1. The operational domain continues to be the main use of cyber space by terrorist organizations and their supporters.
a. In the field of propaganda, infographics (visual presentations of quantitative information) were published by both official and unofficial Islamic State (IS) supporters and were disseminated online in order to create a display of alleged victories in battles fought by the organization. Other propaganda banners that were disseminated expressed support for “lone wolf” attacks and encouraged them in Marawi, Manchester, Tehran and Barcelona. In addition, in terms of the methods of distribution of jihadist content online, a new method by the Amaq news agency was identified, in which it launched a series of IS news items sent via email in the framework of a distribution list to which users can subscribe; during the period under review, online archives, public sites, dedicated portals, pasting sites and the development of unique applications were also identified.
b. In the field of funding, three online campaigns were identified. First, a fundraising campaign for refugees that was published on the Hayat Tahrir al-Sham channel. Second, the campaign to purchase weapons and combat equipment for the Jahizuna in Gaza that has been ongoing for approximately two years. Third, the Nafeer Al-Aqsa (Gaza) campaign to raise funds for the families and orphans of martyrs.
2. In the defensive domain, the Afaq media group distributed technological manuals that dealt mainly with virtual archives, file encryption, recommendations for operating systems, and warnings about information gathering on the Internet and imposters. This is in addition to a series of tips for information security and privacy protection on the Internet; even the technical department of the Global Islamic Media Front (GIMF) published technical explanations regarding software for encrypting messages and concealing folders on the computer, and spyware; a unique user ID continued to serve as a checksum used by the IS; the issue of encrypted communication was brought up for discussion by Afaq, Al-Haqiqa and IS supporters online, which are not official sources.
3. In the offensive domain, the GIMF’s technical department published a request for articles about hacking software. Threatening players that were observed during this period were the UCC hacker group and its subgroups, which established new Telegram groups in addition to a Web site on the darknet. In addition, friction between the subgroups was discovered.
4. In the international crime and cyber terrorism domain, politically motivated attacks by Saudi hackers against WikiLeaks were identified (defacement), as was an attack by a hacker identified with Anonymous against the NHS (ransomware) in what appears to be a trend of attacks against hospitals. There were also attacks against countries, including India and Pakistan (spyware), Argentina (defacement), and England.
5. In the domain of the international response to the cyber-terrorism phenomenon, aspects of law and order stood out during the period under review. Legislation was passed in Germany, Russia and Israel that expanded the relevant legal toolbox in the context of terrorist organizations’ use of social networks. In contrast, the draft of a bill was formulated in the European Parliament, which embodies an opposite trend that strengthens the protection of privacy in electronic communications. In addition, two Iranian citizens were indicted in the United States for cyber-crimes. Australia launched a new unit for combatting cyber-terrorism and England admitted to running regular cyber-attacks against the IS. The US designated 11 entities as terrorist activity supporters or for carrying out malicious cyber-activity. The Tech Against Terrorism initiative was established with the purpose of strengthening the ability of technology companies to prevent their platforms from being exploited by terrorists.