ISIS & Cyber Terrorism [VIDEO Course]

ISIS & Cyber Terrorism [VIDEO Course]

Henry Dalziel | Concise Courses | July 28, 2016

This course takes a look at Cyber Terrorism and the Cyber Caliphate. This video course includes a certificate of completion.

President Obama has frequently highlighted the need to counter ISIS within Cyberspace. His closing remarks at the Summit of Countering Violent Extremism in February 2015 in the United States was as follows:

….the high quality videos, the online magazines, the use of social media, terrorist Twitter accounts – it’s all designed to target today’s young people online….

Is Cyber Jihad a threat?
Yes it is and it is considered as being a viable threat to the security of those fighting violent extremism.

The term “Cyber Jihad” refers to: “…the use of modern technological tools and cyberspace in order to promote Jihad against those classified by its’ followers as enemies of Islam…”

What do we mean by the “Cyber Caliphate”?
You”ll often hear the term “Cyber Caliphate” in the media. Also referred to as the “Islamic State Hacking Division” or the “United Cyber Caliphate” the “Cyber Caliphate” is a loose group of Hacktivists that act as a cyber army for ISIS. The organization was founded by Junaid Hussain, a British National, who was later killed in a US airstrike in Raqqa, Iraq.

What’s the history of “Cyber Jihad”?
Even in its early days, al-Qaeda consistently demonstrated a clear interest in making use of the Internet for propaganda purposes. One of the world’s first ever “pro” al-Qaeda websites,, was created nearly twenty years ago. Ever since then, the level of sophistication in the use of online tools for Jihadist propaganda has grown and continues to grow significantly. The “pioneer” of Cyber Jihad was Anwar al-Awlaki, the so-called “bin Laden of the Internet” and he is credited with coining the term: “creative terrorism”…

ISIS, as an organization, obviously needs money.
Cyber-crime pays and, in fact, can be considered as being a more reliable source of revenue for the terrorist organization as opposed to, for example, oil sales – which are now on the decline mostly due to military action. ISIS’s income has fallen by about a third compared to the same time last year from 56 million dollars a month in mid 2016 from around 80 million dollars a month in the middle of 2015; hence their need to embark on greater cyber crime.

To finance themselves, cyber-jihadists resort to the same tactics as cybercriminals, for example conducting phishing attacks or selling hacked credit cards. This is, for example, how UK born Younis Tsouli, also know online as “Irhabi 007” generated over 2.5 million dollars. Tsouli was then labeled as being the “world’s most wanted cyber-jihadist”, and his conviction was the first under British law for incitement to commit an act of terrorism through the Internet.

Cyber Jihad has elements that function like an NGO.
Indeed, not all Cyber-Jihad is offensive in nature: Cyber-Jihadists use the Internet to raise funds directly through donations: Al-Qaeda’s global fundraisisng network, for instance, is built on charities and NGOs that largely communicate with their donors through social media and online forums.

ISIS makes extensive use of Twitter, Facebook, Tumblr, and Instagram, and according to senior American officials, operatives and supporters of the organization produce up to 90,000 pro-Jihadi tweets every day. Furthermore, a recent extensive study found that ISIS supporters operate at least 46,000 independent Twitter accounts, with 200-500 of these accounts active all day, thereby helping to spread the organization’s propaganda. The organization has technically competent members, indeed, a mobile app called “Dawn of Glad Tidings,” which for a while was available for download in the Google and Apple app store enabled its supporters to follow the organization’s activities in real time.

In addition to the extensive use of social media by the organization’s operatives and supporters, ISIS’s cyber Jihad includes offensive cyber attack as well, referred to as “ghazwa” which means “raid or attack” in Arabic. This term is used in ancient Islamic literature when describing attacks against infidels in the seventh century.

Example of attacks include:
– Takeover of US Central Command YouTube Account;
– Over 19,000 French websites being taken down following the Charlie Hebdo attack;
– the Twitter handle of Newsweek and the International Business Times website being hacked;
– Two local US news stations and a non-profit group supporting military spouses being hacked;

The offensive cyber-attack capability of ISIS is currently limited to takedowns, DOS attacks, unauthorized social media account access and data-theft. Research has shown that between 2015 to early 2016 ISIS cyber attacks were delivered by sending malware payloads via, an anonymous file sharing service. Using such a service does show a rather crude and unsophisticated way to transmit malware. Furthermore, common malware in recent times attributed to ISIS has been reliant on the 7 zip Self-Extracting Archive format to install on target machines which also suggests a lack of sophistication.

Whilst most ISIS hacks are lacking in sophistication, they excel in social media and propaganda.

ISIS perceives Cyber Jihad as an integral part of its’ overall strategy alongside its military combat and takeover of territories, and as serving several functions, of which there are two: first, the use of social media for psychological warfare: the ‘slick” infamous videos of beheadings which are extremely effective in spreading their message. Second, in order to leverage opportunities for recruitment, ISIS uses social media as a marketing tool, and for this purpose implements a very successfull strategy tailored to individual target audiences.

Cyber Jihad is also attempting to atract Foreign Fighters and entice Lone Wolf Terrorist Attacks.

Expanding on the previous slide we note that “Lone Wolf Attacks”, which are for the most part perpetrated with no early warning, allow ISIS to operate outside the Middle East through sympathetic operatives and supporters. These threats are not only very real but are largely the result of online recruitment, achieved through the effectiveness of Cyber Jihad.

ISIS’s use of cyberspace has dramatically lowered the obstacles to participation in the organization’s activities and thereby eased the recruitment of additional operatives and the ideological support of its actions. A clear example of this is the case of Mehdi Biswas, an Indian hi-tech executive who operated the popular Twitter account @ShamiWitness. This account, which had more than 17,000 followers, openly supported ISIS and praised the foreign fighters who were killed in its ranks.

After his exposure, Biswas said that he would have been glad to join ISIS himself, but since his family needs him, he did not leave his home and travel to Syria or Iraq; hence, we can see the effectiveness of “arm-chair” Jihadists and the reach of Cyber Jihad. After the Paris attacks in 2015, the French Minister of the Interior, Bernard Cazeneuve, visited Silicon Valley to secure cooperation in combating ISIS’s use of the Internet. We are likely to see a lot more cooperation like that mentioned in this slide between tech companies and the government to reduce the effectiveness of Cyber Jihad.

The US State Department’s social media campaign, #ThinkAgainTurnAway is an attempt to engage with the recruitment and propaganda efforts of ISIS on these channels and influence potential recruits and supporters of the organization.

Europol launched a cyber-unit aimed at combatting terrorist propaganda and related violent extremist activities. The unit, called: the “European Union Internet Referral Unit” will “identify and refer relevant online content” to reduce the “level and impact of terrorist and violent extremist propaganda on the Internet.” ISIS favours Telegram, a messaging app that advertises its services as “heavily encrypted” with the bonus of a self-destruct feature. For ISIS, the app has another crucial benefit: users can sign up to secure “channels” that broadcast messages.

Secure Messaging
Originally, Cyber Jihadists were frequent users of messaging services such as Kik and Vibr. Recently ISIS leadership has issued orders instructing fighters how to scrub tell-tale metadata from pictures and social media output online, and guides quickly circulated on which smartphone apps were the hardest to crack. The Jihadis also use sites such as Russia’s VK and Diaspora or anonymous textsharing websites such as and Pastebin.

Capturing “Jihadi John” – An Example of Capturing a Cyber-Terrorist
“Jihadi John”, as the British Press named him, became the subject of a manhunt by the FBI, MI5, and Scotland Yard. Originally there was very little to go on in being able to reveal his identify. “Jihadi John” was in fact Mohammed Emwazi, a 26 UK National. He used a laptop in Syria to download web design software which was being offered on a free trial. Instead of buying the software with a credit card, he used a student code from London’s Westminster University when he studied computer technology. This download singled him out and connected his university account with his IP address.

So far, only individual ISIS Cyber Hacking groups have managed to take control of Twitter accounts or deface the websites of governmental organizations. Whilst the organization might be adapt at deploying low-level cyber-attacks, they have been highly successful with regards to using social media for recruitment and propaganda purposes. The average age of those joining the Jihadist ranks on the battlefield suggests that a better understanding of the use of various forms of media is a matter of priority in order to protect the youth. Interaction with Internet providers and social network companies is a necessity.

Leave a comment or reply below...thanks!