Opinion: The case for launching a digital invasion against ISIS
The cybersecurity threat from Islamic State and the group's supporters requires a global, coordinated effort to decimatetheir entire digital and online apparatus.
The cybersecurity threat from Islamic State and the group's supporters requires a global, coordinated effort to decimatetheir entire digital and online apparatus.
While Defense Department officialssaid that the US begandropping "cyberbombs" on Islamic State last month, the online threat posed by the terrorists deserves an even more profound response: a global, coordinated assault on their entire digital apparatus.
The US and its allies have been reluctant to talk publiclyabout offensive operations in cyberspace, but now is the time to put the West's collective technical superiority to work in an all-out cyberwar against theIslamic State.
That effort shouldn't just belimited to targeting the outfit's central command. It should include identifying and exposing the transnational network of pro-IS hacking groups, their leaders, their alliances, and how they are working in concert with Islamic State leadership.
This kind of effort would have to include hacking theircomputers and smartphones, implanting viruses and malware to pull out intelligence data on the organization, disrupting their ability to communicate with one another, and for those who are outside of Iraq and Syria, unmasking their profiles and publicizing their identities.
That may seem like an outsized response to the emerging threat. But if the US and its allies don't act now,the Islamic State could quickly beef up its hacking chops and become impossible to uproot from the open Internet.
It's well known that the terrorists and their allies use social media todistribute propaganda, recruit fighters, and plan attacks, but recent evidence indicates they are also upping their game tocarry out disruptive activities against the computer systems and networks of national governments, security agencies, and businesses.
Adm. Michael Rogers, director of the National Security Agency and the head of US Cyber Command,recently warnedCongress about the jihadist group’s intentions to conduct cyberattacks against the country. Hesaidthat in 2014militants affiliatedwith IS had already attempted to do damage through hacking attacks, publishing the personal details of 100 American military servicemen and calling for their assassination.
Whether this is was a data breach or a data dump of carefully compiled open-source information, new evidence supports the validity of AdmiralRogers' claims. Hundreds of Islamic State supportersuse the Telegram messenger appto share hacking instructions and guidelines. It appears to be working.
In March, the Caliphate Cyber Army, the terrorists' supposed main hacking unit, publicizedthe home addresses of police officers inMinnesotaandNew Jersey. A month later, the group's supportersmade public the personal information of 43 US government employeeslinked to theState Department and other agencies and a couple of days after they published thenames and addresses of3,600 New Yorkers. In all these cases, they call for supporters to carry out "lone wolf" attacks against those they have put on their "kill lists."
The US, however, is not the only target. In April 2015, Islamic State supporters took over the French public service television network TV5Monde. In the fall of last year, malicious hackers associated with IS intercepted e-mails fromsenior British ministers.
Although there has not been a successful cyberattack linked to physical damage or death, the threat is fast evolving.
"They want to keep moving towards greater destructive attacks or cyberenabled attacks that cause loss of life," Sean Newell, deputychief for Cyber, Counterintelligence, and Export Control Section at the US Justice Department,said at an eventhosted by the Atlantic Council, a Washington think tank.
In response to the growing menace, Defense Secretary Ashton Carterconfirmedthe US military is engaging in cyberwarfare against the group to interrupt their command and control abilities, their abilities to plan attacks, their finances, and their propaganda machine.The offensive actions include thedeploymentof a tactical aircraft that can jam any radar and communication devices from Islamic State held territory.
Other governments have joined the effort. The British Governmentannouncedlast November an investment of nearly 2 billion pounds to create the country’s first “cyberforce” to combat online threats fromstatesand terrorist groups. Similarly,earlier this year the French government declared itsplan to hire 500 cybersecurity expertsto help in the fight against terrorism.
But the fact is that democracies in the West are playing catch up while Islamic State has enjoyed the freedom to advance its cybercapacities. The international community should not wait until those capabilities are fully developed. It's time to escalate the digital offensive now.
Kyle Matthews is the founder of the Digital Mass Atrocity Prevention Lab at Concordia University. Chantalle Gonzalez is a communications and research officer at the lab.