The Cyber Threat: Cybercom’s War on ISIS

Cyber attacks targets command and control, finances

Secretary Of Defense Ashton B. Carter and General Joseph F. Dunford, Jr., USMC, Chairman of The Joint Chiefs of Staff / AP
May 2, 2016

The Pentagon last week disclosed additional details of its covert program of waging cyber warfare against the Islamic State terror group in Syria and Iraq.

Defense Secretary Ash Carter and Joint Chiefs of Staff Chairman Gen. Joseph Dunford were asked to comment on the U.S. Cyber Command campaign—the first of its kind—at a Senate hearing Thursday.

"The objectives there are to interrupt ISIL command and control, interrupt its ability to move money around, interrupt its ability to tyrannize and control population, interrupt its ability to recruit externally," Carter said. "All of that it does in a cyber-enabled way."

"The overall effect we're trying to achieve is virtual isolation," Dunford said. "And this complements very much our physical actions on the ground, and the particular focus is external operations that might be conducted by ISIL."

Carter explained that the U.S. and allied bombing campaign is being supplemented with the cyber attacks in Syria and Iraq. "And my feeling about that was and is very direct: We're bombing them, and we're going to take out their Internet as well."

"In the modern world, that's necessary to defeat an enemy, and we've got to use every tool that we have," he said.

Both Pentagon leaders did not provide details of the operations that were launched in January and which remain secret.

In Baghdad, Air Force Maj. Gen. Peter Gersten, deputy commander for operations and Intelligence for the military operations against ISIS, known as Combined Joint Task Force—Operation Inherent Resolve said Tuesday that cyber operations are beginning to produce "effects on the battlespace" but he said "those are cloaked in the highest of secrecy."

"I can tell you it's highly coordinated. It has been very effective and Daesh will be definitely in the crosshairs as we bring that capability to bear against them," he said.

The general explained that the coordination process involves first planning "the desired effect we want to yield on that target."

"We go to the intelligence community and go to the operations, and we basically see who actually has equity, [then] look at all the stakeholders, bring them to the coordination and development operations board. They brief the package, and then we press forward," Gertsten said.

An analysis of how both ISIS and Cybercom are structured and conduct operations can provide additional clues to the cyber warfare program.

Against ISIS, Cybercom has deployed one of its 27 Combat Mission Teams with the Tampa-based Central Command that is in charge of military operations against the Islamic State.

The teams are made up of a combination of military personnel, civilians, and contractors steeped in the black arts of attacking foreign computer systems and conducting cyber espionage. Many are Arabic linguists as that is the language used by ISIS for its operations and communications.

Judging by Cybercom’s plans for a total number of 133 different teams and its goal of 6,187 people, each team is likely to be made up of between 45 and 60 cyber warriors.

The first step of planning a cyber attack is to set the requirements for the operation that normally would be targeted at what the military calls the ISIS "center of gravity"—its leadership, its money, its weapons, and in the cyber arena its command, control, and communications.

The Islamic State employs handheld devices to communicate and is considered very wired in terms of the group’s ability to exploit information technology. The use of handhelds to communicate represents a major shift away from the use of Internet websites, a favored vehicle of al Qaeda.

ISIS also is known to use couriers to transmit important communications among its commanders and forces and these couriers are high-interest intelligence targets for cyber attacks.

Recently obtained documents from inside ISIS also revealed that Facebook and Twitter were key tools used by the group in helping fighters travel from around the world to join operations in Syria.

Other targets for cyber attacks include the several official and non-official ISIS media outlets that post statements and videos in support of the terror group’s operations.

A key tool for ISIS terrorists is the use of the Telegram application, which uses data encryption. A cyber campaign would target the app and exploit ways to decrypt its scrambled communications. Telegram forums used by the group include both propaganda and instructional materials, such as how to avoid being identified online.

Islamic State members also have been detected contacting foreign hackers who are paid for stealing sensitive information from government websites—for use in future operations. This area also would be a key target for U.S. cyber warriors.

In 2014, the group raised over $1 billion through oil sales, extortion and ransom, seized cash, taxation in ISIS-held territory, and artifact smuggling.

To disrupt finances, cyber attacks could be launched against the financial systems used for the activities, by shutting down, disrupting, or spoofing the information networks used in the activities.

According to military analysts, ISIS uses a distinctive command and control described as a combination of "centralized control but decentralized executions" that permits ISIS leaders, led by so-called caliph Abu Bakr al-Baghdadi, to direct ISIS operations with centralized orders, for say vehicle bombings, but allow local commanders to work out the details.

Thus a first step in a cyber attack would be large-scale intelligence gathering to identify the command and control systems used for activities such as bombings or for fundraising or for recruiting and maintaining forces.

Cyber Command chief Adm. Mike Rogers stated in testimony April 5 that the U.S. cyber attacks "make it more difficult for ISIL to plan or conduct attacks against the U.S. or our allies from their bases in Iraq and Syria to keep our Service men and women safer as they conduct kinetic operations to degrade, dismantle, and ultimately destroy ISIL."

As for ISIS cyber warfare capabilities, Rogers says they are a concern but the group’s ability to conduct cyber attacks is limited and the main effort in cyberspace is for propaganda, recruiting, radicalization, and fundraising.

Because of the secrecy of the cyber operations, whether or not it works will likely remain unknown for at least a decade.

"This is the first big test of Cybercom. I have very high expectations they can be successful," Carter said.

The Cyber Threat column will appear Mondays. It will be co-published on Flash//CRITIC Cyber Threat News at