On August 28th 2015, an ISIS hacker named Junaid Hussain was killed in air strike. While the death of a member of an extremist movements falls outside our usual topics of discussion, it was his job description that is of particular interest here.
Hussain’s job primarily involved online recruitment and propaganda. During his tenure, he is alleged to have been a part of the team responsible for the posting of personal information and financial details of United States military personnel online for others to exploit.
Hussain’s method included aggregating openly available information from the Internet. He then used this information to further ISIS goals such as breaking into a social media accounts, such as US Central Command’s Twitter and YouTube accounts, to send pro-ISIS messages. In effect, Hussain was a social engineer.
Hussain had a history of using social engineering skills before he joined ISIS. He plead guilty in 2012 to publishing former British Prime Minister Tony Blair’s address book. He accomplished this by gaining access to the email account of one Blair’s staff. In other words, he found a week point in their human security and exploited it to further a goal.
This example points to the dual nature of the social engineer. These skills could have proved invaluable in protecting critical information. Instead they were used to perpetuate jihadi goals. This decision ultimately cost Hussain his life.