Less than 24 hours after the Islamic State in Iraq and Syria (ISIS) killed more than 100 people in Paris, the hacking group Anonymous used an unverified video declaring war on ISIS. In a video posted to YouTube, an Anonymous spokesperson warned ISIS that “war is declared” and to expect “major cyberattacks.” Speaking in French, the spokesperson stated, “Anonymous from all over the world will hunt you down. You should know that we will find you and we will not let you go. We will launch the biggest operation ever against you.” The “Islamic Cyber Army” has already responded with its own threats against Anonymous.
ISIS claims to have 71 trained soldiers in 15 different American states. If Anonymous is serious about hunting down ISIS, it is highly likely that the hacking group will infiltrate hundreds, if not thousands, of computer systems in search of ISIS jihadists. With little knowledge of these 71 trained soldiers, a broad search by Anonymous could breach government agencies, private companies and individual computer users.
Anonymous’ current threats against ISIS may be welcomed by many people. However, it is important to keep in perspective that the impact of the actions taken by Anonymous and other hacking groups may not be limited to ISIS.
- Cybersecurity Regulation: Recently, many state and federal government agencies have taken steps to regulate cybersecurity. While ISIS may not have a formal cybersecurity protocol, it is small and should be able to control and secure its data and information better than a legitimate government. If Anonymous is able to breach and attack ISIS’ small network at will, many state and local governments may need to look at the impact laws and regulations that it may have on hacktivists that are set on getting information or data.
- Corporations and Businesses: While Anonymous’ heart may be in the right place, its declaration of war on ISIS should be a consideration for any business or corporation. All business owners must account for the possibility that hacker groups, perhaps less organized than Anonymous but just as damaging, may take aim at their business. In additional to ISIS, Anonymous has called for attacks on other organizations ranging from the Epilepsy Foundation of America to Sony. While your business may not necessarily be a target, a corporation your business depends on may be a target.
- Insurance: Insurers have been on the cutting edge of addressing the risks posed by cybersecurity. However, damage by “hacktivists” may be excluded under terrorism exclusions in traditional insurance policies. Policy language found in cyber insurance policies addressing acts of war or terrorism is still being developed and may be subject to interpretation. Further, there are questions as to whether damage would be covered and to what extent if hacktivist groups are classified as terrorist organizations. Therefore, potential targets of hacktivist groups may find coverage under traditional insurance and cyber insurance is not available or too costly to be worthwhile.
Nevertheless, while there may be questions as to whether hacker groups can fulfill their threats, these threats will require legislatures, businesses and insurers to closely examine a number of emerging threats related to cybersecurity.