Most members behind the United Islamic Cyber Force (UICF) have turned out to be young people with a low level of technical skills, limited life experience, who had fallen victim to propaganda, according to the results of recent research by law enforcement agencies and Moscow-based Group IB.
UICF is an active pro-Islamic hacker group responsible for a chain of high-profile cyber-attacks in different regions and by analysing the joint attacks and operations of the UICF, Group-IB concluded that the group and its members are connected with more than 60 hacker groups around the world, most of which are pro-Islamic.
While these particular pro-ISIS hackers pose little threat today, beyond defacing websites, UICF members have engaged in numerous high-profile operations including:
· The attack on French Internet sites, after the terrorist attack on the Parisian editorial offices of Charlie Hebdo.
· "Hackintifada" directed against Israeli websites and online resources, such as the website of the Ministry of Foreign Affairs and the Ministry of Education.
· Attack on the state resources of India caused by blocking video hosting and file-sharing resources in the country and a crackdown on piracy.
· Deface attack on Bloc Québécois, a federal political party in Canada, in response to the criticism by Canadian politicians of a Muslim woman who appeared in a hijab in the House of Commons. Official content was replaced with pro-Islamic radical slogans, partially connected with ISIS.
However, the concern is both that the members improve their skills and get access to readily available tools – but also that, because their aim is publicity rather than money, they can go after industrial systems that have had little attention from cyber-criminals as they do not yield revenue. And these systems tend to have weaker security simply because they haven't needed it in the same way that banks and retail operations have. As Dmitry Volkov, head of Threat Intelligence Department, and сo-founder of Group-IB notes, “Hacktivists can shift their efforts from DDoS or hacking poorly protected websites to attacks on critical infrastructure – this is the worst case scenario.” Volkov adds. “Cyber-terrorists are potentially most interested in these kind of attacks, since they give publicity, while hacktivists driven by ideological motives can easily become their foot soldiers.”
As UICF's aim is to publicise its activity, most participants several profiles – on Facebook, Twitter, Google+ and hacking forums – where the information they published also helped the investigators. But also, Volkov describes how, given their “low level of technical training, ... sense of impunity and excessive ambitions,” the hackvitists did not, “pay due attention to their own security, despite the various instructions for ensuring anonymity popular in their mileu.”
The Group-IB Threat Intelligence system enabled company experts to track hacktivist attacks conducted in different operations and identify interrelations between the groups and their members, as well as identities behind each alias. On Group-IB's official blog: http://blog.group-ib.com/uicf the names of some 45 participants are exposed, in some cases including pictures taken from their Facebook pages.
Examples provided include AnoaGhost, whose email address firstname.lastname@example.org was found left on one of the websites he compromised in the Deface attacks. A photo from his Facebook page is published showing an unbearded gawky kid in western clothes – an gaudy shirt and dark jacket, pulling a silly pose like kids anywhere might do. He is based in Indonesia and participates in UICF, Indonesian Intelegent Security (spelt as provided), Secret Code Army and !nsp3ct0r Team.
The research found birthday greetings left by his friends in his profile on March 10 and based on the information from that profile, indicates the probable name of the hacktivist, a student, living in Bandung, Indonesia, studying computer science at the Universitas Islam Negeri Sunan Gunung Djati Bandung.
Even younger, looking like a 12 year-old wanna-be rapper with his gold chain, open shirt and sharp haircut, was a Nigerian hacktivist with the alias W3bh4x0r who has participated in the activities of groups such as Nigeria Cyber Force, United Nigeria Cyber Force, Extreme Crew, Naija S3curity Kill3rs, Nigerian Gray Hat Hackers and Cyb3r Command0s.
Volkov's warnings about the potential future disruption that could be caused by these proto-cyber-terrorists needs to be heeded and these hacktivists prevented from progressing to more damaging activities in the future.