Before I’m contacted by the FBI, I should explain how it happened that, over 12 hours before the ISIS cyber attack occurred, I had predicted something like it. At the end of the blog post I put up yesterday predicting cyber attacks for 2015 (Experts Say These Are the Breaches to Expect in 2015), I put three of my own predictions. The first one was the following:
ISIS-based cyber attacks or cyber attacks launched by ISIS sympathizers may occur. These may be more irritating than destructive, as I doubt they have the resources for anything more. It could involve threats or extortion attempts.
I put the post up at about 8am European time or 2am EST. Sure, I expected that such an attack would occur or I wouldn’t have put it in writing, but no one was more surprised than I was when the ISIS attack occurred later that day.
So how did I do it? Did I have a leak from an informant? Did I have a divine revelation? Sadly, none of the above. It came down to something far more boring, pure deductive logic.
I have been following ISIS’ cyber activities for quite a while. In September, I posted an article called, ISIS and the U.S. Government Battle for the Hearts and Minds…Well, at Least the Hearts… of Potential ISIS Recruits, which explored how both sides were battling it out through social media. I also wrote a post in October on, How You Can Help the FBI Identify the Foley-Sotloff Murderer. Recently, I’ve noticed attacks, in support of ISIS, on soft targets such as schools and churches in Canada. It just seemed obvious to me that the success of these attacks could culminate in an attack on a bigger target; thus the prediction.
I wouldn’t worry much about the threats stated in these attacks. They are just bluster. The real purpose is to raise ISIS’ profile so that they can recruit more foreigners to their cause. Canada and America are main targets for this. There is also nothing particularly sophisticated in these attacks. They likely compromised some mobile device connected to a network, probably by getting someone to open an attachment or visit a bugged website sent through a phishing email. If the attackers were based in North America, which they probably are, they could avoid the problem of bad English that often gives the attacker away. But don’t think this is the end of these attacks. Just the opposite. They are probably just beginning. They will attempt to hit high profile targets because of the publicity they will receive. They will mainly be an annoyance and embarrassment, but, by luck, they may occasionally be able to retrieve more valuable information,
So, put the guns down. That’s how I managed to make this prediction. However, I can’t help but wonder about the other predictions I made.