ISIS Cyber Crime Threats and Mitigation Techniques

Reports indicate that a previous ISIS terrorist plot targeting police in Belgium was disrupted in that country last January because Abdelhamid Abaaoud—suspected mastermind of both that plot and the Paris attacks—had failed to use encryption. did use encryption during earlier planning stages of their attacks, or that authorities were so overwhelmed tracking other suspects—French investigators claim they recently thwarted six other attacks—that they overlooked the suspects who pulled off the Paris attacks. This indeed might be the case since Turkish authorities have said they tried to warn French authorities twice about one of the suspects but never got a response.

US authorities have flooded the media with stories about how ISIS’ use of encryption and other anti-surveillance technologies has thwarted their ability to track the terrorists. But authorities have also slyly hinted that some of the encryption technologies the terrorists use are not as secure as claimed, or are not being configured and used in a truly secure manner. So what are ISIS attackers for OPSEC?  They have 34-page guide to operational security (.pdf) that ISIS members advise recruits to follow, offers some clues. Aaron Brantly and other researchers with the Combating Terrorism Center at West Point’s military academy uncovered the manual and other related documents from ISIS forums, social accounts and chat rooms. The originals are in Arabic, but the center provided WIRED with translated versions of a number of documents that had been passed through Google Translate. Share your comments on ISIS cyber crime threats and mitigation techniques with the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/