NAT SEC

ISIS Hackers’ Latest ‘Kill List’ Demonstrates Their Incompetence

A database easily found online was posted as a purported kill list, with no explanation

NAT SEC
Jun 23, 2016 at 2:29 PM ET

An online group calling itself the “Cyber Caliphate Army” is distributing a “kill list” on social media; the list includes over 4,000 names, addresses and emails of people the group wants targeted and killed. At least half the people on the list are American. But while the “army” claims to have found this list thanks to their superior hacking abilities, Vocativ has found an Excel file online with exactly the same names and details—a database that is easily found using search engines, no hacking necessary.

The group, which supports the Islamic State, published the list on its Telegram channel this week. “O wolves of the Islamic State, [this is a] very important list, kill them immediately.”

Vocativ discovered the same list of names on a business platform resembling LinkedIn, created in 1999.

The self-declared hackers took the list as it is, changed some colors, and added their own threatening language. There is nothing that distinguishes this set of names as worthy of attention, certainly nothing that might make them targets of ISIS. In the past other groups affiliated with the Islamic State have released contact details for logical targets like police officers and military officials. This list, however, is so random that it appears to be little than an attempt by the group to prove that it has hacking abilities.

It’s not the first time so-called hackers have done this. Recently another pro-ISIS group called the “United Cyber Caliphate” released a “kill list” with similar details of thousands of others it deemed worthy, but unclear, targets.

The “hacked” list posted by ISIS “hackers”

The original list that can easily be found online

A recent study by Flashpoint, an intelligence firm, showed that the United Cyber Caliphate—a merger of pro-ISIS groups—is incompetent when it comes to hacking. Their highest-profile “hack” involved simply taking credit for others’ work, according to the study. And this latest list appears to be much of the same.

And while such lists aren’t unprecedented—previously, users affiliated with the terror group have called on ISIS loyalists to attack everyone from Minnesota cops to State Department employees and ordinary Americans—it’s unclear if they’re particularly significant. As the Wall Street Journal reports, counterterrorism officials have been at odds over whether such lists actually pose a threat, or whether—like so much ISIS propaganda—they’re a way to make the group appear more powerful and frightening than it actually is.