Islamic State group hackers hinder the group because of their poor coding abilities, according to security researchers.

Kyle Wilhoit, a senior security researcher at DomainTools, said ISIS creates easily crackable encryption programs. The United Cyber Caliphate (UCC) was created when 17 different hacker groups pledged allegiance to ISIS. The group’s coding skills are “garbage,” Wilhoit said at security conference DerbyCon in Kentucky. He elaborated on the problems with the group’s tools, saying their malware had basic bugs, the secure email system it created leaked users’ information and the web attack tool did not take down a significant target.

Although ISIS previously used social media as a means of recruitment, the group switched to online services and the dark web for attack code.

“ISIS is really, really bad at the development of encryption software and malware,” Wilhoit said to The Register. “The apps are s--- to be honest, they have several vulnerabilities in each system that renders them useless.”

At DerbyCon, Wilhoit explained how four ISIS hacking groups with different objectives formed.

The Islamic State Hacking Division tried to hack government databases in the United States, United Kingdom and Australia to try and publish kill lists of targets. No recorded successes were found.

The Sons of the Caliphate Army achieved some level of acknowledgment when they threatened Mark Zuckerberg's life February 2016. The threat was a response to Zuckerberg's social networking site Facebook suspending accounts associated with IS. The group is currently under the UCC.

The Islamic Cyber Army attempted to research information about power grids, as well as deface websites. No evidence exists that the group succeeded in ever breaking into a power company.

The Caliphate Cyber Army aimed to deface websites.

All four had lack of success and displayed ineptitude, trying to destroy a website only a few people visit or launching an attack using a small number of infected personal computers.

Wilhoit said if UCC recruited more technologically savvy members, a real online terrorist threat could develop.

“As it stands ISIS are not hugely operationally capable online,” he said. “As it is right now we should be concerned, of course, but within reason.”