In the nearly two years since ISIS declared itself a caliphate, the group has leaned heavily on technology to recruit, communicate, and attack foreign targets—each with varying degrees of success. Twitter and Facebook have scrambled to head off ISIS recruiters who spread propaganda on their platforms, and top intelligence officials have bemoaned the group’s alleged use of encryption to communicate.
But barring a few low-impact operations, ISIS hasn’t successfully launched a meaningful cyberattack on the West. And according to new research from Flashpoint, a cybersecurity company, it probably doesn’t have the tools or the know-how to launch one anytime soon.
To date, most of the group’s offensive moves have been “attacks of opportunity” that grasp at low-hanging fruit, the researchers said. The highest-profile ISIS cyberattacks targeted Twitter accounts: In January 2015, a group calling itself the “Cyber Caliphate” took over the Twitter handle that belongs to the U.S. Central Command, and the next month, the same group appeared to take over Newsweek’s handle. At most, the attacks amounted to digital graffiti, although it can be hard to measure their psychological and morale-boosting effects.