Advertisement

Isis being hindered by 'really, really bad' coding skills

The Islamic State flag: AFP/Getty Images
The Islamic State flag: AFP/Getty Images

Islamic State hackers are struggling to carry out cyber-attacks because they are “really, really bad” at coding, a cyber-security expert has said.

Online attack tools built by the terrorist group are full of basic errors, according to new research.

Speaking at security conference DerbyCon, senior security researcher Kyle Wilhoit called the attack tools created by one larger IS hacker collective “garbage”.

“ISIS is really really bad at the development of encryption software and malware,” Mr Wilhoit told The Register.

He added that while IS were proficient in using social media to recruit members from around the world, their cyber-attack methods were less advanced.

Faithful fanatics: Islamic State fighters are being recruited from many secular Western nations (AP)
Faithful fanatics: Islamic State fighters are being recruited from many secular Western nations (AP)

“The apps are sh*t to be honest, they have several vulnerabilities in each system that renders them useless.”

As part of his research, Mr Wilhoit analysed three separate types of tools created by hackers who were part of what is known as the United Cyber Caliphate (UCC). This was set up as an umbrella organisation for 17 hacker groups that had declared their support for IS.

IS failed to develop a secure email system after it leaked information about its users and its malware (malicious software) was full of basic bugs, according to the research. The UCC has so far failed to take down any significant target.

Mr Wilhoit said because of these failings the group’s members are turning to the dark web to find codes that actually work.

"As it stands ISIS are not hugely operationally capable online," he added. "There's a lack of expertise in pretty much everything,"

Mr Wilhoit said IS was poorly skilled at hiding its activities online, sharing pictures of successful attacks containing metadata which could identify the location of the photo.

He also found an unprotected IS server online that served as a repository of images the group planned to use for propaganda.

"You can basically mass export metadata from each of the pictures and get literally up-to-the-second information on where people are operating, because they are not really that great at operation security."