Confidential

ISIS 2022: The Cyber Caliphate

Manifest the United Cyber Caliphate (UCC), a subsection of the Islamic State Hacking Division. Photo via RSA Conference 2018.

Summary

The Islamic State of Iraq and Syria (ISIS) is a Salafi-Jihadist militant organization operating in Syria and Iraq. In 2019, the territorial defeat of the Islamic State represented an achievement to ensure the termination of the organization. Nonetheless, the Islamic State is far from being destroyed. In this light, is it possible to think that the Islamic State could represent a cyber threat in the future? In 2022, ISIS will likely reinforce its tech and cyber capabilities to carry out terrorist attacks. Due to the new remote technologies already used by the IS and the virtual world promoted as the Covid-19 pandemic, the answer is yes. Within the latest technologies, the Islamic State increased the use of social networks, end-to-end encryption, and VPN’s to instruct, radicalize, and recruit followers.

Although the Islamic State and its hacking division, the ISHD, did not represent a threat to international security in the last decade, new technology and the advent of Covid-19 promoted the development of virtual realities, hence promoting the actions of cybercriminals. In 2022, ISIS will beneficiate from these growing online trends giving opportunities for remote terrorist attacks. Nonetheless, CISA will likely implement new cybersecurity regulations to prevent damage and diminish system vulnerabilities.

Key Judgement 1

It is likely that in 2022 ISIS will employ weaponized operational technologies to harm civilians or government exponents at international level

  • In 2015, ISIS established the ISHD (Islamic State Hacking Division). The ISHD served as a cyber tool aimed at carrying out terrorist actions. In April 2015, Ardit Ferizi, a Kosovan hacker, breached into US based companies sharing personal identifiable information (PII) to the Islamic State. Notably, Ferizi is responsible for the creation of a ‘kill list’ which included 1,300 military and governmental targets.
  • In this light, it is clear that ISIS already got capabilities, cyber assets, and strategies back in 2015. Particualry, the advent of the pandemic reinforced their cyber activities. Indeed, Covid-19 pandemic decreased social mobility and physical interaction which limited kinetic terrorist attacks at international level, such as mass shootings. Nonetheless, this scenario is likely to promote cyber terrorist attacks.
  • In 2022, ISIS is likely to reiforce its radicalization and recruitment capabilities on the Internet to carry out attacks. Particularly, in areas of the West through cyber methods and local extremists to avoid border crossings. For instance, the hacking of Equation Group, NSA subcontractor, carried out by Shadow Brokers in 2018 opened new possibilities for cyber criminals. This leak provided destructive hacker toolkits and cyber weapons which are freely accessable on the Deep Web. Therefore, the increased use of the cyber space will not only facilitate ISIS financing, propaganda, and recruitmet, but also open new possibilities for a destructive asymmetrical warfare.

Key Judgement 2

In 2022, ISIS and ISHD (Islamic State Hacking Division) will not likely to damage Western nation states cyber security (i.e., the US)

  • The Islamic State Hacking Division (ISHD) can represent a threat to international security. However, the ISHD cyber capabilities will remain inferior compared to the one of nation states, such as the US. Indeed, ISDH can only produce a temporary threat or damage to the cyber security fibre of nation states.
  • US governement will not be damaged by ISIS cyber attacks aimed at obtaining PII. The acquisition of targets and a ‘kill list’ will not create a threat for the CISA. The ISHD could carry out a cyber attack through the sophistication of preexisting cyber strategies and tools (i.e., custom malware softwares).

Key Judgement 3

In 2022, United States Cyber and Infrastructure Security Agency (CISA) will highly likely put in place tighter measures to avoid cyber terrorism attacks

  • The United States spent 8.64 million of dollars to counter infrastructure data breach only in 2020. In 2022, US Cybersecurity Agency will likely readress costs and improve preexisting regulations. As cybercrime grows, cybersecurity agencies have to behave accordingly.
  • In this light, the US Cyber and Infrastructure Security Agency will streghten partner nations’ law enforcement capacity to combat cybercrime. Indeed, parternships are key to reinforce counter action against malware.
  • Moreover, CISA will likely reiforce the Federal approach to cyber security, adopting Zero Trust Architecture. Further securing cloud services (i.e., Software as a Server (SaaS) to better identify and to manage cyber security risks.

Tasks of the Cyber and Infrastructure Security Agency. Photo by Department of Homeland Security via Wikimedia Commons.

Author

Bianca Bonardi

Bianca is a graduate student in Criminology at Goldsmiths College of London. She recently finished her post-graduate studies in Terrorism and Security at King's College of London. Her research is mainly focused on Middle East issues and International Terrorist threats.

Leave a Reply

No Comments Yet!