UK Launches Cyber Attack On Islamic State

The UK has conducted a "major offensive cyber-campaign" against the Islamic State group, the director of the intelligence agency GCHQ has revealed.

The operation hindered the group's ability to co-ordinate attacks and suppressed its propaganda, former MI5 agent Jeremy Fleming said.

It is the first time the UK has systematically degraded an adversary's online efforts in a military campaign.

Mr Fleming made the remarks in his first public speech as GCHQ director. "The outcomes of these operations are wide-ranging," he told the Cyber UK conference in Manchester.

"In 2017 there were times when Daesh [an alternative name for Islamic State] found it almost impossible to spread their hate online, to use their normal channels to spread their rhetoric, or trust their publications."

Mr Fleming said much of the cyber-operation was "too sensitive to talk about", but had disrupted the group's online activities and even destroyed equipment and networks. "This campaign shows how targeted and effective offensive cyber can be," he added.

But Mr Fleming said the fight against IS was not over, because the group continued to "seek to carry out or inspire further attacks in the UK" and find new "ungoverned spaces to base their operations".

'Blurring boundaries'

Mr Fleming also criticised Russia over what he called "unacceptable cyber-behaviour" that was a "growing threat" to the UK and its allies.

He recalled the NotPetya ransomware attack on Ukraine last year, which eventually spread across the world. The UK and US later said the Russian military were behind the attack, a claim that Moscow denied.

"They're not playing to the same rules," Mr Fleming said. "They're blurring the boundaries between criminal and state activity."

He said the use of a nerve agent on Sergei and Yulia Skripal in Salisbury was "stark and shocking", and demonstrated "how reckless Russia is prepared to be".

The UK has said Moscow was "culpable" for the attack, but Russia denies any involvement.

"The robust response from the UK and from the international community shows the Kremlin that illegal acts have consequences. And it looks like our expertise on Russia will be in increasing demand," he said.

Following the speech, the chief executive of the National Cyber Security Centre, Ciaran Martin, told the BBC the Notpetya case was also an example of the Russian recklessness mentioned by Mr Fleming.

Asked if the disclosures about offensive cyber-actions were a veiled warning to Russia, Mr Martin said sometimes the best form of defence is defence.

Mr Fleming went on to describe some of GCHQ's other goals, which include tracking down people who use the dark web to distribute child sex abuse images.

Cyber has created a new landscape for attackers and defenders, he said, and the challenges were "vast" but were being met by a strong and lawful GCHQ.

On Wednesday 11th April, Mr Fleming announced new GCHQ base is to open in Manchester hoping to draw "tech savvy recruits".

BBC

You Kight Also Read: 

Islamic State Likely To Switch To Cyber Warfare:

« Cyber Attacks Focus On Healthcare
Vigilante Hackers Attack Nation States »

Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

WEBINAR: How To Build A Security Observability Strategy In AWS

WEBINAR: How To Build A Security Observability Strategy In AWS

Thursday, Apr 22, 2021 - Join this webinar to learn how to build a security observability strategy in AWS, covering cloud-native monitoring sources, guardrails, and automation capabilities.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

National Association of State Chief Information Officers (NASCIO)

National Association of State Chief Information Officers (NASCIO)

NASCIO's Cybersecurity Committee focuses helps state CIOs to formulate high-level security and data protection policies and technical controls.

techUK

techUK

techUK represents companies operating in the tech sector in the UK. Focus areas cover all aspects of ICT including cyber security.

Valtori

Valtori

Government ICT Centre Valtori provides sector-independent ICT services for the central government, while taking into account the special requirements related to security and preparedness.

DNeX

DNeX

DNeX IT & eServices offers enterprise security solutions, managed security services and advisory services.

Norsk Akkreditering

Norsk Akkreditering

Norsk Akkreditering is the national accreditation body for Norway. The directory of members provides details of organisations offering certification services for ISO 27001.

Absio

Absio

Absio provides the technology you need to build data security directly into your software by default, and the design and development services you need to make it happen.

IP Twins

IP Twins

IP Twins offer a wide range of services related to domain names and online brand protection.

Perch Security

Perch Security

Perch is a co-managed threat detection and response platform backed by an in-house Security Operations Center (SOC).

ThreatX

ThreatX

ThreatX provides complete web application & API protection to address expanding app footprints and complex attacks.

Britive

Britive

The Britive Platform is a cloud-native security solution built for the most demanding cloud-forward enterprises.