Cyber Incident Victim: Islamic State

In early August 2016, Israeli cyber-intelligence firm Intsights disclosed it had infiltrated an ISIS-operated Dark Web forum hosted on the Telegram messaging service. The company, staffed by former Israel Defense Forces intelligence officers, reported uncovering evidence of planned terrorist attacks targeting US military installations. Forum participants shared a map identifying US bases in Kuwait, Bahrain, and Saudi Arabia selected for attacks, with these locations chosen due to their role in supporting coalition airstrikes against ISIS positions in Syria and Iraq. The same map, circulated on August 1, 2016, also included coordinates of Israeli military facilities. Intsights linked these plans to ISIS's operational history, referencing the July 26, 2016 attack in Saint-Étienne-du-Rouvray, France, where assailants murdered an 85-year-old priest. While the firm provided no technical details regarding its access methods, it alerted Israeli media outlet Channel 10 about the compromised forum's contents, which contained attack planning materials and operational discussions among ISIS members.

This intrusion occurred amid broader efforts by cybersecurity researchers and hacktivist groups to disrupt ISIS online activities. Entities like Anonymous had previously hacked ISIS forums with limited media coverage, though Intsights' military-specific findings garnered significant attention. The disclosure coincided with separate Black Hat security conference presentations detailing Telegram vulnerabilities, including an Iranian espionage operation that harvested data from 15 million Telegram profiles. Intsights did not specify whether its access exploited similar technical weaknesses or relied on alternative methods. The company's actions provided intelligence regarding imminent threats to military assets but did not include details about subsequent law enforcement or military responses to the uncovered plots.