ISIS Claims to Be Doxing U.S. Military Members — But Their Hacking Skills Need Some Work

Impact

The news: On Friday, the Islamic State group reportedly leaked the contacts of 100 U.S. military personnel online, beckoning stateside supporters to "kill them in their own lands," reports the New York Times.

Calling the perpetrating party the Islamic State Hacking Division, the Islamic State group claimed to hack U.S. military servers and databases to compile a list consisting of, but not limited to, Air Force and Naval personnel names, home addresses and photos.

But there's one problem: There's no proof this was an actual hacking. As the Times notes, there was no evidence of exploiting weaknesses in a computer's security system or its protecting network. There isn't even proof the so-called Islamic State Hacking Division is capable of infiltrating a run-of-the-mill smartphone.

In reality, members of the Islamic State Hacking Division (which had no search engine presence before this release) could have just taken names of officers and soldiers from articles found online, then searched for the names on social media or the White Pages — something more on par with a One Direction superfan than a global phantom menace.  

The background: The names and contact information of U.S. military personnel being published and tacked onto a lethal call to arms may not seem like a laughing matter. Stories popping up in the wake of the release have headlines like "Islamic State Hacks Personal Info of US Military Members & Threatens to 'Behead Them in Their Homes'" and "ISIS Releases Hacked Hit List of 100 Military Personnel." 

The Islamic State group statement read, "With the huge amount of data we have from various different servers and databases, we have decided to leak 100 addresses so that our brothers residing in America can deal with you."

screen grab

With Islamic State group threats and urges to "kill them in their own lands" and "behead them in their own homes", Defense Department staff are working to authenticate the claims. In the meantime, Marine Corps spokesman Lt. Col. John Caldwell issued a statement, according to ABC News, reading, "It is recommended Marines and family members check their online/social footprint, ensuring privacy settings are adjusted to limit the amount of available personal information."

However, given the fact that this information wasn't necessarily collected through any high-level hack, but merely a collection of data that's relatively accessible to anyone with a bit of computer know-how, it doesn't seem like most service members will necessarily need to change their levels of alertness. Most military members are open about their identities anyway.

The takeaway: The whole thing stinks of the Islamic State group being salty over an Anonymous attack from a week ago, when the hacktivist group released the names of 9,200 Twitter accounts suspected to be involved with the Islamic State. It may have been a hard pill to swallow as possibly one of the world's richest terror groups, getting taken down by what's pretty much a bunch of nerds.

Obviously the Islamic State group is dangerous and shouldn't be treated like a bunch of kids with BB guns. But what they did isn't hacking. And even though they managed to get into a U.S. government social media account back in January, there's a major difference between accessing a Twitter account and foiling a major government security system. If you claim to penetrate highly secure military databases with an expert team of hackers when you probably just opened a phone book, you deserve to get called out. Hard.