation to encourage cyber security in the private sector. In addition, in terms of prosecution, the United States brought indictments against foreign hackers for a variety of cyber-attacks that were carried out against American firms. Although an economic attack against a private company does not fall within the scope of cyberterrorism, given the potential harm to the economy of countries, it is advisable to pay attention to the delicate web created in the global village between states and corporations, and the economic interaction between them. Thus, cyber departments were established in intelligence agencies, securities exchanges and courts. This range indicates the need for functional cyber departments to specialize in specific sector niches.
This article is part of the RED-Alert project, funded by the European Union’s Horizon 2020 research and innovation Programme under grant agreement No 740688.
