Last week, hackers claiming to be affiliated with the extremist group known as the Islamic State released an Anonymous-style video making vague threats of "electronic war" against Europe and the US.
There is no proof or evidence that the video actually comes from the group, nor there is any evidence the group, also known as ISIS, has any ability to do anything damaging online other than taking over Twitter feeds or random media sites with their "cyberattacks."
Yet, that didn't stop a new round of breathless hype. On Sunday, The Hill wrote that ISIS was preparing for "cyberwar" and an "all-out cyber crusade."
Looks like ISIS wannabes successfully hacked the media once again.
"Toss out a shitty video that claims that you do things that you're not—doesn't matter, we'll still overreact," Peter W. Singer, an author and well-known expert in cybersecurity, told Motherboard.
Instead of responding with a "keep calm and carry on" attitude "we lose our shit."
That being said, it's worth pointing out that ISIS could do real damage by doing espionage online, monitoring and tracking down dissidents who live in ISIS-controlled territories. That might have already happened. Last November someone targeted a Syrian citizen media group known as Raqqa Is Being Slaughtered Silently (RSS), which documents human rights crimes in Raqqa, the self-proclaimed capital of the ISIS caliphate.
To date, however, there hasn't been a case of actual cyberterrorism—an act targeting computers systems that result in physical violence, as the FBI defines it. In fact, squirrels have been way more damaging to US critical infrastructure than cyberterrorists.
Singer criticized the article, which he said is good for a "cyber laugh." But jokes apart, Singer warned that hyping ISIS hacking abilities rewards the group with useful attention that it can turn into recruiting power. Instead of responding with a "keep calm and carry on" attitude, Singer added, "we lose our shit."
This encourages and incentivizes ISIS to keep attacking, or at least claim attacks—something that doesn't help anyone.
Robert M. Lee, an active duty Air Force cyber warfare operations officer, agreed with Singer, and dismissed the hype on Twitter.
"Terrorist groups will continue to use the internet to spread their message and perform hacktivist-type acts but nothing of significant damage," he wrote. "Performing significant damage requires more than just internet connected devices. It requires advanced logistical support and expertise."
"Describing savvy use of social media as cyberwar is akin to describing Miley Cyrus as the Clausewitz of cyberwar."
In other words, being good at social media, as ISIS is, doesn't mean you'll be a good hacker.
"Describing savvy use of social media as cyberwar is akin to describing Miley Cyrus as the Clausewitz of cyberwar," Singer said.
The truth, as we reported before, is that all the cyberattacks attributed to ISIS in the recent past have been unsophisticated attacks carried out by what looks like online fanboys not at all affiliated with the group. As Singer put it, "it's either sympathizers or people doing it for shits and giggles."
As Singer explained in 2012, "cyberterrorism" is overhyped, just like our obsessive fear of sharks. As he put it, we are "15,000 times more likely to be hurt or killed by an accident involving a toilet," yet Discovery Channel has Shark Week and not Toilet Week.