How the U.S. Hacked ISIS | Better HN

How the U.S. Hacked ISIS | Better HN

49 comments

eatbitseveryday6y ago

I wish articles like this would divulge some details of the technical side of hacking, rather than keep it a mystical field of study.

What did they hack and how did they “get in”?

Contrary to the title, there is little “how” and mostly “what”.

banachtarski6y ago

Funny, I had the exact opposite reaction. Part of me wishes we divulged less about our tactics.

whatshisface6y ago

Assuming you're an American, you eventually have a civic duty to find out what they did so you can evaluate them. You can't wait forever, because once everyone involved has moved on far enough with their careers (or retired) it won't be possible for your evaluation to have any impact. Declassification has to happen at a reasonable speed in order for our system to work.

Although I don't know, I think this story was released for exactly that purpose, to improve public support for the NSA and Cyber Command. With Snowden being in the news lately I'm sure they're looking for opportunities to run cool war stories to balance out their image.

oauea6y ago

Our? Were you involved in the operation?

They basically summed it up "Hack the human first".

ipsa6y ago

Though the article does not outright say it, read between the lines when you see this:

> They even had file sharing through them. "If we could take those over," Neal said, grinning, "we were going to win everything."

Then see some public CVE's around that time, such as:

> CVE-2015-5474: BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the (1) bittorrent or (2) magnet protocol.

> Project Zero 2018: Simply put, those JSON-RPC issues create a vulnerability in the desktop and web-based uTorrent clients, which both use a web interface to display website content. An attacker behind a rogue website, Ormandy said, can exploit this client-side flaw by hiding commands inside web pages that interact with uTorrent’s RPC servers. Those commands range from downloading malware into the targeted PC’s startup folder or gaining access to user’s download activity information.

And the remote code execution via media files / video virus (Hollywood movies, porn) https://www.cvedetails.com/vulnerability-list/vendor_id-5842... .

So you have file sharing going on, and can remote code execute, if: you get the target to visit a website you (partly) control, you get the target to click a (.torrent) link you crafted, you get the target to download a manipulated video file, compromised (Adobe) software, or cracked game with the payload. These if's are for a military that can easily DNS hijack, spoof (update) certs, ask help from allies who control 25% of all internet advertisements, set up convincing websites targeted to the region, or reroute internet traffic.

GhettoMaestro6y ago

While I share your same streak of curiosity, unfortunately this is an area of life that opening up details of your own operations is probably most likely always a net negative.

Get a TS/SCI and go work for CyberCommand if you want to be in the know.

ptero6y ago

That is a valid argument, but can be applied to any hush hush effort. But such "limited visibility" organizations often push to limit public control, after which their mission or methods may morph to support internal goals that may not be shared by the general public they were created to serve.

It would be naive to require that all government information is shared with the public, but we should maintain robust oversight on all clandestine activities and give that oversight teeth to correct problems when such activities to too far. My 2c.

anonu6y ago

That information will probably not be revealed. What would be the incentive for the US to do so? Zero. But the incentive of spinning the narrative and keeping the details murky provides a much higher payoff.

mieseratte6y ago

> I wish articles like this would divulge some details of the technical side of hacking, rather than keep it a mystical field of study.

Why would you publicly inform your enemy of a vulnerability?

I listened to the report on this article on my way to work. I had the exact same thought as you. I was annoyed that they kept it so general, but it makes sense from the perspective of keeping the target in the dark on the methods used.

SEJeff6y ago

Is that not a double edged sword though? When you reveal sources and methods, you tell ISIS what to do differently. These sorts of things tend to be some of the most closely guarded secrets in the US.

Disclaimer: I had a security clearance when I was in the Army.

swiley6y ago

I was under the impression that a large portion of it was just google mobilizing their mass manipulation machine for what they decided was the greater good.

xwdv6y ago

It’s not a “mystical field of study”, it’s called cybersecurity and you learn it the way you learn anything else, take books or take a course. Learn about networking, learn about malware, learn about social engineering, do you even know what a reverse shell is? Just learn.

raxxorrax6y ago

Interesting, but reads a bit like a bad Tom Clancy novel that I read when I was around 12.

I think that "hacking a human" as they described it was the most likely vulnerability. Interesting to see that ISIS actually seem to have a decent infrastructure. From media reports you would believe that they are mainly some barbarians that may have or may have not access to electricity, never mind net access.

That aside: NPR offering a plain text site is just awesome. Found that nearly by accident since I just wanted to accept that damn cookies.

throwaway_law6y ago

>From media reports you would believe that they are mainly some barbarians that may have or may have not access to electricity, never mind net access.

Isn't that what all reports after 9/11 would have you believe of al-qaeda and the taliban? Complete with videos of masked men "training" in deserts by jumping over logs and climbing ropes? And Reports that Bin Laden is hiding in mountains?

Meanwhile Bin Laden was living in a large compound in Pakistan all but protected by the Pakistani military and I believe 8 of the 9/11 hijackers had degrees in engineering and a couple PhDs among them.

Nobody who has read anything serious about ISIS would think that. They were a nascent nation state, installing their own civil servants to run schools, infrastructure, etc. Their propaganda videos were nearly Hollywood level in production quality. They were barbarians in values, not capabilities. They were a massively serious organization and we got Mattis just in time to exterminate them.

th0ma56y ago

Since when are they exterminated?

codesections6y ago

Like others, I'm also left wondering what methods the US is really using. Obviously, it's too soon to disclose all the details. But compare this (where the few strategies disclosed involve methods like "guess the answer to a security question") to something where we do know the details.

For example, the Stuxnet worm used multiple OS zero days and involved hacking or otherwise exfiltrating signing keys from multiple other third parties (https://www.quora.com/What-is-the-most-sophisticated-piece-o...). I bet a lot of that sort of thing is going on these days too, and we just don't know about it.

gnode6y ago

Maybe this campaign was as primitive as they let on. It's likely that bringing down a terrorist group's marketing campaign didn't need or warrant a sophisticated attack, like sabotaging Iran's nuclear programme with Stuxnet did. A concerted attack effort using public knowledge techniques may have been enough.

It's in the interest of cyber-warfare actors to not expose their capabilities unnecessarily. Although efforts are taken to prevent malware from coming to the attention of enemies / rivals, or even being adopted by them or criminals, deployment always comes with that risk.

I'm pretty sure that's a given and I think its pretty expected their not going to put details on some news article

appleiigs6y ago

I dunno about this article... in the minor hacking I've done, it is tedious and boring. More like a homework research project than a swat team raid. If someone said "Fire!" to me I'd laugh.

authoritarian6y ago

I would hope that a country with the largest military industrial complex in the world can hack a group of camel herders in a desert. Doesn't seem particularly impressive

It's not a group of camel herders in the desert in regards to their cybersec team. They managed to recruit TriCk/Junaid Hussein(associated with TeaMp0isoN), to be their teamleader. TeaMp0ison were fairly well-known(at the time at least) and actually quite talented hackers.

He was later killed in a dronestrike.

blacksmith_tb6y ago

Bit crudely put, but it hasn't been the case that the US military has easily trounced small guerilla forces in ground combat (e.g. Vietnam, Afghanistan, Somali, etc.), so I assume the idea was to suggest that cyberwarfare works better?

Basically shared my same sentiments. One group isn't even trying the other is fully reactive and trying to uncover how much the other groups know.

USA always will win.

zaphirplane6y ago

Is the racism critical to expressing your view. I understand those terrorist are horrible evil people and inflicted pain and death on innocent people. Your racist comment is grounded in racism towards Arabs and Muslims. Most victims of ISIS are physically near them

StreamBright6y ago

Also since they supplied equipment to them it would not have been as difficult to trojan it.

bpodgursky6y ago

The US support of Syrian "moderate" rebels was stupid, shortsighted, and pretended that the world was a different place.

And I will infinitely fault the Obama administration for providing technology which immediately fell into jihadist hands, which any reasonable analyst would have told them would happen.

But it's not accurate to say the US 'supplied' equipment to ISIS. ISIS stole it.

rokhayakebe6y ago

What if any of this never happened and this story was the real hack?

nbanks6y ago

I tried reading an issue of Dabiq once because I was curious about how they interpreted the Hadith. It was really hard to get, which probably shows that the cyber attack worked. If their servers were still up it should have been easy.

edit: I don't recommend reading Dabiq because a decapitation is really difficult to unsee.

"Folder directory deleted"

Cringe.

I cringed a bit at that and the end of the next paragraph:

> Once he did that, he would see: 404 error: Destination unreadable.

Sounds like somebody got their ICMP types and HTTP response codes mixed up but, hey, they're journalists, not IT guys. We understood their point.

vesche6y ago

This article has no substance and is seriously completely stupid.

vecter6y ago

You may be right, but this isn't a helpful comment. Per the HN guidelines [0]:

    Be kind. Don't be snarky. Comments should get more
    thoughtful and substantive, not less, as a topic
    gets more divisive.

    When disagreeing, please reply to the argument
    instead of calling names. "That is idiotic;
    1 + 1 is 2, not 3" can be shortened to "1 + 1
    is 2, not 3."

    Please don't post shallow dismissals, especially
    of other people's work. A good critical comment
    teaches us something.

[0] https://news.ycombinator.com/newsguidelines.html

slji6y ago

ISIS. Isis is an Egyptian god.

https://en.wikipedia.org/wiki/Isis

dang6y ago

Fixed now. Thanks!

giiguughh6y ago

The question should be how US created ISIS

j / k navigate · click thread line to collapse