1. RISKS OF ISIS-CYBER-TERRORISM
Lars G. A. Hilse, September 2014
+1 949 208 4181 // +49 4835 9513027 // LH@LARSHILSE.COM
The deep web allows anonymous communication. Bitcoin makes it possible to transfer assets
around the globe in seconds, also in absolute anonymity. ISIS has a war chest of over USD $2
billion, seeks to attack the west and is attributed the ability to operate very strategically. Jihadists
have been known to embrace technology. Gaping vulnerabilities in the technology-reliant western
infrastructure make easy targets.
What if ISIS were to communicate anonymously?
One of the most essential instruments in counter terrorism is signals intelligence; infiltrating the
adversary’s communication-flow to make qualified decisions, determine their strategy, and be
aware of their next movement.
If this stream of information is severed, if ISIS would start to communicate through anonymous
communication channels, the advantage falls drastically in favor of the adversary.
Contrary to popular belief it is still possible to use the TOR network to communicate anonymously.
The most prominent example is the arrest of the alleged Silk Road1 founder Ross William Ulbricht,
who as able to acquire a fortune of Bitcoin worth several hundred million dollars2 over a period of
years, without being discovered.
When reading the criminal complaint3 it becomes evident that his capture was only possible due to
mistakes he made during the early stages of Silk Road, while a majority of sources still claim that
providing anonymity for end-users on the internet remains a very challenging and difficult task4.
When used correctly, TOR offers tremendous possibilities to obscure communiqués in form of
email, instant (mobile) messaging, and even voice messaging, while not only anonymizing the
communiqué itself, but also the geophysical location of both sender and recipient.
Recruiting Professionals
ISIS and previous extremist-movements are experienced in recruiting followers for their cause
1 Silk Road: ebay for drugs in Addiction Volume 107, Issue 3, page 683 March 2012
http://onlinelibrary.wiley.com/doi/10.1111/j.1360-0443.2011.03709.x/full
2 D. Ron, A. Shamir, How did Dread Pirate Roberts Acquire and Protect his Bitcoin Wealth?,
Weizmann Institute of Science Israel in IACR Cryptology ePrint Archive, 2013
http://i.cdn.turner.com/money/2013/images/11/25/silk-road-paper.pdf
3 United States - v. - Ross William Ulbricht, 13 MAG 2328, p24 onwards,
https://www.documentcloud.org/documents/801103-172770276-ulbricht-criminal-complaint.html
4 Performance Analysis of Anonymous Communication Channels provided by Tor, Panchenko, A. ;
Dept. of Comput. Sci. - Inf. IV, RWTH Aachen Univ., Aachen ; Pimenidis, L. ; Renner, J., Pages
221 - 228

2. online5, so looking in other online-forums for IT security professionals is merely a minor change in
procedure.
Convincing hackers, who find pleasure in making use of things in ways that were unintended, is
quite easy. Even ethical concerns tend to loosen with a budget of USD $2+ billion6.
Furthermore, a cyber-attack can be compartmentalized, so that subject matter experts might be
hired to work on a particular piece of software that is - by itself - harmless.
Only when put into greater context does it become harmful, without the people creating it being
aware of the intended use.
Adding to the simplicity is the fact that large quantities of the knowledge required to orchestrate a
large-scale cyber-attack are available in the public domain, and can be easily retrieved performing
searches for topics such as "penetration testing" or similar terms.
Because they are people of the internet, most of the subject matter experts required for such a
project will prefer Bitcoin over conventional cash for a variety of reasons.
For one, the assets received in form of Bitcoin can be easily laundered and the source can be
entirely obscured. If all fails, the claim is made that the large sum of money originated from early
Bitcoin mining operations7.
Furthermore, it is easier to transport. Even large sums of Bitcoin fit onto a USB drive, and can
therefore cross borders without a customs official even having a hint that a perpetrator is walking
by them with the equivalent of several million US Dollars on their person.
An impressive, but largely useless Armory
Their expansion in Iraq has granted ISIS access to several conventional arms, among which are
tanks, armored vehicles, howitzers along with other towed artillery.
An estimated 30 T-55 and T-72 battle tanks, SA-7 and FIM-92 shoulder mounted Stinger missiles,
rocket launchers, etc. on the offensive, and instruments such as the ZU-23-2 anti-aircraft guns,
M79, HJ-8 and AT-4 anti-tank weapons on the defensive side are in their possession8.
Ongoing attempts to obtain chemical or biological agents9, and their deployment in western
countries is unlikely due to the high difficulty of shipping such agents undetected.
5 http://www.ctvnews.ca/world/how-isis-became-the-richest-terrorist-group-in-the-world-1.1872634
6 http://www.dw.de/who-finances-isis/a-17720149
7 Zerocoin: Anonymous Distributed E-Cash from Bitcoin, Miers, I. ; Dept. of Comput. Sci., Johns
Hopkins Univ., Baltimore, MD, USA ; Garman, C. ; Green, M. ; Rubin, A.D., 2013, Pages 397-411
8 http://www.telegraph.co.uk/news/worldnews/middleeast/iraq/11052919/How-Isil-is-funded-trained-
and-operating-in-Iraq-and-Syria.html
9http://www.foreignpolicy.com/articles/2014/08/28/found_the_islamic_state_terror_laptop_of_doom
_bubonic_plague_weapons_of_mass_destruction_exclusive

3. In terms of nuclear capabilities, ISIS captured some 40kg of low-grade uranium compounds from a
research facility in Mosul, but are far from weaponising it10.
While this presents an impressive arsenal, which is very useful in their current AO, deploying these
weapons to strike the west is - again - nearly impossible.
Necessary Transition
The jihadist-movement has repeatedly been referred to as being very tech-savvy11, so in spite of
the post 9/11 scrutiny, and its dynamic strategy adjustments of the past, it is a conceivable
opportunity that it will resort to acquiring the expertise necessary to conduct large-scale cyber
attacks.
One of an extreme number or possible threat scenarios resulting thereof is a prolonged internet
outage.
The western internet infrastructure currently has approximately 60 Tbps available bandwidth 12.
A 2014 DDoS attack on Spamhaus13, an organization specializing in spam prevention, reached
400Gbps14.
In a speech at the 2013 Defcon Conference in Las Vegas, Cloudflare CEO Matthew Prince not
only stated that such large-scale attacks don't require a lot of technical expertise, but that attacks of
12Tbps are realistic15.
Those orchestrating an earlier attack on Spamhaus in March 2013 would later attack the London
Internet Exchange (LINX), the Amsterdam Internet Exchange (AMS-IX), the Frankfurt Internet
Exchange (DE-CIX), and the Hong Kong Internet Exchange (HKIX), all of which are critical hubs in
the internet infrastructure of the western world16.
Congesting 12Tbps of the available 60Tbps of the west's available internet bandwidth would have
significant impact on a society, in which almost any industry or part of personal lives rely heavily on
network connected infrastructure.
From our personal and business communication, over traffic lights, the trains we use to commute,
up to the power- and water-treatment-plants we take for granted – nearly everything only works
because it is connected to the internet.
An organization like ISIS would seek to create large-scale interruption and/or damage upon the
10 http://www.telegraph.co.uk/news/worldnews/middleeast/iraq/11052919/How-Isil-is-funded-
trained-and-operating-in-Iraq-and-Syria.html
11 http://www.theguardian.com/world/2014/jun/16/terrifying-rise-of-isis-iraq-executions
12 http://global-internet-map-2012.telegeography.com/
13 http://www.spamhaus.org/organization/
14 http://www.pcmag.com/article2/0,2817,2453157,00.asp
15 http://youtu.be/q2FxTgd3uTE?t=24m7s
16 http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet

4. culture they despise, and favor this broadsword attempt to cause the highest possible damage,
while cyber-attacks can also be exceptionally surgical and precise.
The internet wasn't designed with security in mind, because in its infancy it was a closed circuit
system, never intended to go public.
Therefore, all security measures becoming necessary for the commercial ways in which the web is
being used/misused are built upon an exceptionally vulnerable infrastructure.
A particular Threat to Israel?
In July 2014, reports surfaced about Chinese hackers having infiltrated the networks of three Israeli
defense contractors, obtaining information not only on the Iron Dome System, but likely also on
UAV technology, ballistic rockets, and detailed schematics on the Arrow III missile interceptor17.
It is black market intelligence like this, which is easily purchased through the right channels on the
deep web, which can shift advantage in favor of the weaker adversary.
The impressive arsenal ISIS has assembled over the past months is no match for the strong and
well-trained Israeli Defense Force (IDF)18.
Yet, a forward deployed, and targeted cyber attack to cripple large parts of Israel’s civilian
infrastructure, thereby - for instance - also hindering rapid troop deployment, may present a viable
option for ISIS to reduce the military advantage Israel holds.
While it wouldn't set the IDF and ISIS on par, a pre-invasion cyber-attack could reduce battle
damage encountered by ISIS invading Israel, which, due to its close proximity to Syria and
affiliation with the west - along with the ideological differences -, may be a likely target for an
invasion.
Contributing Factors to the Global Cyber-Vulnerability
Along with the aforementioned fact, that the internet wasn't design with security in mind, there are
two main factors in western culture, which can be classified as the main contributors of increasing
vulnerabilities in network connected infrastructure.
Number 1 are the decreasing quality and commercialization/consumerization of software and
operating systems, which essentially depict the interface between the employee and the machine.
When consumer grade software is used to secure and control sensitive and critical infrastructure,
vulnerabilities are inevitable.
Number 2 is the exponentially increasing demand for convenience and cost reduction.
Every employee needs a place to work; an office. Offices present a large overhead for any
corporation, as do the working instruments made available to employees.
17 http://rt.com/news/176268-chinese-hackers-israel-iron-dome/
18 http://www.globalfirepower.com/country-military-strength-detail.asp?country_id=israel

5. This fact has brought forth the trend of "Bring Your Own Device" (BOYD), in which employees are
encouraged to use their own hard- and software as tools they would otherwise have to be
equipped with by the employer.
BOYD, however, puts the hard- and software used by employees out of the reach and control of
employers and associated IT policies and procedures.
Employees will be using their devices in private environments as well, therefore exposing them to
significant risks in context to penetration of corporate intellectual property, in otherwise secured
ICT environments19.
Furthermore, the fact that an ever increasing number of employees are left to work from the
comfort of their home, mainly to save costs for office space.
This, however, displays yet more vulnerabilities, because large distances have to be relayed for the
employee to work, which can be intercepted, and the devices used to work are in unsecure
environments.
Countermeasures
In the years leading up to 9/11, the world was in denial over the fact that planes could be used as
weapons.
The consequences of this lack of imagination towards realistic cyber-threats could have even more
dire consequences taking into consideration that all means of communication are network
connected today.
Even such basic things like telephony require a functioning, stable connection to the internet to
function, if they're not already switched over to IP-telephony already, and therefore require the
internet as the base of operation.
Applied countermeasures start with the necessity of awareness towards the vulnerabilities, more
importantly though how catastrophic their exploitation would be in most western nations.
The second step is to assess not only the vulnerabilities in the domestic environment, but to also
monitor the efforts of more advanced nations and enterprises, in order to prevent new
vulnerabilities from arising and to check the domestic environment against vulnerabilities
discovered by others, before they become a problem.
Conclusion
The world is in danger, neglecting the consequences a cyber-attack could have.
Whether it is the aforementioned "broadsword" approach, or a more surgical strike, the
consequences - both from a human casualty and monetary standpoint - would be dire for any
western nation.
19 https://www.academia.edu/7858110/Why_there_will_be_a_Cyber-9_11._Soon

6. With ISIS, the world is introduced to the first actor with the financial capability to orchestrate such
an attack with their ideology and hatred towards western culture presenting the motive.
A variety of western nations deem themselves prepared for such an attack, while being far from it.
The cyber-threats constantly change in an exceptionally dynamic fashion.
Preparedness is the key, and constant analysis of domestic infrastructure, as well as inclusion of
cyber-capabilities into warfare-theaters and civilian infrastructure is essential.
About the Author
Lars G. A. Hilse (*1979) is a senior management consultant specializing in digital strategy with a
lifelong passion for the internet.
On the commercial side, his E-Business Sales Funnel Methodology is responsible for close to USD
$1 billion increased revenue for his clients, among which are AXA, Ferrari, DHL, et. al. from 20+
industry verticals in over two dozen countries.
On the government side, he has privately funded over USD $200.000 worth of research into
cybercrime, cyber-terrorism, cyber-defense & -security.
His Continuous Vulnerability Testing Methodology (CVT) focuses on securing critical, domestic
infrastructure, while at the same time including offensive cyber-warfare principles into military
strategy to reduce casualties and battle damage.
He has given numerous speeches around the globe, among others at the WCF in Davos,
Switzerland and is the author of several books.