US Army’s Fort Gordon’s Cyber Operations Centre
Inside the US Army’s Fort Gordon’s Cyber Operations Centre in Georgia. The force is one of many of the US armed services investing in its cyber capabilities. (US Army)

During May and June the war against ISIS (Islamic State of Iraq and Syria) gradually gathered strength in an all-out campaign by Iraqi and other forces to retake territory occupied by the world’s most dangerous insurgent group in recent times.

However, even if the group is eventually defeated in the Middle East and North Africa (it is now operational in Libya), it still has the ability to encourage attacks, applying its usual, relentless modus operandi of suicide bombings and mass shootings. To this end, its use of digital communications is vital to launching and promoting them. Apart from being the best-financed extremist organisation to date, ISIS has adopted constant and unparalleled use of the Internet to recruit and inspire, to disseminate its ideology, to raise funds, and to broadcast propaganda before and after attacks. Of increasing concern is ISIS’ ability to launch multiple forms of cyber attack. Its territorial gains in Iraq and Syria, the influx of foreign fighters to wage war in these areas, the volume of online propaganda it disseminates, and the deadly attacks in Paris it performed in November 2015, all required concerted policy action by nations at risk from the organisation. The perpetrator of the recently-foiled attack on the Thalys train which runs between Paris and Brussels on 21 August 2015 was listening to a YouTube audio file calling for violent action in the name of Muhammad, immediately before the attack. Almost every attack or pre-empted plot has been followed by the almost inevitable reports that the suspected perpetrator was influenced or radicalised by ISIS on the Internet.

US NORTHCOM (Northern Command) Joint Cyber Control Centre
The US NORTHCOM (Northern Command) Joint Cyber Control Centre involved 60 US and German soldiers and airmen in a cyber-defence exercise called Operation DEUCE LIGHTNING in February 2011. (US DoD)

Global Reach

Al-Qaeda had already made inroads into the World Wide Web and other groups follow its example, but ISIS has exceeded these efforts, paradoxically employing 21st century technology to promote its antediluvian ideology and practices of mass killings, torture, rape, enslavement, economic jihad and the destruction of antiquities. As well as the better-known Facebook and Twitter social media outlets, to reach new audiences ISIS use Ask.fm, Pinterest, YouTube, WordPress, Kik, WhatsApp and Tumblr to spread its message.

ISIS are on a far larger scale and intensity than any insurgent organisation, either contemporary or erstwhile. This gives it a truly global reach. An indicator of that reach can be seen in the increase of Internet use this century: in 2005 there were one billion users; by 2010, two billion; by 2014, three billion; and by mid-2016, over 3.5 billion, according to Internet World Stats Usage and Population Statistics. Today, a young recruit from Africa can be drawn in via Twitter by a faceless cyber-operative somewhere in Syria. 

Lone Wolves

Online propaganda has succeeded in radicalising individuals who have travelled to fight with ISIS in Syria and Iraq, and increasingly, to commit ‘lone-wolf’ attacks in the West, exemplified most recently by the deadliest mass shooting in modern times in the United States when an ISIS-inspired US-born gunman shot dead 49 people at the Pulse nightclub in Orlando, Florida, on 11 June. The perpetrator, Omar Mateen (later killed by police) was radicalised online. The difference between recruiting through these channels and other, more traditional methods of recruitment (see below) is that while some of it can be tracked by the authorities, the recipients, especially those prone to radicalisation for a variety of reasons, can be sucked into it in a way not seen in ‘normal’ insurgent recruitment (which ISIS also uses) namely face-to-face communication, persuasion or threats of violence. Online recruitment is essentially invisible recruitment. Recruitment online follows three stages: individuals in the pre-radicalisation phase visit extremist home pages, watch videos with subtitles in their own language and read radical articles. They interact with extremist members, then with professional recruiters. Just three reports provide a sample of how ISIS uses cyber methods to enhance their deadly campaign of terror.

Example 1

In May ISIS-linked hackers published a ‘hit list’ of dozens of home addresses and photographs of over 70 US military personnel that the group claimed to have been involved in Unmanned Combat Aerial Vehicle (UCAV) attacks on targets in Syria. The hackers, who have links with the United Kingdom, and call themselves the ‘Islamic State Hacking Division’, took the information from social media sites and circulated online the personnel’s names, home addresses and photographs. They urged supporters: “Kill them wherever they are, knock on their doors and behead them, stab them, shoot them in the face or bomb them.” 

Example 2

The Spanish police detained four people accused of promoting Islamist militancy, as part of an ongoing operation outside Madrid in early March. The Spanish Interior Ministry said three of the suspects were from Morocco and the fourth was Spanish, arrested under suspicion of promoting militancy to hundreds of people through instant messaging and other social media before directly contacting smaller groups. They are among 23 arrested in Spain this year for suspected links to terrorism.

Example 3

Jihadists fighting with ISIS have turned to social media sites like Facebook to sell female sex slaves, forcing so-called ‘sexual jihad’ on thousands of captured women from Kurdish, Yazidi (a Kurdish minority which does not follow Islam) and Shiite territories in the past two years. Militants can buy and sell the slaves as they wish in the self-declared caliphate, with some women being handed over as prizes of war or to settle debts. Although ISIS militants have to pay a small tax, the trade in sex slaves is a burgeoning part of the insurgent’s economy.

Cyber Caliphate

As well as using the Internet as a recruitment and propaganda tool, ISIS, along with a host of other criminals worldwide, are launching cyber attacks. These have advanced from various uncoordinated groups without direct association with the caliphate to the formation of a fully-fledged operation in early 2016 known as ISIS’ ‘United Cyber Caliphate’. Of concern is that well-educated young people will be attracted to contribute to this cyber division, and that their efforts will take down websites, often through massive Distributed Denial Of Service (DDOS) attacks to disrupt infrastructure, and produce further recruitment, support, and attacks.

Within the ‘United Cyber Caliphate’ the ISIS ‘hacking division’ selects targets and assesses the value of sensitive data from past attacks. Second, the ‘cyber recruitment drives’ is a programme to find skilled hackers who are tasked with using malware (malicious software) and hacking tools. These young cyber-attackers are trained on courses found on ‘Dark Web Forums’. The Dark Web is a broad term for content on the World Wide Web which requires dedicated software or authorisations to access and which thus cannot be reached by normal search engines. While many rank-and-file ISIS recruits are uneducated or have criminal records, this separate recruitment effort is attracting well-educated ‘clean skins’ with IT (Information Technology) skills. According to Laith Alkhouri, co-founder at Flashpoint, a pioneer of Dark Web Intelligence, “not long back, we rated the cyber threat from them as mediocre and without the acumen for sophisticated targeting. But ISIS cyber attacks have entered a new dimension (by hacking the) Newsweek Twitter Accounts and even the Twitter account of CENTCOM (US Central Command).”

Government Countermeasures

On the military front, the US Army has begun attacking ISIS networks, according to US defence secretary Ashton Carter “to interrupt [and] disrupt (ISIS’) command and control, to cause them to lose confidence in their networks, to overload their network so that they can’t function, and do all of these things that will interrupt their ability to command and control forces there, control the population and the economy.” The challenges to counter a global presence in cyberspace, however, are enormous, and have their own limits as to how far governments can go in removing the content of insurgent websites and social media postings. Countries have begun (to many, too late) to remove content and block accounts associated with political violence. In February 2015, the US government convened a summit on countering violent extremism, which discussed extremist use of social media. By March 2015 the UK had removed 75000 pieces of content from the Internet but this did not at the time reduce the number of radicalised recruits travelling from the UK to fight extremist jihad overseas. Furthermore as soon as the accounts are removed, more appear.

US Army has begun attacking ISIS networks
On the military front, the US Army has begun attacking ISIS networks as part of its efforts to degrade the force, alongside the kinetic missions which it is continuing in Iraq and Syria. (US Army)

The online reach of ISIS must be taken in the context of it continuing to wield control in its caliphate areas in Iraq and Syria, as well as spreading to parts of North Africa and the Asia-Pacific (please see the author’s Chemical Memory article in this issue). Some observers believe that recruitment on the Web (and particularly, the heavily encrypted Dark Web) depends on it maintaining its military, administrative, economic and social dominance in the territories it occupies. This means taking more land, or reoccupying areas that have been seized by Iraqi and Kurdish forces.

Challenging Recruitment

Government de-radicalisation programmes (such as Prevent and Channel in the UK) involve advising community leaders how to resist the ISIS online message, along with the creation of alternative websites. Government agencies post ‘counter’ messages on Twitter and other social media, yet these efforts are not widely viewed as effective. The programme run on Twitter by the US State Department’s Centre for Strategic Counterterrorism Communications (CSCC) called ‘Think again, turn away’ is aimed at potential ISIS recruits, but, according to Daniel Cohen, coordinator of the cyber warfare programme at the Institute for National Security Studies in Tel Aviv, Israel, “It’s not reaching the right population. It’s not reaching the potential jihadists.” This really is the hard part: The prime challenge is to target, identify and connect with all those who are absorbing content from ISIS and other extremist groups, and becoming radicalised.

Civilian Surveillance

Countering Internet-based terrorism is opening up controversial debate about civil liberties, as it is pushing the UK, the US and other democracies to bring in more surveillance of overall Internet use by the public at large. In May, the French National Assembly, the country’s parliament, adopted legislation that expanded the government’s surveillance authorities to counter such threats. The UK government is pushing the Investigative Powers Bill through parliament, which will “bring together all of the powers already available to law enforcement and the security and intelligence agencies to obtain communications and data about communications” and “make provision for the retention of Internet connection records for law enforcement to identify the communications service to which a device has connected.”

The Bill is controversial partly because, according to points raised by the shadow home secretary Andy Burnham who speaks on domestic security matters for the opposition in the UK parliament, “routine gathering of large quantities of information from ordinary people does lead to privacy concerns and should be as targeted as possible … It is for the government still to convince the public that these powers are needed,” in other words, a sledgehammer to crack a nut.

Hackers vs. hackers

In the wake of the ISIS bombings in Brussels on 22 March, the hacktivist group Anonymous announced (anonymously, of course) that it would intensify its cyber-war on ISIS, which it dubbed ‘Op Brussels’. This involves “hacking their websites, shutting down their Twitter accounts and stealing their Bitcoins (an online virtual currency).” Anonymous first launched several waves of disruption (‘Operation ISIS’) at the group’s sites following the January 2015 attack on the French Charlie Hebdo satirical newspaper, stating, “From now on, there is no safe place for you online.” They claim to have “severely punished (ISIS) on the (Dark Web), hacked their electronic portfolio, and stole money from (its members).” However, it is not clear how effective the campaign is judging by the continuing presence of ISIS on the Web, but it continues apace.

As well as government countermeasures, much also depends on how far the private sector is prepared, or able, to police cyberspace. In 2010 the UK opened a Counter-Terrorism Internet Referral Unit, in cooperation with companies, to address Internet activities that violate legal prohibitions against glorifying or inciting acts of political violence. President Barack Obama has introduced cyber security reforms that require the private sector to share information about cyber threats with the government, to crack down on the sale of botnets (which can be used to send ‘spam’ or perform DDOS attacks), and to prosecute insiders who exceed their authorised access to online networks.

The companies catering to the cyber security market can be broadly classified into security vendors and defence companies. The former are companies engaged in designing, manufacturing, and delivering information security products, services and solutions to defence and government organisations. Some of the most prominent security vendors in the cyber security market are Cisco Systems, IBM, the Intel Security Group, Dell SecureWorks, Symantec Corporation, and Kaspersky Lab. Defence companies engaged in developing cyber security and network security software to prevent cyber attacks on military software systems include BAE Systems, General Dynamics, Leonardo (formerly Finmeccanica), Lockheed Martin, Northrop Grumman, Raytheon and Thales. 

IBM X-Force Exchange
IBM X-Force Exchange users can tap into threat information based on monitoring of more than 15 billion monitored security events per day. (IBM)

Active/Passive Defence

To protect against actual cyber attacks, products such as firewalls, cryptography and intrusion detection are produced in rapid succession to protect organisational IT assets; this is known as ‘passive defence’. ‘Active defence’ imposes serious risk or penalty on the attacker as this involves identification and exposure, investigation and prosecution, pre-emptive or counter-attacks (as per the Anonymous campaign). The former tends to be the province of companies, the latter, mainly for legal reasons, of governments; for example in the US, the National Infrastructure Protection Centre.

At the corporate level, IBM has made its vast library of security intelligence data available via the IBM X-Force Exchange, a new cyber threat intelligence sharing platform powered by the IBM Cloud that allows organisations to easily collaborate on security incidents. This collaborative platform provides access to global volumes of actionable IBM and third-party threat data, including real-time indicators of live attacks, which can be used to defend against cyber-crimes. X-Force Exchange users can tap into threat information based on the monitoring of more than 15 billion security events per day; malware threat intelligence from a network of 270 million endpoints; threat information based on over 25 billion web pages and images; deep intelligence on more than eight million spam and phishing attacks; and reputation data on nearly one million malicious IP addresses.

The pace of development in this area is so rapid that it will take corporate leaders in the cyber field, working in tandem with, or as well as, security services with special ‘cyber divisions’ to attack the growing use of web-based recruitment and modus operandi. The dependence of billions of people on cyber systems makes cyber war all the more complicated, and all the more imperative. The far reach of ISIS via the Internet is succeeding in radicalising people, especially lone wolves and self-starter groups who are inspired by the group, all over the world who are prone to extremism, the next step being their adoption of violence. While cyber terrorism may be the silent recruiter, its deadly results are anything but.

US Army’s Fort Gordon’s Cyber Operations Centre
Inside the US Army’s Fort Gordon’s Cyber Operations Centre in Georgia. The force is one of many of the US armed services investing in its cyber capabilities. (US Army)

by Andy Oppenheimer