President Obama confirmed for the first time last week that the U.S. is conducting âcyber operationsâ against ISIS, in order to disrupt the groupâs âcommand-and-control and communications.â
But the American militaryâs campaign of cyber attacks against ISIS is far more serious than what the president laid out in his bland description. Three U.S. officials told The Daily Beast that those operations have moved beyond mere disruption and are entering a new, more aggressive phase that is targeted at individuals and is gleaning intelligence that could help capture and kill more ISIS fighters.
As the U.S. ratchets up its online offensive against the terror group, U.S. military hackers are now breaking into the computers of individual ISIS fighters. Once inside the machines, these hackers are implanting viruses and malicious software that allow them to mine their devices for intelligence, such as names of members and their contacts, as well as insights into the groupâs plans, the officials said, speaking on condition of anonymity to describe sensitive operations.
One U.S. official told The Daily Beast that intelligence gleaned from hacking ISIS members was an important source for identifying key figures in the organization. In remarks at CIA headquarters in Langley, Virginia, this week, Obama confirmed that cyber operations were underway and noted that recently the U.S. has either captured or killed several key ISIS figures, including Sulayman Dawud al-Bakkar, a leader of its chemical weapons program, and âHaji Iman,â the man purported to be ISISâs second in command.
The military has also used cyber operations to block ISISâs use of encrypted communications, in order to force members to use less secure channels where they can be more easily monitored, officials said. That tactic appears to be a response to ISISâs effective use of encrypted text applications in particular, which officials had said previously made it harder for the military and intelligence community to track individual fighters.
Three former intelligence officers, who spoke on condition of anonymity to discuss sensitive operations, told The Daily Beast that U.S. Cyber Command, which conducts online attacks for the military, has the capability to identify when someone is using an encrypted application and then target the communications infrastructure to make it harder, if not impossible, to use that application.
âEncrypted communications definitely make things more difficult,â one former officer said. âBut any military adversary worth its salt is going to be using them, whether commercially available or otherwise. You take that as a given, and you just find ways to go after it.â
The new cyber campaign against ISIS isnât the first time the U.S. has used offensive techniques to penetrate the computers of an adversary. But itâs a new feature in the war against the self-proclaimed Islamic State and represents an escalation from a few months ago.
In February, U.S. military hackers began to interfere with ISISâs online communications, the computer equivalent of jamming radio signals, making it harder for members to communicate with each other and for commanders to give orders, the officials said. Those operations helped to hamstring ISIS in the Syrian town of Shaddadi, one of its training and logistics sites, while rebel forces on the ground took back the city.
But those operations were broader and less precise than whatâs being conducted today. Defense officials wouldnât comment on the exact methods being employed to compromise ISIS computers, except that individuals were being tricked into loading malicious software onto their devices, thereby giving U.S. hackers access.
This could be achieved through âspear phishingââsending emails with infected attachments that appear to come from a trusted sourceâor through so-called watering hole attacks, in which websites that a group is known to visit are surreptitiously loaded with malicious software.
President Obamaâs confirmation of cyber operations followed comments by Secretary of Defense Ash Carter and his deputy, Robert Work, who told reporters last week that the U.S. was âdropping cyber bombsâ on ISIS. It was an arguably mixed metaphor, since thereâs no indication that the U.S. has launched cyber attacks that have caused physical damage to infrastructure connected to the Internet, such as power grids or oil facilities. But Workâs remarks and Obama and Carterâs statements signaled a marked shift both in rhetoric and policy.
Never have so many top officials spoken openly about cyber attacks, which historically have been guarded with the utmost secrecy because of the sensitive and often perishable techniques that are used to penetrate computers, monitor them, and sometimes control them remotely.
Work said that Carterâs orders to launch cyber attacks on ISIS were unprecedented. âIt is the first time he has given Cyber Command guidance [that] weâre going to go after ISIL. Just like we have an air campaign, I want to have a cyber campaign,â Work said.
But within the government, there is debate over how exactly to wage a cyber war, who should be in charge of it, and what limits should be imposed on hackers who have the capability to do far more damage than just spy on jihadist computers. One official acknowledged that the U.S. is still figuring out its rules for cyber warfare even as it engages in it.
Carter is pushing for U.S. Cyber Command to have greater freedom to launch attacks, a defense official told The Daily Beast. Barely seven years old, Cyber Command has never been given a full-fledged attack mission, and its leaders have been reluctant to go on the offensive in part because the rules of engagement in the cyber fight against ISIS havenât been precisely defined. Also, offensive operations that involve entering computers or disabling pieces of the telecommunications infrastructure have been seen as hostile acts that require approval from high up the military chain of command, and in some cases the president himself.
Carter wants to give Cyber Command more freedom to make decisions on when to strike. Heâs essentially asking how can âwe address tactical cyber threats against ISIL,â a defense official explained, using an alternate acronym for the group. âIt comes down to defining the battlespace and who is responsible in it.â
Those freer strikes, officials stressed, would be limited only to ISIS. There is no proposal on the table to give Cyber Command a freer hand to attack other U.S. adversaries or countries such as North Korea and Iran that have launched their own cyber attacks on American institutions.
But while Carter is pushing for a more aggressive mission, thereâs also been disagreement within the military and the intelligence community over whether itâs better to continue monitoring a compromised ISIS computer gleaning potentially useful insightsâor whether the smarter move is to disable those systems and make it harder for the group to operate online.
Carter has generally come down on the side of taking out ISISâs computers and networks, which is the job of Cyber Command, and has been urging the national security community to âeliminate the threat,â one defense official said. The Pentagon, as well as the FBI, have also been leaning on social media companies such as Facebook and Twitter to step up their efforts to shut down accounts used by ISIS fighters and their sympathizers to spread the groupâs propaganda. In February, Twitter shut down 125,000 such accounts in one fell swoopâa move that had a substantive impact on ISISâs online recruitment, according to a recent study.
The conflict between gathering intelligence and going on the offensive is not unique to this cyber campaign against ISIS, or cyber operations in general. In fact, itâs been a hallmark of armed conflict for generations.
But the lack of clarity around the rules and laws that govern cyber operations have aggravated that tension between intelligence and attack, officials said. Carterâs push to give more power to Cyber Command is seen as an effort to clarify matters.
The command is based at Fort Meade, Maryland, the headquarters of the National Security Agency, which is charged with entering computer systems in order to gather intelligence. Some of the NSAâs hackers, however, also work for Cyber Command. When it comes time to launch offensive operations, such as shutting down a computer or a network, they simply âswitch hats.â
âItâs as if one moment, Iâm NSA, and now, I put on the other hat, and Iâm Cyber Command,â a former intelligence officer explained. Both NSA and Cyber Command are run by the same person, Adm. Michael Rogers.
The new, more aggressive posture in cyber operations against ISIS was spurred by the ISIS attacks on Paris last November, officials said. The administration pushed the military to develop new ways to mitigate the ISIS threat online. Two months later, Rogers crafted a U.S. cyber offensive strategy, one defense official said. Thatâs when the U.S. began actively disrupting ISIS communications in Syria.
So far, thereâs not enough evidence to say whether the operations are fundamentally changing the course of the war. But the former intelligence officers were skeptical.
âThere are methods to basically deny their ability to communicate,â one former officer said. âIf thereâs a forum on the Web where they talk and send orders, you could shut it down. You could target specific individuals and their communications devices or their social media accounts.â
But unlike when the military and intelligence community deployed cyber operations against ISISâs predecessor, al Qaeda in Iraq, in 2007 and 2008, the U.S doesnât have hundreds of thousands of troops on the ground, nor has it deployed teams of hackers and analysts. When cyber operations were at their peak in the Iraq war, soldiers and spies worked around the clock in shifts to kill or capture fighters, mine their computers and phones, and use the information to launch subsequent cyber operations that led to more raids and more intelligence.
It was a full-throttle, cyber operation combined with military strikes. By comparison, this new effort against ISIS looks relatively modest, the former officers said.
And in Obama and other top officialsâ willingness to talk openly about cyber attacks, the former officers sensed a public relations effort.
âCyber Command has been around seven years now,â one former officer said, âand I think theyâre under pressure to do something.â
