The activities of Islamic State-affiliated hackers and hacking groups continue to garner substantial media attention and public concern. In turn, threat assessments and predictions of the capabilities of these actors frequently rely on ‘what-if’ scenarios, overestimate technical skill, and conflate multiple, separate cyber activities. Through analysis of several U.S. prosecutions of Islamic State-affiliated hackers and their networks, proficiencies, and activities, this article argues that very few of these actors demonstrate advanced hacking or cyberterrorism capabilities. Lacking the know-how, resources, and ingenuity for complex computer network operations, the entities analyzed here turned to methods like doxing, website defacements, social media account hacks, and minor intrusions. A pertinent example is the case of Ardit Ferizi, the Kosovar national arrested in 2015 for illegally obtaining personally identifiable information from a U.S. company’s server and providing it to the Islamic State.
Read full article here