According to this recent assessment by Resecurity, terrorist groups are increasingly using cyberspace to plan and execute attacks, as well as to conduct recruitment and establish anonymous communication channels.
According to assessment by Resecurity, terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks, as well as to conduct recruitment and establish anonymous communication channels.
Multiple resources created by terrorists have been identified and deployed both in the surface web and the Tor network.
Securitydive.in spoke to Gene Yoo, CEO of Resecurity and tried to get few specific answers on crucial points related to threat modules adopted by cybercriminals.
Resecurity: Terrorist Activity via Cyberspace – Precursor to Olympics & Elections
Securitydive: What kind of resources or materials been discovered that has been created by threat actors that indicate cyber space been utilized.
Gene Yoo: Mostly they were identified
a) new resources hosted on the Dark Web and TOR network specifically promoting radical ideologies and providing detailed instructions and tutorials by terrorists (explosive devices, OPSEC, etc.). Some of them contain landing pages with donation information via cryptocurrency facilitating terrorism financing.
b) Telegram bots sharing one-time links to illegal content facilitating terrorists to spread propaganda online and influence youth. The most recent update has been detected July 13.
c) profiles registered in social media networks looking for new recruits or spreading illegal content; notably some of the identified profiles were registered multiple times with origin from Iraq and Kurdistan region specifically, known as one of the ‘epicenters’ of radical groups historically. This year over 30 suspects have been arrested there using social media to promote terrorist ideology.
Multiple resources created by threat actors have been identified and deployed both in the surface web and the Tor network. This activity was especially notable in Q2 2024, with new resources appearing at the beginning of Q3 2024.
Securitydive:.What are the major challenges in front of law enforcement agencies regarding the eminent dangers posed by threat actors in regards to terrorism and cyber warfare.
Gene Yoo: Timely detection and identification of high-risk individuals is one of the major challenges, considering massive volume of digital data in modern cyberspace for both private and public sector specialists. Considering terrorists are well aware about certain investigative techniques by law enforcement as well as solutions and methods which may detect them, they increase their OPSEC and develop new tactics.
One of the observed tutorials encouraged to use new anonymous communication channels such as Session (mobile app available for Android), which could be installed outside of Google Marketplace.
Unfortunately, the abuse management and trust & safety teams of popular online platforms are also not always able to react quickly enough or proactively identify terrorists profiles at an early stage due to a lack of visibility and limited resources, which is exploited by threat actors.
Securitydive: What is the role of dark web in this entire activity?
Gene Yoo: Dark Web enables threat actors to evade detection and protect their content from possible takedown. In the past, terrorists similar to cybercriminals were using bulletproof hosting, but nowadays there is a visible shift to P2P networks and mobile channels.
The major part is video content with trainings and tutorials on explosive devices uploaded to file-exchangers hosted in TOR network and made available by leveraging customized plugins such as http://playerjs.com.
That helps threat actors to spread content outside of public social media networks and video aggregators like YouTube from which it would be removed due to Terms of Services violations.
Hosting illegal video content on the Tor Network allows it to remain isolated from possible takedown efforts. This is because the Tor Network provides a high degree of anonymity, making it challenging for authorities to identify and block the content.
According to research publication “Countering Violent Extremism Videopower and Cyberspace” by J. Rami Mroz, terrorists and extremist groups recognized the enormous emotional and psychological impact of video formats and have used them to inspire and captivate international audiences.
Securitydive: How vulnerable are the digital communication channels in face of any major attacks. If you elaborate.
Gene Yoo: In context of real terrorism activity involving cyber-attacks is not highly visible. Typically, low level hacktivist groups and youth leverage such tactics, but serious actors posing threat are focusing on illegal activity offline, where they use cyber as a method for anonymous communications or other tactics.
There were observed confirmed cases when malicious parties conducted attacks against law enforcement systems internationally to exfiltrate data which could be of high value for terrorists. This is another area of concern that even law enforcement systems are not protected enough and could be exploited.
Such details were outlined in one of our past reports: Cybercriminals Are Targeting Law Enforcement Agencies Worldwide
Securitydive: Geopolitical instability can be caused by such activities? Your views.
Gene Yoo: Absolutely. Considering one of the main narratives by terrorist groups is anti-western radical ideology. Resources observed Q2 Q2 contain “message to infidel West” – the agenda outlined by terrorists.
All of that are precursors to willing to cause instability and chaos before socially important events such as Olympics and Elections in the United States.
Securitydive: How far cyber terrorism risks at high-profile events such as the Olympics can cause damage.. What does research say.
Gene Yoo: In one of the messages released by ISIS just recently prior to Olympics, the picture distributed in one of the announcements contained a drone (UAV) with explosive device and encouragement to conduct “lone wolf” attacks orchestrated by individual actors.
Manufacturing and use of such devices is extremely cost effective and may be used to generate a big damage.
Law enforcement community internationally are joining their efforts to mitigate such threats by using counter UAV systems and other solutions enabling to track them and take down.
Unfortunately, such incidents are also driven by significant availability of drones to civilians and their compact size, having minimum sophistication enabling any actor to use them for malicious purposes, that’s why many countries prohibit use of drones in crowded places and events.
Operatives for the terror group shared a picture of a faceless person operating a drone carrying a package marked ‘gift’ towards the Eiffel Tower.
The image was shared with the caption: “Lone wolves’ Olympics have begun with the Will of Allah.” The picture was published on al-Ru’ud (al-Raud), a website linked to the Islamic State. The page was titled: “The Lone Wolves qualifiers have begun, God willing Al-Adiyat Media Foundation.”
Securitydive is thankful to Gene Yoo for such insightful details on Cybersecurity research.
