As of 5 May 2016, the Islamic State of Iraq and the Levant (ISIL) Sympathizer hacking group United Cyber Caliphate (UCC) defaced a Nigerian-hosted Web site, posting an html file containing the heading “USA Online Company Data Dumped by United Cyber Caliphate,” there was no other message or threat associated with the file. The file contained approximately 1,137 entries, many of which appeared to be US-based individuals with corresponding personally identifiable information (PII) fields such as name, company, e-mail, phone, city, state, and zip code. The PII was doxed from the personnel directory of a US business, according to FBI and open source reporting.
According to FBI reporting, the most recently released information was obtained using a new technique for UCC, a simple letter query2 on the personnel registry database of a US-based business. UCC exfiltrated the PII by exploiting the open source nature of the personnel directory search function by entering each letter from A to Z, yielding all users within the directory which started with each respective letter. The resulting file was posted to the defaced Web site. FBI reporting indicates this is the first time UCC has used a simple letter query to exfiltrate data, but this does not reflect an expansion of UCC’s cyber capabilities.
UCC is responsible for a number of computer intrusions, data exfiltrations, Web site defacements/injects, and PII doxing of victims around the globe. UCC utilizes social media sites and applications to publish the results of its criminal acts, typically by posting PII of its victims. UCC actively promotes allegiance to ISIL, and its publications call for ISIL-inspired attacks against the victims whose PII has been released. ISIL and its sympathizers have repeatedly called for attacks by US-based ISIL supporters against military, law enforcement (LE), security and intelligence personnel via data exfiltrations and incitement of lone-wolf attacks through doxing of PII. Between 21 April 2016 and 2 May 2016, UCC began expanding its doxing efforts to include private citizens with the release of PII belonging to approximately 2,100 New York-based individuals and 1,500 Texas-based individuals, according to FBI and open source reporting. This expansion further validates the group’s anti-American sentiments, as well as an increased threat to targets of opportunity.
The FBI is unaware of any specific, credible threats by ISIL or its sympathizers against LE or private sector partners, and previous doxing releases have not successfully instigated physical attacks. However, ISIL supporters and US-based homegrown violent extremists present LE with limited opportunities to detect and disrupt plots, which frequently involve simple plotting against targets of opportunity.