ArchiveRisk Intel Report

ISIL Supporters Compromise of Law Enforcement Personal Data for Possible Targeting

The Department of Homeland Security has issued an bulletin regarding ISIL supporters seeking to compromise law enforcement data for possible targeting in attacks. According to the alert:

“Individuals supporting the Islamic State of Iraq and Levant (ISIL), who in 2015 began posting personally identifiable information (PII) of US military and federal employees to ISIL-affiliated social media accounts, are expanding their targeting to include law enforcement (LE) officers, according to US media reporting.2,3,4 ISIL is using the technique known as “doxing” to release personal information to the public to harass targeted individuals and possibly to provide sympathizers who could be willing to conduct attacks with information that would assist them in targeting military, LE officers, and federal personnel. ISIL has consistently called for attacks against military, intelligence, and LE personnel in its public English-language messaging, and supporters may view attacking these specific individuals as sanctioned by the group.

Individuals reportedly affiliated with the pro-ISIL Caliphate Cyber Army (CCA) hacking group on 15 March 2016 posted a “kill list” on social media, with full identifying information on 36 police officers living in Minnesota, according to US media reporting.5 The FBI is investigating threatening phone calls to LE officials, possibly resulting from these CCA postings. This is a direct threat to LE officers from pro-ISIL hackers. A member of CCA on 2 March 2016 posted a video to social media showing the alleged hack of a Midwestern police association, according to media reporting.6 The hack included dissemination of contact information on association members and defacing the association’s website, according to the same US media reporting.

The CCA member posting the video of the police association compromise, using the @hackcca social media account, on 2 March 2016 also posted PII of 50 police officers from New Jersey, according to a DHS fusion center intelligence officer.8 The PII included their names, home and work addresses, and phone numbers, according to the same DHS intelligence officer.

A Kosovar citizen, Ardit Ferizi, was detained in Malaysia in early fall 2015 after reportedly hacking into a US web hosting company and extracting PII of over 1,300 US military and federal personnel, according to a computer security blog.10 He subsequently passed this information to an ISIL member who posted the PII to social media accounts, with the expressed desire for sympathizers to target and kill the identified personnel, according to the same blog report.

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.