14 DAY TRIAL // A disillusioned ISIS fighter has decided to leave the terror organization and take with him electronic copies of registration forms for around 22,000 Daesh soldiers.
His name is Abu Hamed, and he is a former member of the Free Syrian Army and Islamic State (ISIS, Daesh) member.
As he explained in a Sky News video interview, Hamed said he joined ISIS because of his Islam faith but found the group being taken over by former soldiers from Saddam Hussein's former Iraqi Baath party.
Because he saw ISIS leaders using Islam as bait to lure in new recruits but not caring at all about the upholding of Sharia law, Hamed decided to quit, but not before sabotaging them.
Former member steals USB stick from high-ranking ISIS official
The former ISIS member used his access to steal a USB memory stick containing sensitive information from the head of Islamic State's internal security police. The stick contained digital copies of over 22,000 registration forms that all ISIS fighters must fill in before joining.
These forms hold details such as the recruit's real name, his "fighter" name, his mother's maiden name, blood type, date of birth, nationality, marriage status, home address, level of education, level of Sharia understanding, and previous job.
They also contained the countries a fighter travelled through to reach Syria, the area they entered the country, date of entry, recommendations, if they fought before, what role they want to have, if they have any special skills, current place of work, the size of their security deposit, level of obedience, and phone number.
The form had 23 fields, and the last two were for notes and the fighter's date and place of death.
Intelligence agencies are doing a party dance right now
Once Hamed has this USB drive, he fled to Turkey and contacted Sky News reporters, to which he provided a copy of the data, also revealing that ISIS has decided to abandon Syria, and flee back to Iraq.
"In years to come will look back upon this day as one of the key days in this battle against Daesh," said Chris Phillips, former head of the UK's National Counter-Terrorism Security Office in a TV interview with Sky.
"This looks extremely interesting and a level of detail that we just haven't had before," also added John Gearson, former Counter-Terrorism Adviser to the UK Ministry of Defence, after looking at copies of the ISIS registration forms.
What this breach means is if ISIS decides to surrender and sends its fighters home, intelligence agencies will have fine-grained details about the location of each one, and they would be able to track their activities and prevent future assaults.
You might wonder what this has to do with our security news section. The answer is simple. This is the definition of a data breach caused by your own employees.
In the past half of year, we've been seeing more and more surveys in which companies were ranking "insider threats" as their main fear when it came to the risk of a potential data breach. Companies ranked employees (insider threats) way above hackers, hacktivists, competitors, and business partners, and this case just gives validity to their fears.
