Sony hack and ISIS claims point to start of cyber-enabled warfare

News by Kate O'Flaherty

Cyber-terrorism is becoming an increasingly likely scenario, experts warn

Debilitating cyber-attacks on large organisations could be an indication that terrorism is migrating to the internet. It emerged last week that terrorist group ISIS is allegedly using hacking as a tool, after cyber-security group the Citizen Lab identified new malware targeting the organisation's oppositions.

The Citizen Lab found emails containing dangerous spyware AdobeR1.exe, which emails an infected system's public IP address to the perpetrators, apparently helping to locate targets.

These new techniques, which identify a target's location, are "darker" than previous hacks that simply took down websites or stole data, security experts told

The latest attack is in contrast to those perpetrated by the so-called Syrian Electronic Army (SEA) hacking group, which favours website take-overs via phishing emails, Justin Clarke, director and co-founder of Gotham Digital Science commented to SC. "What is interesting is that this attack is different: it doesn't seem to work in the same way as previous ones."

At the same time, security breaches are becoming increasingly international. The ISIS allegations come after the White House labelled last month's Sony Entertainment hack a "serious national security matter", with press secretary Josh Earnest reported as saying that it "merits an appropriate response". reported last Thursday that senior Obama administration had indicated that Pyongyang was behind the attack on Sony. The officials "strongly suspect" North Korea's Unit 121 cyber-espionage team, part of the country's General Bureau of Reconnaissance.

Sony apparently gave in to hackers Guardians of Peace's demands last week when it pulled its film 'The Interview' - a comedy about a CIA plot to kill North Korean leader Kim Jong-un - from cinemas following threats from the group.

It has not been confirmed that North Korea is behind the Sony attack. However, it has been suggested that state actors could hide behind 'terrorist' hacker groups to carry out attacks with less attribution than physical violence.

Attribution is very difficult, David Emm, principal security researcher at Kaspersky Lab told SC: "Attackers can leave false trails that might encourage us to leap to the wrong conclusions about who is responsible. We've seen such ‘false flag' operations used by targeted attackers already."

It is possible that state actors could "hide dirty deeds behind hard-to-trace digital attacks", Jared DeMott, principal security researcher at Bromium, commented to SC, adding: "Any organisation, company, or group could use cyber-[attacks] as a way to steal, degrade, defraud, confuse, or deny. Compared to traditional warfare, these attacks are harder to trace, estimate damage, and punish or react to.  This is why it is imperative that all invest appropriately in information defence and personnel."

The latest hacks would not be classed as 'cyber-terrorism', but they are an indication of increasingly sophisticated attack vectors. Bob Tarzey, analyst and director at Quocirca, commented to SC: "Of course, cyber-terrorism, perhaps focussed on critical infrastructure, could have far more serious consequences."

Clarke agreed. He told SC: "I don't really see this stuff as cyber-terrorism - it's too mild for that. Cyber-terrorism is taking down critical national infrastructure and systems that hold together the economy."

However, Clarke said, current increased levels of activity are a sign of things to come: "If anything, we are now seeing more from hacktivist and political groups than organised crime: political turmoil is fuelling these things. I think as long as there is major conflict, there will be a lot of this kind of activity."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews