Cyber Defense

Cyber, real world converge as U.S. targets ISIS hackers with bombs

The notion of the cyber domain crossing over into the physical world is increasingly becoming more prolific, most famously exemplified by the Stuxnet virus that damaged part of Iran’s nuclear processing ability. But the potential threat posed by ISIS is bringing new meaning to the convergence of these two domains, as the military is using air strikes against members of the group associated with hacking.

Army Col. Steve Warren, spokesperson for the global anti-ISIS coalition called Combined Joint Task Force-Operation Inherent Resolve (CJTF-OIR), told reporters in late December that, “in addition to our tactical operation, we are also striking at the head of this snake by hunting down and killing ISIL leaders,” using an alternative acronym for ISIS.

One of these individuals was a British-educated computer system engineer of Bangladeshi descent named Siful Haque Sujan. “Sujan was an external operations planner who was educated as a computer systems engineer in the United Kingdom,” Warren told reporters. “He supported ISIL's hacking efforts, their anti-surveillance technology and their weapons development. Now that he's dead, ISIL has lost a key link between their networks.”

In August, a drone strike killed Junaid Hussain, the supposed ring leader of ISIS’s cyber operations and the person suspected of recruiting Sujan, who eventually took Hussain’s place.

ISIS has proven adept online at using social media to recruit fighters, direct attacks globally, and obtain passwords to deface websites and gain access to databases.  

“[T]he coalition's strategy to defeat ISIL includes eliminating high value individuals, which can include enemy leaders, commanders of various levels of importance, recruiters or even social media and information technology savvy ISIL members,” a spokesperson for CJTF-OIR told Defense Systems via email. 

The military generally declines to discuss the criteria for targeting individuals, adversarial capabilities or ongoing operations. “As stated in the DOD Cyber Strategy, it is the responsibility of the department to provide integrated cyber capabilities to support military operations and contingency plans. This also includes supporting Operation Inherent Resolve. As a matter of policy, we do not comment on details of planning or ongoing cyber-related operations,” Lt. Col. Valerie Henderson, a DOD spokeswoman, told Defense Systems regarding the cyber operations against ISIS. 

Defense Secretary Ashton Carter recently indicated that he would begin directing cyber efforts against ISIS from the U.S. Cyber Command, as authorized by U.S. law.  

However, the recent air strikes eliminating members of ISIS’s indicates that the United States. is not merely looking to neutralize adversarial capabilities, but eliminate the actors capable of executing them, thus converging the cyber and physical realm.“The United States and its coalition allies and partners are in an armed conflict with the Islamic State of Iraq and the Levant (ISIL). There are both domestic and international legal bases to use lethal force against those individuals who are determined to be members of ISIL,” DOD spokesperson Army Lt. Col. Joe Sowers told Defense Systems. 

The U.S. does not enjoy similar authorities against those performing state-sponsored cyberattacks for nation states – though there is broad flexibility under the president’s constitutional powers to protect the nation and interests from imminent dangers. Additionally, most malicious cyber activity generally falls under the purview of law enforcement, rather than the military, given that actions such as cyber theft are illegal.     

To date, ISIS and its global online sympathizers have achieved relatively little success online, defacing a few websites and shutting down a French news station for some time. Non-state groups such as ISIS, despite its proto-state profile, are not on par with the types of cyber capabilities nation states such as Russia or China possess.          

“The most damaging cyberattacks – those that cause physical damage, such as Stuxnet’s destruction of many of the Iranian nuclear program’s centrifuges – are still a high art of which only a few nations are capable, but it is likely that Russia has this capability, that China may already possess it,” James Lewis, senior fellow and program director at the Center for Strategic and International Studies wrote in a report titled “U.S.-Japan Cooperation in Cybersecurity.” He added that non-state actors do not pose similar threats given the fact it “takes a large, well-resourced, and time-intensive effort to use cyber tools for major disruption or physical damage.”

It is still not clear how extensive ISIS’s capabilities are in terms of inflicting real harm in cyberspace. “In terms of their ‘attacks’ so far, they have not displayed great sophistication. They may have some capacity in reserve,” J.M. Berger, a fellow with George Washington University's Program on Extremism, said of ISIS. Regarding ISIS’s cyber personnel, Berger said “it's difficult to put a number on this, especially after the attrition of the last year. At one point, there were certainly at least a couple dozen hackers formally affiliated with the group. I can't realistically estimate what that looks like today.”

“I don’t think anyone has any proof that there’s an imminent attack or that ISIS has acquired the manpower or the resources to launch an attack on the infrastructure of the United States,” Craig Guiliano , a former counterterrorism official with DOD, told Government Technology in May. “It could be a potential threat in the future, but we’re not there yet.”

This is not to say that groups such as ISIS do not pose a distinct threat in cyberspace. “As far as the terrorist – the evolving of the terrorist threat – they have gone from using the Internet and cyber as a propaganda tool to, I think, just recently this year we saw them not use it just for a tool but also to obtain information to target U.S. government military personnel,” Sean Newell, deputy chief for Cyber, Counterintelligence and Export Control Section at the Justice Department, said at an event hosted by the Atlantic Council recently. “That’s a significant evolution and you can rest assured they don’t want to stop there and they want to keep moving towards greater destructive attacks or cyber-enabled attacks that cause loss of life.”  

Other aspect of ISIS’s online presence include maintaining communications. Berger clarified that the so-called “Cyber Caliphate,” includes both members within ISIS as well as “less affiliated supporters.” Some hackers, he said, that have been recruited are responsible for securing communications and maintaining Internet connections in Iraq and Syria   

One of, if not the most, prominent presence ISIS maintains online is that of its social media for propaganda as well as and recruitment. While the role of social media in recruiting and radicalizing individuals can be overstated to some degree, it is still an important component that the United States has prioritized combating.      

To date, U.S. counter-messaging campaigns have had less-than desired effects. The State Department is trying to improve its counter-messaging campaign. Recently, it named the current Assistant Secretary of Defense for Special Operations and Low Intensity Conflict Michael Lumpkin to head the Global Engagement Center, which helps allies counter extremist messaging. The New York Times reported recently that the decision to tap Lumpkin was to leverage his “understanding of covert operations to improve the State Department’s efforts.” 

The Obama administration has also made a fervent push to increase its partnership with the Silicon Valley to leverage top technologies to combat ISIS. Last week, cabinet chiefs went to Silicon Valley to meet with company heads in an effort to increase the public-private partnership. 

Richard Stengel, under secretary of State for Public Diplomacy and Public Affairs, who oversees the Center for Strategic Counterterrorism Communications – an outlet that counters ISIS propaganda – told an audience recently at the New America Foundation that a sprint team from the private sector came in to do a deep dive into what CSCC was doing. The team recommended four principles for success going forward, including more leveraging of data analytics, using campaigns (such as highlighting defector testimonials) rather than “tit for tat messaging,” relying more on partners and third parties globally, and leveraging the private sector.    

With ISIS trying to build up its cyber capabilities, compounded by hacktivist groups such as a Palestinian hacker organization pledging allegiance and its efforts to ISIS’ leader, the threat from the group in the virtual world in increasing. While the United States counters ISIS’ operations in the physical world, it’s also taking up the fight in cyberspace, and sometimes those two world converge.

Defense Systems Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.