ASSESSMENT: The Islamic Cyber Resistance: Wikileaks.ir Bin Laden Group and Mossad Dumps
The Islamic Cyber Resistance:
It seems that there is a new player in the cyber town and they call themselves the Islamic Cyber Resistance ( هيئة دعم المقاومة الاسلامية في لبنان ) They are loosely affiliated with Anonymous and it also seems perhaps the Syrian Electronic Army due to a combined hack effort recently. In the case of the Wikileaks.ir dump however they seem to be working on their own and doing so because of the loss of Hassan Lakkis a Hezbollah commander who was killed near his home recently. The ICR dump was to “honor” him and to perhaps get people energized to do more even using “rememberhassan” as the password to the rar files uploaded to the net. I do wonder though at just how newly minted the ICR is because they have no Facebook site, no website that can be found as yet and little mention until recently. The are affiliated with Hezbollah notionally and seem to have ties to moqwama.org, the Hezbollah resource site which collects support for the Hezbollah organization. Ostensibly this hack attack against the Mossad and other entities and this dump were revenge for what is perceived as Israel’s killing of Hassan but the realities of the dump (which I will go into below) are much less vengeance and more an attempt to grab the spotlight in the great cyber jihad.
OPIsrael with Anonymous
moqwama.org front page
WHOIS of moqwama.org
Meanwhile there’s a new Wikileaks in town and that is the Wikileaks.ir domain and site that these dumps were announced and posted on. It seems that the Wikileaks.ir domain has been around for a few years now and stared off as a WordPress site that wanted to be affiliated from the get go. However, it seems that the site was not an official one nor is it today according to what I have found looking around the internet. The domain is currently owned by someone calling themselves Ehsan Goorabi, who according to searches has been a graphic designer/web designer/printer owning his own business called “Lemon Graphics” in Lebanon. It turns out that Eshan is also in fact now a CEH so this kind of ties a nice little cyber bow on him as perhaps being a part of if not the main player in the ICR. The wikileaks.ir site is now getting play within the media and I am sure is getting plenty of traffic. However, after looking at all the dumps on there I just don’t see anything really spectacular in the way of secret information. In fact what can be found is the usual rhetoric and talk but no real shock and awe.
Ehsan Goorabi CEH
Ehsan Goorabi Printer
Wikileaks.ir FOR SALE!
The data dump in memory of Hassan too was pretty much a re-hash of data already out there in other dumps. The alleged hacking of Mossad data (personnel data seen already out there) and the alleged hack of the Bin Laden Group (BLG) Now the ICR and the WL site claims that there is some real bombshell information here but in reality it’s all just common data from the company that was hacked. PDF files and emails on daily business things that after looking at are nothing at all to be interested in even if there are claims of shoddy workmanship and perhaps some fraud. If you listened to the ICR they would have you believe it shows complicity with the government and other terrible things. Honestly though what would this data really mean to anyone within AQ, who nominally are mentioned in the dumps other than a sleight against the Bin Laden family who begat OBL in the first place? I guess time will tell if the dumps get better with this crew but to date they certainly aren’t stellar and more than certainly not worthy of all the press attention that this has garnered them.
So, the cyber jihad is on evidently. Well perhaps not a jihad, but at least a resistance as the moniker places them. It would seem that the ICR and SEA, who are already working together, along with the Wikileaks.ir site may be something to keep an eye on if they get their acts together. SEA has been very active with low end hacks that grab headlines but really don’t create any substantive change. In aligning with the Wikileaks ethos though perhaps they will seek to out corruption within their area of influence. Maybe they will just keep flailing along in hopes of garnering the attention they seek, we shall see in the near future I imagine. I do wonder though at the alleged connections with IRGC though. To date these seem to be just pipe dreams of the media though. I cannot see my way to seeing any kind of IRGC support here because these people lack OPSEC as well as skill it seems from what they have laid out so far. In fact I think SEA, as lame as their attacks have been in real impact, are much more technically capable than the ICR today.
It will be interesting to keep an eye on these guys and see what they come up with next….