The pro-ISIS hacking group known as the United Cyber Caliphate recently released a so-called "kill list" containing the names of more than 8,000 people around the world.
Around 150 Canadians who've been named are about to receive warning calls from the police, according to reports, which describe it as an "ISIS kill list."
It sounds terrifying. It's not. The main thing you need to do in response is simply change your passwords on your email and social media accounts, if you haven't already.
"It's not appropriate to call it an ISIS kill list," said Laith Alkhouri, director of Middle East and Africa Research at New York-based security group Flashpoint Intel. "When we have media outlets reporting it as an ISIS kill list, anybody on the list will think about why and start taking precautions. It disrupts their lives as they seek answers."
Basically, this so-called "kill list" didn't come directly from ISIS, or potentially even anyone with a material connection to the group. Instead, such lists come from a handful of informal hacking collectives—who are, for all we know, just angry teens—that align themselves with ISIS. More than a dozen "kill lists" have been released from pro-ISIS people and groups in the last year alone.
"In lieu of inflating their own notoriety, they're inflating ISIS's notoriety"
Some of these lists targeted law enforcement or military personnel, but the "new wave" of kill lists distributed by the likes of the United Cyber Caliphate are, as Rita Katz of SITE Intelligence Group wrote in a piece for Motherboard, essentially random. According to a CBC report, the only unifying factor between the targets is that their information showed up in data dumps from high-profile hacks on sites such as LinkedIn and Myspace.
These hacks, as far as we know, were not orchestrated by the United Cyber Caliphate or anyone associated with ISIS. Instead, it appears as though the United Cyber Caliphate simply scraped information from data released after hacks that somebody else did and decided to call it a "kill list." It's not just disingenuous, it's damn lazy.
But it is still scary. And that's the point.
"Since they label themselves as an ISIS cyber division even though they've never been acknowledged by ISIS—in lieu of inflating their own notoriety, they're inflating ISIS's notoriety," said Alkhouri.
After the Orlando attack, in which a man with apparently no real ties to ISIS allegedly pledged allegiance to the group before his spree, the lines between ISIS proper and "merely" pro-ISIS seem more blurred than ever. An "ISIS" kill list in this environment, even if transparently random and unsophisticated, can be a terror.
But let's also recognize it for what it is: a jumble of names collected from essentially public sources and branded by script kiddies who, it appears, don't do much more than deface web pages with obnoxious Call of Duty-style graphics.
If you are one of the 151 Canadians who get the call from the police informing you that you are on an "ISIS kill list," simply thank them for informing you that your information was revealed in a hack and change your passwords.
"We'd be giving those guys too much notoriety if we spice it up," Alkhouri said.