(U//FOUO) FBI Bulletin: Threat of Cyberterrorist and Hacktivist Activity in Response to U.S. Military Actions in the Middle East

FBI Cyber Division Private Industry Notification

3 pages
TLP: GREEN
For Official Use Only
September 24, 2014

(U//FOUO) The FBI has no information at this time to indicate specific cyber threats to US networks or infrastructure in response to ongoing US military air strikes against the terrorist group known as the Islamic State of Iraq and the Levant (ISIL), also known as the Islamic State of Iraq and al-Shams (ISIS) or the Islamic State (IS). However, the FBI assesses extremist hackers and hacktivist groups, including but not limited to those aligned with the ISIL ideology, will continue to threaten and may attempt offensive cyber actions against the United States in response to perceived or actual US military operations in Iraq or Syria. The FBI bases this assessment on recent, nonspecific, and probably aspirational threats made on social media platforms to carry out cyber as well as physical attacks in response to the US military presence in the Middle East.

(U//FOUO) In mid-May 2014, the hacktivist group Tunisian Hackers Team threatened Distributed Denial of Service (DDoS) attacks against the US financial sector unless US military forces were withdrawn from presumed-Islamic lands (for additional information, see PIN# 140624-015).

(U) As of early-2014, Twitter user @AnonArabOps expressed support for ISIL, provided guidance on the use of various hacking tools, and called for cyber attacks against the United States and Israel.

(U) As of early-September 2014, a British media outlet identified the hacker known as Abu Hussain Al Britani as a Syria-based ISIL fighter. Al Britani previously served a six-month sentence in the United Kingdom for hacking the e-mail account of former Prime Minister Tony Blair, according to the media report.

(U) On 7 September 2014, Twitter user @Dawlamoon posted messages encouraging attacks against Twitter employees, likely in response to Twitter’s takedown of several pro-ISIL accounts.

(U) Impact:

(U//FOUO) Middle East-based hacktivist groups and extremist cyber actors have previously targeted US commercial and government Web sites in response to a range of US military actions and foreign policy positions. Analysis by the FBI and the private cyber security industry suggests that the most likely tactics, techniques, and procedures utilized by these groups are Cross Site Scripting (XSS), Structured Query Language (SQL) Injection, and TCP/UDP Flooding for defacement and DDoS attacks. Web site defacements conducted by these actors will likely contain messages expressing support for ISIL, and/or contain imagery such as the black ISIL flag (Figure 1) or graphic imagery, e.g., pictures or videos of ISIL executions.

(U) Defending Against Hacktivism

(U//FOUO) In general, hacktivism cyber attacks may result in Denial of Service, defacement of a Web site, and compromise of sensitive information which may lead to harassment and identity theft. Although the specific claims referenced above do not speak specifically to a particular attack vector, precautionary measures to mitigate a range of potential hacktivism threats include:

(U//FOUO) Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks.

(U//FOUO) Have a DDoS mitigation strategy ready ahead of time and keep logs of any potential attacks.

(U//FOUO) Scrutinize links contained in e-mail attachments.

(U//FOUO) Regularly mirror and maintain an image of critical system files.

(U//FOUO) Encrypt and secure sensitive information.

(U//FOUO) Use strong passwords, implement a schedule for changing passwords frequently and do not reuse passwords for multiple accounts.

(U//FOUO) Enable network monitoring and logging where feasible.

(U//FOUO) Be aware of social engineering tactics aimed at obtaining sensitive information.

(U//FOUO) Securely eliminate sensitive files and data from hard drives when no longer needed or required.

(U//FOUO) Establish a relationship with local law enforcement and participate in IT security information sharing groups for early warnings of threats.