Tech

ISIS data breach: Money, misinformation or mutiny?

Analysis: The latest "information leak" shows how little we actually know about the Islamic State -- but how some can still use war to earn a quick buck.

Written by Charlie Osborne, Contributing Writer March 11, 2016 at 5:29 a.m. PT

This week, law enforcement, intelligence agencies and journalists alike rejoiced at the revelation that a store of sensitive Islamic State information had been stolen from under its nose from a bitter defector.

Sky originally reported that the personal information of 22,000 IS fighters were exposed in the cache of documents, given to the outlet by a man called Abu Hamed, an alleged former Islamic State convert and Free Syrian Army member.

Special Feature

IT Security in the Snowden Era

The Edward Snowden revelations have rocked governments, global businesses, and the technology world. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices that technology leaders can put to good use.

Read now

"The files were passed to Sky News on a memory stick stolen from the head of Islamic State's internal security police, an organisation described by insiders as the group's SS," the publication declared. "He had been entrusted to protect the organisation's core secrets and he rarely parted with the drive."

The documents cache, a set of recruitment and entry questionnaires, contain the personal data of IS recruits. Information stored within include names, birthdates, hometowns, contact information, family links and roles.

Originally, many outlets followed the lead of Sky in reporting the news, and several called their data troves "exclusive."

There was much to be happy about. These might well be the only kinds of data breaches that prompt the police and government to break out into unrestrained applause and a dance of joy.

Thousands of fighter names, contact details, home addresses, family links and current IS positions? Such a treasure trove can only be of benefit to intelligence agencies that are attempting to combat the threat of ISIS.

Dig a bit more, however, and it appears that Syrian publication Zaman Al Wasl published these documents online quite some time ago. The cache reveals the personal data of 1,736 IS fighters -- many of which hail from Saudi Arabia, Tunisia, Morocco and Egypt -- rather than 22,000.

In the meantime, Sky has quietly edited its piece, removing "22,000" and instead using "thousands," as noted by Gizmodo. This quiet correction can only point towards some error on their part and the possibility that the documents Sky possesses are the same scans which you can look over with a click of a button.

This is not the only issue at hand, however. Agence France-Presse has spoken to a number of experts who have cast doubt on the legitimacy of the documents.

There are a number of problems. The documents appear to be a patchwork of inconsistent language, grammatical mistakes, as well as the fact IS uses two Arabic names for itself -- one of which is outdated -- and an old logo is present on some forms. In addition, a number of jihadist terms you would expect to see -- such as "martyrdom" -- are missing, and instead are replaced with the phrase "date of killing."

Speaking to the publication, Charlie Winter, a researcher at Georgia State University, said the use of a second, circular logo on the documents has only previously been seen on "really shoddily made forgeries."

Journalist and jihadism expert Wassim Nasr cast further doubt on the legitimacy of the documents, saying "maybe some of the information is real, while the layout was fabricated to sell the information at a high price to different buyers."

Add this speculation to comments made by Aymenn Jawad Al-Tamimi, researcher and Shillman-Ginsburg Fellow at the Middle East Forum, who told Gizmodo that at least one outlet turned the reported defector down as they would not pay for the information, and it may be that the documents are not worth the -- digital -- paper they are written on.

According to the Guardian, German publication Süddeutsche Zeitung was also offered the records several weeks ago but declined to pay for them.

Security

Now, it appears that much of the information is outdated, anyway. A number of jihadi fighters from countries including Britain listed are believed to now be dead due to recent attacks, rather than in active IS service.

This confusion over the source of the documents, in some respects, is irrelevant. No matter where the information came from, law enforcement and intelligence agencies do believe some of the data is legitimate.

It may have simply been that the information was already available online, but a lack of notice prompted the alleged defector to spread the information further by contacting law enforcement and the media directly with a story of smuggling the data across the Turkish border.

Not only could this be increasing the exposure of the information, but the source could have made some serious cash from media outlets intent on possessing the "exclusive" information.

There are other angles to the data leak that should be considered.

Special Feature

Security and Privacy: New Challenges

As big data, the IoT, and social media spread their wings, they bring new challenges to information security and user privacy.

Read now

If the bulk of the information is legitimate, perhaps IS leaked the data purposefully to stop wavering members from attempting to leave. Removing the protective barrier of the IS mask may be enough to make some regretful soldiers stay put.

I don't necessarily buy this concept. After all, recruitment drives, video and photos broadcast by IS demonstrate that the group enjoys maintaining an element of the mystique. However, IS is coming under increased pressure now that the eyes of the international community are on them, torrents of refugees are forcing political leaders to acknowledge the state of affairs, and some countries have sent in the military to assist. Perhaps IS is beginning to fracture, and the pressure is making some members consider leaving.

Or, perhaps the data breach was truly caused by a defector, now disillusioned with the fanatical group's calls for a new state under a warped kind of Sharia law. Acting as a whistleblower may provide the alleged defector with sufficient leverage to start again outside of IS with a clean slate -- whether or not intelligence agencies can glean anything new from the intel.

No matter. The lesson here is that law enforcement and intelligence agencies should take more notice of what local media both on the ground and online are reporting. There are constant calls for additional laws and government powers to boost surveillance on their own people, but no-one at these same agencies noticed the records floating across the Internet for so long.