‘They are in front of the computer and every keystroke leads them to something more extreme.’ James Scott, co-author of The Anatomy of Cyber-Jihad

Daesh’s main ambition was to knock down borders in the Middle East and create a “caliphate” to impose its extreme version of Islam. But as that strategy is faltering, it’s turned to another: using technology to spread terror, discord and destruction.

In a new report titled The Anatomy of Cyber-Jihad: Cyberspace is the New Great Equalizer, James Scott and co-author Drew Spaniel of the Washington-based Institute for Critical Infrastructure Technology, explore the threats posed by the shift and the dangers lurking on the murky Dark Web.

This week a Daesh-linked group released a “kill list” including 150 Canadians among its “targets.” How worried should we be?

They’ve put out a few of those lists. A lot of the time they’re getting names from open sources, not from a security breach. We are seeing a spike in lone wolf attacks, where they don’t have the necessary sophistication to stalk people and take them out; they aren’t going to learn how to be snipers in a month.

It’s a cause for concern. But for the cyber-jihadists it’s more a battle of the mind. Their goal is to create fear and xenophobia.

How does the Internet increase the risk of lone wolf attacks?

Lone wolves seem to fit a certain prototype. They’re emotionally fractured. They’ve experienced a deep psychological or social impact that has left them feeling threatened and injured. They’re emotionally unbalanced and often unemployed or have difficulty keeping employment. So they have a lot of time on their hands.

They’re not just jihadists, they may be anti-government people of the right or left. They start to embrace extreme concepts — hating gays, wanting a republic not a democracy. Typically they are isolated because their ideology is so extreme and perverted. They are in front of the computer and every keystroke leads them to something more extreme, and there is no counterbalance to make them part of reality.

Chat forums on the Dark Web make them feel as though this is normal. Then the anxiety builds up, and they want action. Violence is the only option.

Daesh, also known as ISIS and ISIL, actually has a “help desk” for people who want to commit mayhem?

It’s not like a normal help desk. It’s a series of Dark Web forums and communication channels where jihadists and extremists can get advice on how they can contribute to the movement. They just have to say “here’s what I have to offer,” and they’ll get answers. What makes it unique is it operates 24 hours a day. It has about six operators, and you can access it globally.

It offers tutorials with links to YouTube, to learn easy ways to hack. Vindictive upstarts and “script kiddies” can rapidly hone their skills and become easy prey in an ideologically-driven crusade, learning how to do step-by-step, point-and-click cyber attacks on big targets.

Your report says that Daesh and other groups are using a techno-guerrilla style of cyber warfare with recruits from the American Midwest to London, Berlin, Paris and beyond. How advanced are they?

Daesh is not technically sophisticated. But they have the funding to outsource attacks. You have advanced cyber mercenaries who do contract work. They can find a way into computers through certain software. It’s called a “zero day,” — an undiscovered vulnerability in the software that can be exploited by hackers before it’s detected and fixed. If I were a hacker I’d then put a description on a hidden forum where people could purchase zero days. If you want to purchase a zero day with exclusivity, it runs about $50,000 to $150,000 (U.S.).

So they can earn considerable money from cyber attacks?

On the Dark Web it’s like a shopping trip. You can order a layered attack. You can get ransomware. If they can’t do it themselves, they’ll hire hackers. They may use ransomware on a hospital for a layered attack — they find emails available for the domain, send all staff a phishing attack. Then while the IT people are inundated with service calls they go in and map the network. Once there, they exfiltrate and sell the data. Health records can be sold for about $40 to $70 a record.

Cyber attacks are big fundraising tools because Daesh’s oilfields have been disrupted.

Loading... Loading... Loading... Loading... Loading... Loading...

Your report says the risks of cyber jihad are growing, and that it is the new battlefield. Is there any way of combating the dangers lurking in the Dark Web?

It’s the only part of the web that is not (indexed on) search engines like Google. Law enforcement agencies, the CIA, the NSA and others have been growing. But if you know how to go dark it is difficult for them to find you. It’s impossible to eliminate encryption, because it’s math. Security services are continuing to monitor, and they can see an individual online who meets a certain profile — not through dragnet surveillance but because he’s spewing hate and saying online he’s going to kill.

But the public also has to be aware of cyber hygiene. There is no silver bullet.

This interview has been edited for clarity and length.

Read more about: