ISIS: Great at Photoshop, rubbish at hacking
These attacks have generated plenty of headlines, but security experts are split on how capable Islamic hacktivists are and how much a danger – beyond damage to the reputations of hacked organisations – they might pose.
Frank Engelsman, an international crime and terrorism analyst, is dismissive of the "poor technical skills" of ISIS, al-Shabaab and Boko Haram. None bear comparison with nation-state spies and intel agencies, he argues.
"All three organisations do not have the right skills in-house to conduct a well-coordinated and successful cyber-attack like the North Koreans and Chinese can," Engelsman writes. "Neither is it their focus. Their enemies are not a high-tech society which can be affected by a cyber-attack."
The TV5Monde hack and others like it were pulled off by online sympathisers of the Middle Eastern terrorist group, rather than ISIS itself, he adds.
"Sympathisers and internet hooligans do have some script kiddie skills to deface web pages and gain media attention to proclaim their message. Except for excellent Photoshop skills, ISIS has NO serious technical IT skills," Engelsman suggests.
"ISIS never targeted US and European sources through cyber-attacks, except for the script kiddie level of defacing web sites. We do not expect them nor Boko Haram or al-Shabaab to execute real cyber-attacks," he concludes.
The analyst puts Al-Qaeda's technical capabilities on a far higher level than younger Salafist Jihadi groups.
"Being a long-term strategic organisation, Al-Qaeda does have serious internet/IT coding, encryption, cloaking, hacking and security skills available. Some of their top-level messengers (used to) work for the big IT companies, the military and banking industries," he writes. "The capabilities of the terror organisations ISIS, al Shabaab and Boko Haram are over-rated when it comes to cyber-attacks and capabilities, and are extremely under-rated when it comes to their ability to disrupt a region."
Other infosec experts, such as Moscow-based security consultancy Group-IB, credits ISIS with greater capabilities and threat levels. Hackers from Islamic State attacked 600 Russian net resources last year, according to a recent Group-IB report.
Group-IB reckons three criminal groups participated in ISIS activities, namely Team System Dz, FallaGa Team and Global Islamic Caliphate. "There are more than 40 people in these groups, and since Autumn 2014 they have been participating in attacks on Russian resources," according to Group-IB. "Their main methods are mass breach of sites or targeted attacks on popular internet resources", with defacements later publicised through Twitter and other social media outlets.
Several banks, construction companies, plants, governmental organisations and even lyceums and scientific centres became victims of these attacks. Victims included the North Urals Local History Museum, and Mitischy city portal.
"Russian internet security services and Russian companies shouldn't undervalue ISIL (ISIS) capabilities, as their attacks are [not the result] of any logic and are aimed to the maximum social resonance," said Ilya Sachkov, chief exec of Group-IB, in a statement.