Don’t Panic (For Now) About ISIS Hacking

In the nearly two years since ISIS declared itself a caliphate, the group has leaned heavily on technology to recruit, communicate, and attack foreign targets—each with varying degrees of success. Twitter and Facebook have scrambled to head off ISIS recruiters who spread propaganda on their platforms, and top intelligence officials have bemoaned the group’s alleged use of encryption to communicate. But barring a few low-impact operations, ISIS hasn’t successfully launched a meaningful cyberattack on the West. And according to new research from Flashpoint, a cybersecurity company, it probably doesn’t have the tools or the know-how to launch one anytime soon. To date, most of the group’s offensive moves have been “attacks of opportunity” that grasp at low-hanging fruit, the researchers said. The highest-profile ISIS cyberattacks targeted Twitter accounts: In January 2015, a group calling itself the “Cyber Caliphate” took over the Twitter handle that belongs to the US Central Command, and the next month, the same group appeared to take over Newsweek’s handle. At most, the attacks amounted to digital graffiti, although it can be hard to measure their psychological and morale-boosting effects. For now, the Flashpoint researchers wrote, ISIS’s “overall capabilities are neither advanced, nor do they demonstrate sophisticated targeting.” . But on April 4, Telegram accounts belonging to two of the five main groups that Flashpoint studied announced the creation of a “united cyber caliphate,” merging those groups with two others. The researchers said the unified group could lead to expanded scope and resources for hacking, and an increased focus on training other jihadis to defend themselves online.