13 November 2018

Toronto-born Canadian is mystery man behind ISIL's high-profile cyber attacks

Adrian Humphreys

An Islamic State-linked media outlet says a Canadian man was behind the terror group’s highest-profile cyber attacks, including the embarrassing takeover of the Twitter account of the U.S. military’s Central Command.

The Canadian fighter, who is said to have been killed by a drone strike in Syria, also allegedly penetrated bank computers and used the “spoils” to fund their fighting and hacked the U.S. Department of Defense, airports, international media organizations and the accounts of “hundreds” of U.S. soldiers.

Terrorism experts say the Arabic-language notice likely reveals a previously unknown Canadian convert who left Toronto to join the Islamic State of Iraq and the Levant in its ongoing war.


The Toronto-born man “managed to bring blessed victories for the Caliphate state by carrying out electronic attacks that have made the enemies taste defeat and failure,” according the notice, as translated by the Middle East Media Research Institute (MEMRI).

The “martyrdom” notice published by Al-Muhajireen Foundation, an outlet with known links to ISIL, identifies the Canadian jihadi hacker only by a nickname: Abu Osama Al-Kanadi.

Although an ISIL fighter from Calgary named Farah Mohamed Shirdon previously used that nickname, the biographical details in this announcement do not match those of Shirdon and so likely refer to a different Canadian fighter.

ISIL communiqués use fighters’ assumed noms de guerre, or war names, rather than their actual birth names. Abu Osama, also spelled Usama, is Arabic for “father of Osama” and Al-Kanadi means “the Canadian.” Researchers say it could mean this man has a son but not necessarily.

The biography provided for the Canadian hacker says he was born in Toronto into a Christian family. The man’s family converted to Islam when he was seven years old and then raised him with an Islamic education, it claims.

He was a keen student who excelled at computer programming and graphics and graduated near the top of his high school class, the biography says. He was courted by Canadian universities but instead decided to go to the “’university’ of monotheism and jihad in the cause of Allah,” according to a translation of the notice by SITE Intelligence, another terrorism monitoring group.

It seems like he was a good hacker, from this statement. There is a lot of propaganda involved in this

The announcement, which was distributed on Nov. 5 through Telegram, an online messaging service, said Abu Osama communicated with like-minded people online before leaving Canada for France, where he first met fellow would-be fighters from Britain face-to-face.

The notice includes an interview with one of those British men who said Abu Osama was shy and quiet and the youngest of their group. They were struggling financially and Abu Osama asked what they needed, the unidentified interviewee says.

When they asked if he had any money, he said he had been blessed with the ability to hack into bank accounts and steal money. Through his hacking, the group financed their efforts in “waging jihad and seeking to obtain martyrdom.”

Abu Osama first joined ISIL’s media bureau where he met another computer savvy fighter named Abu Husain, says the notice, which is likely a reference to British ISIL fighter and hacker Junaid Hussain, who was known as Abu Hussain Al-Britani, according to an analysis by MEMRI.

The announcement says Al-Kanadi became a top computer specialist with ISIL, also known by the acronym ISIS, and praises his online exploits with the Caliphate Cyber Army.

In January 2015, the Twitter and YouTube accounts of the U.S. Central Command, known as CENTCOM, which oversees U.S. military operations in the Middle East, were hacked.

A series of pro-ISIL and anti-American messages were posted on the account, starting with “AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK. ISIS #CyberCaliphate.”

The accounts’ profile art were change to a black and white image of an ISIL fighter and the words “i love you isis.” Other messages purported to show documents the hackers obtained showing U.S. military plans and a dataset of soldier’s names and addresses and ISIL propaganda videos.

Abu Osama also helped with ISIL’s own computer security, protecting it from hacking attempts and cyber attacks “by the forces of disbelievers and darkness,” the death notice said.

It is common for different fighters to use the same kunya — the same jihadi name, it’s like a nom de guerre

The announcement says he was killed by a drone strike in Raqqah, Syria, ISIL’s de facto capital. No date of death was given.

Amarnath Amarasingam, a senior Research Fellow at the Institute for Strategic Dialogue who co-directs a study of Western foreign fighters based at the University of Waterloo, said the death notice appears to reveal a so-far unknown Canadian jihadi.

“I’m not sure who this guy is but I think it is very much a different Abu Osama Al-Kanadi than Farah Shirdon. It is common for different fighters to use the same kunya — the same jihadi name, it’s like a nom de guerre. There are many fighters who share the same kunya, they just take on these names,” said Amarasingam.

There was a hacker collective of ISIL fighters, likely comprised of three to five guys, who created headlines with hacks and cyber attacks.

“I’m not surprised a Canadian could be among them I just don’t know who this guy could be, because it sounds like he is a white convert. There are not a whole lot of white Canadian converts who went,” said Amarasingam.

Marwan Khayat, a researcher with MEMRI, said their researchers have heard online chatter among ISIL supporters confirming this Abu Osama Al-Kanadi is a different Canadian than Shirdon.

Khayat said the outlet that published the biography is a known ISIL-aligned group.

“The outlet itself is trustworthy as far as we can tell. The information, however, is not dated and there is nothing in it that can pinpoint the time frame of when he was killed,” he said.

The extent and effectiveness of the hacker’s computer exploits was not independently confirmed, but security experts at the time dismissed the CENTCOM hack as embarrassing cyber-vandalism with no classified material at risk. In 2015, there were similar hijacking of online properties of two U.S. news organizations with similar messaging and graphics replacing its content.

Those messages claimed ISIL had stolen large databases of American citizens and also penetrated the FBI’s computers.

“It seems like he was a good hacker, from this statement,” said Khayat. “There is a lot of propaganda involved in this too, (sending a message) ‘we are able to hack you.’”

No comments: