A group calling itself the Islamic State Hacking Division this week posted online a purported list of names and contacts for Americans it refers to as "targets," according to officials.
Though the legitimacy of the list is questionable, and much
of the information it contains is outdated, the message claims to
provide the phone numbers, locations, and "passwords" for 1400 American
government and military personnel as well as purported credit card
numbers, and excerpts of some Facebook chats.
"We are extracting confidential data," the message says,
"and passing on your personal information to the soldiers of the
khilafah, who soon with the permission of Allah will strike at your
necks in your own lands!"
Many of the phone numbers and
email addresses on the list were not in service, when tested by CNN. But
one person on the list, reached by phone, confirmed that he had
previously served in the U.S. military. He asked not to be named, but
said he had recently been notified by the Pentagon that his name and
personal information were on the list. Another, reached by email,
confirmed that she was a government employee who has been warned by the
military about being on the list.
Several online terror trackers were unable to confirm whether the
list actually came from ISIS. The FBI and Pentagon both say they are
investigating.
"I take it seriously, because it is clear what they are
trying to do," said Gen. Raymond Odierno, the U.S. Army Chief of Staff.
But he questioned whether the list had actually been obtained by
sophisticated militant hacking. "This is the second or third time
they've claimed that," he said. "The first two times, I'll tell you,
whatever lists they got were not taken by any cyberattack."
One online security analyst, Troy Hunt, agrees that the
information does not appear to have been obtained by a hack that
penetrated government databases. According to his analysis, it may have
been compiled simply by surfing the Web.
"It's an amalagamation of data that has been scraped from
multiple places," he said, "and most of it is publicly discoverable,
too."
"I doubt that it has
come from anyone with any strong capability," he said. "And it probably
hasn't even come from ISIS itself. It has all the hallmarks of a typical
hacktivist."
Pentagon
spokesman Lt. Col. Jeffrey Pool cautioned that many of the military
email addresses looked at least several years old, based on their
suffixes. Still, he said, shortly after this list was posted, a reminder
went out to service personnel that they should limit the personal
information they put on social media.
"If any of your information on it is accurate, you're very
concerned," said former Homeland Security adviser Fran Townsend, "as are
government officials."
The
group calling itself the Islamic State Hacking Division has once
previously put out a list of around 100 purported names, with personal
information, saying they were American military personnel.
Matthew Levitt, of the Washington Institute for Near East
Policy, believes that those posting these lists are trying to spark
lone-wolf style attacks in the United States like the ones in Garland,
Texas, and Chattanooga, Tennessee, in recent months.
"Even if this is not so advanced," he said, "they are
continuing that message: You don't have to come to Syria and Iraq, you
can stay where you are, do something where you are."
"It also does really freak out U.S. government military and
law enforcement personnel," he said. "It certainly does create a further
sense of threat."
No comments:
Post a Comment