Don’t panic over cyber-terrorism: Daesh-bags still at script kiddie level
RSA USA There’s no need to panic about the threat of a major online terrorist attack, since ISIS and their allies are all talk and no trousers. That's according to the former head of the US National Counterterrorism Center.
Matt Olsen, who has also served as the NSA’s top lawyer, told the RSA security conferencetoday that the levels of online terror we’ve seen have been limited to propaganda and the occasional script-kiddie-level attack that can quickly get them caught. Having said that, the terrorists are trying to up their game, he noted, and may be willing to buy in outside help.
“I want to avoid hype, it’s really important not to overstate the nature of online attacks,” Olsen said. “Their skill level remains low relative to nation states, but on an upward trajectory. It’s not that hard to imagine their efforts to increase their skills bearing fruit.”
Al-Qaeda is no longer a serious force, he said, both on and offline. But since 2014 ISIS had “changed the game” in terms of online propaganda, and Olsen said the group’s ability to get on the internet and inspire attacks was of serious concern to law enforcement.
The group also seems a bit Judean People’s Front. It claimed to have its own online army in early 2015 called the Islamic State Hacking Division, but this body morphed into the Islamic Cyber Army by September and then the United Cyber Caliphate last April.
And rather than operate as a team, it appears it's just a few individuals going around breaking into some Twitter accounts and other low-level hacking. Olsen cited the case of British teen Junaid Hussain, who slipped into an email account of an aide to Tony Blair, was jailed, and then moved to Syria to join the Daesh-bags – where he “found justice at the end of a Hellfire missile,” as Olsen put it.
A similar case in the US is Kosovan-born Ardit Ferizi, who hacked into the servers of an American firm, nicked records on 1,300 US service personnel from its database, and published the info online. He was quickly caught and sent down for 20 years.
Right now all the medieval terror bastards are doing is talking a mean game online. Olsen said the US is monitoring hacking forums set up by terrorists and their sympathizers to plan attacks. They discuss carrying out an attack on critical infrastructure, but show little evidence of any ability to do so, other than using publicly available exploits and tools.
It may be that the terrorists will hire expert hackers to do the job for them, he speculated. ISIS may be lacking computer skills but it isn’t short of money and could conceivably hire mercenaries.
Deciding how to deal with tracking the terrorists online is a balancing act, he explained, and the age-old question facing intelligence agencies: on the one hand, it’s useful to collect information on the holy rollers online, but sometimes it’s better to take them out before they can do damage.
The key thing, he said, was not to panic. At some point, there will be an online attack and the media – and parts of Washington DC – are going to go nuts about it, he suggested, but saner heads should prevail.
“I think we are very resilient as a country,” Olsen said of America. “We are less resilient politically in how we react.”