ISIS is Using Breach Data to Build Kill Lists
On June 12, 2016, an American-born man who’d pledged allegiance to ISIS gunned down 49 people early Sunday at a gay nightclub in Orlando, the deadliest mass shooting in the United States and the nation’s worst terror attack since 9/11.
Just a few days before the horrific shooting in Orlando, a pro-ISIS hacking group calling itself the United Cyber Caliphate distributed its latest “kill” list this week. The group claimed the list includes names, addresses, and email addresses belonging to 8,318 people, making it one of the longest target lists ISIS-affiliated groups have distributed. Most of the names and the accompanying addresses listed appear to belong to people in the United States, Australia, and Canada. Out of 7,848 people identified as being in the U.S. alone, 1,445 were listed as having addresses in California, 341 in Washington, 333 in Texas, 331 in Illinois, and 290 in New York, and 643 in Florida.
The list was distributed via the messaging app Telegram and it called on its supporters to “follow” those listed and “kill them strongly to take revenge for Muslims.” This announcement specifically mentioned Florida as a target and just a few days later, the horrific shooting at Pulse nightclub occurred.
ISIS cyber actors are specifically interested in government, banking, and media targets. These entities generate the most publicity. There has been a noticeable increase in the emergence of pro-ISIS hacking groups since the summer of 2014. Whereas in the past, ISIS cyber groups have provided targeting information by tweeting the addresses of “wanted” individuals, often using hashtags like #GoForth, the new collection of ISIS cyber groups have intensified this effort, issuing “dumps” consisting of hundreds of individuals’ alleged personal information. In March 2016, these groups released the alleged information of New Jersey and Minnesota policemen, US National Guardsmen, and US Marines.
How is the United Cyber Caliphate identifying targets? Using breached cyber data. LinkedIn, the professional social networking platform currently being purchased by Microsoft for $26.2 billion, was hacked four years ago, resulting in the theft of 117 million passwords. This was one of the largest breaches in American history.
The breached data is currently being sold on the dark web. Unfortunately, people tend to reuse their passwords, allowing malicious hackers like the United Cyber Caliphate to gain access to 117 million people’s email and bank accounts. Or worse, provide enough personal information to expand their “kill list”.
For example, Facebook CEO, Mark Zuckerberg lost control of both his Twitter and Pinterest accounts to a hacker. The hacker, who went by the name OurMine, used the LinkedIn data to identify Zuckerberg’s password. Like most people, the Facebook CEO used the same password across multiple social media platform. From there they were able to gain access to his Twitter account and tweeted “you were in LinkedIn database…DM for proof”, and his Pinterest account, the name of which they changed to read “Hacked By OurMine Team”.
With access to breached data, like that from LinkedIn, malicious hacker groups like the cyber-branch of ISIS, can gain access to 117 million people’s email, bank accounts, and personal information via other social media platforms like Facebook. This is a treasure trove of information for targeting American civilians.
To protect the American public from terrorist attacks like the one in Orlando, we must hold companies responsible for losing this data, increase corporate cybersecurity protection requirements, and encourage more support for American citizens when their data has been breached.
Our citizens are a huge part of our critical infrastructure. This is why WikiBreach.org is dedicated to keeping the public informed about cyber breaches as they happen.