THE CASCADING IMPACT LEFT BY JUNAID HUSSAIN
The ISIS Cyber Caliphate was formed under a British hacker Junaid Hussain, under the assumed name of Abu Hussain Al Britani. Hussain was known online as “TriCk”, the founding member of TeaMpOisoN, a small unsophisticated hacktivist group. TeaMpOisoN was famous for website defacement and denial of service attacks against large corporations and government entities, such as Facebook, NASA, NATO, and the United Nations. Junaid Hussain was arrested in 2012 for hijacking accounts belonging to Tony Blair and posting personal information online. In 2013, while on bail, Junaid Hussain fled to Syria and joined ISIS and kept on running ISIS Cyber Caliphate.
Junaid Hussain was a prominent recruiter within ISIS and it is believed that he is responsible for developing much of their cyber and social media strategies. While “TriCk” possessed adequate technical knowledge, he was unable to launch meaningful cyber-attacks for ISIS, in part because none of the hackers that he knew wanted to work with him after they discovered his affiliation to the jihadist group. Junaid Hussain managed to persuade one contact, Ardit Ferizi, also known as “th3Dir3ctor Y,” to assist him in obtaining personal information for public release on August 11, 2015. Ferizi, who was believed to be the leader of the Kosova Hacker’s Security collective, was arrested and tried for providing the personal information of over 1,500 American government personnel, to Hussain. The information included names, emails, passwords, department or division placement, location data, and phone numbers of 1,500 military and government personnel from within the Air Force, foreign embassies, the Marines, NASA, USAID, and the New York Port Authority. The released information also included the credit card information of several State Department officials and screenshots of private Facebook messages between United States servicemen. A majority of the information disclosed was publically available on the internet and on unclassified systems.
Hussain appears to have failed to recruit any other notable hackers. Instead, he tried to increase recruitment efforts on Twitter and other social media and he began to coordinate the various unsophisticated cyber branches that were sympathetic to ISIS, into the ISIS Cyber Caliphate. The series of forums, communication channels, and appropriated cyber-defensive instructional materials, referred to as the “ISIS help desk,” was devised under his suggestion. He may have also been involved in the Dabiq and Kybernetiq publications. Hussain may be responsible for instigating the “lone-wolf” attacks, in which ISIS publishes lists of targets and calls for new recruits in foreign countries to attack them. Lone-wolf attacks are often preceded with a claim that a list of targets was obtained from a hacked database or agency. So far, the lists published suggest that they were compiled using open source information. Even though he was not a key member of the leadership, Hussain’s contribution to the cyber capabilities of the terrorist organization made him the third most valuable target in ISIS.
Phishing with Explosives?
In August 2015, GCHQ and the US intelligence agencies cracked the encryption on the terrorist communications on the Surespot mobile messaging application. Hussain used Surespot and other encrypted messengers to communicate with contacts and to draw in recruits. An undercover agent sent Hussain whale-phishing email containing a poisoned internet link. When opened, the link delivered him to a landing page with embedded malware. The malware obtained his IP address and used it to geo-locate him before redirecting him to the expected page. The entire process took only a few nanoseconds. After his location was known to allied forces, he was killed in a drone strike on his location.
Junaid Hussain’s death was confirmed by his jihadist bride, Sally Jones in the months following the attack. In the wake of his demise, militants hijacked 54,000 Twitter accounts and used the compromised accounts to spread ISIS propaganda. The militants also published a database of the Twitter account owner information as well as mobile phone numbers, names, and other details of individuals located in the United States, the United Kingdom, and Saudi Arabia. Twitter, quickly disabled the infected accounts.
Junaid Hussain was replaced by a British-educated Bangladeshi computer expert and businessman named Siful Haque Sujan; however, he too was killed in a drone strike on Raqqa, Syria on December 10, 2015. So far, the United States has limited the expansion of ISIS cyber capabilities by conducting cyber-physical attacks against pivotal members of the organization. John Miller (Cylance) agrees, but he warns, “With the rise of ISIS as a cyber power, the concept of nation state proportional response no longer applies. The multiple drone strikes responsible for the deaths of Siful Haque Sujan and Junaid Hussain are proving to be effective in suppressing the immediate rise in cyber capability of this group, however it is not a sustainable long term solution.” Since Sujan’s demise, it is unclear how well the factions of the ISIS Cyber Caliphate are coordinating with one another. The fracture can be seen in the indecision concerning their name. Some factions refer to their collective as the ISIS Cyber Caliphate, some use the term Caliphate Cyber Army, and others still refer to it as the Islamic State Hacking Division (ISHD). It may be important to note that while the ISIS Cyber Caliphate has vigorously endorsed ISIS, the opposite is not true. ISIS has never claimed ownership of the ISIS Cyber Caliphate.