Hackers aligned with the Islamic State militant group (ISIS) are “garbage” at coding, hacking and protecting their whereabouts, according to a top cyber-security researcher.
The group has used the internet to spread its propaganda across the world, recruit thousands of foreign fighters and to communicate with one another, but its cyber operations are less sophisticated than other areas of its operations.
The cyber operatives are producing hacking programs and tools that are easy to infiltrate and prevent, Kyle Wilhoit, a senior security researcher at DomainTools, told security conference DerbyCon.
“ISIS is really, really bad at the development of encryption software and malware,” Wilhoit said, tech news outlet The Register reported.
“The apps are shit to be honest, they have several vulnerabilities in each system that renders them useless.”
In response to the failure of their cyberattack capabilities, pro-ISIS hackers are now turning to other online services such as encrypted app Telegram, to talk to one another and share attack code.
Wilhoit looked at three different programs created by hackers from the ISIS-affiliated United Cyber Caliphate, or UCC, and found they have numerous bugs.
“As it stands ISIS are not hugely operationally capable online,” Wilhoit added. “There’s a lack of expertise in pretty much everything.”
The attacks by the group’s cyber wing have largely been limited to de-facing several websites. But, more unnerving for Americans, ISIS-linked hackers released hit lists with the names and addresses of thousands of civilians, as well as diplomatic and military personnel, in 2015.
ISIS-linked hackers have previously released sensitive information related to key United States security personnel, such as Director of National Intelligence James Clapper, Director of the CIA John Brennan and also Hillary Clinton.
The militant group’s strategy of releasing such lists was started by one of its members, prominent British hacker Junaid Hussain, who the U.S. coalition killed in an August 2015 air strike. The hackers encouraged ISIS supporters to carry out attacks in their home countries with any method possible.
The group’s late external operations chief and spokesperson Abu Mohammed al-Adnani launched the call on foreign ISIS supporters to commit individual attacks in an audio statement released in September 2014.
He urged ISIS followers to “kill a disbelieving American or European—especially the spiteful and filthy French—or an Australian, or a Canadian…in any manner or way however it may be.”