Luke Twombly is a research associate at the NCPA:
“It is easy to believe that bombs and bullets are the deadliest weapons in the Islamic State’s arsenal. However, ISIS continues to expand its cyber capabilities and might now be seeking to obtain “BlackEnergy” malware that was recently used by Russian hackers in December of 2015 to cripple a Ukrainian electrical grid. The attack left roughly 300,000 people without water and power for several hours. With this technology, ISIS could cripple the U.S. economy with relative ease, while at the same time paralyzing almost all aspects of the United States’ military.
The organization has already amassed an impressive digital presence, which includes an I.T. help desk for aspiring jihadists. ISIS is leading a campaign to educate young jihadists about how to navigate the dark web, while also introducing them to the tools and connections they require to perpetuate acts of war across the West. This cyber help desk is open 24-hours and uses a vast network of social media forums and applications. The operatives who run this desk have master’s level training in information technology, and use their education to train jihadists in obfuscation, propaganda and basic hacker tools.
One of those frequently used hacker tool is known as “Ransomware”, which is a type of malware that weaponizes encryption. The malware prevents the target from accessing their systems until they have paid a ransom to the attacker. This software is easy to purchase on the dark web, and unskilled or amateur hackers have used it with great success. ISIS, in particular, has been using this to fund their worldwide reign of terror. This “Ransomware” takes money directly from the Western economies and places it into the caliphate’s war chest.
Additionally, ISIS uses the internet to actively recruit college-educated Westerners who have the highest potential for harming their home countries. Almost 16 percent of ISIS recruits are college educated with another 30 percent having at least some college education, according to James Scott from the Institute for Critical Infrastructure Technology (ICIT). More startling, anywhere from 5,000 to 6,000 men and women have been recruited out of Europe and the United States. The Islamic State has successfully recruited tech savvy westerners who pose the greatest threat to their home countries.
ISIS’ success in the digital realm is one of the instrumental factors that has led to them becoming the most dominant Islamic terrorist group in the world. Their use of cyberspace to recruit new members and rob the first world to pay for its jihad appears to be only a precursor to greater achievements, such as damage to America’s critical infrastructure through malware. A robust program of proactive cyber warfare that moves beyond intrusion detection and anti-malware creation should be a top priority for U.S. national security officials.