On Monday, May 16, the CybelAngel teams found a database of French and American citizens’ contact information posted on the website justepaste.it. The user responsible for the publication claims to be from the Caliphate Cyber Army (CCA).
The data leaked is sensitive data but has been available for six months
The message begins with a representation of the basmala, a leitmotiv verse from the Quran to the glory of God. The hashtags “#CCA #CyberCaliphate #UCC” and a Caliphate Cyber Army logo complete the introductory claim.
Then follows a list of 77 email addresses, passwords, phone numbers, addresses, PayPal accounts, and Paypal account balances. The list includes 38 French addresses, 31 American, six Australian, one Filipino and one Dutch. Contact details appear to be only personal and not professional.
After analysis, it appears that the data exposed here was already on the Dark Web before this publication. Indeed, a message posted on January 12 on the website pastebin.com contained 35 of email / password pairs that exactly match those published on May 16 by the Cyber Caliphate Army. In light of this disturbing similarity between January 12 and May 16, it would appear that the CCA took control of addresses freely accessible on the Dark Web; which would not be the first time.
A Cyber Army that carries out unsophisticated but highly publicized attacks
The Cyber Caliphate Army is the result of the Islamic State’s desire to project its actions in the virtual realm in 2014. These actions are initially directed, and probably entirely carried out by Junaid Hussain, a British hacker.
From its launch during the summer of 2014 until the assassination of Hussain by a US drone in August 2015, the CCA has claimed a series of unsophisticated but highly publicized cyber attacks: defacing Twitter accounts of the Central Command of the US Army (CENTCOM), Newsweek, and US television channels multiple times, stopping the broadcasts of 11 channels of TV5 Monde (an action which may be unrelated according to several experts).
This new leak highlights the weaknesses of the Cyber Caliphate Army
Since the death of Husain, the CCA has conducted much less symbolic actions: indiscriminate defacing of thousands of sites and actions whose relationship is questionable, including shutdowns of computer systems claimed after the fact and the release of data that is actually already online like the data detected on May 16 by CybelAngel.
Given this visibly reduced potential for harm, four factions of Islamist hacktivists including the Cyber Caliphate Army proclaimed their union in a United Cyber Caliphate in April as we reported last week. A few weeks later however, the Caliphate Cyber Army faction claimed an action in its own name and only mentioned the United Cyber Caliphate with the “UCC” hashtag. It seems that the integration of the various Islamist hacktivist groups is taking longer than expected.