Poor Coding Limits IS Hackers' Cyber-capabilities, Says Researcher

Image copyright Reuters

Hackers working for the so-called Islamic State are bad at coding and hiding what they do, suggests research.

They produce buggy malware and easily crackable encryption programs, said senior security researcher Kyle Wilhoit at security conference DerbyCon.

In particular, he called three attack tools created by one large IS hacker collective "garbage".

Their poor skills meant IS groups had switched to online services and the dark web for attack code, he said.

Little harm

While IS was very proficient at using social media as a recruitment and propaganda tool, its cyber-attack arm was nowhere near as effective, said Mr Wilhoit, a cyber-security researcher at Domain Tools, while presenting his work at the conference in Kentucky.

"ISIS is really, really bad at the development of encryption software and malware," he told tech news outlet The Register, adding that the vulnerabilities found in all the tools effectively rendered them "completely useless".

As part of his research, Mr Wilhoit analysed three separate types of tools created by hackers who were part of what is known as the United Cyber Caliphate (UCC). This was set up as an umbrella organisation for 17 hacker groups that had declared their support for IS.

All the tools had problems, he said.

• the group's malware was full of basic bugs
• a secure email system it developed leaked information about users
• the UCC's web attack tool failed to take down any significant target

In addition, attempts to raise cash via donations of bitcoins have been diluted by fraudsters cashing in on the IS name and producing websites mimicking the appeals for funds.

"As it stands ISIS are not hugely operationally capable online," Mr Wilhoit added. "There's a lack of expertise in pretty much everything,"

IS also had a lot to learn when it came to hiding its activities online, he said. There were many examples of it sharing pictures of successful attacks, or which lauded its members, that still held metadata that could identify where the photos were taken.

Mr Wilhoit said that, during his research, he had found an unprotected IS server online that served as a repository of images the group planned to use for propaganda.

"You can basically mass export metadata from each of the pictures and get literally up-to-the-second information on where people are operating, because they are not really that great at operation security," he said.

Many of the people involved with the cyber-arm of IS had been killed in drone strikes, said Mr Wilhoit adding that it was open to speculation about how location data to aid the drones was found.

Over the last year UCC had begun moving to attack tools used by Western cyber-thieves, he said.

"They know they cannot develop tools worth a damn, so they are going to use stuff that works, is minimally cheap and is easy to use."