Cyber Incident Victim: sgtbilko420
Date:
Aug 2016
Location:
Israel
Summary
Intsights, an Israeli cyber-intelligence firm, infiltrated an ISIS-operated Telegram forum on the dark web, uncovering plans for imminent attacks targeting US military installations in Kuwait, Bahrain, and Saudi Arabia, as well as Israeli defense bases, in retaliation for coalition airstrikes. The compromised forum contained maps identifying specific base locations and referenced past attacks to coordinate new operations. This breach highlighted ongoing efforts by security researchers to monitor extremist communications, though such intrusions rarely receive significant public attention despite precedents set by hacktivist groups targeting similar platforms.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early August 2016, Israeli cyber-intelligence firm Intsights disclosed it had infiltrated an ISIS-operated Dark Web forum hosted via Telegram, uncovering plans for imminent terrorist attacks. The company, staffed by former Israel Defense Forces intelligence officers, identified discussions detailing preparations for assaults on US military installations in Kuwait, Bahrain, and Saudi Arabia. Attackers selected these bases due to their role in US-led coalition airstrikes against ISIS targets in Syria and Iraq. A map pinpointing global US military facilities—shared on the forum on August 1—included Israeli military bases, though specific Israeli targeting plans weren’t elaborated. Forum participants referenced prior ISIS operations, including the July 26 Normandy church attack where assailants murdered an 85-year-old priest, establishing a pattern of operational coordination through the platform. Intsights alerted Israeli authorities and media outlet Channel 10, which publicized the findings on August 4. The firm did not disclose technical methods used to breach Telegram’s encryption or access the forum, nor did it specify whether intercepted data led to preventative actions by affected nations.
This intrusion followed a broader trend of hacktivist and researcher targeting of ISIS communication platforms, though Intsights’ military-grade intelligence focus distinguished its efforts from prior operations. Groups like Anonymous had previously compromised ISIS forums but received limited mainstream attention. The disclosure coincided with Black Hat security conference presentations detailing separate Telegram vulnerabilities, including an Iranian espionage campaign that harvested 15 million user profiles. Intsights’ findings highlighted ISIS’s persistent adaptation of encrypted messaging services for attack planning, though the forum’s operational security failures enabled external monitoring. No civilian or military casualties were publicly linked to the exposed plots at the time of reporting, and US or allied force responses to the intelligence remained unspecified. The incident underscored ongoing challenges in monitoring terrorist activity within encrypted platforms despite periodic successful infiltrations.