ISIS Hacker using Retail Data

By   ISBuzz Team
Writer , Information Security Buzz | Oct 29, 2015 09:00 pm PST

US prosecutors are extraditing a Kosovo man now under arrest in Malaysia whom they believe is responsible for assembling an ISIS “kill list” of more than 1,000 military personnel and U.S. government employees. Prosecutors believe Ardit Ferizi hacked into a U.S. retailer, stole sensitive personal information about 1,000+ federal employees and U.S. military staff, and gave the data to a British national believed to be leading an ISIS social media “kill list” campaign. Security experts from Securonix, Tripwire, Lastline and STEALTHbits have the following comments on retail hack was used to build a terrorist campaign against US government employees (U.S. Files Criminal Complaint against ISIS hacker).

[su_note note_color=”#ffffcc” text_color=”#00000″]Ken Westin, Senior Security Analyst for Tripwire :

“Given the high volume of data breaches, it is a challenge to identify the intentions of the attackers targeting data. This incident is an example of how important it is to secure customer data, particularly when this data can be overlayed with data from other breaches to create rich profiles of individuals.[/su_note]

[su_note note_color=”#ffffcc” text_color=”#00000″]Stewart Draper, Director of Insider Threat at Securonix :

“ISIS will continue to pursue avenues in their quest to obtain information for propaganda. Such a well-funded group could easily hire hacktivists to help them continue to grow in their data collection and targeting of agencies, organizations or personnel.

The issue of a lack of skilled cyber warriors sympathetic to ISIS can easily be bypassed using groups for hire. An abundance of information is already available in places such as the dark web from major breaches over the previous years that could provide the intel that ISIS so desires.”[/su_note]

[su_note note_color=”#ffffcc” text_color=”#00000″]Brian Laing, VP of Products and Business Development, Lastline :

“Security is the new “Cold War” arms race. The massive adoption of the Internet has required whole new skills sets in IT, Networking and Security. Unlike other fields of study that have matured over time these have grown so quickly there has not been time for the market to adapt, with security suffering the most. Everything is now available digitally. Attacks can go after Healthcare records, financial records, employment records, government intelligence, corporate intellectual properly, or even mundane Facebook posts, all of which can be used for various gains or sold on the black market. Gone are the days where you simply locked important files in a  safe and called it a day. There are now billions of devices connected to the Internet. Everything from a laptop computer to a phone  to thermostat can be used to breach a network.

“Amy Schumer hosted Saturday Nigh Live recently and joked about being hacked, but not having anything interesting to read or steal! Security has become mainstream, but most people do not see just how serious cyber attacks are. A simple scandal mentioned by Amy Schemer is minor compared to the ruin that can be caused when security teams don’t get things right!”[/su_note]

[su_note note_color=”#ffffcc” text_color=”#00000″]Jeff Hill, Channel Marketing Manager, STEALTHbits :

“Before today, if security professionals were asked to list types of sensitive data requiring protection, the very fact that someone was a member of the US military would never make the list. It seems that the bad guys grow more sinister and innovative by the day. It used to be that American servicemen and women needed to be seen in uniform to make them a target. Now terrorists – with the help of their cyber-criminal vendors – can target them from half-way around the world. In a very short period of time, data security has gone from a discipline designed to prevent financial loss to, literally, a matter of life and death.”[/su_note]