Pando

The Islamic State joins North Korea as a surprising suspect in a cyberattack

By Nathaniel Mott , written on December 18, 2014

From The News Desk

A new report from Citizen Lab claims the so-called Islamic State could be responsible for a cyber attack meant to reveal the location of members of the "Raqqah is being Slaughtered Silently" (RSS) advocacy group for reporting on the Islamic State's human rights violations in occupied Syria.

"Though we are unable to conclusively attribute the attack to ISIS or its supporters, a link to ISIS is plausible," Citizen Lab says in the report. "The malware used in the attack differs substantially from campaigns linked to the Syrian regime, and the attack is focused against a group that is an active target of ISIS forces." There's no definitive answer, but that's common with cyberattacks.

The difficulty associated with attributing attacks like this is part of the reason why there's so much uncertainty about North Korea's involvement with the Sony Pictures Entertainment hack. While that hasn't stopped the many in the United States government from deciding North Korea is somehow at fault, it has dogged the investigation since it began, and made people question the connection.

As Wired explained shortly before reports of the US's conclusions were published on Wednesday:

Regardless of whether the Sony, Saudi Aramco and South Korea attacks are related, the evidence indicating they’re nation-state attacks is circumstantial. And all of the same evidence could easily point to hacktivists. Our money is on the latter.

This is likely a group of various actors who coalesce and disperse, as the Anonymous hackers did, based on their common interests. But even with that said, there is another possibility with regard to the Sony hack: that the studio’s networks weren’t invaded by a single group but by many, some with political interests at heart and others bent on extortion. Other security experts remain skeptical of North Korea's reported ties to the attack. Unlike a physical weapon, which reveals itself by its design or the materials used to create it, cyber weapons can be made to look like they came from anywhere. That's true whether investigators are looking into something like the Sony hack -- which is thought to be the costliest hack ever -- or into efforts to locate and possibly silence activists reporting human rights issues to the world.

Which isn't to say reports about either North Korea's or the Islamic State's involvement with these hacks are false. They could very well be responsible for the attacks. But it's worth considering that we're experiencing confirmation bias: people wanted the Sony Pictures hack to have some relation to "The Interview" (myself included) so they believe North Korea is behind the attack, even though security experts aren't convinced by the available evidence.

The same goes for the Islamic State. It's being portrayed as this strange, tech-and-media savvy organization that somehow possesses technical powers far beyond other terrorist organizations. But as I explained when reports came out revealing that the group had gotten its hands on a drone that played an instrumental part in it taking a Syrian air base, that's an overstatement:

Private companies are using drones. Western governments have been using drones for years. People can buy the things for a few hundred dollars and, assuming they aren’t followed around by a police helicopter, can fly them around without having to worry too much about it. By now, it would be more surprising if groups like ISIS weren’t using drones to gather information than to learn that it used one to help it capture a high value target like a Syrian government air base.

But, then, I suppose that uploading a video of drone footage to YouTube and allowing the media to work itself into a frenzy over its “new” capabilities serves ISIS — and the media — just fine. It makes the group seem even scarier than it’s already been portrayed, and it combines two things (terrorists and tech) that are guaranteed to get people talking. All of which is to say that it's worth being skeptical about reports blaming any cyberattacks on a specific group too soon after they're revealed. While it makes for a good story -- the bizarre nation few people understand attacking a filmmaker, the terrorist organization that also happens to be a technological wunderkind attacking activists -- it's never simple. Citizen Lab makes this clear in its report; hopefully others do the same when discussing North Korea and the Sony hack.

[illustration by Brad Jonas]