Paul Szoldra/Tech Insider
"He walked in and said, 'Yeah so, ISIS.'"
That's what Nick Palmisciano recalled an FBI agent telling him on a visit to his North Carolina-based business just over a year ago.
It was typical for FBI agents to show up at Palmisciano's office. As a former Army Ranger who started a military-focused apparel company, agents would sometimes come by to interview him about people he knew who were seeking a security clearance.
But this time was different.
"The FBI intercepted some messages that had me, my name, my addresses, etc.," Palmisciano told Tech Insider, "And identifying me as a high-value target."
He had been placed on a growing "kill list" that included military members, government employees, and civilians. And it was compiled and released by the Islamic State Hacking Division, a shadowy group of hackers and their supporters that have somewhat changed the face of modern warfare.
"ISIS is really the first group that even had a hacking wing," David Kennedy, a Marine veteran and the founder and CEO of cybersecurity consulting firm TrustedSec, told Tech Insider. "Al Qaeda to some extent, but ISIS is really one that’s taken hold of that."
Hacking for the Caliphate
After taking over vast swaths of Iraq and Syria, ISIS declared itself a state in June 2014, with Raqqa, Syria, as its capital. While many of its fighters were proudly displaying captured heavy equipment and weaponry on the battlefield, the new "caliphate" attracted others with soft skills that have arguably been more beneficial in the years since.
"Al Qaeda and ISIS do things much differently," Jim Christy, a former cybercrime investigator for the Department of Defense, told Tech Insider. "Al Qaeda leveraged technology for protection and ISIS uses it for propagation."
Al Qaeda had a web presence, and even released its own version of encryption software for terrorists to communicate, but it hardly ever launched cyberattacks. ISIS, on the other hand, has learned it can strike far outside its borders with laptops and internet connections, defacing websites, taking over Twitter accounts, and spreading its propaganda to swell its ranks.
Though roughly 30,000 foreign fighters joined the group to fight on the ground, it needed just one recruit from England to show them it could also strike over the internet.
'Defacing sites is a form of raising awareness'
REUTERS / Samantha Sais
The ISIS Hacking Division — sometimes referred to as the Cyber Caliphate — was launched sometime in late 2014 by Junaid Hussain, known by his hacker name, Trick. Though Hussain, then 20, had grown up in Birmingham, England, it was his alter ego, "Trick," who grew up on the internet.
His start in hacking came from being hacked himself, in a video game he was playing online when he was 11.
"I randomly got hacked by this kid, I wanted revenge so I started Googling around on how to hack," he told the website Softpedia in 2012. He found hacking forums, tutorials, and tools online, and at 15 he started his own hacking group, Team Poison.
They used simple methods to take over social-media accounts or deface websites. And Trick's teenage mind saw what he was doing as a form of activism, a way to support Palestinian and Kashmiri people he felt were being oppressed.
"Defacing random sites is useless, but we don’t deface random sites," he told Softpedia. "Defacing sites is a form of raising awareness."
And Team Poison certainly raised its own profile, claiming a hack of Mark Zuckerberg's Facebook page, NATO, the British Ministry of Defense, and even leaking the private address book of Tony Blair, according to Vanity Fair. Even the hacker collective Anonymous cheered them on.
But the hacker street cred Trick had earned also made him a target: He was caught and prosecuted for the Blair hack in 2012, and sentenced to six months in prison.
It was there that he would transition from Trick, the hacktivist, to the leader of the ISIS hacking wing, Abu Hussain Al-Britani. Released from prison on bail in 2013, he would soon find his way to Raqqa, Syria.
And he brought with him skills and the view that defacements could raise awareness — only this time, it would be for the world's most notorious terrorist group.
"He ended up joining ISIS and became their main hacker," Kennedy said.
'It's just ad-hoc. It's not an organized thing'
Though Hussain's emergence in Syria brought ISIS a hacking presence it never really had, the group was then, and remains, disorganized. It suffered from conflicting messaging and often uncoordinated actions among five different hacking groups claiming the ISIS banner, according to a report from Flashpoint.
"It's just ad-hoc," Christy, the ex-DOD investigator, told Tech Insider. "It's not an organized thing, like their social media is."
But they still managed to pull off a number of hacks on targets around the world throughout 2015. ISIS hackers defaced US news stations, French municipality sites, Kuwait's parliament, and even briefly took over the website of International Business Times and Newsweek's Twitter account. They are also believed to have used cyber methods to uncover the real identities of at least two anti-ISIS activists, who were executed in July 2015.
But one of its most high-profile attacks came with its takeover of the social-media accounts associated with US Central Command, the American military unit responsible for fighting ISIS.
And that one was most certainly Trick, according to Kennedy.
"AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK," the hacker wrote to the 109,000 followers of the CentCom Twitter account in January 2015. He also leaked contact information on senior military personnel and posted a pair of ISIS propaganda videos to the command's YouTube page.
Though it was a low-level, unsophisticated attack — CentCom referred to it as "cybervandalism" — it amounted to a propaganda victory for the group. The hack showed potential recruits their "state" had attack capabilities beyond its borders, no matter how trivial.
And Hussain began trying to personally recruit former hacker friends to join him, though most declined. Still, at least one, Ardit Ferizi, or "The3Dir3ctorY," hacked a server in Arizona and downloaded personal information on some 100,000 people before transferring it to ISIS.
Hussain's celebrity had risen in the ranks of ISIS, while simultaneously moving him up on the US's own kill list. Along with the executioner "Jihadi John," the hacker was considered one of the group's top figures in online recruitment, deemed a worthy target to strike.
“I can’t say specifically who it was that found him, but they were able to trace back some of Trick’s online presence and find out where he was coming from," Kennedy said. "And [they] actually dropped the bomb that killed him."
The 21-year-old hacker was killed by an airstrike outside Raqqa in August 2015. Before the strike was carried out, the US's own hackers had used Hussain's own cyber tools against him, apparently enticing him to click a link to a malicious file that would reveal his IP address and geolocation.
"It's a good thing they're stupid, but in my experience, the stupid ones die first," an Army cyberwarfare officer who would only speak on condition of anonymity told Tech Insider.
'You can cause a hell of a lot more havoc over the internet than you could with an AK-47'
The death of its leader no doubt was a significant blow to ISIS' hacking efforts. The same was true of Hussain's replacement, who was killed by a drone strike just four months later.
But the group continues to evolve. Though most experts Tech Insider spoke with would classify the terror group's hacking efforts as being "not good" or "unsophisticated," they often warn that it's only a matter of time before the group smartens up and moves away from simple defacements to something more advanced.
“I wouldn’t say they’re good in any way, shape, or form," Kennedy said. "They’re definitely becoming more technology-aware. I see that over the next five years for sure these terrorists will get more and more savvy with technology and hacking, and they’ll try to do operations that could result in cataclysmic effects, like loss of life and stuff like that.”
Interestingly, ISIS merged its disparate hacking groups into one called "United Cyber Caliphate" in April 2016, though it remains to be seen whether this will help coordinate its efforts. The move, amid other changes, makes it "a growing threat" that could possibly lure other skilled hackers to its ranks.
Still, its loose organization can be seen as a strength to some sympathizers.
As Christy explained, someone can simply proclaim themselves a hacker for the Islamic State far from Raqqa, similar to how the group apparently inspired a lone-wolf attacker like the American-born man who killed 49 people at an Orlando nightclub on Sunday.
“All it takes is one or two or half a dozen relatively smart guys with internet access that can train themselves," the Army cyberwarfare officer told Tech Insider. "Could they at least be a nuisance to us, to our networks, things like that? Could they pull off things like this DNC attack? Yeah, they probably could."
The officer added: "If you’re sitting in an internet cafe in Mogadishu, you can cause a hell of a lot more havoc over the internet than you could with an AK-47 or a bomb."