Article Lead Image

Image via John Bigl/Getty Images

How ISIS noobs are trying to become hackers

An online course on Kali Linux is being promoted by the main ISIS forum, but there is no reason for immediate concern.


[email protected]


Posted on Aug 21, 2016   Updated on May 26, 2021, 5:26 am CDT


A member of al-Minbar, an active and influential online forum frequented by ISIS sympathizers, is offering an online course on hacking tools with the aim of teaching supporters how to “hack American and European security sites” and creating a group of cyber soldiers affiliated with the terror organization. But this is likely to be simply the latest in a series of hapless attempts by ISIS affiliates to threaten cyber warfare on the West, to little effect.

The online course is focused on Kali Linux, an open-source Linux distribution, which is a type of operating system based on Linux, that includes hundreds of penetration-testing programs, which are designed to help identify vulnerabilities in a computer network or app. It is being promoted by a prominent member of the ISIS-sympathetic forum, who goes by the username Ayam Fath Baghdad, which translates to “the days of the conquest of Baghdad.”

“As-salamu alaykum, my brothers, the members of al-Minbar, and those who are registered for the course on Kali Linux. Please gather in the section tonight at 9 p.m., Mecca time, in order to take a class,” he on Wednesday night, in Arabic.

In a 20-page thread, this user interacts with at least other 25 members in the forum, all of whom express interest in taking the course and becoming hackers affiliated with the terror group. The course is based upon several Arabic-language YouTube tutorials, which have been uploaded by a non-ISIS affiliated account. Online tutorials on Kali Linux use are plentiful and freely available from a variety of online sources. To supplement the YouTube videos, Ayam Fath Baghdad offers advice on the use of the OS.

“Kali Linux is known as the ‘go-to’ for black [hat] and white [hat] hackers alike,” Omri Moyal, VP Research at Minerva Labs, an Israeli cybersecurity company, told Vocativ over email. “It is widely promoted and educated in underground forums and anonymous chat rooms, and the combination of its pre-installed, ready-to-use, powerful tools make it extremely dangerous in the wrong hands,” he adds. “As we have heard that ISIS are declaring that they will move to operate in the cyber domain, it is very natural that they will go to this tool.”

But there’s likely no cause for immediate concern. Moyal analyzed portions of the forum thread, including screenshots uploaded by the “students” and responses by the course’s teacher, and explained that the contents were “very, very basic material,” adding, “I can’t say anything about the teacher but the students are complete noobs.” According to his analysis, the would-be hackers “have problems with the very basic commands and also are not looking for the solution themselves, something a good hacker must be able to learn and do.”

Moyal stressed the importance of the sophistication of the hacker themselves over the tools at their disposal, which, like Kali Linux, are typically readily available. He explained that while “the capabilities of Kali Linux are unlimited, it’s a tool box. The question is, ‘What are the skills of the person behind the keyboard?’”

One of the methods presented in the course is an SQL injection, which according to Moyal, “has the capabilities of extracting data from those databases. It is commonly used to deface websites and steal credentials.” Moyal explains that similar tool was used by a Saudi hacker to steal thousands of credit card data from a unencrypted online database a few years ago. However, substantial technical know-how and experience is necessary for a hack of this nature.

The goal of this online course is a grand finale in which students will conduct “join[t] attacks [by] the graduated members” and the group will create an ISIS-sympathetic hacking organization “along the lines of the United Cyber Caliphate (UCC),” referring to an online coalition of four ISIS-sympathetic, so-called hacking groups that was formed in late 2015. At that time, ISIS supporterscreated a channel on the encrypted-chat app Telegram dedicated for “publishing courses of hacking and programming languages for the supporters of the Caliphate on the Internet.”

However, if this newly created group follows in the UCC’s footsteps, it’s unlikely it will find much success. A study by Flashpoint, an intelligence firm, showed that the UCC is incompetent, and their highest-profile “hack” involved simply taking credit for others’ work.

Another ISIS-sympathetic “hacking” organization, known as the Caliphate Cyber Army (CCA), which pre-dates the UCC and is now affiliated with the group, recently distributed a “kill list” that included over 4,000 names, addresses, and emails of individuals. However, while the ISIS supporters claimed to have accessed the information via some kind of hack, Vocativ identified a publicly available Excel file containing the same details; the information was easily found using search engines, no hacking necessary. The CCA has apparently found the information and simply added threatening language, a propaganda ploy designed to frighten and intimidate.

The hacking course presented on al-Minbar is likely to be more of the same. While the ISIS supporters may be willing to pursue Kali Linux education, they lack the background and technical expertise to likely succeed. Once again, it seems, ISIS supporters’ hacking threats are likely to remain just that: threats by those with little ability to back them up.

Share this article
*First Published: Aug 21, 2016, 7:30 am CDT