Among the many ways Trump has shattered White House norms, his impulsive public communications rank among the most consequential. By inspiring investors or spooking them, his...Politicsread more
A federal judge in New York City on Wednesday said Deutsche Bank and Capital One can turn over financial documents related to President Donald Trump and his businesses in...Politicsread more
CNEX, backed by Microsoft and Dell, filed new allegations in a Texas suit accusing China's Huawei and an executive of trade secrets theft.Technologyread more
In a private call with Morgan Stanley clients on Wednesday, research analyst Adam Jones, a long-time Tesla bull, said it's extremely unlikely that big tech firms like Apple or...Technologyread more
Shares of L Brands, the owner of Victoria's Secret and Bath & Body Works, rose nearly 11% in aftermarket trading Wednesday after the company reported it beat revenue and...Retailread more
Officials remained firmly committed to a "patient" policy stance at their meeting earlier this month.The Fedread more
The president may have more success in the court fights to come, including appeals in the cases decided this week. But the two losses are nonetheless a dramatic setback for...Politicsread more
"Target's gutsy decision to make its stores the centerpiece of its fulfillment system has turned out to be a brilliant move," Jim Cramer says.Mad Money with Jim Cramerread more
A slew of retail earnings the past two weeks makes it clear that while Americans continue to shop, they aren't ringing registers at department stores.Retailread more
Talk about 5G is everywhere right now, from the trade war with China to the ban on Huawei. Here's what 5G is and why it matters.Technologyread more
Stocks that would benefit from a federal infrastructure spending program fell after President Trump ended a meeting on infrastructure spending with Democratic leaders.Market Insiderread more
Early this year, a group calling itself the "Cyber Caliphate" claimed responsibility for hacks into the Twitter accounts of The Albuquerque Journal and Maryland's WBOC 16 TV station. On its Facebook page, the group's message seethed with ISIS-inspired rage: "You'll see no mercy infidels. We are already here, we are in your PCs, in each house, in each office," the group wrote.
Within days, the group had also seized control of the U.S. military's Central Command Twitter account, posting the message "AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK. ISIS."
The jarring hacks were widely seen as an effort by ISIS to rattle nerves inside the United States during the expanding U.S. military effort against the extremist group.
But a newly emerging theory suggests that the Cyber Caliphate—which suddenly appeared on the international scene last fall—is not what it appears to be. And it may not be associated with the so-called Islamic State at all.
According to experts at the cybersecurity firm iSight Partners, Cyber Caliphate is likely what spies call a "false flag" operation—set up to appear as if it is representing one side in a conflict, but actually working on behalf of someone else.
What's more, iSight says it believes the "Cyber Caliphate" is actually operated by a group of Russians—not ISIS sympathizers.
"From the very outset we were skeptical of them being associated with ISIS," said Joseph Gallop, the head of the "hacktivism" practice at iSight Partners. "Then we began to see the technical indicators to demonstrate that resources were shared between Cyber Caliphate and the group we call the Tsar Team.'"
Those indicators lead iSight to conclude that the Russian hacking entity is either the same group operating the "Cyber Caliphate" or is sharing office space with it.
Gallop said there were several details that made it clear ISIS is not in control of the Cyber Caliphate, including that specific Internet accounts tracked by iSight were used to purchase infrastructure that has been used by both the Caliphate and Tsar teams. The firm also spotted command and control server infrastructure shared between Tsar Team and Cyber Caliphate. "We're highly confident that these groups are related," said Brian Bartholomew, iSight's senior intelligence analyst.
The conclusion that the Cyber Caliphate is not run by ISIS is shared by the State Department, which questioned the Caliphate's provenance in a recent report that was detailed by The Washington Free Beacon website.
Authors of the report by the State Department's Overseas Security Advisory Council could not find any links between ISIS and the Cyber Caliphate. "Although Cyber Caliphate declares to support ISIL, there are no indications—technical or otherwise—that the groups are tied," the report said, according to the Free Beacon. ISIS is also known as ISIL.
Bartholomew and Gallop say their theory is the Cyber Caliphate grew out of a hack into the Warsaw stock exchange in October—an attack conducted by hackers using ISIS type rhetoric. The hack came just before the Polish government said it was moving troops to the border in response to Russian activity in Ukraine, and seemed to iSight that Russian hackers might be sending a subtle message to the Poles. After that, the idea of using jihadist cover to undertake Russian hacking could have taken hold in Moscow, the researchers said. "They maybe realized how effective they could be in doing that, and in November decided to put the 'Cyber Caliphate' label on it," Bartholomew said.
The iSight team said they don't know whether the groups are operated by the Russian government, Russian criminals, or some other type of Russian entity. "At a minimum, they are connected within some overarching organization," Bartholomew said.
But why would Russians of any type want to operate a fake jihadist hacking operation? Bartholomew said he thinks the ISIS cover gives the Russian hackers freedom to spread propaganda designed to weaken Western governments and also test hacking techniques that could be used in any broader future cyberwarfare.
It's not clear whether U.S. intelligence has come to the same conclusion about who's running the Cyber Caliphate. A spokesman for the director of National Intelligence declined to comment to CNBC.
But even if U.S. intelligence also concluded that Russia was to blame, it could be counterproductive for the U.S. government to publicly say what it knows. Doing so could reveal American cybersecurity sources and methods, and it might cause the Cyber Caliphate to vanish at a time when watching it may yield more valuable intelligence. So far at least, the Cyber Caliphate activity is seen as tantamount to Internet vandalism, not nearly as severe as the Sony hack that compelled U.S. policymakers to publicly identify the North Koreans. That may make disrupting the group less important in U.S. eyes than watching and learning about Cyber Caliphate—whoever is behind the mysterious group.