adimas - Fotolia

Muslim hactivists hack “unhackable” IS news site

A Muslim hacktivist group has hacked into Islamic State’s news site and published thousands of subscribers’ details just hours after the site claimed it was impenetrable

A Muslim hacking collective called Di5s3nSi0N has reportedly claimed responsibility for hacking into Islamic State’s official “news agency” Amaq.

The hacktivist group states on its Twitter feed: “We the steadfast youth of ahlus-Sunnah wal-Jammah are back to break Daesh [Islamic State]”.

Amaq claimed in an email to supporters that it had improved security in response to recent cyber attacks and was able to handle “any kind of hack”,  but less than three hours later, Di5s3nSi0N sent an email to Amaq subscribers, saying it had hacked Amaq’s mailing list, according to The Independent.

The claim was supported by a list of 1,784 subscribers’ email addresses, which The Independent said had been verified despite being partly redacted.

Di5s3nSi0N tweeted: “Amaq has fixed security and cannot be hacked!! #silencetheswords time”, accompanied by a graphic with the message: “Challenge Accepted”, followed by a tweet that said: “Challenge complete – too easy! 2,000 email subscribers hacked from Amaq... What is next??”

Di5s3nSi0N is one of several hacktivist groups that have responded to hacking attacks by pro-Islamic State groups that included defacing websites in the US and Canada with pro-IS slogans.

Anti-IS groups such as Di5s3nSi0N, CtrlSec and End of Daesh have responded by attacking IS propaganda sites tweeting about their actions using the hashtags #silencetheswords, #OpIsis, and #OpIceIsis.

Read more about terrorism, tech and the law

  • The UK is calling on social media campaigns to do more to detect and remove “militant messaging” automatically.
  • Prime minister Theresa May presses internet companies to develop technical solutions that will allow terrorist material to be taken down from the internet in under two hours.
  • In a controversial ruling, the director of  advocacy group Cage has been found guilty of offences under the Terrorism Act, after refusing to hand over his mobile phone and laptop passwords to the police at Heathrow Airport.
  • Supporters of the terrorist group Islamic State (Isis) are shunning sophisticated security and encryption software, including the Tails operating system and the Tor network, communications between jihadi sympathisers have revealed.

Although pro-IS hackers have yet to demonstrate high levels of skill, Islamic State’s cyber division – the United Cyber Caliphate (UCC) has reportedly been experimenting with malware development, and former GCHQ head Robert Hannigan has warned that this is not a threat that can be discounted.

“We know individuals in groups like Islamic State, mostly because they are young men, love the idea of destructive [cyber] attacks, but are a long way from having the capability.

“But, as always with terrorism, intent and capability will meet at some point, so businesses, particularly CNI [critical national infrastructure providers], have got to ensure they are protected against this kind of attack before then,” he told the FT Cyber Security Summit Europe in London.

Speaking at the same event, Julian King, European commissioner for security union said tackling the full range of cyber threats, including cyber-enabled terrorism means there is an urgent need to redefine what is meant by cyber security.

“We need to ensure cyber security encompasses the full range of cyber security challenges which are rooted in, or accelerated by technology, otherwise we risk missing a quite important bigger picture, in which elections can be manipulated and vulnerable young people radicalised,” he said.

More vigilance needed

According to King, any credible and effective response requires online platform providers to be both more vigilant and more proactive in identifying and automatically taking down illegal content.

“The big providers that collect and sell data have a responsibility, in the same way arms manufacturers have to abide by rules and codes of conduct in terms of who they can sell arms to. In terms of terrorist content, there is a growing head of steam amongst governments to try to deal with this through legislation.

“And while effective voluntary action is preferable and quicker, the European Commission stands ready to look at legislation in early 2018 if those voluntary efforts are assessed to have fallen short,” he said, adding that it is reasonable to look to platform providers to exercise a “duty of care” to their users.

In September 2017, the European Commission (EC) issued guidelines for tech companies calling on them take ensure the quick detection and removal of terror and hate-related content online.

The move follows calls led by prime minister Theresa May at the UN General Assembly in New York for internet companies to remove terrorist propaganda from the internet within two hours.

Detecting “militant messaging”

On a US visit in November 2017, home secretary Amber Rudd called for the introduction of artificial intelligence systems that automatically detect and block “militant messaging” before it is posted.

Since the beginning of 2017, violent militant operatives have created 40,000 new internet destinations, Rudd told the New America think tank in Washington.

Government authorities and companies are working to remove content promoting violence within two hours, she said, but added that social media firms should be aiming for a faster, more proactive approach.

Read more on Hackers and cybercrime prevention

Data Center
Data Management