Cyber, real world converge as U.S. targets ISIS hackers with bombs

In the continued fight against ISIS, the U.S. is specifically targeting members of the group that are affiliated with cyberspace operations with missiles from the air.

The notion of the cyber domain crossing over into the physical world is increasingly becoming more prolific, most famously exemplified by the Stuxnet virus that damaged part of Iran’s nuclear processing ability. But the potential threat posed by ISIS is bringing new meaning to the convergence of these two domains, as the military is using air strikes against members of the group associated with hacking.

Army Col. Steve Warren, spokesperson for the global anti-ISIS coalition called Combined Joint Task Force-Operation Inherent Resolve (CJTF-OIR), told reporters in late December that, “in addition to our tactical operation, we are also striking at the head of this snake by hunting down and killing ISIL leaders,” using an alternative acronym for ISIS.

One of these individuals was a British-educated computer system engineer of Bangladeshi descent named Siful Haque Sujan. “Sujan was an external operations planner who was educated as a computer systems engineer in the United Kingdom,” Warren told reporters. “He supported ISIL's hacking efforts, their anti-surveillance technology and their weapons development. Now that he's dead, ISIL has lost a key link between their networks.”

In August, a drone strike killed Junaid Hussain, the supposed ring leader of ISIS’s cyber operations and the person suspected of recruiting Sujan, who eventually took Hussain’s place.

ISIS has proven adept online at using social media to recruit fighters, direct attacks globally, and obtain passwords to deface websites and gain access to databases.  

“[T]he coalition's strategy to defeat ISIL includes eliminating high value individuals, which can include enemy leaders, commanders of various levels of importance, recruiters or even social media and information technology savvy ISIL members,” a spokesperson for CJTF-OIR told Defense Systems via email. 

The military generally declines to discuss the criteria for targeting individuals, adversarial capabilities or ongoing operations. “As stated in the DOD Cyber Strategy, it is the responsibility of the department to provide integrated cyber capabilities to support military operations and contingency plans. This also includes supporting Operation Inherent Resolve. As a matter of policy, we do not comment on details of planning or ongoing cyber-related operations,” Lt. Col. Valerie Henderson, a DOD spokeswoman, told Defense Systems regarding the cyber operations against ISIS. 

Defense Secretary Ashton Carter recently indicated that he would begin directing cyber efforts against ISIS from the U.S. Cyber Command, as authorized by U.S. law.  

However, the recent air strikes eliminating members of ISIS’s indicates that the United States. is not merely looking to neutralize adversarial capabilities, but eliminate the actors capable of executing them, thus converging the cyber and physical realm.“The United States and its coalition allies and partners are in an armed conflict with the Islamic State of Iraq and the Levant (ISIL). There are both domestic and international legal bases to use lethal force against those individuals who are determined to be members of ISIL,” DOD spokesperson Army Lt. Col. Joe Sowers told Defense Systems. 

The U.S. does not enjoy similar authorities against those performing state-sponsored cyberattacks for nation states – though there is broad flexibility under the president’s constitutional powers to protect the nation and interests from imminent dangers. Additionally, most malicious cyber activity generally falls under the purview of law enforcement, rather than the military, given that actions such as cyber theft are illegal.     

To date, ISIS and its global online sympathizers have achieved relatively little success online, defacing a few websites and shutting down a French news station for some time. Non-state groups such as ISIS, despite its proto-state profile, are not on par with the types of cyber capabilities nation states such as Russia or China possess.          

“The most damaging cyberattacks – those that cause physical damage, such as Stuxnet’s destruction of many of the Iranian nuclear program’s centrifuges – are still a high art of which only a few nations are capable, but it is likely that Russia has this capability, that China may already possess it,” James Lewis, senior fellow and program director at the Center for Strategic and International Studies wrote in a report titled “U.S.-Japan Cooperation in Cybersecurity.” He added that non-state actors do not pose similar threats given the fact it “takes a large, well-resourced, and time-intensive effort to use cyber tools for major disruption or physical damage.”

It is still not clear how extensive ISIS’s capabilities are in terms of inflicting real harm in cyberspace. “In terms of their ‘attacks’ so far, they have not displayed great sophistication. They may have some capacity in reserve,” J.M. Berger, a fellow with George Washington University's Program on Extremism, said of ISIS. Regarding ISIS’s cyber personnel, Berger said “it's difficult to put a number on this, especially after the attrition of the last year. At one point, there were certainly at least a couple dozen hackers formally affiliated with the group. I can't realistically estimate what that looks like today.”

“I don’t think anyone has any proof that there’s an imminent attack or that ISIS has acquired the manpower or the resources to launch an attack on the infrastructure of the United States,” Craig Guiliano , a former counterterrorism official with DOD, told Government Technology in May. “It could be a potential threat in the future, but we’re not there yet.”

This is not to say that groups such as ISIS do not pose a distinct threat in cyberspace. “As far as the terrorist – the evolving of the terrorist threat – they have gone from using the Internet and cyber as a propaganda tool to, I think, just recently this year we saw them not use it just for a tool but also to obtain information to target U.S. government military personnel,” Sean Newell, deputy chief for Cyber, Counterintelligence and Export Control Section at the Justice Department, said at an event hosted by the Atlantic Council recently. “That’s a significant evolution and you can rest assured they don’t want to stop there and they want to keep moving towards greater destructive attacks or cyber-enabled attacks that cause loss of life.”  

Other aspect of ISIS’s online presence include maintaining communications. Berger clarified that the so-called “Cyber Caliphate,” includes both members within ISIS as well as “less affiliated supporters.” Some hackers, he said, that have been recruited are responsible for securing communications and maintaining Internet connections in Iraq and Syria   

One of, if not the most, prominent presence ISIS maintains online is that of its social media for propaganda as well as and recruitment. While the role of social media in recruiting and radicalizing individuals can be overstated to some degree, it is still an important component that the United States has prioritized combating.      

To date, U.S. counter-messaging campaigns have had less-than desired effects. The State Department is trying to improve its counter-messaging campaign. Recently, it named the current Assistant Secretary of Defense for Special Operations and Low Intensity Conflict Michael Lumpkin to head the Global Engagement Center, which helps allies counter extremist messaging. The New York Times reported recently that the decision to tap Lumpkin was to leverage his “understanding of covert operations to improve the State Department’s efforts.” 

The Obama administration has also made a fervent push to increase its partnership with the Silicon Valley to leverage top technologies to combat ISIS. Last week, cabinet chiefs went to Silicon Valley to meet with company heads in an effort to increase the public-private partnership. 

Richard Stengel, under secretary of State for Public Diplomacy and Public Affairs, who oversees the Center for Strategic Counterterrorism Communications – an outlet that counters ISIS propaganda – told an audience recently at the New America Foundation that a sprint team from the private sector came in to do a deep dive into what CSCC was doing. The team recommended four principles for success going forward, including more leveraging of data analytics, using campaigns (such as highlighting defector testimonials) rather than “tit for tat messaging,” relying more on partners and third parties globally, and leveraging the private sector.    

With ISIS trying to build up its cyber capabilities, compounded by hacktivist groups such as a Palestinian hacker organization pledging allegiance and its efforts to ISIS’ leader, the threat from the group in the virtual world in increasing. While the United States counters ISIS’ operations in the physical world, it’s also taking up the fight in cyberspace, and sometimes those two world converge.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.